diff --git a/metallb-system/configmap-metallb-config.yaml b/metallb-system/configmap-metallb-config.yaml deleted file mode 100644 index fe349b2..0000000 --- a/metallb-system/configmap-metallb-config.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: metallb-system - name: metallb-config -data: - config: | - address-pools: - - name: default - protocol: layer2 - addresses: - - 172.16.10.30-172.16.10.50 \ No newline at end of file diff --git a/metallb-system/configmap-metallb-helm-chart-value-overrides.yaml b/metallb-system/configmap-metallb-helm-chart-value-overrides.yaml index 679cbbe..f229572 100644 --- a/metallb-system/configmap-metallb-helm-chart-value-overrides.yaml +++ b/metallb-system/configmap-metallb-helm-chart-value-overrides.yaml @@ -9,36 +9,23 @@ data: # Default values for metallb. # This is a YAML-formatted file. # Declare variables to be passed into your templates. - + imagePullSecrets: [] nameOverride: "" fullnameOverride: "" - + loadBalancerClass: "" + # To configure MetalLB, you must specify ONE of the following two # options. - - # existingConfigMap specifies the name of an externally-defined - # ConfigMap to use as the configuration. Helm will not manage the - # contents of this ConfigMap, it is your responsibility to create it. - existingConfigMap: "metallb-config" - - # configInline specifies MetalLB's configuration directly, in yaml - # format. When configInline is used, Helm manages MetalLB's - # configuration ConfigMap as part of the release, and - # existingConfigMap is ignored. - # - # Refer to https://metallb.universe.tf/configuration/ for - # available options. - # configInline: {} - + rbac: # create specifies whether to install and use RBAC rules. create: true - + psp: # create specifies whether to install and use Pod Security Policies. create: true - + prometheus: # scrape annotations specifies whether to add Prometheus metric # auto-collection annotations to pods. See @@ -49,39 +36,60 @@ data: # monitoring configuration. If you use the Prometheus operator, this # can be left at false. scrapeAnnotations: false - + # port both controller and speaker will listen on for metrics metricsPort: 7472 - + + # if set, enables rbac proxy on the controller and speaker to expose + # the metrics via tls. + # secureMetricsPort: 9120 + + # the name of the secret to be mounted in the speaker pod + # to expose the metrics securely. If not present, a self signed + # certificate to be used. + speakerMetricsTLSSecret: "" + + # the name of the secret to be mounted in the controller pod + # to expose the metrics securely. If not present, a self signed + # certificate to be used. + controllerMetricsTLSSecret: "" + # the service account used by prometheus # required when .Values.prometheus.podMonitor.enabled == true serviceAccount: "" - + # the namespace where prometheus is deployed # required when .Values.prometheus.podMonitor.enabled == true namespace: "" - + + # the image to be used for the kuberbacproxy container + rbacProxy: + repository: gcr.io/kubebuilder/kube-rbac-proxy + tag: v0.12.0 + # Prometheus Operator PodMonitors podMonitor: - # enable support for Prometheus Operator enabled: false - + # optional additionnal labels for podMonitors additionalLabels: {} - + + # optional annotations for podMonitors + annotations: {} + # Job label for scrape target jobLabel: "app.kubernetes.io/name" - + # Scrape interval. If not set, the Prometheus default scrape interval is used. interval: - + # metric relabel configs to apply to samples before ingestion. metricRelabelings: [] # - action: keep # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' # sourceLabels: [__name__] - + # relabel configs to apply to samples before ingestion. relabelings: [] # - sourceLabels: [__meta_kubernetes_pod_node_name] @@ -90,34 +98,83 @@ data: # target_label: nodename # replacement: $1 # action: replace - + + # Prometheus Operator ServiceMonitors. To be used as an alternative + # to podMonitor, supports secure metrics. + serviceMonitor: + # enable support for Prometheus Operator + enabled: false + + speaker: + # optional additional labels for the speaker serviceMonitor + additionalLabels: {} + # optional additional annotations for the speaker serviceMonitor + annotations: {} + # optional tls configuration for the speaker serviceMonitor, in case + # secure metrics are enabled. + tlsConfig: + insecureSkipVerify: true + + controller: + # optional additional labels for the controller serviceMonitor + additionalLabels: {} + # optional additional annotations for the controller serviceMonitor + annotations: {} + # optional tls configuration for the controller serviceMonitor, in case + # secure metrics are enabled. + tlsConfig: + insecureSkipVerify: true + + # Job label for scrape target + jobLabel: "app.kubernetes.io/name" + + # Scrape interval. If not set, the Prometheus default scrape interval is used. + interval: + + # metric relabel configs to apply to samples before ingestion. + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # target_label: nodename + # replacement: $1 + # action: replace + # Prometheus Operator alertmanager alerts prometheusRule: - # enable alertmanager alerts enabled: false - + # optional additionnal labels for prometheusRules additionalLabels: {} - + + # optional annotations for prometheusRules + annotations: {} + # MetalLBStaleConfig staleConfig: enabled: true labels: severity: warning - + # MetalLBConfigNotLoaded configNotLoaded: enabled: true labels: severity: warning - + # MetalLBAddressPoolExhausted addressPoolExhausted: enabled: true labels: severity: alert - + addressPoolUsage: enabled: true thresholds: @@ -130,25 +187,38 @@ data: - percent: 95 labels: severity: alert - + # MetalLBBGPSessionDown bgpSessionDown: enabled: true labels: severity: alert - + extraAlerts: [] - + # controller contains configuration specific to the MetalLB cluster # controller. controller: enabled: true # -- Controller log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none` logLevel: info + # command: /controller + # webhookMode: enabled image: repository: quay.io/metallb/controller tag: pullPolicy: + ## @param controller.updateStrategy.type Metallb controller deployment strategy type. + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy + ## e.g: + ## strategy: + ## type: RollingUpdate + ## rollingUpdate: + ## maxSurge: 25% + ## maxUnavailable: 25% + ## + strategy: + type: RollingUpdate serviceAccount: # Specifies whether a ServiceAccount should be created create: true @@ -168,6 +238,7 @@ data: nodeSelector: {} tolerations: [] priorityClassName: "" + runtimeClassName: "" affinity: {} podAnnotations: {} livenessProbe: @@ -184,11 +255,12 @@ data: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 - + # speaker contains configuration specific to the MetalLB speaker # daemonset. speaker: enabled: true + # command: /speaker # -- Speaker log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none` logLevel: info tolerateMaster: true @@ -199,6 +271,14 @@ data: repository: quay.io/metallb/speaker tag: pullPolicy: + ## @param speaker.updateStrategy.type Speaker daemonset strategy type + ## ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/ + ## + updateStrategy: + ## StrategyType + ## Can be set to RollingUpdate or OnDelete + ## + type: RollingUpdate serviceAccount: # Specifies whether a ServiceAccount should be created create: true @@ -219,7 +299,7 @@ data: priorityClassName: "" affinity: {} ## Selects which runtime class will be used by the pod. - # runtimeClassName: + runtimeClassName: "" podAnnotations: {} livenessProbe: enabled: true @@ -238,12 +318,16 @@ data: # frr contains configuration specific to the MetalLB FRR container, # for speaker running alongside FRR. frr: - enabled: true - # FRR_LOGGING_LEVEL used to set logging level for all running frr processes. - # Possible settings are :- - # informational, warning, errors and debugging. - logLevel: informational + enabled: false image: - repository: quay.io/frrouting/frr - tag: stable_7.5 - pullPolicy: \ No newline at end of file + repository: frrouting/frr + tag: v7.5.1 + pullPolicy: + metricsPort: 7473 + + # if set, enables a rbac proxy sidecar container on the speaker to + # expose the frr metrics via tls. + # secureMetricsPort: 9121 + + crds: + enabled: true \ No newline at end of file diff --git a/metallb-system/crd-metallb-ipaddress-pool-l2-advertisement.ymal b/metallb-system/crd-metallb-ipaddress-pool-l2-advertisement.ymal new file mode 100644 index 0000000..6e593a6 --- /dev/null +++ b/metallb-system/crd-metallb-ipaddress-pool-l2-advertisement.ymal @@ -0,0 +1,18 @@ +--- +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: main-pool + namespace: metallb-system +spec: + addresses: + - 172.16.10.30-172.16.10.50 +--- +apiVersion: metallb.io/v1beta1 +kind: L2Advertisement +metadata: + name: example + namespace: metallb-system +spec: + ipAddressPools: + - main-pool \ No newline at end of file