k/digitalocean: place resources in vpc-id

infra/main/main.tf

@@ -110,3 +110,7 @@ output "database" {
   value = module.digitalocean_database_cluster.database_cluster
   sensitive = true
 }
+
+output "vpc_id" {
+  value = digitalocean_vpc.main.id
+}

kustomizations/digitalocean/cloud-controller-manager/resources.yaml

@@ -18,28 +18,33 @@ spec:
       serviceAccountName: cloud-controller-manager
       priorityClassName: system-cluster-critical
       tolerations:
-        # this taint is set by all kubelets running `--cloud-provider=external`
-        # so we should tolerate it to schedule the digitalocean ccm
-        - key: "node.cloudprovider.kubernetes.io/uninitialized"
-          value: "true"
-          effect: "NoSchedule"
-        - key: "CriticalAddonsOnly"
-          operator: "Exists"
-        - key: "node-role.kubernetes.io/control-plane"
-          effect: NoSchedule
+      # this taint is set by all kubelets running `--cloud-provider=external`
+      # so we should tolerate it to schedule the digitalocean ccm
+      - key: "node.cloudprovider.kubernetes.io/uninitialized"
+        value: "true"
+        effect: "NoSchedule"
+      - key: "CriticalAddonsOnly"
+        operator: "Exists"
+      - key: "node-role.kubernetes.io/control-plane"
+        effect: NoSchedule
       containers:
       - image: digitalocean/digitalocean-cloud-controller-manager:v0.1.42
         name: digitalocean-cloud-controller-manager
         command:
-          - "/bin/digitalocean-cloud-controller-manager"
-          - "--leader-elect=false"
+        - "/bin/digitalocean-cloud-controller-manager"
+        - "--leader-elect=false"
         resources:
           requests:
             cpu: 100m
             memory: 50Mi
         env:
-          - name: DO_ACCESS_TOKEN
-            valueFrom:
-              secretKeyRef:
-                name: digitalocean
-                key: access-token
+        - name: DO_ACCESS_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: digitalocean
+              key: access-token
+        - name: DO_CLUSTER_VPC_ID
+          valueFrom:
+            secretKeyRef:
+              name: digitalocean
+              key: vpc-id

kustomizations/digitalocean/digitalocean-config.enc.yaml

@@ -4,14 +4,15 @@ metadata:
     name: digitalocean
 stringData:
     access-token: ENC[AES256_GCM,data:SncEdDwS401k+njXftfwHM9Zb6+u4QdijjFWuXrzwlh8cjYa8Rz84SeRcjzwdXZFmJKBN83zH0nIpXzDy288wgL+1yeqQLk=,iv:DVSrIJtkcbOQoyZkb3P4lweVBHrJVDiI8+yO0AqSPS8=,tag:RKmJqay1ldCZZhJRa8EEdw==,type:str]
+    vpc-id: ENC[AES256_GCM,data:ZHqBS5AyTXikzaAAVgAZBVcTSphE9eO2GQfuhjaxiBqCQSGN,iv:0OogtBVicAGsbKUoD/lJ2lzrTPDuDT7jYztqz+xyNMM=,tag:MelJVnJepBehgLupdHzdKg==,type:str]
 sops:
     kms: []
     gcp_kms: []
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2023-05-10T23:42:01Z"
-    mac: ENC[AES256_GCM,data:hlsYbJptvkswHHQeH0MzxO0a52Sl84dBvsOdB4rSaEkmWpyblS9rpX1GZNIXrwEyj4A12V1lTAIclPAekP6a7ebBUhQzgonF3TjmdevusnSo63NExhbVV/ViJQG+wlFD65gB26e5VGy30vRUMDZk4s6Lhwa4pK7LvijsgKK3rq8=,iv:pK7FoKYF0s/NuUn+TY4nLhFIQAsG6gWTbGzuKOze0Fo=,tag:TXTbYfdHLNimFWzh6xUH+A==,type:str]
+    lastmodified: "2023-05-13T05:26:48Z"
+    mac: ENC[AES256_GCM,data:d4ZzlU1WT+h4PKspmThDct2XlpHbw8YLHwhGB73jOU1bLNPht6WUhcWD1mS5vhPKhdGa1fOB2reshJ6ueSkm8dhozcPNtHBt9cSKERVgQ8pcNF3DUET4iEp/pRY4YZ1Lr5gUzaos8hN9Gys8JpuTJR6axfOmlD75j0a3tKyLpq0=,iv:J8XxKp8WSmp7E2qR5dm1UmWWmNUotck21Jk6Lwp30K4=,tag:CLDhCsbaHb+2Rlnc2GEttQ==,type:str]
     pgp:
         - created_at: "2022-05-20T06:11:55Z"
           enc: |-
@@ -34,4 +35,4 @@ sops:
             -----END PGP MESSAGE-----
           fp: 88823A75ECAA786B0FF38B148E401478A3FBEF72
     encrypted_regex: ^(data|stringData)$
-    version: 3.7.2
+    version: 3.7.3

kustomizations/digitalocean/kustomization.yaml

@@ -1,7 +1,7 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: kube-system
-bases:
+resources:
 - cloud-controller-manager
 - csi-driver
 generators:

kustomizations/digitalocean/secret-generator.yaml

@@ -3,4 +3,4 @@ kind: ksops
 metadata:
   name: ksops
 files:
-- ./digitalocean-token.enc.yaml
+- ./digitalocean-config.enc.yaml