From 286d57fc3ecd918b5c2fa2a1912b6bda78972582 Mon Sep 17 00:00:00 2001 From: Mulham Raee Date: Mon, 16 Dec 2024 18:22:41 +0100 Subject: [PATCH] Update KCM node monitor grace period --- .../zz_fixture_TestControlPlaneComponents.yaml | 2 +- ...ontrolPlaneComponents_TechPreviewNoUpgrade.yaml | 2 +- .../assets/kube-controller-manager/deployment.yaml | 2 -- .../hostedcontrolplane/v2/kcm/deployment.go | 14 ++++++++------ 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/control-plane-operator/controllers/hostedcontrolplane/testdata/kube-controller-manager/zz_fixture_TestControlPlaneComponents.yaml b/control-plane-operator/controllers/hostedcontrolplane/testdata/kube-controller-manager/zz_fixture_TestControlPlaneComponents.yaml index 0a791151b3..90184627b1 100644 --- a/control-plane-operator/controllers/hostedcontrolplane/testdata/kube-controller-manager/zz_fixture_TestControlPlaneComponents.yaml +++ b/control-plane-operator/controllers/hostedcontrolplane/testdata/kube-controller-manager/zz_fixture_TestControlPlaneComponents.yaml @@ -108,9 +108,9 @@ spec: - --cluster-signing-duration=17520h - --tls-cert-file=/etc/kubernetes/certs/server/tls.crt - --tls-private-key-file=/etc/kubernetes/certs/server/tls.key - - --node-monitor-grace-period=50s - --cluster-cidr=10.132.0.0/14 - --service-cluster-ip-range= + - --node-monitor-grace-period=50s - --tls-min-version=VersionTLS12 - --tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --feature-gates=OpenShiftPodSecurityAdmission=true diff --git a/control-plane-operator/controllers/hostedcontrolplane/testdata/kube-controller-manager/zz_fixture_TestControlPlaneComponents_TechPreviewNoUpgrade.yaml b/control-plane-operator/controllers/hostedcontrolplane/testdata/kube-controller-manager/zz_fixture_TestControlPlaneComponents_TechPreviewNoUpgrade.yaml index 38bc8078f7..0070236501 100644 --- a/control-plane-operator/controllers/hostedcontrolplane/testdata/kube-controller-manager/zz_fixture_TestControlPlaneComponents_TechPreviewNoUpgrade.yaml +++ b/control-plane-operator/controllers/hostedcontrolplane/testdata/kube-controller-manager/zz_fixture_TestControlPlaneComponents_TechPreviewNoUpgrade.yaml @@ -108,9 +108,9 @@ spec: - --cluster-signing-duration=17520h - --tls-cert-file=/etc/kubernetes/certs/server/tls.crt - --tls-private-key-file=/etc/kubernetes/certs/server/tls.key - - --node-monitor-grace-period=50s - --cluster-cidr=10.132.0.0/14 - --service-cluster-ip-range= + - --node-monitor-grace-period=50s - --tls-min-version=VersionTLS12 - --tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - --feature-gates=OpenShiftPodSecurityAdmission=true diff --git a/control-plane-operator/controllers/hostedcontrolplane/v2/assets/kube-controller-manager/deployment.yaml b/control-plane-operator/controllers/hostedcontrolplane/v2/assets/kube-controller-manager/deployment.yaml index a4f71cc79e..46403f05df 100644 --- a/control-plane-operator/controllers/hostedcontrolplane/v2/assets/kube-controller-manager/deployment.yaml +++ b/control-plane-operator/controllers/hostedcontrolplane/v2/assets/kube-controller-manager/deployment.yaml @@ -3,7 +3,6 @@ kind: Deployment metadata: name: kube-controller-manager spec: - replicas: 1 revisionHistoryLimit: 2 selector: matchLabels: @@ -49,7 +48,6 @@ spec: - --cluster-signing-duration=17520h - --tls-cert-file=/etc/kubernetes/certs/server/tls.crt - --tls-private-key-file=/etc/kubernetes/certs/server/tls.key - - --node-monitor-grace-period=50s command: - hyperkube - kube-controller-manager diff --git a/control-plane-operator/controllers/hostedcontrolplane/v2/kcm/deployment.go b/control-plane-operator/controllers/hostedcontrolplane/v2/kcm/deployment.go index c31604a139..ac5d0daf0e 100644 --- a/control-plane-operator/controllers/hostedcontrolplane/v2/kcm/deployment.go +++ b/control-plane-operator/controllers/hostedcontrolplane/v2/kcm/deployment.go @@ -14,7 +14,6 @@ import ( appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" ) @@ -35,6 +34,13 @@ func adaptDeployment(cpContext component.WorkloadContext, deployment *appsv1.Dep if hcp.Spec.Platform.Type == hyperv1.AzurePlatform { c.Args = append(c.Args, fmt.Sprintf("--cloud-provider=%s", "external")) } + + if hcp.Spec.Platform.Type == hyperv1.IBMCloudPlatform { + c.Args = append(c.Args, "--node-monitor-grace-period=55s") + } else { + c.Args = append(c.Args, "--node-monitor-grace-period=50s") + } + if tlsMinVersion := config.MinTLSVersion(hcp.Spec.Configuration.GetTLSSecurityProfile()); tlsMinVersion != "" { c.Args = append(c.Args, fmt.Sprintf("--tls-min-version=%s", tlsMinVersion)) } @@ -44,6 +50,7 @@ func adaptDeployment(cpContext component.WorkloadContext, deployment *appsv1.Dep if util.StringListContains(hcp.Annotations[hyperv1.DisableProfilingAnnotation], ComponentName) { c.Args = append(c.Args, "--profiling=false") } + for _, f := range config.FeatureGates(hcp.Spec.Configuration.GetFeatureGateSelection()) { c.Args = append(c.Args, fmt.Sprintf("--feature-gates=%s", f)) } @@ -69,11 +76,6 @@ func adaptDeployment(cpContext component.WorkloadContext, deployment *appsv1.Dep } }) - deployment.Spec.Replicas = ptr.To[int32](2) - if hcp.Spec.ControllerAvailabilityPolicy == hyperv1.SingleReplica { - deployment.Spec.Replicas = ptr.To[int32](1) - } - return nil }