• Stars
    star
    520
  • Rank 85,117 (Top 2 %)
  • Language
    Go
  • License
    Apache License 2.0
  • Created over 7 years ago
  • Updated 4 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Kubernetes cloud-controller-manager for DigitalOcean (beta)

Kubernetes Cloud Controller Manager for DigitalOcean

digitalocean-cloud-controller-manager is the Kubernetes cloud controller manager implementation for DigitalOcean. Read more about cloud controller managers here. Running digitalocean-cloud-controller-manager allows you to leverage many of the cloud provider features offered by DigitalOcean on your Kubernetes clusters.

Releases

Cloud Controller Manager follows semantic versioning. Although the version is still below v1, the project is considered production-ready.

Because of the fast Kubernetes release cycles, CCM (Cloud Controller Manager) will only support the version that is also supported on DigitalOcean Kubernetes product. Any other releases will be not officially supported by us.

Getting Started

Learn more about running DigitalOcean cloud controller manager here!

Note that this CCM is installed by default on DOKS (DigitalOcean Managed Kubernetes), you don't have to do it yourself.

Examples

Here are some examples of how you could leverage digitalocean-cloud-controller-manager:

Production notes

do not modify DO load-balancers manually

When you are creating load-balancers through CCM (via LoadBalancer-typed Services),it is very important that you must not change the DO load-balancer configuration manually. Such changes will eventually be reverted by the reconciliation loop built into CCM. There is one exception in load-balancer name which can be changed (see also the documentation on load-balancer ID annotations).

Other than that, the only safe place to make load-balancer configuration changes is through the Service object.

DO load-balancer entry port restrictions

For technical reasons, the ports 50053, 50054, and 50055 cannot be used as load-balancer entry ports (i.e., the port that the load-balancer listens on for requests). Trying to use one of the affected ports as a service port causes a 422 entry port is invalid HTTP error response to be returned by the DO API (and surfaced as a Kubernetes event).

The solution is to change the service port to a different, non-conflicting one.

Development

Basics

  • Go: min v1.17.x

This project uses Go modules for dependency management and employs vendoring. Please ensure to run make vendor after any dependency modifications.

After making your code changes, run the tests and CI checks:

make ci

Run Locally

If you want to run digitalocean-cloud-controller-manager locally against a particular cluster, keep your kubeconfig ready and start the binary in the main package-hosted directory like this:

cd cloud-controller-manager/cmd/digitalocean-cloud-controller-manager
REGION=fra1 DO_ACCESS_TOKEN=your_access_token go run main.go \
  --kubeconfig <path to your kubeconfig file>                     \
  --leader-elect=false --v=5 --cloud-provider=digitalocean

The REGION environment variable takes a valid DigitalOcean region. It can be set to keep digitalocean-cloud-controller-manager from trying to access the DigitalOcean metadata service which is only available on droplets. If the REGION variable is set, then the DO Regions service will be used to validate the specified region. It can also be set for local development purposes. Overall, which region you choose should not matter a lot as long as you pick one.

You might also need to provide your DigitalOcean access token in DO_ACCESS_TOKEN environment variable. The token does not need to be valid for the cloud controller to start, but in that case, you will not be able to validate integration with DigitalOcean API.

Please note that if you use a Kubernetes cluster created on DigitalOcean, there will be a cloud controller manager running in the cluster already, so your local one will compete for API access with it.

Optional features

Add Public Access Firewall

You can have digitalocean-cloud-controller-manager manage a DigitalOcean Firewall that will dynamically adjust rules for accessing NodePorts: once a Service of type NodePort is created, the firewall controller will update the firewall to public allow access to just that NodePort. Likewise, access is automatically retracted if the Service gets deleted or changed to a different type.

Example invocation:

cd cloud-controller-manager/cmd/digitalocean-cloud-controller-manager
DO_ACCESS_TOKEN=<your_access_token>                           \
PUBLIC_ACCESS_FIREWALL_NAME=firewall_name                     \
PUBLIC_ACCESS_FIREWALL_TAGS=worker-droplet                    \
digitalocean-cloud-controller-manager                         \
  --kubeconfig <path to your kubeconfig file>                 \
  --leader-elect=false --v=5 --cloud-provider=digitalocean

The PUBLIC_ACCESS_FIREWALL_NAME environment variable defines the name of the firewall. The firewall is created if no firewall by that name is found.

The PUBLIC_ACCESS_FIREWALL_TAGS environment variable refers to the tags associated with the droplets that the firewall should apply to. Usually, this is a tag attached to the worker node droplets. Multiple tags are applied in a logical OR fashion.

In some cases, firewall management for a particular Service may not be desirable. One example is that a NodePort is supposed to be accessible over the VPC only. In such cases, the Service annotation kubernetes.digitalocean.com/firewall-managed can be used to selectively exclude a given Service from firewall management. If set to "false", no inbound rules will be created for the Service, effectively disabling public access to the NodePort. (Note the quotes that must be included with "boolean" annotation values.) The default behavior applies if the annotation is omitted, is set to "true", or contains an invalid value.

No firewall is managed if the environment variables are missing or left empty. Once the firewall is created, no public access other than to the NodePorts is allowed. Users should create additional firewalls to further extend access.

Expose Prometheus Metrics

If you are interested in exposing Prometheus metrics, you can pass in a metrics endpoint that will expose them. The command will look similar to this:

cd cloud-controller-manager/cmd/digitalocean-cloud-controller-manager
DO_ACCESS_TOKEN=your_access_token                  \
METRICS_ADDR=<host>:<port>                         \
digitalocean-cloud-controller-manager              \
  --kubeconfig <path to your kubeconfig file>      \
  --leader-elect=false --v=5 --cloud-provider=digitalocean

The METRICS_ADDR environment variable takes a valid endpoint that you'd like to use to serve your Prometheus metrics. To be valid it should be in the form <host>:<port>.

After you have started up digitalocean-cloud-controller-manager, run the following curl command to view the Prometheus metrics output:

curl <host>:<port>/metrics

DO API rate limiting

DO API usage is subject to certain rate limits. In order to protect against running out of quota for extremely heavy regular usage or pathological cases (e.g., bugs or API thrashing due to an interfering third-party controller), a custom rate limit can be configured via the DO_API_RATE_LIMIT_QPS environment variable. It accepts a float value, e.g., DO_API_RATE_LIMIT_QPS=3.5 to restrict API usage to 3.5 queries per second.

Run Containerized

If you want to test your changes in a containerized environment, create a new image with the version set to dev:

VERSION=dev make publish

This will create a binary with version dev and docker image pushed to digitalocean/digitalocean-cloud-controller-manager:dev.

Release a new version

Github Action (preferred)

To create the docker image and generate the manifests, go to the actions page on Github and click on Run Workflow . Specify the github <tag> that you want to create. Make sure that <tag> is prefixed with v

The workflow does the following:

  • Runs make bump-version with <tag>
  • Creates the ccm related manifests file as <tag>.yaml
  • Commits the manifest file under releases/ directory in the repo
  • Creates release and tags the new commit with the <tag> specified when workflow is triggered
  • Logs in with dockerhub credentials specified as secrets
  • Builds the docker image digitalocean/digitalocean-cloud-controller-manager:<tag>
  • Pushes digitalocean/digitalocean-cloud-controller-manager:<tag> to dockerhub

Manual (deprecated)

NOTE: this workflow is deprecated, please prefer the Github Action workflow described above.

To manually release a new version, first bump the version:

make NEW_VERSION=v1.0.0 bump-version

Make sure everything looks good. Create a new branch with all changes:

git checkout -b release-<new version> origin/master
git commit -a -v
git push origin release-<new version>

After it's merged to master, tag the commit and push it:

git checkout master
git pull
git tag <new version>
git push origin <new version>

Finally, create a Github release from master with the new version and publish it:

make publish

This will compile a binary containing the new version bundled in a docker image pushed to digitalocean/digitalocean-cloud-controller-manager:<new version>

Contributing

At DigitalOcean we value and love our community! If you have any issues or would like to contribute, feel free to open an issue/PR and cc any of the maintainers below.

More Repositories

1

nginxconfig.io

⚙️ NGINX config generator on steroids 💉
JavaScript
27,244
star
2

doctl

The official command line interface for the DigitalOcean API.
Go
3,155
star
3

godo

DigitalOcean Go API client
Go
1,328
star
4

go-libvirt

Package libvirt provides a pure Go interface for interacting with Libvirt. Apache 2.0 Licensed.
Go
815
star
5

do_user_scripts

Shell
804
star
6

Kubernetes-Starter-Kit-Developers

Hands-on tutorial and Automation stack for an operations-ready DigitalOcean Kubernetes (DOKS) cluster.
HCL
748
star
7

go-qemu

Go packages to interact with QEMU using the QEMU Machine Protocol (QMP). Apache 2.0 Licensed.
Go
719
star
8

do-agent

Collects system metrics from DigitalOcean Droplets
Go
586
star
9

csi-digitalocean

A Container Storage Interface (CSI) Driver for DigitalOcean Block Storage
Go
572
star
10

clusterlint

A best practices checker for Kubernetes clusters. 🤠
Go
544
star
11

vulcan

Vulcan extends Prometheus adding horizontal scalability and long-term storage
Go
531
star
12

hacktoberfest

Hacktoberfest - App to manage the annual open-source challenge, used for the 2019 & 2020 seasons.
Ruby
510
star
13

droplet_kit

DropletKit is the official DigitalOcean API client for Ruby.
Ruby
507
star
14

terraform-provider-digitalocean

Terraform DigitalOcean provider
Go
492
star
15

action-doctl

GitHub Actions for DigitalOcean - doctl
JavaScript
454
star
16

ceph_exporter

Prometheus exporter that scrapes meta information about a ceph cluster.
Go
396
star
17

engineering-code-of-conduct

Code of Conduct for DigitalOcean's Engineering Team
289
star
18

go-openvswitch

Go packages which enable interacting with Open vSwitch and related tools. Apache 2.0 Licensed.
Go
282
star
19

kubernetes-sample-apps

Example DigitalOcean Kubernetes workload with service exposed through a DO load-balancer.
Python
252
star
20

marketplace-partners

Image validation, automation, and other tools for DigitalOcean Marketplace Vendors and Custom Image users
Shell
193
star
21

gta

gta: do transitive analysis to find packages whose dependencies have changed
Go
182
star
22

heartbot

A shot of love for your favorite chat client.
CoffeeScript
178
star
23

marketplace-kubernetes

This repository contains the source code and deployment scripts for Kubernetes-based applications listed in the DigitalOcean Marketplace.
Shell
159
star
24

prometheus-client-c

A Prometheus Client in C
C
154
star
25

go-smbios

Package smbios provides detection and access to System Management BIOS (SMBIOS) and Desktop Management Interface (DMI) data and structures. Apache 2.0 Licensed.
Go
152
star
26

kartograph

Kartograph makes it easy to generate and convert JSON. It's intention is to be used for API clients.
Ruby
147
star
27

OpenVPN-Pihole

https://marketplace.digitalocean.com/apps/openvpn-pihole
Shell
146
star
28

captainslog

A Syslog Protocol Parser
Go
136
star
29

resource_kit

Resource Kit provides tools to aid in making API Clients. Such as URL resolving, Request / Response layer, and more.
Ruby
134
star
30

go-workers2

better-go-workers
Go
131
star
31

supabase-on-do

HCL
129
star
32

droplet-1-clicks

Packer build scripts for DigitalOcean Marketplace 1-clicks.
Shell
114
star
33

doks-debug

A Docker image with Kubernetes manifests for investigation and troubleshooting.
Dockerfile
109
star
34

openapi

The OpenAPI v3 specification for DigitalOcean's public API.
JavaScript
104
star
35

sample-dockerfile

⛵ App Platform sample Docker application.
Go
92
star
36

container-blueprints

DigitalOcean Kubernetes(DOKS) Solution Blueprints
HCL
92
star
37

app_action

Deploy to DigitalOcean Container Registry and App Platform
Go
90
star
38

DOKS

Managed Kubernetes designed for simple and cost effective container orchestration.
80
star
39

pydo

Official DigitalOcean Python Client based on the DO OpenAPIv3 specification
Python
78
star
40

do-markdownit

Markdown-It plugin for the DigitalOcean Community.
JavaScript
77
star
41

do-operator

The Kubernetes Operator for DigitalOcean
Go
76
star
42

navigators-guide

Book and code examples that help to build infrastructure on DigitalOcean
Shell
76
star
43

sample-django

Django sample app for DigitalOcean App Platform
Python
76
star
44

logtalez

logtalez is a minimal command line client (and API) for retrieving log streams from the rsyslog logging daemon over zeromq.
Go
73
star
45

databases

66
star
46

sample-nodejs

⛵ App Platform sample Node.js application.
JavaScript
65
star
47

sample-nextjs

⛵ App Platform sample Next.js application.
JavaScript
61
star
48

debian-sys-maint-roll-passwd

Script to update password for MySQL user "debian-sys-maint"
Shell
58
star
49

sample-python

⛵ App Platform sample Python application.
Python
57
star
50

vmtop

Real-time monitoring of KVM/Qemu VMs
Python
54
star
51

kubecon-2022-doks-workshop

HCL
48
star
52

k8s-staticroute-operator

Create static routes for your k8s nodes using CRDs.
Python
48
star
53

sample-flask

Sample Flask Application to be deployed on DigitalOcean's App Platform
HTML
48
star
54

pgremapper

CLI tool for manipulating Ceph's upmap exception table.
Go
46
star
55

sample-laravel

⛵ App Platform sample Laravel application.
PHP
45
star
56

sample-golang

⛵ App Platform sample Golang application.
Go
40
star
57

sample-functions-nodejs-qrcode

HTML
39
star
58

sample-monorepo

Sample mono repo app (with multiple components) on the DigitalOcean App Platform.
Go
38
star
59

tos

DigitalOcean's Terms of Service agreement
37
star
60

droplet-agent

Droplet Agent is the daemon that runs on customer droplets to enable some features such as web console access.
Go
37
star
61

ansible-collection

DigitalOcean Ansible Collection
Python
34
star
62

sample-php

⛵ App Platform sample PHP application.
PHP
33
star
63

openvswitch_exporter

Command openvswitch_exporter implements a Prometheus exporter for Open vSwitch.
Go
32
star
64

sample-html

⛵ App Platform sample HTML application.
HTML
31
star
65

sample-functions-nodejs-helloworld

JavaScript
31
star
66

sample-react

⛵ App Platform sample React application.
JavaScript
30
star
67

mastodon-on-kubernetes

Setting up Mastodon on DigitalOcean Kubernetes
HCL
30
star
68

sample-functions-python-jokes

Python
30
star
69

flipop

Floating IP Controller for Kubernetes
Go
29
star
70

marketplace-pi-hole-vpn

Pi-hole VPN image for Marketplace with Unbound & Wireguard
Shell
29
star
71

sample-functions-golang-helloworld

Go
29
star
72

go-metadata

Go client for the metadata API.
Go
27
star
73

github-changelog-generator

A tool to generate changelog entries from GitHub repositories.
Go
26
star
74

omniauth-digitalocean

DigitalOcean OAuth2 Strategy for OmniAuth
Ruby
26
star
75

sample-push-to-deploy-doks

Push-to-deploy example using DOCR and DOKS
Python
25
star
76

netbox-ip-controller

A Kubernetes controller to import the IP addresses and metadata of pods and services into NetBox.
Go
25
star
77

sample-functions-python-helloworld

Python
23
star
78

terraform-vault-github-oidc

Terraform module to configure Vault for GitHub OIDC authentication from Action runners.
HCL
22
star
79

terraform-provider-sendgrid

Sendgrid Terraform Provider
Go
20
star
80

sample-expressjs

⛵ App Platform sample Express.js application.
19
star
81

sample-nuxtjs

⛵ App Platform sample Nuxt.js application.
Vue
19
star
82

production-ready-kubernetes-workshop

The repository for DigitalOcean's Production Ready Kubernetes Workshop
Python
18
star
83

sample-vuejs

⛵ App Platform sample Vue.js application.
Vue
17
star
84

sample-functions-python-twilio-sms

Sending sms via Twilio
Python
16
star
85

sample-functions-php-helloworld

A PHP helloworld sample function for Cloud Functions
PHP
15
star
86

sample-rails

⛵ App Platform sample Ruby on Rails application.
Ruby
15
star
87

sample-functions-php-numberstowords

PHP
15
star
88

sample-hugo

⛵ App Platform sample Hugo application.
15
star
89

sample-functions-python-sendgrid-email

Sending emails via Sendgrid API
Python
14
star
90

github-pr-resource

Github pull request resource for Concourse
Go
13
star
91

icingaweb2-module-netboximport

Icinga2 Director integration for Netbox
PHP
12
star
92

docker-shipit-engine

Docker image for https://github.com/Shopify/shipit-engine
Ruby
11
star
93

sample-functions-golang-presigned-url

Creating a presigned url for DO's Spaces
Go
10
star
94

digitalocean-ceph-lab

Terraform and Ansible automation to provision and configure a Ceph test environment on DigitalOcean.
HCL
10
star
95

k8s-adoption-journey

Hands-on tutorial for going from Day-1 to production on DigitalOcean Kubernetes. Goes with "Kubernetes Adoption Journey" document.
Python
9
star
96

sample-laravel-api

⛵ App Platform sample Laravel API application.
PHP
9
star
97

gnulib

A mirror of the gnulib portability and testing suite for internal builds that use it as a submodule
C
8
star
98

serverless-jamstack

Contains sample code for a serverless Jamstack tutorial published on docs.digitalocean.com
JavaScript
8
star
99

golang-slackbot

Composed slackbot golang function with 3 sample functions
Go
8
star
100

marketplace-blueprints

HCL
8
star