📝 doc: updated setup documentation

jfbus · jfbus · commit 1923d79ca1d2 · 2025-12-16T14:34:55.000Z
diff --git a/Makefile b/Makefile
@@ -167,10 +167,10 @@ check-helm-docs:
 	./hack/verify-helm-docs
 
 helm-manifest:
-	@helm template test ./deploy/k8s-osc-ccm/ --set image.tag=v1.31.1 > deploy/osc-ccm-manifest-v1.31.yml
-	@helm template test ./deploy/k8s-osc-ccm/ --set image.tag=v1.32.1 > deploy/osc-ccm-manifest-v1.32.yml
-	@helm template test ./deploy/k8s-osc-ccm/ --set image.tag=v1.33.1 > deploy/osc-ccm-manifest-v1.33.yml
-	@helm template test ./deploy/k8s-osc-ccm/ --set image.tag=v1.34.1 > deploy/osc-ccm-manifest-v1.34.yml
+	@helm template test ./deploy/k8s-osc-ccm/ --set image.tag=v1.31.3 > deploy/osc-ccm-manifest-v1.31.yml
+	@helm template test ./deploy/k8s-osc-ccm/ --set image.tag=v1.32.3 > deploy/osc-ccm-manifest-v1.32.yml
+	@helm template test ./deploy/k8s-osc-ccm/ --set image.tag=v1.33.3 > deploy/osc-ccm-manifest-v1.33.yml
+	@helm template test ./deploy/k8s-osc-ccm/ --set image.tag=v1.34.3 > deploy/osc-ccm-manifest-v1.34.yml
 
 check-helm-manifest:
 	./hack/verify-helm-manifest.sh
diff --git a/deploy/README.md b/deploy/README.md
@@ -1,51 +1,133 @@
-This documentation explains how to deploy Outscale Cloud Controller Manager.
+# 🚀 Deploying the Outscale Cloud Controller Manager (CCM)
 
-# Prerequisites
+This documentation explains how to deploy Outscale Cloud Controller Manager (CCM).
+
+## ✅ Requirements
 
 You will need a Kubernetes cluster on the 3DS Outscale cloud.
 
+### Controller Manager and Kubelet configuration
+
+When running Kubernetes in the cloud, the `--cloud-provider external` flag is required on the following components:
+* `kube-controller-manager`
+* `kubelet`
+* `kube-apiserver` (up to v1.33)
+
+The flag has been removed from `kube-apiserver` in v1.33.
+
+The configuration of this flag depends on the bootstrapping tool you use to deploy your cluster.
+When using Cluster-API, the required configuration is:
+
+```yaml
+    clusterConfiguration:
+      apiServer:
+        extraArgs:
+          cloud-provider: "external"
+      controllerManager:
+        extraArgs:
+          cloud-provider: "external"
+    [...]
+    initConfiguration:
+      nodeRegistration:
+        kubeletExtraArgs:
+          cloud-provider: external
+    [...]
+    joinConfiguration:
+      nodeRegistration:
+        kubeletExtraArgs:
+          cloud-provider: external
+```
+
+More details can be found in the [Cloud Controller Manager Administration](https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager) documentation.
+
+### Nodes
+
+Nodes should have a `spec.providerID` set with the following structure `osc:///<subregion>/<VM ID>`
+(for compatibility purposes, `aws:///<subregion>/<VM ID>` is also supported).
+
+### Networking
+
+The CCM needs to access the [metadata server](https://docs.outscale.com/en/userguide/Accessing-the-Metadata-and-User-Data-of-an-Instance.html) in order to get information about nodes.
+
+Access to `169.254.169.254/32` using TCP on port 80 (http) must be allowed from the control-plane nodes.
+
+### Configuring Cloud Credentials
+
+The CCM needs to access the Outscale API.
+
+It is recommended to use a specific [Access Key](https://docs.outscale.com/en/userguide/About-Access-Keys.html) and create an [EIM user](https://docs.outscale.com/en/userguide/About-EIM-Users.html) with limited access. Check the [EIM policy example](eim-policy.example.json) to apply to such EIM user.
+
+## ⚙️ Installation
+
 > Each major Kubernetes release requires a specific version of the CCM. You will need to install the CCM version tailored for your Kubernetes version.
 
-# Tagging
+### Create Secret
+
+Create a secret with your cloud credentials:
+```shell
+kubectl create secret generic osc-secret \
+  --from-literal=access_key=$OSC_ACCESS_KEY --from-literal=secret_key=$OSC_SECRET_KEY \
+  -n kube-system
+```
+
+### Deploy the Cloud Controller Manager
+
+The CCM is deployed as a daemon set on control-plane nodes.
 
-## Cluster Resource Tagging
+You can either deploy using a simple manifest:
+```shell
+kube_version=`kubectl get nodes --no-headers -o custom-columns=VERSION:.status.nodeInfo.kubeletVersion|cut -d . -f 1,2|head -1`
+kubectl apply -f deploy/osc-ccm-manifest-$kube_version.yml
+```
+
+Or, you can use Helm:
+```shell
+helm upgrade --install --wait --wait-for-jobs k8s-osc-ccm oci://registry-1.docker.io/outscalehelm/osc-cloud-controller-manager --set oscSecretName=osc-secret --set image.tag=[the version compatible with your Kubernetes version]
+```
+
+More [helm options are available](../docs/helm.md)
+
+## 🔖 Tagging
+
+### Resource Tagging
 
 The CCM expects resources to be tagged as being part of the cluster.
+
 This includes:
-- [Subnets](https://docs.outscale.com/en/userguide/About-VPCs.html)
-- [Instances](https://docs.outscale.com/en/userguide/About-Instances.html)
-- [Security Groups](https://docs.outscale.com/en/userguide/About-Security-Groups-(Concepts).html)
+- [Subnets](https://docs.outscale.com/en/userguide/About-Nets.html)
+- [VMs](https://docs.outscale.com/en/userguide/About-VMs.html)
+- [Security Groups](https://docs.outscale.com/en/userguide/About-Security-Groups.html)
 
 The tag key must be `OscK8sClusterID/[cluster-id]` (`[cluster-id]` being the ID of a cluster) and tag value can be one of the following values:
 - `shared`: resource is shared between multiple clusters, and should not be destroyed,
 - `owned`: the resource is considered owned and managed by the cluster.
 
 The CCM will fetch the `OscK8sClusterID` tag of the node it is running on and will expect to find the other resources with matching tag keys.
 
-The Cluster API Provider for Outscale (CAPOSC) sets the `OscK8sClusterID` tag, no need to do anything.
+When using Cluster API Provider for Outscale (CAPOSC), the tag is automatically set, no additional steps are required.
 
-## Instances Tagging
+### VM Tagging
 
-The CCM is usually able to find instances.
+The CCM is usually able to find VM instances using the `spec.providerID` value.
 
-In some rare cases, the CCM needs a `OscK8sNodeName` tag on the VM, with the node name as a value.
+In some rare cases, the CCM will need a `OscK8sNodeName` tag on the VM, with the node name as a value.
 
-The Cluster API Provider for Outscale (CAPOSC) sets the tag, no need to do anything.
+When using Cluster API Provider for Outscale (CAPOSC), the tag is automatically set, no additional steps are required.
 
-# Creating load-balancers
+## 🚀 Creating load-balancers
 
-## Subnets
+### Subnets
 
 The CCM will look for a subnet having one of the following tags:
 * `OscK8sRole/service.internal` is service is internal,
 * `OscK8sRole/service` is service is not internal or if no `OscK8sRole/service.internal` subnet is found,
 * `OscK8sRole/loadbalancer` if no subnet found.
 
-The Cluster API Provider for Outscale (CAPOSC) automatically sets the `OscK8sRole/loadbalancer` tag to the subnet where the Kubernetes API load-balancer is configured.
+When using Cluster API Provider for Outscale (CAPOSC), the tags are automatically set, no additional steps are required.
 
-## Security Groups
+### Security Groups
 
-### Ingress
+#### Ingress
 
 By default, the service controller will automatically create a Security Group for each Load Balancer Unit (LBU) and will attach it to nodes in a VPC setup.
 
@@ -57,7 +139,7 @@ The CCM will automatically add manage ingress rules to allow traffic to the load
 
 You can set `service.Spec.LoadBalancerSourceRanges` to restrict trafic to a list of IP ranges.
 
-### Load-balancer to nodes
+#### Load-balancer to nodes
 
 The CCM will add rules to allow trafic from the load-balancer to nodes.
 
@@ -67,48 +149,7 @@ Within node security groups, it will search for a security group having one of t
 
 The Cluster API Provider for Outscale (CAPOSC) sets a `OscK8sRole/worker` tag on all worker nodes, and allows you to add custom roles if needed.
 
-## Networking
-
-Node controller is deployed as a daemon set on control-plane nodes and will need to access [metadata server](https://docs.outscale.com/en/userguide/Accessing-the-Metadata-and-User-Data-of-an-Instance.html) in order to get information about its node (cpu, memory, addresses, hostname).
-To do this, node controller need to be able to access `169.254.169.254/32` through TCP port 80 (http).
-
-## Kubelet
-
-Kubelet must be run with `--cloud-provider=external`, (more details in [Cloud Controller Manager Administration](https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager) documentation).
-
-## Configuring Cloud Credentials
-
-Outscale Cloud Controller Manager needs to access the Outscale API.
-
-It is recommended to use a specific [Access Key](https://docs.outscale.com/en/userguide/About-Access-Keys.html) and create an [EIM user](https://docs.outscale.com/en/userguide/About-EIM-Users.html) with limited access. Check [EIM policy example](eim-policy.example.json) to apply to such EIM user.
-
-# Deploy
-
-## Create Secret
-
-Create a secret with your cloud credentials:
-```shell
-kubectl create secret generic osc-secret \
-  --from-literal=access_key=$OSC_ACCESS_KEY --from-literal=secret_key=$OSC_SECRET_KEY \
-  -n kube-system
-```
-
-## Deploy Cloud Controller Manager
-
-You can either deploy using a simple manifest:
-```shell
-kube_version=`kubectl get nodes --no-headers -o custom-columns=VERSION:.status.nodeInfo.kubeletVersion|cut -d . -f 1,2|head -1`
-kubectl apply -f deploy/osc-ccm-manifest-$kube_version.yml
-```
-
-Or, you can use Helm:
-```shell
-helm upgrade --install --wait --wait-for-jobs k8s-osc-ccm oci://registry-1.docker.io/outscalehelm/osc-cloud-controller-manager --set oscSecretName=osc-secret --set image.tag=[the version compatible with your Kubernetes version]
-```
-
-More [helm options are available](../docs/helm.md)
-
-# Upgrading CCM v0.x to v1.x
+## ⬆️ Upgrading CCM v0.x to v1.x
 
 The secret has now the same format as the CSI driver. You need to rename:
 * `key_id` to `access_key`,
diff --git a/deploy/osc-ccm-manifest-v1.31.yml b/deploy/osc-ccm-manifest-v1.31.yml
@@ -146,7 +146,7 @@ spec:
       serviceAccountName: cloud-controller-manager
       containers:
         - name: osc-cloud-controller-manager
-          image: outscale/cloud-provider-osc:v1.31.1
+          image: outscale/cloud-provider-osc:v1.31.3
           imagePullPolicy: IfNotPresent
           command:
             - /bin/osc-cloud-controller-manager
diff --git a/deploy/osc-ccm-manifest-v1.32.yml b/deploy/osc-ccm-manifest-v1.32.yml
@@ -146,7 +146,7 @@ spec:
       serviceAccountName: cloud-controller-manager
       containers:
         - name: osc-cloud-controller-manager
-          image: outscale/cloud-provider-osc:v1.32.1
+          image: outscale/cloud-provider-osc:v1.32.3
           imagePullPolicy: IfNotPresent
           command:
             - /bin/osc-cloud-controller-manager
diff --git a/deploy/osc-ccm-manifest-v1.33.yml b/deploy/osc-ccm-manifest-v1.33.yml
@@ -146,7 +146,7 @@ spec:
       serviceAccountName: cloud-controller-manager
       containers:
         - name: osc-cloud-controller-manager
-          image: outscale/cloud-provider-osc:v1.33.1
+          image: outscale/cloud-provider-osc:v1.33.3
           imagePullPolicy: IfNotPresent
           command:
             - /bin/osc-cloud-controller-manager
diff --git a/deploy/osc-ccm-manifest-v1.34.yml b/deploy/osc-ccm-manifest-v1.34.yml
@@ -146,7 +146,7 @@ spec:
       serviceAccountName: cloud-controller-manager
       containers:
         - name: osc-cloud-controller-manager
-          image: outscale/cloud-provider-osc:v1.34.1
+          image: outscale/cloud-provider-osc:v1.34.3
           imagePullPolicy: IfNotPresent
           command:
             - /bin/osc-cloud-controller-manager
diff --git a/docs/development.md b/docs/development.md
@@ -115,16 +115,17 @@ make build-image image-tag image-push helm_deploy test-e2e
 2. Update chart version (if needed) in [Chart.yaml](../deploy/k8s-osc-ccm/Chart.yaml)
 3. Update cloud-provider-osc version in [values.yaml](../deploy/k8s-osc-ccm/values.yaml) (listing all active container versions)
 4. Generate helm doc `make helm-docs`
-5. Update manifests `make helm-manifest`
-6. Commit version with `git commit -am "cloud-controller-manager vX.Y.Z"`
-7. Create PR and merge it to main
-8. Tag & push the release
+5. In [Makefile](Makefile), update the recommended version in the `helm-manifest` target
+6. Update manifests `make helm-manifest`
+7. Commit version with `git commit -am "cloud-controller-manager vX.Y.Z"`
+8. Create PR and merge it to main
+9. Tag & push the release
 ```shell
 export HELM_VERSION=vX.Y.Z-helm
 git tag -a $HELM_VERSION -m "🔖 Helm $HELM_VERSION"
 git push origin $HELM_VERSION
 ```
-11. Publish the release on Github
+10. Publish the release on Github
 
 ## Container release
 
@@ -136,18 +137,23 @@ Z is the version of the CCM, is increased at each release, and is the same for e
 
 1. In [CHANGELOG.md](CHANGELOG.md), add a new version for every release branch
 2. In [README.md](README.md), update the recommended version for each Kubernetes release
-3. Create PR and merge it to main
-4. Merge main into each release branch
+3. In [Makefile](Makefile), update the recommended version in the `helm-manifest` target
+4. Update the manifests
+```shell
+make helm-manifest
+```
+5. Create PR and merge it to main
+6. Merge main into each release branch
 ```shell
 VERSION=1.3X && git co kubernetes-$VERSION && git merge --no-edit main && git push origin kubernetes-$VERSION
 ```
-5. Check that CI is OK on every release branch
-6. Tag release for each release branch
+7. Check that CI is OK on every release branch
+8. Tag release for each release branch
 ```shell
 git co kubernetes-X.Y
 git pull --rebase
 export VERSION=vX.Y.Z
 git tag -a $VERSION -m "🔖 CCM $VERSION"
 git push origin $VERSION
 ```
-7. Publish the releases on Github
+9. Publish the releases on Github
