add missing rbac roles and don't run gkenetparamset controller

pkg/model/components/gcpcloudcontrollermanager.go

@@ -61,21 +61,14 @@ func (b *GCPCloudControllerManagerOptionsBuilder) BuildOptions(options interface
 	}
 
 	if ccmConfig.Controllers == nil {
-		var changes []string
-
-		// Don't run gkenetworkparamset controller, looks for some CRDs (GKENetworkParamSet and Network) which are only installed on GKE
-		// However, the version we're current running doesn't support this controller anyway, so we need to introduce this later,
-		// possibly based on the image version.
-		// changes = append(ccmConfig.Controllers, "-gkenetworkparams")
+		changes := []string{"*,-gkenetworkparamset"}
 
 		// Turn off some controllers if kops-controller is running them
 		if clusterSpec.IsKopsControllerIPAM() {
-			changes = append(ccmConfig.Controllers, "-nodeipam", "-route")
+			changes = append(changes, "-nodeipam", "-route")
 		}
 
-		if len(changes) != 0 {
-			ccmConfig.Controllers = append([]string{"*"}, changes...)
-		}
+		ccmConfig.Controllers = changes
 	}
 
 	if ccmConfig.Image == "" {

tests/integration/update_cluster/ha_gce/data/aws_s3_object_cluster-completed.spec_content

@@ -20,6 +20,8 @@ spec:
     cidrAllocatorType: CloudAllocator
     clusterCIDR: 100.96.0.0/11
     clusterName: ha-gce-example-com
+    controllers:
+    - '*,-gkenetworkparamset'
     image: registry.k8s.io/cloud-provider-gcp/cloud-controller-manager:v26.2.4
     leaderElection:
       leaderElect: true

tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-bootstrap_content

@@ -62,7 +62,7 @@ spec:
     version: 9.99.0
   - id: k8s-1.23
     manifest: gcp-cloud-controller.addons.k8s.io/k8s-1.23.yaml
-    manifestHash: b9fd0b9dde71d34a4c73ebbff89ecfefd6286232846afcdd1a2d09491900d886
+    manifestHash: dacbfa4c544a4b20b9354355f260c0513352d99830e549dcf78962e089d3bcd8
     name: gcp-cloud-controller.addons.k8s.io
     prune:
       kinds:

tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-gcp-cloud-controller.addons.k8s.io-k8s-1.23_content

@@ -37,6 +37,7 @@ spec:
         - --cidr-allocator-type=CloudAllocator
         - --cluster-cidr=100.96.0.0/11
         - --cluster-name=ha-gce-example-com
+        - --controllers=*,-gkenetworkparamset
         - --leader-elect=true
         - --v=2
         - --cloud-provider=gce
@@ -147,6 +148,13 @@ rules:
   - create
   - patch
   - update
+- apiGroups:
+  - ""
+  resources:
+  - services/status
+  verbs:
+  - patch
+  - update
 - apiGroups:
   - coordination.k8s.io
   resources:
@@ -252,6 +260,8 @@ rules:
   resources:
   - configmaps
   verbs:
+  - create
+  - patch
   - get
   - update
 
@@ -350,8 +360,7 @@ roleRef:
   kind: ClusterRole
   name: system:cloud-controller-manager
 subjects:
-- apiGroup: ""
-  kind: ServiceAccount
+- kind: ServiceAccount
   name: cloud-controller-manager
   namespace: kube-system
 

tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_cluster-completed.spec_content

@@ -22,6 +22,8 @@ spec:
     cidrAllocatorType: CloudAllocator
     clusterCIDR: 100.96.0.0/11
     clusterName: minimal-example-com
+    controllers:
+    - '*,-gkenetworkparamset'
     image: registry.k8s.io/cloud-provider-gcp/cloud-controller-manager:v26.2.4
     leaderElection:
       leaderElect: true

tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-bootstrap_content

@@ -133,7 +133,7 @@ spec:
     version: 9.99.0
   - id: k8s-1.23
     manifest: gcp-cloud-controller.addons.k8s.io/k8s-1.23.yaml
-    manifestHash: e40e89303c4872972482abd7a438cec5b374ea8afb3e69d2230c7835b59c2d33
+    manifestHash: 9e80ca766c56a45af5a93a49a067740cf9d35716b95d300ac6f4aa08384f3544
     name: gcp-cloud-controller.addons.k8s.io
     prune:
       kinds:

tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-gcp-cloud-controller.addons.k8s.io-k8s-1.23_content

@@ -37,6 +37,7 @@ spec:
         - --cidr-allocator-type=CloudAllocator
         - --cluster-cidr=100.96.0.0/11
         - --cluster-name=minimal-example-com
+        - --controllers=*,-gkenetworkparamset
         - --leader-elect=true
         - --v=2
         - --cloud-provider=gce
@@ -147,6 +148,13 @@ rules:
   - create
   - patch
   - update
+- apiGroups:
+  - ""
+  resources:
+  - services/status
+  verbs:
+  - patch
+  - update
 - apiGroups:
   - coordination.k8s.io
   resources:
@@ -252,6 +260,8 @@ rules:
   resources:
   - configmaps
   verbs:
+  - create
+  - patch
   - get
   - update
 
@@ -350,8 +360,7 @@ roleRef:
   kind: ClusterRole
   name: system:cloud-controller-manager
 subjects:
-- apiGroup: ""
-  kind: ServiceAccount
+- kind: ServiceAccount
   name: cloud-controller-manager
   namespace: kube-system
 

tests/integration/update_cluster/minimal_gce/data/aws_s3_object_cluster-completed.spec_content

@@ -20,6 +20,8 @@ spec:
     cidrAllocatorType: CloudAllocator
     clusterCIDR: 100.96.0.0/11
     clusterName: minimal-gce-example-com
+    controllers:
+    - '*,-gkenetworkparamset'
     image: registry.k8s.io/cloud-provider-gcp/cloud-controller-manager:v26.2.4
     leaderElection:
       leaderElect: true

tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-bootstrap_content

@@ -62,7 +62,7 @@ spec:
     version: 9.99.0
   - id: k8s-1.23
     manifest: gcp-cloud-controller.addons.k8s.io/k8s-1.23.yaml
-    manifestHash: 447139a03ae68fa785c155f0ec4bb0bc38cdb657fda9687039013d3e2353ab6d
+    manifestHash: f6318f9f355302147958c18f744391cb59d0642d3002451b7ca84d1e1210f49a
     name: gcp-cloud-controller.addons.k8s.io
     prune:
       kinds:

tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-gcp-cloud-controller.addons.k8s.io-k8s-1.23_content

@@ -37,6 +37,7 @@ spec:
         - --cidr-allocator-type=CloudAllocator
         - --cluster-cidr=100.96.0.0/11
         - --cluster-name=minimal-gce-example-com
+        - --controllers=*,-gkenetworkparamset
         - --leader-elect=true
         - --v=2
         - --cloud-provider=gce
@@ -147,6 +148,13 @@ rules:
   - create
   - patch
   - update
+- apiGroups:
+  - ""
+  resources:
+  - services/status
+  verbs:
+  - patch
+  - update
 - apiGroups:
   - coordination.k8s.io
   resources:
@@ -252,6 +260,8 @@ rules:
   resources:
   - configmaps
   verbs:
+  - create
+  - patch
   - get
   - update
 
@@ -350,8 +360,7 @@ roleRef:
   kind: ClusterRole
   name: system:cloud-controller-manager
 subjects:
-- apiGroup: ""
-  kind: ServiceAccount
+- kind: ServiceAccount
   name: cloud-controller-manager
   namespace: kube-system
 

tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_cluster-completed.spec_content

@@ -24,6 +24,8 @@ spec:
     cidrAllocatorType: CloudAllocator
     clusterCIDR: 100.96.0.0/11
     clusterName: minimal-gce-example-com
+    controllers:
+    - '*,-gkenetworkparamset'
     image: registry.k8s.io/cloud-provider-gcp/cloud-controller-manager:v26.2.4
     leaderElection:
       leaderElect: true

tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-bootstrap_content

@@ -55,7 +55,7 @@ spec:
     version: 9.99.0
   - id: k8s-1.23
     manifest: gcp-cloud-controller.addons.k8s.io/k8s-1.23.yaml
-    manifestHash: 447139a03ae68fa785c155f0ec4bb0bc38cdb657fda9687039013d3e2353ab6d
+    manifestHash: f6318f9f355302147958c18f744391cb59d0642d3002451b7ca84d1e1210f49a
     name: gcp-cloud-controller.addons.k8s.io
     prune:
       kinds:

tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-gcp-cloud-controller.addons.k8s.io-k8s-1.23_content

@@ -37,6 +37,7 @@ spec:
         - --cidr-allocator-type=CloudAllocator
         - --cluster-cidr=100.96.0.0/11
         - --cluster-name=minimal-gce-example-com
+        - --controllers=*,-gkenetworkparamset
         - --leader-elect=true
         - --v=2
         - --cloud-provider=gce
@@ -147,6 +148,13 @@ rules:
   - create
   - patch
   - update
+- apiGroups:
+  - ""
+  resources:
+  - services/status
+  verbs:
+  - patch
+  - update
 - apiGroups:
   - coordination.k8s.io
   resources:
@@ -252,6 +260,8 @@ rules:
   resources:
   - configmaps
   verbs:
+  - create
+  - patch
   - get
   - update
 
@@ -350,8 +360,7 @@ roleRef:
   kind: ClusterRole
   name: system:cloud-controller-manager
 subjects:
-- apiGroup: ""
-  kind: ServiceAccount
+- kind: ServiceAccount
   name: cloud-controller-manager
   namespace: kube-system
 

tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_cluster-completed.spec_content

@@ -24,6 +24,8 @@ spec:
     cidrAllocatorType: CloudAllocator
     clusterCIDR: 100.96.0.0/11
     clusterName: minimal-gce-ilb-example-com
+    controllers:
+    - '*,-gkenetworkparamset'
     image: registry.k8s.io/cloud-provider-gcp/cloud-controller-manager:v26.2.4
     leaderElection:
       leaderElect: true

tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-bootstrap_content

@@ -62,7 +62,7 @@ spec:
     version: 9.99.0
   - id: k8s-1.23
     manifest: gcp-cloud-controller.addons.k8s.io/k8s-1.23.yaml
-    manifestHash: f3c98b2b2ad3b91f4b82a97af7d8d58411166ac29e8a04cb04905a81ffb16ad9
+    manifestHash: e28ca21950fe4c0bdd94348e91a89594c68be7e95059dbdfb0a043e33abeb0fc
     name: gcp-cloud-controller.addons.k8s.io
     prune:
       kinds:

tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-gcp-cloud-controller.addons.k8s.io-k8s-1.23_content

@@ -37,6 +37,7 @@ spec:
         - --cidr-allocator-type=CloudAllocator
         - --cluster-cidr=100.96.0.0/11
         - --cluster-name=minimal-gce-ilb-example-com
+        - --controllers=*,-gkenetworkparamset
         - --leader-elect=true
         - --v=2
         - --cloud-provider=gce
@@ -147,6 +148,13 @@ rules:
   - create
   - patch
   - update
+- apiGroups:
+  - ""
+  resources:
+  - services/status
+  verbs:
+  - patch
+  - update
 - apiGroups:
   - coordination.k8s.io
   resources:
@@ -252,6 +260,8 @@ rules:
   resources:
   - configmaps
   verbs:
+  - create
+  - patch
   - get
   - update
 
@@ -350,8 +360,7 @@ roleRef:
   kind: ClusterRole
   name: system:cloud-controller-manager
 subjects:
-- apiGroup: ""
-  kind: ServiceAccount
+- kind: ServiceAccount
   name: cloud-controller-manager
   namespace: kube-system
 

tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_cluster-completed.spec_content

@@ -24,6 +24,8 @@ spec:
     cidrAllocatorType: CloudAllocator
     clusterCIDR: 100.96.0.0/11
     clusterName: minimal-gce-with-a-very-very-very-very-very-long-name-example-com
+    controllers:
+    - '*,-gkenetworkparamset'
     image: registry.k8s.io/cloud-provider-gcp/cloud-controller-manager:v26.2.4
     leaderElection:
       leaderElect: true

tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-bootstrap_content

@@ -62,7 +62,7 @@ spec:
     version: 9.99.0
   - id: k8s-1.23
     manifest: gcp-cloud-controller.addons.k8s.io/k8s-1.23.yaml
-    manifestHash: 04674610fafbf0bf7a284d39cd3bb8c5fc5e3ff1707c218cb235d60debaf536b
+    manifestHash: 854e64edebc744f2d8e7ee5dff7342e3a7f5ba3dd385a2446a4c6e10fe9c23f3
     name: gcp-cloud-controller.addons.k8s.io
     prune:
       kinds:

tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-gcp-cloud-controller.addons.k8s.io-k8s-1.23_content

@@ -37,6 +37,7 @@ spec:
         - --cidr-allocator-type=CloudAllocator
         - --cluster-cidr=100.96.0.0/11
         - --cluster-name=minimal-gce-with-a-very-very-very-very-very-long-name-example-com
+        - --controllers=*,-gkenetworkparamset
         - --leader-elect=true
         - --v=2
         - --cloud-provider=gce
@@ -147,6 +148,13 @@ rules:
   - create
   - patch
   - update
+- apiGroups:
+  - ""
+  resources:
+  - services/status
+  verbs:
+  - patch
+  - update
 - apiGroups:
   - coordination.k8s.io
   resources:
@@ -252,6 +260,8 @@ rules:
   resources:
   - configmaps
   verbs:
+  - create
+  - patch
   - get
   - update
 
@@ -350,8 +360,7 @@ roleRef:
   kind: ClusterRole
   name: system:cloud-controller-manager
 subjects:
-- apiGroup: ""
-  kind: ServiceAccount
+- kind: ServiceAccount
   name: cloud-controller-manager
   namespace: kube-system
 

tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_cluster-completed.spec_content

@@ -20,6 +20,8 @@ spec:
     cidrAllocatorType: CloudAllocator
     clusterCIDR: 100.96.0.0/11
     clusterName: minimal-gce-with-a-very-very-very-very-very-long-name-example-com
+    controllers:
+    - '*,-gkenetworkparamset'
     image: registry.k8s.io/cloud-provider-gcp/cloud-controller-manager:v26.2.4
     leaderElection:
       leaderElect: true

tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-bootstrap_content

@@ -62,7 +62,7 @@ spec:
     version: 9.99.0
   - id: k8s-1.23
     manifest: gcp-cloud-controller.addons.k8s.io/k8s-1.23.yaml
-    manifestHash: 04674610fafbf0bf7a284d39cd3bb8c5fc5e3ff1707c218cb235d60debaf536b
+    manifestHash: 854e64edebc744f2d8e7ee5dff7342e3a7f5ba3dd385a2446a4c6e10fe9c23f3
     name: gcp-cloud-controller.addons.k8s.io
     prune:
       kinds: