diff --git a/bootstrap/helmrepositories/helmrepository-metallb.yaml b/bootstrap/helmrepositories/helmrepository-metallb.yaml new file mode 100644 index 0000000..408ab14 --- /dev/null +++ b/bootstrap/helmrepositories/helmrepository-metallb.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: HelmRepository +metadata: + name: metallb + namespace: flux-system +spec: + interval: 15m + url: https://metallb.github.io/metallb \ No newline at end of file diff --git a/bootstrap/kustomizations/kustomization-metallb.yaml b/bootstrap/kustomizations/kustomization-metallb.yaml new file mode 100644 index 0000000..1e4391e --- /dev/null +++ b/bootstrap/kustomizations/kustomization-metallb.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 +kind: Kustomization +metadata: + name: metallb--metallb-system + namespace: flux-system +spec: + interval: 15m + path: ./metallb-system + prune: true # remove any elements later removed from the above path + timeout: 2m # if not set, this defaults to interval duration, which is 1h + sourceRef: + kind: GitRepository + name: flux-system + validation: server + healthChecks: + - apiVersion: apps/v1 + kind: Deployment + name: metallb-controller + namespace: metallb-system diff --git a/bootstrap/namespaces/namespace-metallb.yaml b/bootstrap/namespaces/namespace-metallb.yaml new file mode 100644 index 0000000..fe6f1d8 --- /dev/null +++ b/bootstrap/namespaces/namespace-metallb.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: metallb-system diff --git a/metallb-system/configmap-metallb-config.yaml b/metallb-system/configmap-metallb-config.yaml new file mode 100644 index 0000000..fe349b2 --- /dev/null +++ b/metallb-system/configmap-metallb-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: metallb-system + name: metallb-config +data: + config: | + address-pools: + - name: default + protocol: layer2 + addresses: + - 172.16.10.30-172.16.10.50 \ No newline at end of file diff --git a/metallb-system/configmap-metallb-helm-chart-value-overrides.yaml b/metallb-system/configmap-metallb-helm-chart-value-overrides.yaml new file mode 100644 index 0000000..679cbbe --- /dev/null +++ b/metallb-system/configmap-metallb-helm-chart-value-overrides.yaml @@ -0,0 +1,249 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + creationTimestamp: null + name: metallb-helm-chart-value-overrides + namespace: metallb-system +data: + values.yaml: |- + # Default values for metallb. + # This is a YAML-formatted file. + # Declare variables to be passed into your templates. + + imagePullSecrets: [] + nameOverride: "" + fullnameOverride: "" + + # To configure MetalLB, you must specify ONE of the following two + # options. + + # existingConfigMap specifies the name of an externally-defined + # ConfigMap to use as the configuration. Helm will not manage the + # contents of this ConfigMap, it is your responsibility to create it. + existingConfigMap: "metallb-config" + + # configInline specifies MetalLB's configuration directly, in yaml + # format. When configInline is used, Helm manages MetalLB's + # configuration ConfigMap as part of the release, and + # existingConfigMap is ignored. + # + # Refer to https://metallb.universe.tf/configuration/ for + # available options. + # configInline: {} + + rbac: + # create specifies whether to install and use RBAC rules. + create: true + + psp: + # create specifies whether to install and use Pod Security Policies. + create: true + + prometheus: + # scrape annotations specifies whether to add Prometheus metric + # auto-collection annotations to pods. See + # https://github.com/prometheus/prometheus/blob/release-2.1/documentation/examples/ prometheus-kubernetes.yml + # for a corresponding Prometheus configuration. Alternatively, you + # may want to use the Prometheus Operator + # (https://github.com/coreos/prometheus-operator) for more powerful + # monitoring configuration. If you use the Prometheus operator, this + # can be left at false. + scrapeAnnotations: false + + # port both controller and speaker will listen on for metrics + metricsPort: 7472 + + # the service account used by prometheus + # required when .Values.prometheus.podMonitor.enabled == true + serviceAccount: "" + + # the namespace where prometheus is deployed + # required when .Values.prometheus.podMonitor.enabled == true + namespace: "" + + # Prometheus Operator PodMonitors + podMonitor: + + # enable support for Prometheus Operator + enabled: false + + # optional additionnal labels for podMonitors + additionalLabels: {} + + # Job label for scrape target + jobLabel: "app.kubernetes.io/name" + + # Scrape interval. If not set, the Prometheus default scrape interval is used. + interval: + + # metric relabel configs to apply to samples before ingestion. + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # target_label: nodename + # replacement: $1 + # action: replace + + # Prometheus Operator alertmanager alerts + prometheusRule: + + # enable alertmanager alerts + enabled: false + + # optional additionnal labels for prometheusRules + additionalLabels: {} + + # MetalLBStaleConfig + staleConfig: + enabled: true + labels: + severity: warning + + # MetalLBConfigNotLoaded + configNotLoaded: + enabled: true + labels: + severity: warning + + # MetalLBAddressPoolExhausted + addressPoolExhausted: + enabled: true + labels: + severity: alert + + addressPoolUsage: + enabled: true + thresholds: + - percent: 75 + labels: + severity: warning + - percent: 85 + labels: + severity: warning + - percent: 95 + labels: + severity: alert + + # MetalLBBGPSessionDown + bgpSessionDown: + enabled: true + labels: + severity: alert + + extraAlerts: [] + + # controller contains configuration specific to the MetalLB cluster + # controller. + controller: + enabled: true + # -- Controller log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none` + logLevel: info + image: + repository: quay.io/metallb/controller + tag: + pullPolicy: + serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. If not set and create is + # true, a name is generated using the fullname template + name: "" + annotations: {} + securityContext: + runAsNonRoot: true + # nobody + runAsUser: 65534 + fsGroup: 65534 + resources: {} + # limits: + # cpu: 100m + # memory: 100Mi + nodeSelector: {} + tolerations: [] + priorityClassName: "" + affinity: {} + podAnnotations: {} + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + + # speaker contains configuration specific to the MetalLB speaker + # daemonset. + speaker: + enabled: true + # -- Speaker log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none` + logLevel: info + tolerateMaster: true + memberlist: + enabled: true + mlBindPort: 7946 + image: + repository: quay.io/metallb/speaker + tag: + pullPolicy: + serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. If not set and create is + # true, a name is generated using the fullname template + name: "" + annotations: {} + ## Defines a secret name for the controller to generate a memberlist encryption secret + ## By default secretName: {{ "metallb.fullname" }}-memberlist + ## + # secretName: + resources: {} + # limits: + # cpu: 100m + # memory: 100Mi + nodeSelector: {} + tolerations: [] + priorityClassName: "" + affinity: {} + ## Selects which runtime class will be used by the pod. + # runtimeClassName: + podAnnotations: {} + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + # frr contains configuration specific to the MetalLB FRR container, + # for speaker running alongside FRR. + frr: + enabled: true + # FRR_LOGGING_LEVEL used to set logging level for all running frr processes. + # Possible settings are :- + # informational, warning, errors and debugging. + logLevel: informational + image: + repository: quay.io/frrouting/frr + tag: stable_7.5 + pullPolicy: \ No newline at end of file diff --git a/metallb-system/helmrelease-metallb.yaml b/metallb-system/helmrelease-metallb.yaml new file mode 100644 index 0000000..268cfe6 --- /dev/null +++ b/metallb-system/helmrelease-metallb.yaml @@ -0,0 +1,21 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: metallb + namespace: metallb-system +spec: + chart: + spec: + chart: metallb + version: 2.x + sourceRef: + kind: HelmRepository + name: metallb + namespace: flux-system + interval: 15m + timeout: 5m + releaseName: metallb + valuesFrom: + - kind: ConfigMap + name: metallb-helm-chart-value-overrides + valuesKey: values.yaml # This is the default, but best to be explicit for clarity.