From bc5e177deb3ac0e92c0de14ba4a1b81a1e9c1839 Mon Sep 17 00:00:00 2001 From: Jaro Rivera Date: Fri, 26 Aug 2022 09:40:26 -0400 Subject: [PATCH] Revert "Upgrading metallb" This reverts commit 4393fb4ea5aeaf80d9f0d85a92405e346082d046. --- .../helmrepository-bitnami.yaml | 4 +- .../kustomizations/kustomization-metallb.yaml | 2 +- ...ap-metallb-helm-chart-value-overrides.yaml | 962 ++++-------------- metallb-system/helmrelease-metallb.yaml | 4 +- 4 files changed, 208 insertions(+), 764 deletions(-) diff --git a/bootstrap/helmrepositories/helmrepository-bitnami.yaml b/bootstrap/helmrepositories/helmrepository-bitnami.yaml index 2e537e9..408ab14 100644 --- a/bootstrap/helmrepositories/helmrepository-bitnami.yaml +++ b/bootstrap/helmrepositories/helmrepository-bitnami.yaml @@ -2,8 +2,8 @@ apiVersion: source.toolkit.fluxcd.io/v1beta1 kind: HelmRepository metadata: - name: bitnami + name: metallb namespace: flux-system spec: interval: 15m - url: https://charts.bitnami.com/bitnami + url: https://metallb.github.io/metallb \ No newline at end of file diff --git a/bootstrap/kustomizations/kustomization-metallb.yaml b/bootstrap/kustomizations/kustomization-metallb.yaml index 1e4391e..718c10b 100644 --- a/bootstrap/kustomizations/kustomization-metallb.yaml +++ b/bootstrap/kustomizations/kustomization-metallb.yaml @@ -16,4 +16,4 @@ spec: - apiVersion: apps/v1 kind: Deployment name: metallb-controller - namespace: metallb-system + namespace: metallb-system \ No newline at end of file diff --git a/metallb-system/configmap-metallb-helm-chart-value-overrides.yaml b/metallb-system/configmap-metallb-helm-chart-value-overrides.yaml index 43b535c..679cbbe 100644 --- a/metallb-system/configmap-metallb-helm-chart-value-overrides.yaml +++ b/metallb-system/configmap-metallb-helm-chart-value-overrides.yaml @@ -6,697 +6,170 @@ metadata: namespace: metallb-system data: values.yaml: |- - ## @section Global parameters - ## Global Docker image parameters - ## Please, note that this will override the image parameters, including dependencies, configured to use the global value - ## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass + # Default values for metallb. + # This is a YAML-formatted file. + # Declare variables to be passed into your templates. - ## @param global.imageRegistry Global Docker image registry - ## @param global.imagePullSecrets Global Docker registry secret names as an array - ## - global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - - ## @section Common parameters - - ## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) - ## - kubeVersion: "" - ## @param nameOverride String to partially override metallb.fullname include (will maintain the release name) - ## + imagePullSecrets: [] nameOverride: "" - ## @param fullnameOverride String to fully override metallb.fullname template - ## fullnameOverride: "" - ## @param commonLabels Add labels to all the deployed resources - ## - commonLabels: {} - ## @param commonAnnotations Add annotations to all the deployed resources - ## - commonAnnotations: { - configmap.reloader.stakater.com/reload: "metallb-config" - } - ## @param extraDeploy Array of extra objects to deploy with the release - ## - extraDeploy: [] - ## Enable diagnostic mode in the deployment(s)/statefulset(s) - ## - diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## - enabled: false - ## @param diagnosticMode.command Command to override all containers in the the deployment(s)/ statefulset(s) - ## - command: - - sleep - ## @param diagnosticMode.args Args to override all containers in the the deployment(s)/statefulset (s) - ## - args: - - infinity - ## @section MetalLB parameters + # To configure MetalLB, you must specify ONE of the following two + # options. + + # existingConfigMap specifies the name of an externally-defined + # ConfigMap to use as the configuration. Helm will not manage the + # contents of this ConfigMap, it is your responsibility to create it. + existingConfigMap: "metallb-config" + + # configInline specifies MetalLB's configuration directly, in yaml + # format. When configInline is used, Helm manages MetalLB's + # configuration ConfigMap as part of the release, and + # existingConfigMap is ignored. + # + # Refer to https://metallb.universe.tf/configuration/ for + # available options. + # configInline: {} - ## RBAC creation for controller and speaker - ## rbac: - ## @param rbac.create Specifies whether to install and use RBAC rules - ## + # create specifies whether to install and use RBAC rules. create: true - ## PSP creation for controller and speaker - ## + psp: - ## @param psp.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later - ## - create: false - ## Prometheus Operator alertmanager alerts - ## - networkPolicy: - ## @param networkPolicy.enabled Enable NetworkPolicy - ## Prometheus scraping of the controller - ## - enabled: false - ## @param networkPolicy.ingressNSMatchLabels Allow connections from other namespaces - ## Set label for namespace and pods (optional). - ## - ingressNSMatchLabels: {} - ## @param networkPolicy.ingressNSPodMatchLabels For other namespaces match by pod labels and namespace labels - ## - ingressNSPodMatchLabels: {} - ## @param prometheusRule.enabled Prometheus Operator alertmanager alerts are created - ## - prometheusRule: - enabled: false + # create specifies whether to install and use Pod Security Policies. + create: true - ## @section Controller parameters + prometheus: + # scrape annotations specifies whether to add Prometheus metric + # auto-collection annotations to pods. See + # https://github.com/prometheus/prometheus/blob/release-2.1/documentation/examples/ prometheus-kubernetes.yml + # for a corresponding Prometheus configuration. Alternatively, you + # may want to use the Prometheus Operator + # (https://github.com/coreos/prometheus-operator) for more powerful + # monitoring configuration. If you use the Prometheus operator, this + # can be left at false. + scrapeAnnotations: false - ## Metallb Controller deployment. - ## ref: https://hub.docker.com/r/bitnami/metallb-controller/tags - ## + # port both controller and speaker will listen on for metrics + metricsPort: 7472 + + # the service account used by prometheus + # required when .Values.prometheus.podMonitor.enabled == true + serviceAccount: "" + + # the namespace where prometheus is deployed + # required when .Values.prometheus.podMonitor.enabled == true + namespace: "" + + # Prometheus Operator PodMonitors + podMonitor: + + # enable support for Prometheus Operator + enabled: false + + # optional additionnal labels for podMonitors + additionalLabels: {} + + # Job label for scrape target + jobLabel: "app.kubernetes.io/name" + + # Scrape interval. If not set, the Prometheus default scrape interval is used. + interval: + + # metric relabel configs to apply to samples before ingestion. + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # target_label: nodename + # replacement: $1 + # action: replace + + # Prometheus Operator alertmanager alerts + prometheusRule: + + # enable alertmanager alerts + enabled: false + + # optional additionnal labels for prometheusRules + additionalLabels: {} + + # MetalLBStaleConfig + staleConfig: + enabled: true + labels: + severity: warning + + # MetalLBConfigNotLoaded + configNotLoaded: + enabled: true + labels: + severity: warning + + # MetalLBAddressPoolExhausted + addressPoolExhausted: + enabled: true + labels: + severity: alert + + addressPoolUsage: + enabled: true + thresholds: + - percent: 75 + labels: + severity: warning + - percent: 85 + labels: + severity: warning + - percent: 95 + labels: + severity: alert + + # MetalLBBGPSessionDown + bgpSessionDown: + enabled: true + labels: + severity: alert + + extraAlerts: [] + + # controller contains configuration specific to the MetalLB cluster + # controller. controller: - ## @param controller.image.registry MetalLB Controller image registry - ## @param controller.image.repository MetalLB Controller image repository - ## @param controller.image.tag MetalLB Controller image tag (immutable tags are recommended) - ## @param controller.image.digest MetalLB Controller image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param controller.image.pullPolicy MetalLB Controller image pull policy - ## @param controller.image.pullSecrets Specify docker-registry secret names as an array - ## + enabled: true + # -- Controller log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none` + logLevel: info image: - registry: docker.io - repository: bitnami/metallb-controller - tag: 0.13.4-debian-11-r3 - digest: "" - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param controller.updateStrategy.type Metallb controller deployment strategy type. - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy - ## e.g: - ## updateStrategy: - ## type: RollingUpdate - ## rollingUpdate: - ## maxSurge: 25% - ## maxUnavailable: 25% - ## - updateStrategy: - type: RollingUpdate - ## @param controller.hostAliases Deployment pod host aliases - ## https://kubernetes.io/docs/concepts/services-networking/ add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## If global .Values.rbac.create is disabled no rbac is created. - ## This value is then meaningless - ## Defines if the controller rbac should be created. - ## - rbac: - ## @param controller.rbac.create create specifies whether to install and use RBAC rules. - ## + repository: quay.io/metallb/controller + tag: + pullPolicy: + serviceAccount: + # Specifies whether a ServiceAccount should be created create: true - ## If global .Values.psp.create is disabled no psp is created. - ## This value is then meaningless - ## Defines if the controller psp should be created. - ## - psp: - ## @param controller.psp.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later - ## - create: true - ## @param controller.priorityClassName Metallb controller pods' priorityClassName - ## - priorityClassName: "" - ## @param controller.schedulerName Name of the k8s scheduler (other than default) - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param controller.terminationGracePeriodSeconds In seconds, time the given to the Metallb controller pod needs to terminate gracefully - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods - ## - terminationGracePeriodSeconds: 0 - ## @param controller.topologySpreadConstraints Topology Spread Constraints for pod assignment - ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## The value is evaluated as a template - ## - topologySpreadConstraints: [] - ## Controller container resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param controller.resources.limits The resources limits for the container - ## @param controller.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 100Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 25m - ## memory: 25Mi - requests: {} - ## @param controller.nodeSelector Node labels for controller pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param controller.tolerations Tolerations for controller pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param controller.affinity Affinity for controller pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ #affinity-and-anti-affinity - ## - affinity: {} - ## @param controller.podAnnotations Controller Pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param controller.podLabels Controller Pod labels - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param controller.podAffinityPreset Controller Pod affinitypreset. Allowed values: soft, hard - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ #inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param controller.podAntiAffinityPreset Controller Pod anti affinitypreset. Allowed values: soft, hard - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ #inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## Allowed values: soft, hard - ## - nodeAffinityPreset: - ## @param controller.nodeAffinityPreset.type Controller Pod Node affinity preset. Allowed values: soft, hard - ## - type: "" - ## @param controller.nodeAffinityPreset.key Controller Pod Node affinity label key to match - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param controller.nodeAffinityPreset.values Controller Pod Node affinity label values to match - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ #set-the-security-context-for-a-pod - ## @param controller.podSecurityContext.enabled Enabled Metallb Controller pods' Security Context - ## @param controller.podSecurityContext.fsGroup Set Metallb Controller pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ #set-the-security-context-for-a-pod - ## @param controller.containerSecurityContext.enabled Enabled Metallb Controller containers' Security Context - ## @param controller.containerSecurityContext.runAsUser Set Metallb Controller containers' Security Context runAsUser - ## @param controller.containerSecurityContext.runAsNonRoot Set Metallb Controller container's Security Context runAsNonRoot - ## @param controller.containerSecurityContext.allowPrivilegeEscalation Enables privilege Escalation context for the pod. - ## @param controller.containerSecurityContext.readOnlyRootFilesystem Allows the pod to mount the RootFS as ReadOnly - ## @param controller.containerSecurityContext.capabilities.drop [array] Drop capabilities for the securityContext - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 + # The name of the ServiceAccount to use. If not set and create is + # true, a name is generated using the fullname template + name: "" + annotations: {} + securityContext: runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - ## @param controller.command Override default container command (useful when using custom images) - ## - command: [] - ## @param controller.args Override default container args (useful when using custom images) - ## - args: [] - ## @param controller.lifecycleHooks for the Metallb Controller container(s) to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param controller.extraEnvVars Extra environment variable to pass to the running container. - ## For example: - ## extraEnvVars: - ## - name: MY_ENV_VAR - ## value: env_var_value - ## - extraEnvVars: [] - ## @param controller.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Metallb controller nodes - ## - extraEnvVarsCM: "metallb-config" - ## @param controller.extraEnvVarsSecret Name of existing Secret containing extra env vars for Metallb controller nodes - ## - extraEnvVarsSecret: "" - ## @param controller.extraVolumes Optionally specify extra list of additional volumes for the Metallb controller pod(s) - ## - extraVolumes: [] - ## @param controller.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Metallb controller container(s) - ## - extraVolumeMounts: [] - ## @param controller.sidecars Add additional sidecar containers to the Metallb Controller pod(s) - ## e.g: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param controller.initContainers Add additional init containers to the Metallb Controller pod (s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - initContainers: [] - ## Pods Service Account - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - ## @param controller.serviceAccount.create Specifies whether a ServiceAccount should be created - ## @param controller.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. - ## @param controller.serviceAccount.automountServiceAccountToken Automount service account token for the server service account - ## @param controller.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`. - ## - serviceAccount: - create: true - name: "" - automountServiceAccountToken: true - annotations: {} - ## @param controller.revisionHistoryLimit Configure the revisionHistoryLimit of the Controller deployment - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/ #revision-history-limit - ## - revisionHistoryLimit: 3 - ## @param controller.containerPorts.metrics Configures the ports the MetalLB Controller listens on for metrics - ## - containerPorts: - metrics: 7472 - ## Liveness probe values - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param controller.livenessProbe.enabled Enable livenessProbe - ## @param controller.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param controller.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param controller.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param controller.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param controller.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - ## Readiness probe values - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param controller.readinessProbe.enabled Enable readinessProbe - ## @param controller.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param controller.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param controller.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param controller.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param controller.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - ## Startup probe values - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param controller.startupProbe.enabled Enable startupProbe - ## @param controller.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param controller.startupProbe.periodSeconds Period seconds for startupProbe - ## @param controller.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param controller.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param controller.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - ## @param controller.customStartupProbe Custom liveness probe for the Web component - ## - customStartupProbe: {} - ## @param controller.customLivenessProbe Custom liveness probe for the Web component - ## - customLivenessProbe: {} - ## @param controller.customReadinessProbe Custom readiness probe for the Web component - ## - customReadinessProbe: {} - - ## @section Metallb controller Prometheus metrics export - ## - metrics: - ## @param controller.metrics.enabled Enable the export of Prometheus metrics - ## - enabled: false - ## Prometheus Exporter service parameters - ## - service: - ## @param controller.metrics.service.port Prometheus metrics service port - ## - port: 7472 - ## @param controller.metrics.service.annotations [object] Annotations for the Prometheus Exporter service service - ## - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "7472" - prometheus.io/path: "/metrics" ## Prometheus Operator service monitors - ## - serviceMonitor: - ## @param controller.metrics.serviceMonitor.enabled Specify if a servicemonitor will be deployed for prometheus-operator - ## - enabled: false - ## @param controller.metrics.serviceMonitor.namespace Namespace which Prometheus is running in - ## e.g: - ## namespace: monitoring - ## - namespace: "" - ## @param controller.metrics.serviceMonitor.jobLabel Specify the jobLabel to use for the prometheus-operator - ## - jobLabel: "app.kubernetes.io/name" - ## @param controller.metrics.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used - ## - interval: "" - ## @param controller.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api. md#endpoint - ## - scrapeTimeout: "" - ## @param controller.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics - ## - metricRelabelings: [] - ## @param controller.metrics.serviceMonitor.relabelings Specify general relabeling - ## - relabelings: [] - ## @param controller.metrics.serviceMonitor.selector ServiceMonitor selector labels - ## ref: https://github.com/bitnami/charts/tree/master/bitnami/ prometheus-operator#prometheus-configuration - ## - ## selector: - ## prometheus: my-prometheus - ## - selector: {} - ## @param controller.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor - ## - labels: {} - ## @param controller.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels - ## - honorLabels: false - - ## @section Speaker parameters - - ## Metallb Speaker daemonset. - ## ref: https://hub.docker.com/r/bitnami/metallb-speaker/tags - ## - speaker: - ## @param speaker.image.registry MetalLB Speaker image registry - ## @param speaker.image.repository MetalLB Speaker image repository - ## @param speaker.image.tag MetalLB Speaker image tag (immutable tags are recommended) - ## @param speaker.image.digest MetalLB Speaker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param speaker.image.pullPolicy MetalLB Speaker image pull policy - ## @param speaker.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/metallb-speaker - tag: 0.13.4-debian-11-r7 - digest: "" - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param speaker.updateStrategy.type Speaker daemonset strategy type - ## ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/ - ## - updateStrategy: - ## StrategyType - ## Can be set to RollingUpdate or OnDelete - ## - type: RollingUpdate - ## If global .Values.rbac.create is disabled no rbac is created. - ## This value is then meaningless - ## Defines if the speaker rbac should be created. - ## - rbac: - ## @param speaker.rbac.create create specifies whether to install and use RBAC rules. - ## - create: true - ## @param speaker.hostAliases Deployment pod host aliases - ## https://kubernetes.io/docs/concepts/services-networking/ add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## If global .Values.psp.create is disabled no psp is created. - ## This value is then meaningless - ## Defines if the speaker psp should be created. - ## - psp: - ## @param speaker.psp.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later - ## - create: true - ## @param speaker.priorityClassName Speaker pods' priorityClassName - ## - priorityClassName: "" - ## @param speaker.terminationGracePeriodSeconds In seconds, time the given to the Speaker pod needs to terminate gracefully - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods - ## - terminationGracePeriodSeconds: 2 - ## Speaker container resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param speaker.resources.limits The resources limits for the container - ## @param speaker.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 100Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 25m - ## memory: 25Mi - requests: {} - ## @param speaker.nodeSelector Node labels for speaker pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## + # nobody + runAsUser: 65534 + fsGroup: 65534 + resources: {} + # limits: + # cpu: 100m + # memory: 100Mi nodeSelector: {} - ## @param speaker.tolerations Tolerations for speaker pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## tolerations: [] - ## @param speaker.affinity Affinity for speaker pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ #affinity-and-anti-affinity - ## + priorityClassName: "" affinity: {} - ## Node speaker.affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param speaker.nodeAffinityPreset.type Node affinity preset type. Ignored if `speaker. affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param speaker.nodeAffinityPreset.key Node label key to match. Ignored if `speaker.affinity` is set - ## - key: "" - ## @param speaker.nodeAffinityPreset.values Node label values to match. Ignored if `speaker. affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param speaker.podAffinityPreset Pod affinity preset. Ignored if `speaker.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ #inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param speaker.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `speaker.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ #inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## @param speaker.podAnnotations Speaker Pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## podAnnotations: {} - ## @param speaker.podLabels Speaker Pod labels - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ #set-the-security-context-for-a-pod - ## @param speaker.podSecurityContext.enabled Enabled Speaker pods' Security Context - ## @param speaker.podSecurityContext.fsGroup Set Speaker pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroup: 0 - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ #set-the-security-context-for-a-pod - ## @param speaker.containerSecurityContext.enabled Enabled Speaker containers' Security Context - ## @param speaker.containerSecurityContext.runAsUser Set Speaker containers' Security Context runAsUser - ## @param speaker.containerSecurityContext.allowPrivilegeEscalation Enables privilege Escalation context for the pod. - ## @param speaker.containerSecurityContext.readOnlyRootFilesystem Allows the pod to mount the RootFS as ReadOnly - ## @param speaker.containerSecurityContext.capabilities.drop [array] Drop capabilities for the securityContext - ## @param speaker.containerSecurityContext.capabilities.add [array] Add capabilities for the securityContext - ## - - containerSecurityContext: - enabled: true - runAsUser: 0 - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - add: - - NET_ADMIN - - NET_RAW - - SYS_ADMIN - ## @param speaker.command Override default container command (useful when using custom images) - ## - command: [] - ## @param speaker.args Override default container args (useful when using custom images) - ## - args: [] - ## @param speaker.lifecycleHooks for the Speaker container(s) to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param speaker.sidecars Add additional sidecar containers to the Speaker pod(s) - ## e.g: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param speaker.initContainers Add additional init containers to the Speaker pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - initContainers: [] - ## Pods Service Account - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - ## @param speaker.serviceAccount.create Specifies whether a ServiceAccount should be created - ## @param speaker.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. - ## @param speaker.serviceAccount.automountServiceAccountToken Automount service account token for the server service account - ## @param speaker.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`. - ## - serviceAccount: - create: true - name: "" - automountServiceAccountToken: true - annotations: {} - ## Defines a secret to use outside of the auto generate - ## @param speaker.secretName References a Secret name for the member secret outside of the helm chart - ## @param speaker.secretKey References a Secret key the member secret outside of the helm chart - ## @param speaker.secretValue Custom value for `speaker.secretKey` - ## Default: {{ randAlphaNum 256 | b64enc | quote }} - ## The auto generated secret has: - ## secretName: {{ "common.names.fullname" }}-memberlist - ## secretKey: secretkey - ## secretValue: random 256 character alphanumeric string - ## - secretName: "" - secretKey: "" - secretValue: "" - ## @param speaker.extraEnvVars Extra environment variable to pass to the running container. - ## For example: - ## extraEnvVars: - ## - name: MY_ENV_VAR - ## value: env_var_value - ## - extraEnvVars: [] - ## @param speaker.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Speaker nodes - ## - extraEnvVarsCM: "" - ## @param speaker.extraEnvVarsSecret Name of existing Secret containing extra env vars for Speaker nodes - ## - extraEnvVarsSecret: "" - ## @param speaker.extraVolumes Optionally specify extra list of additional volumes for the Speaker pod(s) - ## - extraVolumes: [] - ## @param speaker.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Speaker container(s) - ## - extraVolumeMounts: [] - ## @param speaker.containerPorts.metrics HTTP Metrics Endpoint - ## - containerPorts: - metrics: 7472 - ## Liveness probe values - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param speaker.livenessProbe.enabled Enable livenessProbe - ## @param speaker.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param speaker.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param speaker.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param speaker.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param speaker.livenessProbe.successThreshold Success threshold for livenessProbe - ## livenessProbe: enabled: true failureThreshold: 3 @@ -704,15 +177,6 @@ data: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 - ## Readiness probe values - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param speaker.readinessProbe.enabled Enable readinessProbe - ## @param speaker.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param speaker.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param speaker.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param speaker.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param speaker.readinessProbe.successThreshold Success threshold for readinessProbe - ## readinessProbe: enabled: true failureThreshold: 3 @@ -720,86 +184,66 @@ data: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 - ## Startup probe values - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param speaker.startupProbe.enabled Enable startupProbe - ## @param speaker.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param speaker.startupProbe.periodSeconds Period seconds for startupProbe - ## @param speaker.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param speaker.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param speaker.startupProbe.successThreshold Success threshold for startupProbe + + # speaker contains configuration specific to the MetalLB speaker + # daemonset. + speaker: + enabled: true + # -- Speaker log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none` + logLevel: info + tolerateMaster: true + memberlist: + enabled: true + mlBindPort: 7946 + image: + repository: quay.io/metallb/speaker + tag: + pullPolicy: + serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. If not set and create is + # true, a name is generated using the fullname template + name: "" + annotations: {} + ## Defines a secret name for the controller to generate a memberlist encryption secret + ## By default secretName: {{ "metallb.fullname" }}-memberlist ## - startupProbe: - enabled: false + # secretName: + resources: {} + # limits: + # cpu: 100m + # memory: 100Mi + nodeSelector: {} + tolerations: [] + priorityClassName: "" + affinity: {} + ## Selects which runtime class will be used by the pod. + # runtimeClassName: + podAnnotations: {} + livenessProbe: + enabled: true failureThreshold: 3 initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 - ## @param speaker.customStartupProbe Custom liveness probe for the Web component - ## - customStartupProbe: {} - ## @param speaker.customLivenessProbe Custom liveness probe for the Web component - ## - customLivenessProbe: {} - ## @param speaker.customReadinessProbe Custom readiness probe for the Web component - ## - customReadinessProbe: {} - - ## @section Speaker Prometheus metrics export - metrics: - ## @param speaker.metrics.enabled Enable the export of Prometheus metrics - ## - enabled: false - ## Prometheus Exporter service parameters - ## - service: - ## @param speaker.metrics.service.port Prometheus metrics service port - ## - port: 7472 - ## @param speaker.metrics.service.annotations [object] Annotations for the Prometheus Exporter service service - ## - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "7472" - prometheus.io/path: "/metrics" - ## Prometheus Operator service monitors - ## - serviceMonitor: - ## @param speaker.metrics.serviceMonitor.enabled Enable support for Prometheus Operator - ## - enabled: false - ## @param speaker.metrics.serviceMonitor.namespace Namespace which Prometheus is running in - ## e.g: - ## namespace: monitoring - ## - namespace: "" - ## @param speaker.metrics.serviceMonitor.jobLabel Job label for scrape target - ## - jobLabel: "app.kubernetes.io/name" - ## @param speaker.metrics.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used - ## - interval: "" - ## @param speaker.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api. md#endpoint - ## - scrapeTimeout: "" - ## @param speaker.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics - ## - metricRelabelings: [] - ## @param speaker.metrics.serviceMonitor.relabelings Specify general relabeling - ## - relabelings: [] - ## @param speaker.metrics.serviceMonitor.selector ServiceMonitor selector labels - ## ref: https://github.com/bitnami/charts/tree/master/bitnami/ prometheus-operator#prometheus-configuration - ## - ## selector: - ## prometheus: my-prometheus - ## - selector: {} - ## @param speaker.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor - ## - labels: {} - ## @param speaker.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels - ## - honorLabels: false \ No newline at end of file + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + # frr contains configuration specific to the MetalLB FRR container, + # for speaker running alongside FRR. + frr: + enabled: true + # FRR_LOGGING_LEVEL used to set logging level for all running frr processes. + # Possible settings are :- + # informational, warning, errors and debugging. + logLevel: informational + image: + repository: quay.io/frrouting/frr + tag: stable_7.5 + pullPolicy: \ No newline at end of file diff --git a/metallb-system/helmrelease-metallb.yaml b/metallb-system/helmrelease-metallb.yaml index 7ecda8a..b75ec58 100644 --- a/metallb-system/helmrelease-metallb.yaml +++ b/metallb-system/helmrelease-metallb.yaml @@ -7,10 +7,10 @@ spec: chart: spec: chart: metallb - version: 2.x + version: 0.11.0 sourceRef: kind: HelmRepository - name: bitnami + name: metallb namespace: flux-system interval: 15m timeout: 5m