Upgrade vsphere charts for k8s 1.27 support (#2956)

charts/rancher-vsphere-cpi/103.0.0+up1.6.0/Chart.yaml

@@ -0,0 +1,26 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: vSphere CPI
+  catalog.cattle.io/kube-version: '>= 1.18.0-0 < 1.28.0-0'
+  catalog.cattle.io/namespace: kube-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+  catalog.cattle.io/release-name: vsphere-cpi
+apiVersion: v1
+appVersion: 1.6.0
+description: vSphere Cloud Provider Interface (CPI)
+icon: https://charts.rancher.io/assets/logos/vsphere-cpi.svg
+keywords:
+- infrastructure
+maintainers:
+- email: jiaqi.luo@suse.com
+  name: Jiaqi Luo
+- email: anna.blendermann@suse.com
+  name: Andy Blendermann
+- email: brad.davidson@suse.com
+  name: Brad Davidson
+name: rancher-vsphere-cpi
+sources:
+- https://github.com/kubernetes/cloud-provider-vsphere
+version: 103.0.0+up1.6.0

charts/rancher-vsphere-cpi/103.0.0+up1.6.0/README.md

@@ -0,0 +1,59 @@
+# vSphere Cloud Provider Interface (CPI)
+
+[vSphere Cloud Provider Interface (CPI)](https://github.com/kubernetes/cloud-provider-vsphere) is responsible for running all the platform specific control loops that were previously run in core Kubernetes components like the KCM and the kubelet, but have been moved out-of-tree to allow cloud and infrastructure providers to implement integrations that can be developed, built and released independent of Kubernetes core. The official documentation and tutorials can be found [here](https://vsphere-csi-driver.sigs.k8s.io/driver-deployment/prerequisites.html).
+
+**This chart requires being deployed into the `kube-system` namespace.**
+
+## Prerequisites
+
+- vSphere 6.7 U3+
+- Kubernetes v1.14+
+- A Secret on your Kubernetes cluster that contains vSphere credentials (Refer to `README` or `Detailed Descriptions`)
+
+## Installation
+
+This chart requires a Secret in your Kubernetes cluster that contains the server URL and credentials to connect to the vCenter. You can have the chart generate it for you, or create it yourself and provide the name of the Secret during installation. 
+
+<span style="color:orange">Warning</span>: When the option to generate the Secret is enabled, the credentials are visible in the API to authorized users. If you create the Secret yourself they will not be visible.
+
+You can create a Secret in one of the following ways:
+### <B>Option 1</b>: Create a Secret using the Rancher UI
+Go to your cluster's project (Same project you will be installing the chart) > Resources > Secrets > Add Secret.
+```yaml
+# Example of data required in the Secret
+<host-1>.username: <username>
+<host-1>.password: <password>
+```
+
+### <B>Option 2</b>: Create a Secret using kubectl
+Replace placeholders with actual values, and execute the following:
+```bash
+cat <<EOF | kubectl apply -f -
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+    name: <secret-name>
+    namespace: <charts-namespace>
+data:
+    <host-1>.username: <base64encoded-username>
+    <host-1>.password: <base64encoded-password>
+EOF
+```
+
+More information on managing Secrets using kubectl [here](https://kubernetes.io/docs/tasks/configmap-secret/managing-secret-using-kubectl/).
+
+## Migration
+
+If using this chart to migrate volumes provisioned by the in-tree provider to the out-of-tree CPI + CSI, you need to taint all nodes with the following:
+```
+node.cloudprovider.kubernetes.io/uninitialized=true:NoSchedule
+```
+
+To perform this operation on all nodes in your cluster, the following script has been provided for your convenience:
+```bash
+# Note: Since this script uses kubectl, ensure that you run `export KUBECONFIG=<path-to-kubeconfig-for-cluster>` before running this script
+for node in $(kubectl get nodes | awk '{print $1}' | tail -n +2); do
+	kubectl taint node $node node.cloudprovider.kubernetes.io/uninitialized=true:NoSchedule
+done
+```

charts/rancher-vsphere-cpi/103.0.0+up1.6.0/app-readme.md

@@ -0,0 +1,11 @@
+# vSphere Cloud Provider Interface (CPI)
+
+[vSphere Cloud Provider Interface (CPI)](https://github.com/kubernetes/cloud-provider-vsphere) is responsible for running all the platform specific control loops that were previously run in core Kubernetes components like the KCM and the kubelet, but have been moved out-of-tree to allow cloud and infrastructure providers to implement integrations that can be developed, built and released independent of Kubernetes core. The official documentation and tutorials can be found [here](https://vsphere-csi-driver.sigs.k8s.io/driver-deployment/prerequisites.html).
+
+**This chart requires being deployed into the `kube-system` namespace.**
+
+## Prerequisites
+
+- vSphere 6.7 U3+ or vSphere 7.0+
+- Kubernetes v1.19+
+- A Secret on your Kubernetes cluster that contains vSphere credentials (Refer to `README` or `Detailed Descriptions`)

charts/rancher-vsphere-cpi/103.0.0+up1.6.0/questions.yaml

@@ -0,0 +1,62 @@
+questions:
+  - variable: vCenter.host
+    label: vCenter Host
+    description: IP address or FQDN of the vCenter
+    type: string
+    required: true
+    group: Configuration
+
+  - variable: vCenter.datacenters
+    description: Comma-separated list of paths to data centers. E.g "<dc1-path>, <dc2-path>, ..."
+    label: Data Centers
+    type: string
+    required: true
+    group: Configuration
+
+  - variable: vCenter.credentialsSecret.generate
+    label: Generate Credential's Secret
+    description: Generates a secret with the vSphere credentials (If the option to generate it is enabled, credentials will be visible in the API to authorized users)
+    type: boolean
+    default: true
+    required: true
+    group: Configuration
+    show_subquestion_if: true
+    subquestions:
+      - variable: vCenter.username
+        label: Username
+        description: Username for vCenter
+        type: string
+        group: Configuration
+      - variable: vCenter.password
+        label: Password
+        description: Password for vCenter
+        type: password
+        group: Configuration
+
+  - variable: vCenter.credentialsSecret.name
+    label: Credential's Secret Name
+    description: Name of the secret with the vSphere credentials (Will not be visible in the API. More info in the README)
+    default: "vsphere-cpi-creds"
+    type: string
+    group: Configuration
+    show_if: "vCenter.credentialsSecret.generate=false"
+
+  - variable: vCenter.labels.generate
+    label: Define vSphere Tags
+    description: "vSphere Tags used to determine the zone and region of a Kubernetes node. This labels will be propagated to NodeLabels"
+    type: boolean
+    default: false
+    required: true
+    group: Configuration
+    show_subquestion_if: true
+    subquestions:
+      - variable: vCenter.labels.region
+        label: Region
+        description: vSphere tag which will used to define regions. e.g. eu-central
+        type: string
+        group: Configuration
+      - variable: vCenter.labels.zone
+        label: Zone
+        description: vSphere tag which will used to define availability zones
+        type: string
+        group: Configuration

charts/rancher-vsphere-cpi/103.0.0+up1.6.0/templates/_helpers.tpl

@@ -0,0 +1,32 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "applyVersionOverrides" -}}
+{{- $overrides := dict -}}
+{{- range $override := .Values.versionOverrides -}}
+{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}}
+{{- $_ := mergeOverwrite $overrides $override.values -}}
+{{- end -}}
+{{- end -}}
+{{- $_ := mergeOverwrite .Values $overrides -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}

charts/rancher-vsphere-cpi/103.0.0+up1.6.0/templates/configmap.yaml

@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: vsphere-cloud-config
+  labels:
+    vsphere-cpi-infra: config
+    component: {{ .Chart.Name }}-cloud-controller-manager
+  namespace: {{ .Release.Namespace }}
+data:
+  vsphere.yaml: |
+    # Global properties in this section will be used for all specified vCenters unless overriden in VirtualCenter section.
+    {{ with .Values.vCenter }}
+    global:
+      secretName: {{ .credentialsSecret.name | quote }}
+      secretNamespace: {{ $.Release.Namespace | quote }}
+      port: {{ .port }}
+      insecureFlag: {{ .insecureFlag }}
+
+    # vcenter section
+    vcenter:
+      {{ .host | quote }}:
+        server: {{ .host | quote }}
+        datacenters:
+          - {{ .datacenters | quote }}
+    {{- if .labels.generate }}
+
+    # labels for regions and zones
+    labels:
+      region: {{ .labels.region | quote }}
+      zone: {{ .labels.zone | quote }}
+    {{- end }}
+    {{- end }}

charts/rancher-vsphere-cpi/103.0.0+up1.6.0/templates/daemonset.yaml

@@ -0,0 +1,104 @@
+{{- template "applyVersionOverrides" . -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ .Chart.Name }}-cloud-controller-manager
+  labels:
+    component: {{ .Chart.Name }}-cloud-controller-manager
+    tier: control-plane
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    scheduler.alpha.kubernetes.io/critical-pod: ""
+spec:
+  selector:
+    matchLabels:
+      name: {{ .Chart.Name }}-cloud-controller-manager
+  updateStrategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        name: {{ .Chart.Name }}-cloud-controller-manager
+        component: {{ .Chart.Name }}-cloud-controller-manager
+        tier: control-plane
+    spec:
+      {{- if .Values.cloudControllerManager.nodeSelector }}
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+      {{- with .Values.cloudControllerManager.nodeSelector }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- else }}
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              # RKE node selector label
+              - key: node-role.kubernetes.io/controlplane
+                operator: In
+                values:
+                - "true"
+              - key: kubernetes.io/os
+                operator: NotIn
+                values:
+                - "windows"
+            - matchExpressions:
+              # RKE2 node selector label
+              - key: node-role.kubernetes.io/control-plane
+                operator: In
+                values:
+                - "true"
+              - key: kubernetes.io/os
+                operator: NotIn
+                values:
+                - "windows"
+      {{- end }}
+      {{- if .Values.cloudControllerManager.tolerations }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+      {{- with .Values.cloudControllerManager.tolerations }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- else }}
+      tolerations:
+        - key: node.cloudprovider.kubernetes.io/uninitialized
+          value: "true"
+          effect: NoSchedule
+        - key: node-role.kubernetes.io/master
+          effect: NoSchedule
+          operator: Exists
+        - key: node.kubernetes.io/not-ready
+          effect: NoSchedule
+          operator: Exists
+        # Rancher specific change: These tolerations are added to account for RKE1 and RKE2 taints
+        - key: node-role.kubernetes.io/controlplane
+          effect: NoSchedule
+          value: "true"
+        - key: node-role.kubernetes.io/control-plane
+          effect: NoSchedule
+          operator: Exists
+        - key: node-role.kubernetes.io/etcd
+          effect: NoExecute
+          operator: Exists
+      {{- end }}
+      securityContext:
+        runAsUser: 1001
+      serviceAccountName: {{ .Chart.Name }}-cloud-controller-manager
+      containers:
+        - name: {{ .Chart.Name }}-cloud-controller-manager
+          image: {{ template "system_default_registry" . }}{{ .Values.cloudControllerManager.repository }}:{{ .Values.cloudControllerManager.tag }}
+          args:
+            - --cloud-provider=vsphere
+            - --v=2
+            - --cloud-config=/etc/cloud/vsphere.yaml
+          volumeMounts:
+            - mountPath: /etc/cloud
+              name: vsphere-config-volume
+              readOnly: true
+          resources:
+            requests:
+              cpu: 200m
+      hostNetwork: true
+      volumes:
+      - name: vsphere-config-volume
+        configMap:
+          name: vsphere-cloud-config

charts/rancher-vsphere-cpi/103.0.0+up1.6.0/templates/role-binding.yaml

@@ -0,0 +1,40 @@
+{{- if .Values.cloudControllerManager.rbac.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: servicecatalog.k8s.io:apiserver-authentication-reader
+  labels:
+    vsphere-cpi-infra: role-binding
+    component: {{ .Chart.Name }}-cloud-controller-manager
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: extension-apiserver-authentication-reader
+subjects:
+- apiGroup: ""
+  kind: ServiceAccount
+  name: {{ .Chart.Name }}-cloud-controller-manager
+  namespace: {{ .Release.Namespace }}
+- apiGroup: ""
+  kind: User
+  name: {{ .Chart.Name }}-cloud-controller-manager
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: system:{{ .Chart.Name }}-cloud-controller-manager
+  labels:
+    vsphere-cpi-infra: cluster-role-binding
+    component: {{ .Chart.Name }}-cloud-controller-manager
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:{{ .Chart.Name }}-cloud-controller-manager
+subjects:
+- kind: ServiceAccount
+  name: {{ .Chart.Name }}-cloud-controller-manager
+  namespace: {{ .Release.Namespace }}
+- kind: User
+  name: {{ .Chart.Name }}-cloud-controller-manager
+{{- end -}}