feat: Update AWS CCM versions

Use latest versions available and only use Helm values to set image name and args.

Author: jimmidyson

charts/cluster-api-runtime-extensions-nutanix/templates/ccm/aws/manifests/aws-ccm-v1.27.1-configmap.yaml renamed to charts/cluster-api-runtime-extensions-nutanix/templates/ccm/aws/manifests/aws-ccm-v1.27.8-configmap.yaml

@@ -7,7 +7,7 @@
 #=================================================================
 apiVersion: v1
 data:
-  aws-ccm-v1.27.1.yaml: |
+  aws-ccm-v1.27.8.yaml: |
     apiVersion: v1
     kind: ServiceAccount
     metadata:
@@ -160,7 +160,7 @@ data:
             - --cloud-provider=aws
             - --configure-cloud-routes=false
             env: []
-            image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.27.1
+            image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.27.8
             name: aws-cloud-controller-manager
             resources:
               requests:
@@ -186,4 +186,4 @@ data:
 kind: ConfigMap
 metadata:
   creationTimestamp: null
-  name: aws-ccm-v1.27.1
+  name: aws-ccm-v1.27.8

charts/cluster-api-runtime-extensions-nutanix/templates/ccm/aws/manifests/aws-ccm-v1.28.1-configmap.yaml renamed to charts/cluster-api-runtime-extensions-nutanix/templates/ccm/aws/manifests/aws-ccm-v1.28.7-configmap.yaml

@@ -7,7 +7,7 @@
 #=================================================================
 apiVersion: v1
 data:
-  aws-ccm-v1.28.1.yaml: |
+  aws-ccm-v1.28.7.yaml: |
     apiVersion: v1
     kind: ServiceAccount
     metadata:
@@ -160,7 +160,7 @@ data:
             - --cloud-provider=aws
             - --configure-cloud-routes=false
             env: []
-            image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.28.1
+            image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.28.7
             name: aws-cloud-controller-manager
             resources:
               requests:
@@ -186,4 +186,4 @@ data:
 kind: ConfigMap
 metadata:
   creationTimestamp: null
-  name: aws-ccm-v1.28.1
+  name: aws-ccm-v1.28.7

charts/cluster-api-runtime-extensions-nutanix/templates/ccm/aws/manifests/aws-ccm-v1.29.2-configmap.yaml renamed to charts/cluster-api-runtime-extensions-nutanix/templates/ccm/aws/manifests/aws-ccm-v1.29.4-configmap.yaml

@@ -7,7 +7,7 @@
 #=================================================================
 apiVersion: v1
 data:
-  aws-ccm-v1.29.2.yaml: |
+  aws-ccm-v1.29.4.yaml: |
     apiVersion: v1
     kind: ServiceAccount
     metadata:
@@ -160,7 +160,7 @@ data:
             - --cloud-provider=aws
             - --configure-cloud-routes=false
             env: []
-            image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.29.2
+            image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.29.4
             name: aws-cloud-controller-manager
             resources:
               requests:
@@ -186,4 +186,4 @@ data:
 kind: ConfigMap
 metadata:
   creationTimestamp: null
-  name: aws-ccm-v1.29.2
+  name: aws-ccm-v1.29.4

charts/cluster-api-runtime-extensions-nutanix/templates/ccm/aws/manifests/aws-ccm-v1.30.1-configmap.yaml

@@ -0,0 +1,189 @@
+# Copyright 2024 Nutanix. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+#=================================================================
+#                 DO NOT EDIT THIS FILE
+#  IT HAS BEEN GENERATED BY /hack/addons/update-aws-ccm.sh
+#=================================================================
+apiVersion: v1
+data:
+  aws-ccm-v1.30.1.yaml: |
+    apiVersion: v1
+    kind: ServiceAccount
+    metadata:
+      labels:
+        helm.sh/chart: aws-cloud-controller-manager-0.0.8
+      name: cloud-controller-manager
+      namespace: kube-system
+    ---
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRole
+    metadata:
+      labels:
+        helm.sh/chart: aws-cloud-controller-manager-0.0.8
+      name: system:cloud-controller-manager
+    rules:
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - create
+      - patch
+      - update
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      verbs:
+      - '*'
+    - apiGroups:
+      - ""
+      resources:
+      - nodes/status
+      verbs:
+      - patch
+    - apiGroups:
+      - ""
+      resources:
+      - services
+      verbs:
+      - list
+      - patch
+      - update
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - services/status
+      verbs:
+      - list
+      - patch
+      - update
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - serviceaccounts
+      verbs:
+      - create
+    - apiGroups:
+      - ""
+      resources:
+      - persistentvolumes
+      verbs:
+      - get
+      - list
+      - update
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - endpoints
+      verbs:
+      - create
+      - get
+      - list
+      - watch
+      - update
+    - apiGroups:
+      - coordination.k8s.io
+      resources:
+      - leases
+      verbs:
+      - create
+      - get
+      - list
+      - watch
+      - update
+    - apiGroups:
+      - ""
+      resources:
+      - serviceaccounts/token
+      verbs:
+      - create
+    ---
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: RoleBinding
+    metadata:
+      labels:
+        helm.sh/chart: aws-cloud-controller-manager-0.0.8
+      name: cloud-controller-manager:apiserver-authentication-reader
+      namespace: kube-system
+    roleRef:
+      apiGroup: rbac.authorization.k8s.io
+      kind: Role
+      name: extension-apiserver-authentication-reader
+    subjects:
+    - apiGroup: ""
+      kind: ServiceAccount
+      name: cloud-controller-manager
+      namespace: kube-system
+    ---
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRoleBinding
+    metadata:
+      labels:
+        helm.sh/chart: aws-cloud-controller-manager-0.0.8
+      name: system:cloud-controller-manager
+    roleRef:
+      apiGroup: rbac.authorization.k8s.io
+      kind: ClusterRole
+      name: system:cloud-controller-manager
+    subjects:
+    - apiGroup: ""
+      kind: ServiceAccount
+      name: cloud-controller-manager
+      namespace: kube-system
+    ---
+    apiVersion: apps/v1
+    kind: DaemonSet
+    metadata:
+      labels:
+        helm.sh/chart: aws-cloud-controller-manager-0.0.8
+        k8s-app: aws-cloud-controller-manager
+      name: aws-cloud-controller-manager
+      namespace: kube-system
+    spec:
+      selector:
+        matchLabels:
+          k8s-app: aws-cloud-controller-manager
+      template:
+        metadata:
+          labels:
+            k8s-app: aws-cloud-controller-manager
+          name: aws-cloud-controller-manager
+        spec:
+          containers:
+          - args:
+            - --v=2
+            - --cloud-provider=aws
+            - --configure-cloud-routes=false
+            env: []
+            image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.30.1
+            name: aws-cloud-controller-manager
+            resources:
+              requests:
+                cpu: 200m
+            securityContext: {}
+          dnsPolicy: Default
+          hostNetwork: true
+          nodeSelector:
+            node-role.kubernetes.io/control-plane: ""
+          priorityClassName: system-node-critical
+          securityContext: {}
+          serviceAccountName: cloud-controller-manager
+          tolerations:
+          - effect: NoSchedule
+            key: node.cloudprovider.kubernetes.io/uninitialized
+            value: "true"
+          - effect: NoSchedule
+            key: node-role.kubernetes.io/master
+          - effect: NoSchedule
+            key: node-role.kubernetes.io/control-plane
+      updateStrategy:
+        type: RollingUpdate
+kind: ConfigMap
+metadata:
+  creationTimestamp: null
+  name: aws-ccm-v1.30.1

hack/addons/kustomize/aws-ccm/helm-values.yaml

@@ -10,3 +10,8 @@
 # Using hostNetworking allows the AWS CCM to start before the Calico Pods.
 # The upstream CAPA templates are also already using hostNetworking for the CCM Pods.
 hostNetworking: true
+
+args:
+  - --v=2
+  - --cloud-provider=aws
+  - --configure-cloud-routes=false

hack/addons/kustomize/aws-ccm/kustomization.yaml.tmpl

@@ -12,18 +12,9 @@ helmCharts:
   repo: https://kubernetes.github.io/cloud-provider-aws
   releaseName: aws-cloud-controller-manager
   version: ${AWS_CCM_CHART_VERSION}
-  valuesFile: helm-values.yaml
   includeCRDs: true
   skipTests: true
-
-patches:
-- patch: |-
-    - op: add
-      path: /spec/template/spec/containers/0/args/-
-      value: --configure-cloud-routes=false
-  target:
-    kind: DaemonSet
-
-images:
-- name: registry.k8s.io/provider-aws/cloud-controller-manager
-  newTag: ${AWS_CCM_VERSION}
+  valuesFile: helm-values.yaml
+  valuesInline:
+    image:
+      tag: ${AWS_CCM_VERSION}

make/addons.mk

@@ -10,13 +10,14 @@ export AWS_EBS_CSI_CHART_VERSION := v2.28.1
 export NUTANIX_STORAGE_CSI_CHART_VERSION := 3.0.0-beta.1912
 export NUTANIX_SNAPSHOT_CSI_CHART_VERSION := 6.3.2
 export LOCAL_PATH_CSI_CHART_VERSION := 0.0.29
-# a map of AWS CCM versions
-export AWS_CCM_VERSION_127 := v1.27.1
-export AWS_CCM_CHART_VERSION_127 := 0.0.8
-export AWS_CCM_VERSION_128 := v1.28.1
-export AWS_CCM_CHART_VERSION_128 := 0.0.8
-export AWS_CCM_VERSION_129 := v1.29.2
-export AWS_CCM_CHART_VERSION_129 := 0.0.8
+# AWS CCM uses the same chart version for all kubernetes versions. The image used in the deployment will
+# be updated by the addon kustomization for CRS deployments and via Helm values for HelmAddon deployments.
+export AWS_CCM_CHART_VERSION := 0.0.8
+# A map of AWS CCM versions.
+export AWS_CCM_VERSION_127 := v1.27.8
+export AWS_CCM_VERSION_128 := v1.28.7
+export AWS_CCM_VERSION_129 := v1.29.4
+export AWS_CCM_VERSION_130 := v1.30.1
 
 export NUTANIX_CCM_CHART_VERSION := 0.3.3
 
@@ -25,7 +26,7 @@ export KUBE_VIP_VERSION := v0.8.0
 export METALLB_CHART_VERSION := 0.14.5
 
 .PHONY: addons.sync
-addons.sync: $(addprefix update-addon.,calico cilium nfd cluster-autoscaler aws-ebs-csi aws-ccm.127 aws-ccm.128 aws-ccm.129 kube-vip)
+addons.sync: $(addprefix update-addon.,calico cilium nfd cluster-autoscaler aws-ebs-csi aws-ccm.127 aws-ccm.128 aws-ccm.129 aws-ccm.130 kube-vip)
 
 .PHONY: update-addon.calico
 update-addon.calico: ; $(info $(M) updating calico manifests)
@@ -53,7 +54,7 @@ update-addon.local-path-provisioner-csi: ; $(info $(M) updating local-path-provi
 
 .PHONY: update-addon.aws-ccm.%
 update-addon.aws-ccm.%: ; $(info $(M) updating aws ccm $* manifests)
-	./hack/addons/update-aws-ccm.sh $(AWS_CCM_VERSION_$*) $(AWS_CCM_CHART_VERSION_$*)
+	./hack/addons/update-aws-ccm.sh $(AWS_CCM_VERSION_$*) $(AWS_CCM_CHART_VERSION)
 
 .PHONY: update-addon.kube-vip
 update-addon.kube-vip: ; $(info $(M) updating kube-vip manifests)

pkg/handlers/generic/lifecycle/ccm/aws/handler.go

@@ -32,9 +32,10 @@ func (a *AWSCCMConfig) AddFlags(prefix string, flags *pflag.FlagSet) {
 		&a.kubernetesMinorVersionToCCMConfigMapNames,
 		prefix+".default-aws-ccm-configmap-names",
 		map[string]string{
-			"1.27": "aws-ccm-v1.27.1",
-			"1.28": "aws-ccm-v1.28.1",
-			"1.29": "aws-ccm-v1.29.2",
+			"1.27": "aws-ccm-v1.27.8",
+			"1.28": "aws-ccm-v1.28.7",
+			"1.29": "aws-ccm-v1.29.4",
+			"1.30": "aws-ccm-v1.30.1",
 		},
 		"map of provider cluster implementation type to default installation ConfigMap name",
 	)

pkg/handlers/generic/lifecycle/ccm/aws/handler_test.go

@@ -53,7 +53,7 @@ spec:
         - --cloud-provider=aws
         - --configure-cloud-routes=false
         env: []
-        image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.27.1
+        image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.27.8
         name: aws-cloud-controller-manager
         resources:
           requests:
@@ -87,11 +87,11 @@ func Test_generateCCMConfigMapForCluster(t *testing.T) {
 			name: "Can set cluster name in arguments",
 			startConfigMap: &corev1.ConfigMap{
 				ObjectMeta: metav1.ObjectMeta{
-					Name:      "aws-ccm-v1.27.1",
+					Name:      "aws-ccm-v1.27.8",
 					Namespace: "default",
 				},
 				Data: map[string]string{
-					"aws-ccm-v1.27.1.yaml": startAWSCCMConfigMap,
+					"aws-ccm-v1.27.8.yaml": startAWSCCMConfigMap,
 				},
 			},
 			cluster: &clusterv1.Cluster{