Merge pull request #9704 from nckturner/aws-cloud-controller

Add aws-cloud-controller-manager config to addons

k8s/crds/kops.k8s.io_clusters.yaml

@@ -1231,6 +1231,9 @@ spec:
                   experimentalClusterSigningDuration:
                     description: ExperimentalClusterSigningDuration is the duration that determines the length of duration that the signed certificates will be given. (default 8760h0m0s)
                     type: string
+                  externalCloudVolumePlugin:
+                    description: ExternalCloudVolumePlugin is a fallback mechanism that allows a legacy, in-tree cloudprovider to be used for volume plugins even when an external cloud controller manager is being used.  This can be used instead of installing CSI.  The value should be the same as is used for the --cloud-provider flag, i.e. "aws".
+                    type: string
                   featureGates:
                     additionalProperties:
                       type: string

pkg/apis/kops/componentconfig.go

@@ -613,6 +613,10 @@ type KubeControllerManagerConfig struct {
 	AuthorizationKubeconfig string `json:"authorizationKubeconfig,omitempty" flag:"authorization-kubeconfig"`
 	// AuthorizationAlwaysAllowPaths is the list of HTTP paths to skip during authorization
 	AuthorizationAlwaysAllowPaths []string `json:"authorizationAlwaysAllowPaths,omitempty" flag:"authorization-always-allow-paths"`
+	// ExternalCloudVolumePlugin is a fallback mechanism that allows a legacy, in-tree cloudprovider to be used for volume plugins
+	// even when an external cloud controller manager is being used.  This can be used instead of installing CSI.  The value should
+	// be the same as is used for the --cloud-provider flag, i.e. "aws".
+	ExternalCloudVolumePlugin string `json:"externalCloudVolumePlugin,omitempty" flag:"external-cloud-volume-plugin"`
 
 	// EnableProfiling enables profiling via web interface host:port/debug/pprof/
 	EnableProfiling *bool `json:"enableProfiling,omitempty" flag:"profiling"`

pkg/apis/kops/v1alpha2/componentconfig.go

@@ -614,6 +614,8 @@ type KubeControllerManagerConfig struct {
 	AuthorizationKubeconfig string `json:"authorizationKubeconfig,omitempty" flag:"authorization-kubeconfig"`
 	// AuthorizationAlwaysAllowPaths is the list of HTTP paths to skip during authorization
 	AuthorizationAlwaysAllowPaths []string `json:"authorizationAlwaysAllowPaths,omitempty" flag:"authorization-always-allow-paths"`
+	// ExternalCloudVolumePlugin is a fallback mechanism that allows a legacy, in-tree cloudprovider to be used for volume plugins even when an external cloud controller manager is being used.  This can be used instead of installing CSI.  The value should be the same as is used for the --cloud-provider flag, i.e. "aws".
+	ExternalCloudVolumePlugin string `json:"externalCloudVolumePlugin,omitempty" flag:"external-cloud-volume-plugin"`
 
 	// EnableProfiling enables profiling via web interface host:port/debug/pprof/
 	EnableProfiling *bool `json:"enableProfiling,omitempty" flag:"profiling"`

pkg/model/components/kubecontrollermanager.go

@@ -98,6 +98,14 @@ func (b *KubeControllerManagerOptionsBuilder) BuildOptions(o interface{}) error
 
 	if clusterSpec.ExternalCloudControllerManager != nil {
 		kcm.CloudProvider = "external"
+
+		// External cloud provider disables KCM volume controllers, so
+		// most users would want to either install CSI or pass
+		// --external-cloud-volume-plugin to the KCM, which runs the
+		// KCM volume controllers.
+		if kcm.ExternalCloudVolumePlugin == "" {
+			klog.Infof("An external cloud controller manager is configured, but ExternalCloudVolumePlugin is not configured for the KCM.  This means a CSI plugin must be installed by the user or else volume management might not work.")
+		}
 	}
 
 	kcm.LogLevel = 2