From cf10ecc371366c1e334dcf51e352a545e6a44afc Mon Sep 17 00:00:00 2001
From: "ryan-distrust.co" <ryan@hashbang.sh>
Date: Sat, 13 May 2023 01:31:07 -0400
Subject: [PATCH] k/digitalocean: place resources in vpc-id

---
 infra/main/main.tf                            |  4 ++
 .../cloud-controller-manager/resources.yaml   | 37 +++++++++++--------
 ....enc.yaml => digitalocean-config.enc.yaml} |  7 ++--
 .../digitalocean/kustomization.yaml           |  2 +-
 .../digitalocean/secret-generator.yaml        |  2 +-
 5 files changed, 31 insertions(+), 21 deletions(-)
 rename kustomizations/digitalocean/{digitalocean-token.enc.yaml => digitalocean-config.enc.yaml} (75%)

diff --git a/infra/main/main.tf b/infra/main/main.tf
index 557db4a..eb031e7 100644
--- a/infra/main/main.tf
+++ b/infra/main/main.tf
@@ -110,3 +110,7 @@ output "database" {
   value = module.digitalocean_database_cluster.database_cluster
   sensitive = true
 }
+
+output "vpc_id" {
+  value = digitalocean_vpc.main.id
+}
diff --git a/kustomizations/digitalocean/cloud-controller-manager/resources.yaml b/kustomizations/digitalocean/cloud-controller-manager/resources.yaml
index 869f707..4c4d880 100644
--- a/kustomizations/digitalocean/cloud-controller-manager/resources.yaml
+++ b/kustomizations/digitalocean/cloud-controller-manager/resources.yaml
@@ -18,28 +18,33 @@ spec:
       serviceAccountName: cloud-controller-manager
       priorityClassName: system-cluster-critical
       tolerations:
-        # this taint is set by all kubelets running `--cloud-provider=external`
-        # so we should tolerate it to schedule the digitalocean ccm
-        - key: "node.cloudprovider.kubernetes.io/uninitialized"
-          value: "true"
-          effect: "NoSchedule"
-        - key: "CriticalAddonsOnly"
-          operator: "Exists"
-        - key: "node-role.kubernetes.io/control-plane"
-          effect: NoSchedule
+      # this taint is set by all kubelets running `--cloud-provider=external`
+      # so we should tolerate it to schedule the digitalocean ccm
+      - key: "node.cloudprovider.kubernetes.io/uninitialized"
+        value: "true"
+        effect: "NoSchedule"
+      - key: "CriticalAddonsOnly"
+        operator: "Exists"
+      - key: "node-role.kubernetes.io/control-plane"
+        effect: NoSchedule
       containers:
       - image: digitalocean/digitalocean-cloud-controller-manager:v0.1.42
         name: digitalocean-cloud-controller-manager
         command:
-          - "/bin/digitalocean-cloud-controller-manager"
-          - "--leader-elect=false"
+        - "/bin/digitalocean-cloud-controller-manager"
+        - "--leader-elect=false"
         resources:
           requests:
             cpu: 100m
             memory: 50Mi
         env:
-          - name: DO_ACCESS_TOKEN
-            valueFrom:
-              secretKeyRef:
-                name: digitalocean
-                key: access-token
+        - name: DO_ACCESS_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: digitalocean
+              key: access-token
+        - name: DO_CLUSTER_VPC_ID
+          valueFrom:
+            secretKeyRef:
+              name: digitalocean
+              key: vpc-id
diff --git a/kustomizations/digitalocean/digitalocean-token.enc.yaml b/kustomizations/digitalocean/digitalocean-config.enc.yaml
similarity index 75%
rename from kustomizations/digitalocean/digitalocean-token.enc.yaml
rename to kustomizations/digitalocean/digitalocean-config.enc.yaml
index 289dd35..8613331 100644
--- a/kustomizations/digitalocean/digitalocean-token.enc.yaml
+++ b/kustomizations/digitalocean/digitalocean-config.enc.yaml
@@ -4,14 +4,15 @@ metadata:
     name: digitalocean
 stringData:
     access-token: ENC[AES256_GCM,data:SncEdDwS401k+njXftfwHM9Zb6+u4QdijjFWuXrzwlh8cjYa8Rz84SeRcjzwdXZFmJKBN83zH0nIpXzDy288wgL+1yeqQLk=,iv:DVSrIJtkcbOQoyZkb3P4lweVBHrJVDiI8+yO0AqSPS8=,tag:RKmJqay1ldCZZhJRa8EEdw==,type:str]
+    vpc-id: ENC[AES256_GCM,data:ZHqBS5AyTXikzaAAVgAZBVcTSphE9eO2GQfuhjaxiBqCQSGN,iv:0OogtBVicAGsbKUoD/lJ2lzrTPDuDT7jYztqz+xyNMM=,tag:MelJVnJepBehgLupdHzdKg==,type:str]
 sops:
     kms: []
     gcp_kms: []
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2023-05-10T23:42:01Z"
-    mac: ENC[AES256_GCM,data:hlsYbJptvkswHHQeH0MzxO0a52Sl84dBvsOdB4rSaEkmWpyblS9rpX1GZNIXrwEyj4A12V1lTAIclPAekP6a7ebBUhQzgonF3TjmdevusnSo63NExhbVV/ViJQG+wlFD65gB26e5VGy30vRUMDZk4s6Lhwa4pK7LvijsgKK3rq8=,iv:pK7FoKYF0s/NuUn+TY4nLhFIQAsG6gWTbGzuKOze0Fo=,tag:TXTbYfdHLNimFWzh6xUH+A==,type:str]
+    lastmodified: "2023-05-13T05:26:48Z"
+    mac: ENC[AES256_GCM,data:d4ZzlU1WT+h4PKspmThDct2XlpHbw8YLHwhGB73jOU1bLNPht6WUhcWD1mS5vhPKhdGa1fOB2reshJ6ueSkm8dhozcPNtHBt9cSKERVgQ8pcNF3DUET4iEp/pRY4YZ1Lr5gUzaos8hN9Gys8JpuTJR6axfOmlD75j0a3tKyLpq0=,iv:J8XxKp8WSmp7E2qR5dm1UmWWmNUotck21Jk6Lwp30K4=,tag:CLDhCsbaHb+2Rlnc2GEttQ==,type:str]
     pgp:
         - created_at: "2022-05-20T06:11:55Z"
           enc: |-
@@ -34,4 +35,4 @@ sops:
             -----END PGP MESSAGE-----
           fp: 88823A75ECAA786B0FF38B148E401478A3FBEF72
     encrypted_regex: ^(data|stringData)$
-    version: 3.7.2
+    version: 3.7.3
diff --git a/kustomizations/digitalocean/kustomization.yaml b/kustomizations/digitalocean/kustomization.yaml
index 065d75d..27588a7 100644
--- a/kustomizations/digitalocean/kustomization.yaml
+++ b/kustomizations/digitalocean/kustomization.yaml
@@ -1,7 +1,7 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: kube-system
-bases:
+resources:
 - cloud-controller-manager
 - csi-driver
 generators:
diff --git a/kustomizations/digitalocean/secret-generator.yaml b/kustomizations/digitalocean/secret-generator.yaml
index 74dc894..2476864 100644
--- a/kustomizations/digitalocean/secret-generator.yaml
+++ b/kustomizations/digitalocean/secret-generator.yaml
@@ -3,4 +3,4 @@ kind: ksops
 metadata:
   name: ksops
 files:
-- ./digitalocean-token.enc.yaml
+- ./digitalocean-config.enc.yaml