feat: add AWS CPI ConfigMap for v1.28 (nutanix-cloud-native#376)

Reusing the same chart version since there is [only
1](https://github.com/kubernetes/cloud-provider-aws/releases), but
setting the image version based on the tag.

Author: dkoshkin

charts/capi-runtime-extensions/templates/cpi/aws/manifests/aws-ebs-cpi-v1.28.1-configmap.yaml

@@ -0,0 +1,188 @@
+# Copyright 2023 D2iQ, Inc. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+#=================================================================
+#                 DO NOT EDIT THIS FILE
+#  IT HAS BEEN GENERATED BY /hack/addons/update-aws-cpi.sh
+#=================================================================
+apiVersion: v1
+data:
+  aws-cpi-v1.28.1.yaml: |
+    apiVersion: v1
+    kind: ServiceAccount
+    metadata:
+      labels:
+        helm.sh/chart: aws-cloud-controller-manager-0.0.8
+      name: cloud-controller-manager
+      namespace: kube-system
+    ---
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRole
+    metadata:
+      labels:
+        helm.sh/chart: aws-cloud-controller-manager-0.0.8
+      name: system:cloud-controller-manager
+    rules:
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - create
+      - patch
+      - update
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      verbs:
+      - '*'
+    - apiGroups:
+      - ""
+      resources:
+      - nodes/status
+      verbs:
+      - patch
+    - apiGroups:
+      - ""
+      resources:
+      - services
+      verbs:
+      - list
+      - patch
+      - update
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - services/status
+      verbs:
+      - list
+      - patch
+      - update
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - serviceaccounts
+      verbs:
+      - create
+    - apiGroups:
+      - ""
+      resources:
+      - persistentvolumes
+      verbs:
+      - get
+      - list
+      - update
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - endpoints
+      verbs:
+      - create
+      - get
+      - list
+      - watch
+      - update
+    - apiGroups:
+      - coordination.k8s.io
+      resources:
+      - leases
+      verbs:
+      - create
+      - get
+      - list
+      - watch
+      - update
+    - apiGroups:
+      - ""
+      resources:
+      - serviceaccounts/token
+      verbs:
+      - create
+    ---
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: RoleBinding
+    metadata:
+      labels:
+        helm.sh/chart: aws-cloud-controller-manager-0.0.8
+      name: cloud-controller-manager:apiserver-authentication-reader
+      namespace: kube-system
+    roleRef:
+      apiGroup: rbac.authorization.k8s.io
+      kind: Role
+      name: extension-apiserver-authentication-reader
+    subjects:
+    - apiGroup: ""
+      kind: ServiceAccount
+      name: cloud-controller-manager
+      namespace: kube-system
+    ---
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRoleBinding
+    metadata:
+      labels:
+        helm.sh/chart: aws-cloud-controller-manager-0.0.8
+      name: system:cloud-controller-manager
+    roleRef:
+      apiGroup: rbac.authorization.k8s.io
+      kind: ClusterRole
+      name: system:cloud-controller-manager
+    subjects:
+    - apiGroup: ""
+      kind: ServiceAccount
+      name: cloud-controller-manager
+      namespace: kube-system
+    ---
+    apiVersion: apps/v1
+    kind: DaemonSet
+    metadata:
+      labels:
+        helm.sh/chart: aws-cloud-controller-manager-0.0.8
+        k8s-app: aws-cloud-controller-manager
+      name: aws-cloud-controller-manager
+      namespace: kube-system
+    spec:
+      selector:
+        matchLabels:
+          k8s-app: aws-cloud-controller-manager
+      template:
+        metadata:
+          labels:
+            k8s-app: aws-cloud-controller-manager
+          name: aws-cloud-controller-manager
+        spec:
+          containers:
+          - args:
+            - --v=2
+            - --cloud-provider=aws
+            - --configure-cloud-routes=false
+            env: []
+            image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.28.1
+            name: aws-cloud-controller-manager
+            resources:
+              requests:
+                cpu: 200m
+            securityContext: {}
+          dnsPolicy: Default
+          nodeSelector:
+            node-role.kubernetes.io/control-plane: ""
+          priorityClassName: system-node-critical
+          securityContext: {}
+          serviceAccountName: cloud-controller-manager
+          tolerations:
+          - effect: NoSchedule
+            key: node.cloudprovider.kubernetes.io/uninitialized
+            value: "true"
+          - effect: NoSchedule
+            key: node-role.kubernetes.io/master
+          - effect: NoSchedule
+            key: node-role.kubernetes.io/control-plane
+      updateStrategy:
+        type: RollingUpdate
+kind: ConfigMap
+metadata:
+  creationTimestamp: null
+  name: aws-cpi-v1.28.1

hack/addons/kustomize/aws-cpi/kustomization.yaml.tmpl

@@ -11,7 +11,7 @@ helmCharts:
 - name: aws-cloud-controller-manager
   includeCRDs: true
   releaseName: aws-cloud-controller-manager
-  version: ${CHART_VERSION}
+  version: ${AWS_CPI_CHART_VERSION}
   repo: https://kubernetes.github.io/cloud-provider-aws
 
 patches:
@@ -21,3 +21,7 @@ patches:
       value: --configure-cloud-routes=false
   target:
     kind: DaemonSet
+
+images:
+- name: registry.k8s.io/provider-aws/cloud-controller-manager
+  newTag: ${AWS_CPI_VERSION}

hack/addons/update-aws-cpi.sh

@@ -9,6 +9,9 @@ readonly SCRIPT_DIR
 source "${SCRIPT_DIR}/../common.sh"
 
 AWS_CPI_VERSION=$1
+export AWS_CPI_VERSION
+AWS_CPI_CHART_VERSION=$2
+export AWS_CPI_CHART_VERSION
 
 if [ -z "${AWS_CPI_VERSION:-}" ]; then
   echo "Missing argument: AWS_CPI_VERSION"
@@ -19,11 +22,6 @@ ASSETS_DIR="$(mktemp -d -p "${TMPDIR:-/tmp}")"
 readonly ASSETS_DIR
 trap_add "rm -rf ${ASSETS_DIR}" EXIT
 
-export CHART_VERSION=""
-if [ "${AWS_CPI_VERSION}" = "1.27.1" ]; then
-  CHART_VERSION="0.0.8"
-fi
-
 readonly KUSTOMIZE_BASE_DIR="${SCRIPT_DIR}/kustomize/aws-cpi/"
 envsubst -no-unset <"${KUSTOMIZE_BASE_DIR}/kustomization.yaml.tmpl" >"${ASSETS_DIR}/kustomization.yaml"
 

make/addons.mk

@@ -6,7 +6,11 @@ export CILIUM_VERSION := $(shell goprintconst -file pkg/handlers/generic/lifecyc
 export NODE_FEATURE_DISCOVERY_VERSION := 0.14.1
 export AWS_CSI_SNAPSHOT_CONTROLLER_VERSION := v6.3.0
 export AWS_EBS_CSI_VERSION := v1.25.0
+# a map of AWS CPI versions
 export AWS_CPI_VERSION_127 := v1.27.1
+export AWS_CPI_CHART_VERSION_127 := 0.0.8
+export AWS_CPI_VERSION_128 := v1.28.1
+export AWS_CPI_CHART_VERSION_128 := 0.0.8
 
 addons.sync: $(addprefix update-addon.,calico cilium nfd aws-ebs-csi)
 
@@ -26,6 +30,6 @@ update-addon.nfd: ; $(info $(M) updating node feature discovery manifests)
 update-addon.aws-ebs-csi: ; $(info $(M) updating aws ebs csi manifests)
 	./hack/addons/update-aws-ebs-csi.sh
 
-.PHONY: update-addon.aws-cpi.127
-update-addon.aws-cpi.127: ; $(info $(M) updating aws cpi manifests)
-	./hack/addons/update-aws-cpi.sh $(AWS_CPI_VERSION_127)
+.PHONY: update-addon.aws-cpi.%
+update-addon.aws-cpi.%: ; $(info $(M) updating aws cpi manifests)
+	./hack/addons/update-aws-cpi.sh $(AWS_CPI_VERSION_$*) $(AWS_CPI_CHART_VERSION_$*)

pkg/handlers/generic/lifecycle/cpi/aws/handler.go

@@ -36,6 +36,7 @@ func (a *AWSCPIConfig) AddFlags(prefix string, flags *pflag.FlagSet) {
 		prefix+".default-aws-cpi-configmap-names",
 		map[string]string{
 			"1.27": "aws-cpi-v1.27.1",
+			"1.28": "aws-cpi-v1.28.1",
 		},
 		"map of provider cluster implementation type to default installation ConfigMap name",
 	)