327 lines
8.0 KiB
YAML
327 lines
8.0 KiB
YAML
# Based on bitnami/metallb helm chart 4.1.12 for metallb 0.13.7
|
|
|
|
---
|
|
kind: DaemonSet
|
|
apiVersion: apps/v1
|
|
metadata:
|
|
namespace: metallb
|
|
name: metallb-speaker
|
|
spec:
|
|
updateStrategy:
|
|
type: RollingUpdate
|
|
selector:
|
|
matchLabels:
|
|
app: metallb-speaker
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: metallb-speaker
|
|
spec:
|
|
serviceAccountName: metallb-speaker
|
|
hostNetwork: true
|
|
securityContext:
|
|
fsGroup: 0
|
|
terminationGracePeriodSeconds: 2
|
|
containers:
|
|
- name: metallb-speaker
|
|
image: "docker.io/bitnami/metallb-speaker:0.13.7-debian-11-r8"
|
|
imagePullPolicy: IfNotPresent
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
add:
|
|
- NET_ADMIN
|
|
- NET_RAW
|
|
- SYS_ADMIN
|
|
drop:
|
|
- ALL
|
|
readOnlyRootFilesystem: true
|
|
runAsUser: 0
|
|
args:
|
|
- "--port=7472"
|
|
env:
|
|
- name: METALLB_NODE_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.nodeName
|
|
- name: METALLB_HOST
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: status.hostIP
|
|
- name: METALLB_ML_BIND_ADDR
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: status.podIP
|
|
- name: METALLB_ML_LABELS
|
|
value: app=metallb-speaker
|
|
- name: METALLB_ML_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
- name: METALLB_ML_SECRET_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: metallb-memberlist
|
|
key: secretkey
|
|
ports:
|
|
- name: metrics
|
|
containerPort: 7472
|
|
livenessProbe:
|
|
failureThreshold: 3
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
httpGet:
|
|
path: /metrics
|
|
port: metrics
|
|
readinessProbe:
|
|
failureThreshold: 3
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
httpGet:
|
|
path: /metrics
|
|
port: metrics
|
|
resources: {}
|
|
|
|
---
|
|
kind: Secret
|
|
apiVersion: v1
|
|
metadata:
|
|
namespace: metallb
|
|
name: webhook-server-cert
|
|
|
|
---
|
|
kind: Deployment
|
|
apiVersion: apps/v1
|
|
metadata:
|
|
namespace: metallb
|
|
name: metallb-controller
|
|
labels:
|
|
app.kubernetes.io/name: metallb
|
|
spec:
|
|
replicas: 1
|
|
strategy:
|
|
type: RollingUpdate
|
|
revisionHistoryLimit: 3
|
|
selector:
|
|
matchLabels:
|
|
app: metallb-controller
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: metallb-controller
|
|
spec:
|
|
serviceAccountName: metallb-controller
|
|
securityContext:
|
|
fsGroup: 1001
|
|
volumes:
|
|
- name: cert
|
|
secret:
|
|
defaultMode: 420
|
|
secretName: webhook-server-cert
|
|
containers:
|
|
- name: metallb-controller
|
|
image: "docker.io/bitnami/metallb-controller:0.13.7-debian-11-r9"
|
|
imagePullPolicy: IfNotPresent
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
runAsUser: 1001
|
|
args:
|
|
- --port=7472
|
|
- --cert-service-name=metallb-webhook-service
|
|
ports:
|
|
- name: webhook-server
|
|
containerPort: 9443
|
|
- name: metrics
|
|
containerPort: 7472
|
|
volumeMounts:
|
|
- name: cert
|
|
mountPath: /tmp/k8s-webhook-server/serving-certs
|
|
readOnly: true
|
|
livenessProbe:
|
|
failureThreshold: 3
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
httpGet:
|
|
path: /metrics
|
|
port: metrics
|
|
readinessProbe:
|
|
failureThreshold: 3
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
httpGet:
|
|
path: /metrics
|
|
port: metrics
|
|
resources: {}
|
|
|
|
---
|
|
kind: Service
|
|
apiVersion: v1
|
|
metadata:
|
|
namespace: metallb
|
|
name: metallb-webhook-service
|
|
spec:
|
|
ports:
|
|
- port: 443
|
|
targetPort: 9443
|
|
selector:
|
|
app: metallb-controller
|
|
|
|
---
|
|
kind: ValidatingWebhookConfiguration
|
|
apiVersion: admissionregistration.k8s.io/v1
|
|
metadata:
|
|
name: metallb-webhook-configuration
|
|
webhooks:
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
namespace: metallb
|
|
name: metallb-webhook-service
|
|
path: /validate-metallb-io-v1beta1-addresspool
|
|
failurePolicy: Fail
|
|
name: addresspoolvalidationwebhook.metallb.io
|
|
rules:
|
|
- apiGroups:
|
|
- metallb.io
|
|
apiVersions:
|
|
- v1beta1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- addresspools
|
|
sideEffects: None
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
namespace: metallb
|
|
name: metallb-webhook-service
|
|
path: /validate-metallb-io-v1beta2-bgppeer
|
|
failurePolicy: Fail
|
|
name: bgppeervalidationwebhook.metallb.io
|
|
rules:
|
|
- apiGroups:
|
|
- metallb.io
|
|
apiVersions:
|
|
- v1beta2
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- bgppeers
|
|
sideEffects: None
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
namespace: metallb
|
|
name: metallb-webhook-service
|
|
path: /validate-metallb-io-v1beta1-ipaddresspool
|
|
failurePolicy: Fail
|
|
name: ipaddresspoolvalidationwebhook.metallb.io
|
|
rules:
|
|
- apiGroups:
|
|
- metallb.io
|
|
apiVersions:
|
|
- v1beta1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- ipaddresspools
|
|
sideEffects: None
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
namespace: metallb
|
|
name: metallb-webhook-service
|
|
path: /validate-metallb-io-v1beta1-bgpadvertisement
|
|
failurePolicy: Fail
|
|
name: bgpadvertisementvalidationwebhook.metallb.io
|
|
rules:
|
|
- apiGroups:
|
|
- metallb.io
|
|
apiVersions:
|
|
- v1beta1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- bgpadvertisements
|
|
sideEffects: None
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
namespace: metallb
|
|
name: metallb-webhook-service
|
|
path: /validate-metallb-io-v1beta1-community
|
|
failurePolicy: Fail
|
|
name: communityvalidationwebhook.metallb.io
|
|
rules:
|
|
- apiGroups:
|
|
- metallb.io
|
|
apiVersions:
|
|
- v1beta1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- communities
|
|
sideEffects: None
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
namespace: metallb
|
|
name: metallb-webhook-service
|
|
path: /validate-metallb-io-v1beta1-bfdprofile
|
|
failurePolicy: Fail
|
|
name: bfdprofileyvalidationwebhook.metallb.io
|
|
rules:
|
|
- apiGroups:
|
|
- metallb.io
|
|
apiVersions:
|
|
- v1beta1
|
|
operations:
|
|
- DELETE
|
|
resources:
|
|
- bfdprofiles
|
|
sideEffects: None
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
namespace: metallb
|
|
name: metallb-webhook-service
|
|
path: /validate-metallb-io-v1beta1-l2advertisement
|
|
failurePolicy: Fail
|
|
name: l2advertisementvalidationwebhook.metallb.io
|
|
rules:
|
|
- apiGroups:
|
|
- metallb.io
|
|
apiVersions:
|
|
- v1beta1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- l2advertisements
|
|
sideEffects: None
|