Revendor to g/g 1.76. (#381)

README.md

@@ -2,7 +2,7 @@
 
 [![Go Report Card](https://goreportcard.com/badge/github.com/metal-stack/gardener-extension-provider-metal)](https://goreportcard.com/report/github.com/metal-stack/gardener-extension-provider-metal)
 
-This is the implementation of the Gardener extension provider of metal-stack. It reconciles infrastructure, control plane, and worker resources of `type: Metal`. 
+This is the implementation of the Gardener extension provider of metal-stack. It reconciles infrastructure, control plane, and worker resources of `type: Metal`.
 
 Additionally, the project contains a validator for all metal-specific provider configs and mutating webhooks.
 

charts/gardener-extension-provider-metal/templates/rbac.yaml

@@ -9,9 +9,17 @@ rules:
 - apiGroups:
   - extensions.gardener.cloud
   resources:
+  - backupbuckets
+  - backupbuckets/status
+  - backupentries
+  - backupentries/status
+  - bastions
+  - bastions/status
   - clusters
   - controlplanes
   - controlplanes/status
+  - dnsrecords
+  - dnsrecords/status
   - infrastructures
   - infrastructures/status
   - workers
@@ -84,12 +92,6 @@ rules:
   - "*"
   verbs:
   - "*"
-- apiGroups:
-  - autoscaling.k8s.io
-  resources:
-  - verticalpodautoscalers
-  verbs:
-  - "*"
 # metal-specific rules:
 - apiGroups:
   - metal-stack.io
@@ -130,6 +132,24 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - autoscaling.k8s.io
+  resources:
+  - verticalpodautoscalers
+  verbs:
+  - "*"
+- apiGroups:
+  - policy
+  resources:
+  - poddisruptionbudgets
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+  - patch
+  - update
+  - delete
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding

charts/internal/machine-controller-manager/seed/mcm-monitoring-dashboard.json

@@ -150,14 +150,14 @@
           "refId": "A"
         },
         {
-          "expr": "sum(kube_pod_container_resource_limits_cpu_cores{pod=~\"machine-controller-manager-(.+)\"}) by (pod)",
+          "expr": "sum(kube_pod_container_resource_limits{resource=\"cpu\", unit=\"core\", pod=~\"machine-controller-manager-(.+)\"}) by (pod)",
           "format": "time_series",
           "intervalFactor": 1,
           "legendFormat": "Limits ({{pod}})",
           "refId": "C"
         },
         {
-          "expr": "sum(kube_pod_container_resource_requests_cpu_cores{pod=~\"machine-controller-manager-(.+)\"}) by (pod)",
+          "expr": "sum(kube_pod_container_resource_requests{resource=\"cpu\", unit=\"core\", pod=~\"machine-controller-manager-(.+)\"}) by (pod)",
           "format": "time_series",
           "intervalFactor": 1,
           "legendFormat": "Requests ({{pod}})",
@@ -250,14 +250,14 @@
           "refId": "A"
         },
         {
-          "expr": "sum(kube_pod_container_resource_limits_memory_bytes{pod=~\"machine-controller-manager-(.+)\"}) by (pod)",
+          "expr": "sum(kube_pod_container_resource_limits{resource=\"memory\", unit=\"byte\", pod=~\"machine-controller-manager-(.+)\"}) by (pod)",
           "format": "time_series",
           "intervalFactor": 1,
           "legendFormat": "Limits ({{pod}})",
           "refId": "B"
         },
         {
-          "expr": "sum(kube_pod_container_resource_requests_memory_bytes{pod=~\"machine-controller-manager-(.+)\"}) by (pod)",
+          "expr": "sum(kube_pod_container_resource_requests{resource=\"memory\", unit=\"byte\", pod=~\"machine-controller-manager-(.+)\"}) by (pod)",
           "format": "time_series",
           "intervalFactor": 1,
           "legendFormat": "Requests ({{pod}})",
@@ -547,14 +547,14 @@
           "refId": "A"
         },
         {
-          "expr": "mcm_machineset_items_total",
+          "expr": "mcm_machine_set_items_total",
           "format": "time_series",
           "intervalFactor": 1,
           "legendFormat": "machine set(s)",
           "refId": "B"
         },
         {
-          "expr": "mcm_machinedeployment_items_total",
+          "expr": "mcm_machine_deployment_items_total",
           "format": "time_series",
           "intervalFactor": 1,
           "legendFormat": "machine deployment(s)",
@@ -1070,7 +1070,6 @@
       }
     }
   ],
-  "refresh": "30s",
   "schemaVersion": 18,
   "style": "dark",
   "tags": [
@@ -1168,7 +1167,7 @@
       "14d"
     ]
   },
-  "timezone": "browser",
+  "timezone": "utc",
   "title": "Machine Controller Manager",
   "uid": "machine-controller-manager",
   "version": 1

charts/internal/machine-controller-manager/seed/templates/configmap-monitoring.yaml

@@ -1,4 +1,3 @@
----
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -7,6 +6,23 @@ metadata:
   labels:
     extensions.gardener.cloud/configuration: monitoring
 data:
+  alerting_rules: |
+    machine-controller-manager.rules.yaml: |
+      groups:
+      - name: machine-controller-manager.rules
+        rules:
+        - alert: MachineControllerManagerDown
+          expr: absent(up{job="machine-controller-manager"} == 1)
+          for: 15m
+          labels:
+            service: machine-controller-manager
+            severity: critical
+            type: seed
+            visibility: operator
+          annotations:
+            description: There are no running machine controller manager instances. No shoot nodes can be created/maintained.
+            summary: Machine controller manager is down.
+
   scrape_config: |
     - job_name: machine-controller-manager
       honor_labels: false
@@ -27,26 +43,9 @@ data:
         target_label: pod
       metric_relabel_configs:
       - source_labels: [ __name__ ]
-        regex: ^(mcm_cloud_api_requests_failed_total|mcm_cloud_api_requests_total|mcm_machine_controller_frozen|mcm_machine_current_status_phase|mcm_machine_deployment_failed_machines|mcm_machine_items_total|mcm_machine_set_failed_machines|mcm_machinedeployment_items_total|mcm_machineset_items_total|mcm_scrape_failure_total|machine_adds|machine_depth|machine_queue_latency|machine_retries|machine_work_duration|machinedeployment_adds|machinedeployment_depth|machinedeployment_queue_latency|machinedeployment_retries|machinedeployment_work_duration|machinesafetyapiserver_adds|machinesafetyapiserver_depth|machinesafetyapiserver_queue_latency|machinesafetyapiserver_retries|machinesafetyapiserver_work_duration|machinesafetyorphanvms_adds|machinesafetyorphanvms_depth|machinesafetyorphanvms_queue_latency|machinesafetyorphanvms_retries|machinesafetyorphanvms_work_duration|machinesafetyovershooting_adds|machinesafetyovershooting_depth|machinesafetyovershooting_latency|machinesafetyovershooting_retries|machinesafetyovershooting_work_duration|machineset_adds|machineset_depth|machineset_queue_latency|machineset_retries|machineset_work_duration|node_adds|node_depth|node_queue_latency|node_retries|node_work_duration|secret_adds|secret_depth|secret_queue_latency|secret_retries|secret_work_duration|process_max_fds|process_open_fds)$
+        regex: ^(mcm_cloud_api_requests_failed_total|mcm_cloud_api_requests_total|mcm_machine_controller_frozen|mcm_machine_current_status_phase|mcm_machine_deployment_failed_machines|mcm_machine_items_total|mcm_machine_set_failed_machines|mcm_machine_deployment_items_total|mcm_machine_set_items_total|mcm_machine_set_stale_machines_total|mcm_scrape_failure_total|process_max_fds|process_open_fds|mcm_workqueue_adds_total|mcm_workqueue_depth|mcm_workqueue_queue_duration_seconds_bucket|mcm_workqueue_queue_duration_seconds_sum|mcm_workqueue_queue_duration_seconds_count|mcm_workqueue_work_duration_seconds_bucket|mcm_workqueue_work_duration_seconds_sum|mcm_workqueue_work_duration_seconds_count|mcm_workqueue_unfinished_work_seconds|mcm_workqueue_longest_running_processor_seconds|mcm_workqueue_retries_total)$
         action: keep
 
-  alerting_rules: |
-    machine-controller-manager.rules.yaml: |
-      groups:
-      - name: machine-controller-manager.rules
-        rules:
-        - alert: MachineControllerManagerDown
-          expr: absent(up{job="machine-controller-manager"} == 1)
-          for: 15m
-          labels:
-            service: machine-controller-manager
-            severity: critical
-            type: seed
-            visibility: operator
-          annotations:
-            description: There are no running machine controller manager instances. No shoot nodes can be created/maintained.
-            summary: Machine controller manager is down.
-
   dashboard_operators: |
     machine-controller-manager-dashboard.json: |-
 {{ .Files.Get "mcm-monitoring-dashboard.json" | indent 6 }}

charts/internal/machine-controller-manager/seed/templates/deployment.yaml

@@ -5,21 +5,20 @@ metadata:
   name: machine-controller-manager
   namespace: {{ .Release.Namespace }}
   labels:
-    gardener.cloud/role: controlplane
     app: kubernetes
     role: machine-controller-manager
+    high-availability-config.resources.gardener.cloud/type: controller
 spec:
-  revisionHistoryLimit: 0
+  revisionHistoryLimit: 1
   replicas: {{ .Values.replicas }}
   selector:
     matchLabels:
       app: kubernetes
       role: machine-controller-manager
   template:
     metadata:
-      annotations:
-        scheduler.alpha.kubernetes.io/critical-pod: ''
 {{- if .Values.podAnnotations }}
+      annotations:
 {{ toYaml .Values.podAnnotations | indent 8 }}
 {{- end }}
       labels:
@@ -35,6 +34,7 @@ spec:
 {{ toYaml .Values.podLabels | indent 8 }}
 {{- end }}
     spec:
+      priorityClassName: gardener-system-300
       serviceAccountName: machine-controller-manager
       terminationGracePeriodSeconds: 5
       containers:
@@ -54,6 +54,8 @@ spec:
         - --namespace={{ .Release.Namespace }}
         - --port={{ .Values.metricsPort2 }}
         - --v=3
+        resources:
+{{ toYaml .Values.resources.mcmProviderMetal | indent 10 }}
         livenessProbe:
           failureThreshold: 3
           httpGet:
@@ -70,7 +72,7 @@ spec:
         - mountPath: /var/run/secrets/gardener.cloud/shoot/generic-kubeconfig
           name: kubeconfig
           readOnly: true
-      - name: machine-controller-manager
+      - name: metal-machine-controller-manager
         image: {{ index .Values.images "machine-controller-manager" }}
         imagePullPolicy: IfNotPresent
         command:
@@ -100,12 +102,7 @@ spec:
           containerPort: {{ .Values.metricsPort }}
           protocol: TCP
         resources:
-          requests:
-            cpu: 50m
-            memory: 64Mi
-          limits:
-            cpu: "3"
-            memory: 3000Mi
+{{ toYaml .Values.resources.mcm | indent 10 }}
         volumeMounts:
         - mountPath: /var/run/secrets/gardener.cloud/shoot/generic-kubeconfig
           name: kubeconfig

charts/internal/machine-controller-manager/seed/templates/poddisruptionbudget.yaml

@@ -0,0 +1,14 @@
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: machine-controller-manager
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: kubernetes
+    role: machine-controller-manager
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app: kubernetes
+      role: machine-controller-manager

charts/internal/machine-controller-manager/seed/templates/vpa.yaml

@@ -1,5 +1,5 @@
 {{- if .Values.vpa.enabled }}
-apiVersion: autoscaling.k8s.io/v1beta2
+apiVersion: autoscaling.k8s.io/v1
 kind: VerticalPodAutoscaler
 metadata:
   name: machine-controller-manager-vpa
@@ -11,4 +11,20 @@ spec:
     name: machine-controller-manager
   updatePolicy:
     updateMode: {{ .Values.vpa.updatePolicy.updateMode | quote }}
+  resourcePolicy:
+    containerPolicies:
+    - containerName: machine-controller-manager-provider-metal
+      minAllowed:
+        memory: {{ .Values.resources.mcmProviderMetal.requests.memory }}
+      maxAllowed:
+        cpu: {{ .Values.vpa.resourcePolicy.mcmProviderMetal.maxAllowed.cpu }}
+        memory: {{ .Values.vpa.resourcePolicy.mcmProviderMetal.maxAllowed.memory }}
+      controlledValues: RequestsOnly
+    - containerName: metal-machine-controller-manager
+      minAllowed:
+        memory: {{ .Values.resources.mcm.requests.memory }}
+      maxAllowed:
+        cpu: {{ .Values.vpa.resourcePolicy.mcm.maxAllowed.cpu }}
+        memory: {{ .Values.vpa.resourcePolicy.mcm.maxAllowed.memory }}
+      controlledValues: RequestsOnly
 {{- end }}

charts/internal/machine-controller-manager/seed/values.yaml

@@ -1,5 +1,6 @@
 images:
   machine-controller-manager: image-repository:image-tag
+  machine-controller-manager-provider-metal: image-repository:image-tag
 
 replicas: 1
 
@@ -9,6 +10,9 @@ podLabels: {}
 
 providerName: provider-foo
 
+# injected by generic worker actuator
+genericTokenKubeconfigSecretName: generic-token-kubeconfig
+
 namespace:
   uid: uuid-of-namespace
 
@@ -19,5 +23,25 @@ vpa:
   enabled: true
   updatePolicy:
     updateMode: "Auto"
-
-genericTokenKubeconfigSecretName: generic-token-kubeconfig
+  resourcePolicy:
+    mcm:
+      maxAllowed:
+        cpu: 2
+        memory: 5G
+    mcmProviderMetal:
+      maxAllowed:
+        cpu: 2
+        memory: 5G
+
+resources:
+  mcm:
+    requests:
+      cpu: 31m
+      memory: 70Mi
+  mcmProviderMetal:
+    requests:
+      cpu: 50m
+      memory: 64Mi
+    limits:
+      cpu: "2"
+      memory: 5G

cmd/gardener-extension-provider-metal/app/app.go

@@ -211,7 +211,7 @@ func NewControllerManagerCommand(ctx context.Context) *cobra.Command {
 			metalcontrolplane.DefaultAddOptions.ShootWebhookConfig = atomicShootWebhookConfig
 			metalcontrolplane.DefaultAddOptions.WebhookServerNamespace = webhookOptions.Server.Namespace
 
-			if err := controllerSwitches.Completed().AddToManager(mgr); err != nil {
+			if err := controllerSwitches.Completed().AddToManager(ctx, mgr); err != nil {
 				return fmt.Errorf("could not add controllers to manager: %w", err)
 			}