Template CCM chart to run it as remote container (#348)

rammanoj · rpotla · AshleyDumaine · web-flow · commit 31f29441dfea · 2025-03-11T12:40:05.000-04:00
* template updatestrategy and hostNetwork

* template values to run ccm as remote container

* comment logger

* address feedback

* add trailing new lines

* change back log-verbosity to 2

* address feedback

* fix linter

* Update deploy/chart/templates/daemonset.yaml

Co-authored-by: Ashley Dumaine &lt;5779804+AshleyDumaine@users.noreply.github.com&gt;

---------

Co-authored-by: rpotla &lt;rpotla@akamai.com&gt;
Co-authored-by: Ashley Dumaine &lt;5779804+AshleyDumaine@users.noreply.github.com&gt;
diff --git a/deploy/chart/templates/ccm-linode.yaml b/deploy/chart/templates/ccm-linode.yaml
@@ -9,4 +9,3 @@ stringData:
   region: {{ required ".Values.region required" .Values.region }}
 type: Opaque
 {{- end }}
-
diff --git a/deploy/chart/templates/clusterrole-rbac.yaml b/deploy/chart/templates/clusterrole-rbac.yaml
@@ -1,3 +1,4 @@
+{{- if ne .Values.rbacEnabled false }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@@ -38,3 +39,4 @@ rules:
     resources: ["ciliumbgppeeringpolicies"]
     verbs: ["get", "watch", "list", "create"]
 {{- end }}
+{{- end }}
diff --git a/deploy/chart/templates/clusterrolebinding-rbac.yaml b/deploy/chart/templates/clusterrolebinding-rbac.yaml
@@ -1,3 +1,4 @@
+{{- if ne .Values.rbacEnabled false }}
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
@@ -10,3 +11,4 @@ subjects:
   - kind: ServiceAccount
     name: ccm-linode
     namespace: {{ required ".Values.namespace required" .Values.namespace }}
+{{- end }}
diff --git a/deploy/chart/templates/daemonset.yaml b/deploy/chart/templates/daemonset.yaml
@@ -9,6 +9,10 @@ spec:
   selector:
     matchLabels:
       app: ccm-linode
+  {{- with .Values.updateStrategy }}
+  updateStrategy: 
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
   template:
     metadata:
       labels:
@@ -31,14 +35,14 @@ spec:
       tolerations:
       {{- toYaml . | nindent 8 }}
       {{- end }}
-      hostNetwork: true
+      hostNetwork: {{ default true .Values.enableHostNetwork }}
       containers:
         - image: {{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           name: ccm-linode
           args:
             - --leader-elect-resource-lock=leases
-            - --v=3
+            - --v={{ default 3 .Values.logVerbosity }}
             - --secure-port=10253
             - --webhook-secure-port=0
             {{- with .Values.linodegoDebug }}
@@ -106,10 +110,21 @@ spec:
             {{- if .Values.nodeBalancerBackendIPv4Subnet }}
             - --nodebalancer-backend-ipv4-subnet={{ .Values.nodeBalancerBackendIPv4Subnet }}
             {{- end }}
+            {{- if .Values.extraArgs }}
+            {{- toYaml .Values.extraArgs | nindent 12 }}
+            {{- end }}
           {{- with .Values.containerSecurityContext }}
           securityContext:
           {{- toYaml . | nindent 12 }}
           {{- end }}
+          {{- with .Values.readinessProbe }}
+          readinessProbe: 
+          {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.livenessProbe }}
+          livenessProbe: 
+          {{- toYaml . | nindent 12 }}
+          {{- end }}
           {{- with .Values.resources }}
           resources: 
           {{- toYaml . | nindent 12 }}
@@ -135,9 +150,13 @@ spec:
             {{- toYaml . | nindent 12 }}
             {{- end}}
       volumes:
+        {{- with .Values.k8sVolume }}
+        {{- toYaml . | nindent 8 }}
+        {{- else }}
         - name: k8s
           hostPath:
             path: /etc/kubernetes
+        {{- end }}
         {{- with .Values.volumes}}
         {{- toYaml . | nindent 8 }}
         {{- end}}
diff --git a/deploy/chart/templates/serviceaccount.yaml b/deploy/chart/templates/serviceaccount.yaml
@@ -1,5 +1,7 @@
+{{- if ne .Values.rbacEnabled false }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: ccm-linode
   namespace: {{ required ".Values.namespace required" .Values.namespace }}
+{{- end }}
diff --git a/deploy/chart/values.yaml b/deploy/chart/values.yaml
@@ -124,4 +124,44 @@ resources:
   #   cpu: "1000m"
 
 # This flag allows to scrape /metrics endpoint without authorization
-allowUnauthorizedMetrics: false
+# allowUnauthorizedMetrics: false
+
+# enables host network
+# enableHostNetwork: false
+
+# specify the update strategy
+# updateStrategy:
+#   type: RollingUpdate
+#   rollingUpdate:
+#     maxUnavailable: 25%
+
+# log verbosity of the CCM
+# logVerbosity: 3
+
+# set the liveness and readiness probes
+# livenessProbe:
+#   tcpSocket:
+#     port: 10253
+#   initialDelaySeconds: 15
+#   timeoutSeconds: 15
+#   failureThreshold: 8
+
+# readinessProbe:
+#   tcpSocket:
+#     port: 10253
+#   initialDelaySeconds: 15
+#   timeoutSeconds: 15
+#   failureThreshold: 8
+
+# set extra arguments to the CCM container.
+# extraArgs:
+# - --kubeconfig=/etc/kubernetes/value
+
+# add toggle to rbac, useful when running CCM outside a cluster
+# rbacEnabled: true
+
+# template kubeconfig volume
+# k8sVolume:
+# - name: k8s
+#   hostPath:
+#     path: /etc/kubeconfig
