Add metallb
This commit is contained in:
parent
fabd7dbef4
commit
27ce422b5f
8
metallb/metallb-helm-repo.yaml
Normal file
8
metallb/metallb-helm-repo.yaml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: metallb
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 15m
|
||||||
|
url: https://metallb.github.io/metallb
|
21
metallb/metallb-kustomization-config.yaml
Normal file
21
metallb/metallb-kustomization-config.yaml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: config--metallb-system
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 15m
|
||||||
|
dependsOn:
|
||||||
|
- name: metallb--metallb-system
|
||||||
|
path: ./metallb-config
|
||||||
|
prune: true # remove any elements later removed from the above path
|
||||||
|
timeout: 2m # if not set, this defaults to interval duration, which is 1h
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
||||||
|
validation: server
|
||||||
|
healthChecks:
|
||||||
|
- apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
name: metallb-controller
|
||||||
|
namespace: metallb-system
|
19
metallb/metallb-kustomization.yaml
Normal file
19
metallb/metallb-kustomization.yaml
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: metallb--metallb-system
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 15m
|
||||||
|
path: ./metallb-system
|
||||||
|
prune: true # remove any elements later removed from the above path
|
||||||
|
timeout: 2m # if not set, this defaults to interval duration, which is 1h
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
||||||
|
validation: server
|
||||||
|
healthChecks:
|
||||||
|
- apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
name: metallb-controller
|
||||||
|
namespace: metallb-system
|
4
metallb/metallb-namespace.yaml
Normal file
4
metallb/metallb-namespace.yaml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: metallb-system
|
349
metallb/metallb-system/config-map-overrides.yaml
Normal file
349
metallb/metallb-system/config-map-overrides.yaml
Normal file
@ -0,0 +1,349 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: metallb-helm-chart-value-overrides
|
||||||
|
namespace: metallb-system
|
||||||
|
data:
|
||||||
|
values.yaml: |-
|
||||||
|
# Default values for metallb.
|
||||||
|
# This is a YAML-formatted file.
|
||||||
|
# Declare variables to be passed into your templates.
|
||||||
|
|
||||||
|
imagePullSecrets: []
|
||||||
|
nameOverride: ""
|
||||||
|
fullnameOverride: ""
|
||||||
|
loadBalancerClass: ""
|
||||||
|
|
||||||
|
# To configure MetalLB, you must specify ONE of the following two
|
||||||
|
# options.
|
||||||
|
|
||||||
|
rbac:
|
||||||
|
# create specifies whether to install and use RBAC rules.
|
||||||
|
create: true
|
||||||
|
|
||||||
|
prometheus:
|
||||||
|
# scrape annotations specifies whether to add Prometheus metric
|
||||||
|
# auto-collection annotations to pods. See
|
||||||
|
# https://github.com/prometheus/prometheus/blob/release-2.1/documentation/examples/prometheus-kubernetes.yml
|
||||||
|
# for a corresponding Prometheus configuration. Alternatively, you
|
||||||
|
# may want to use the Prometheus Operator
|
||||||
|
# (https://github.com/coreos/prometheus-operator) for more powerful
|
||||||
|
# monitoring configuration. If you use the Prometheus operator, this
|
||||||
|
# can be left at false.
|
||||||
|
scrapeAnnotations: false
|
||||||
|
|
||||||
|
# port both controller and speaker will listen on for metrics
|
||||||
|
metricsPort: 7472
|
||||||
|
|
||||||
|
# if set, enables rbac proxy on the controller and speaker to expose
|
||||||
|
# the metrics via tls.
|
||||||
|
# secureMetricsPort: 9120
|
||||||
|
|
||||||
|
# the name of the secret to be mounted in the speaker pod
|
||||||
|
# to expose the metrics securely. If not present, a self signed
|
||||||
|
# certificate to be used.
|
||||||
|
speakerMetricsTLSSecret: ""
|
||||||
|
|
||||||
|
# the name of the secret to be mounted in the controller pod
|
||||||
|
# to expose the metrics securely. If not present, a self signed
|
||||||
|
# certificate to be used.
|
||||||
|
controllerMetricsTLSSecret: ""
|
||||||
|
|
||||||
|
# prometheus doens't have the permission to scrape all namespaces so we give it permission to scrape metallb's one
|
||||||
|
rbacPrometheus: true
|
||||||
|
|
||||||
|
# the service account used by prometheus
|
||||||
|
# required when " .Values.prometheus.rbacPrometheus == true " and " .Values.prometheus.podMonitor.enabled=true or prometheus.serviceMonitor.enabled=true "
|
||||||
|
serviceAccount: ""
|
||||||
|
|
||||||
|
# the namespace where prometheus is deployed
|
||||||
|
# required when " .Values.prometheus.rbacPrometheus == true " and " .Values.prometheus.podMonitor.enabled=true or prometheus.serviceMonitor.enabled=true "
|
||||||
|
namespace: ""
|
||||||
|
|
||||||
|
# the image to be used for the kuberbacproxy container
|
||||||
|
rbacProxy:
|
||||||
|
repository: gcr.io/kubebuilder/kube-rbac-proxy
|
||||||
|
tag: v0.12.0
|
||||||
|
pullPolicy:
|
||||||
|
|
||||||
|
# Prometheus Operator PodMonitors
|
||||||
|
podMonitor:
|
||||||
|
# enable support for Prometheus Operator
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
# optional additionnal labels for podMonitors
|
||||||
|
additionalLabels: {}
|
||||||
|
|
||||||
|
# optional annotations for podMonitors
|
||||||
|
annotations: {}
|
||||||
|
|
||||||
|
# Job label for scrape target
|
||||||
|
jobLabel: "app.kubernetes.io/name"
|
||||||
|
|
||||||
|
# Scrape interval. If not set, the Prometheus default scrape interval is used.
|
||||||
|
interval:
|
||||||
|
|
||||||
|
# metric relabel configs to apply to samples before ingestion.
|
||||||
|
metricRelabelings: []
|
||||||
|
# - action: keep
|
||||||
|
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
|
||||||
|
# sourceLabels: [__name__]
|
||||||
|
|
||||||
|
# relabel configs to apply to samples before ingestion.
|
||||||
|
relabelings: []
|
||||||
|
# - sourceLabels: [__meta_kubernetes_pod_node_name]
|
||||||
|
# separator: ;
|
||||||
|
# regex: ^(.*)$
|
||||||
|
# target_label: nodename
|
||||||
|
# replacement: $1
|
||||||
|
# action: replace
|
||||||
|
|
||||||
|
# Prometheus Operator ServiceMonitors. To be used as an alternative
|
||||||
|
# to podMonitor, supports secure metrics.
|
||||||
|
serviceMonitor:
|
||||||
|
# enable support for Prometheus Operator
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
speaker:
|
||||||
|
# optional additional labels for the speaker serviceMonitor
|
||||||
|
additionalLabels: {}
|
||||||
|
# optional additional annotations for the speaker serviceMonitor
|
||||||
|
annotations: {}
|
||||||
|
# optional tls configuration for the speaker serviceMonitor, in case
|
||||||
|
# secure metrics are enabled.
|
||||||
|
tlsConfig:
|
||||||
|
insecureSkipVerify: true
|
||||||
|
|
||||||
|
controller:
|
||||||
|
# optional additional labels for the controller serviceMonitor
|
||||||
|
additionalLabels: {}
|
||||||
|
# optional additional annotations for the controller serviceMonitor
|
||||||
|
annotations: {}
|
||||||
|
# optional tls configuration for the controller serviceMonitor, in case
|
||||||
|
# secure metrics are enabled.
|
||||||
|
tlsConfig:
|
||||||
|
insecureSkipVerify: true
|
||||||
|
|
||||||
|
# Job label for scrape target
|
||||||
|
jobLabel: "app.kubernetes.io/name"
|
||||||
|
|
||||||
|
# Scrape interval. If not set, the Prometheus default scrape interval is used.
|
||||||
|
interval:
|
||||||
|
|
||||||
|
# metric relabel configs to apply to samples before ingestion.
|
||||||
|
metricRelabelings: []
|
||||||
|
# - action: keep
|
||||||
|
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
|
||||||
|
# sourceLabels: [__name__]
|
||||||
|
|
||||||
|
# relabel configs to apply to samples before ingestion.
|
||||||
|
relabelings: []
|
||||||
|
# - sourceLabels: [__meta_kubernetes_pod_node_name]
|
||||||
|
# separator: ;
|
||||||
|
# regex: ^(.*)$
|
||||||
|
# target_label: nodename
|
||||||
|
# replacement: $1
|
||||||
|
# action: replace
|
||||||
|
|
||||||
|
# Prometheus Operator alertmanager alerts
|
||||||
|
prometheusRule:
|
||||||
|
# enable alertmanager alerts
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
# optional additionnal labels for prometheusRules
|
||||||
|
additionalLabels: {}
|
||||||
|
|
||||||
|
# optional annotations for prometheusRules
|
||||||
|
annotations: {}
|
||||||
|
|
||||||
|
# MetalLBStaleConfig
|
||||||
|
staleConfig:
|
||||||
|
enabled: true
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
|
||||||
|
# MetalLBConfigNotLoaded
|
||||||
|
configNotLoaded:
|
||||||
|
enabled: true
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
|
||||||
|
# MetalLBAddressPoolExhausted
|
||||||
|
addressPoolExhausted:
|
||||||
|
enabled: true
|
||||||
|
labels:
|
||||||
|
severity: alert
|
||||||
|
|
||||||
|
addressPoolUsage:
|
||||||
|
enabled: true
|
||||||
|
thresholds:
|
||||||
|
- percent: 75
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
- percent: 85
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
- percent: 95
|
||||||
|
labels:
|
||||||
|
severity: alert
|
||||||
|
|
||||||
|
# MetalLBBGPSessionDown
|
||||||
|
bgpSessionDown:
|
||||||
|
enabled: true
|
||||||
|
labels:
|
||||||
|
severity: alert
|
||||||
|
|
||||||
|
extraAlerts: []
|
||||||
|
|
||||||
|
# controller contains configuration specific to the MetalLB cluster
|
||||||
|
# controller.
|
||||||
|
controller:
|
||||||
|
enabled: true
|
||||||
|
# -- Controller log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none`
|
||||||
|
logLevel: info
|
||||||
|
# command: /controller
|
||||||
|
# webhookMode: enabled
|
||||||
|
image:
|
||||||
|
repository: quay.io/metallb/controller
|
||||||
|
tag:
|
||||||
|
pullPolicy:
|
||||||
|
## @param controller.updateStrategy.type Metallb controller deployment strategy type.
|
||||||
|
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
|
||||||
|
## e.g:
|
||||||
|
## strategy:
|
||||||
|
## type: RollingUpdate
|
||||||
|
## rollingUpdate:
|
||||||
|
## maxSurge: 25%
|
||||||
|
## maxUnavailable: 25%
|
||||||
|
##
|
||||||
|
strategy:
|
||||||
|
type: RollingUpdate
|
||||||
|
serviceAccount:
|
||||||
|
# Specifies whether a ServiceAccount should be created
|
||||||
|
create: true
|
||||||
|
# The name of the ServiceAccount to use. If not set and create is
|
||||||
|
# true, a name is generated using the fullname template
|
||||||
|
name: ""
|
||||||
|
annotations: {}
|
||||||
|
securityContext:
|
||||||
|
runAsNonRoot: true
|
||||||
|
# nobody
|
||||||
|
runAsUser: 65534
|
||||||
|
fsGroup: 65534
|
||||||
|
resources: {}
|
||||||
|
# limits:
|
||||||
|
# cpu: 100m
|
||||||
|
# memory: 100Mi
|
||||||
|
nodeSelector: {}
|
||||||
|
tolerations: []
|
||||||
|
priorityClassName: ""
|
||||||
|
runtimeClassName: ""
|
||||||
|
affinity: {}
|
||||||
|
podAnnotations: {}
|
||||||
|
labels: {}
|
||||||
|
livenessProbe:
|
||||||
|
enabled: true
|
||||||
|
failureThreshold: 3
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
periodSeconds: 10
|
||||||
|
successThreshold: 1
|
||||||
|
timeoutSeconds: 1
|
||||||
|
readinessProbe:
|
||||||
|
enabled: true
|
||||||
|
failureThreshold: 3
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
periodSeconds: 10
|
||||||
|
successThreshold: 1
|
||||||
|
timeoutSeconds: 1
|
||||||
|
|
||||||
|
# speaker contains configuration specific to the MetalLB speaker
|
||||||
|
# daemonset.
|
||||||
|
speaker:
|
||||||
|
enabled: true
|
||||||
|
# command: /speaker
|
||||||
|
# -- Speaker log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none`
|
||||||
|
logLevel: info
|
||||||
|
tolerateMaster: true
|
||||||
|
memberlist:
|
||||||
|
enabled: true
|
||||||
|
mlBindPort: 7946
|
||||||
|
mlSecretKeyPath: "/etc/ml_secret_key"
|
||||||
|
excludeInterfaces:
|
||||||
|
enabled: true
|
||||||
|
image:
|
||||||
|
repository: quay.io/metallb/speaker
|
||||||
|
tag:
|
||||||
|
pullPolicy:
|
||||||
|
## @param speaker.updateStrategy.type Speaker daemonset strategy type
|
||||||
|
## ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/
|
||||||
|
##
|
||||||
|
updateStrategy:
|
||||||
|
## StrategyType
|
||||||
|
## Can be set to RollingUpdate or OnDelete
|
||||||
|
##
|
||||||
|
type: RollingUpdate
|
||||||
|
serviceAccount:
|
||||||
|
# Specifies whether a ServiceAccount should be created
|
||||||
|
create: true
|
||||||
|
# The name of the ServiceAccount to use. If not set and create is
|
||||||
|
# true, a name is generated using the fullname template
|
||||||
|
name: ""
|
||||||
|
annotations: {}
|
||||||
|
## Defines a secret name for the controller to generate a memberlist encryption secret
|
||||||
|
## By default secretName: {{ "metallb.fullname" }}-memberlist
|
||||||
|
##
|
||||||
|
# secretName:
|
||||||
|
resources: {}
|
||||||
|
# limits:
|
||||||
|
# cpu: 100m
|
||||||
|
# memory: 100Mi
|
||||||
|
nodeSelector: {}
|
||||||
|
tolerations: []
|
||||||
|
priorityClassName: ""
|
||||||
|
affinity: {}
|
||||||
|
## Selects which runtime class will be used by the pod.
|
||||||
|
runtimeClassName: ""
|
||||||
|
podAnnotations: {}
|
||||||
|
labels: {}
|
||||||
|
livenessProbe:
|
||||||
|
enabled: true
|
||||||
|
failureThreshold: 3
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
periodSeconds: 10
|
||||||
|
successThreshold: 1
|
||||||
|
timeoutSeconds: 1
|
||||||
|
readinessProbe:
|
||||||
|
enabled: true
|
||||||
|
failureThreshold: 3
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
periodSeconds: 10
|
||||||
|
successThreshold: 1
|
||||||
|
timeoutSeconds: 1
|
||||||
|
startupProbe:
|
||||||
|
enabled: true
|
||||||
|
failureThreshold: 30
|
||||||
|
periodSeconds: 5
|
||||||
|
# frr contains configuration specific to the MetalLB FRR container,
|
||||||
|
# for speaker running alongside FRR.
|
||||||
|
frr:
|
||||||
|
enabled: true
|
||||||
|
image:
|
||||||
|
repository: quay.io/frrouting/frr
|
||||||
|
tag: 8.5.2
|
||||||
|
pullPolicy:
|
||||||
|
metricsPort: 7473
|
||||||
|
resources: {}
|
||||||
|
|
||||||
|
# if set, enables a rbac proxy sidecar container on the speaker to
|
||||||
|
# expose the frr metrics via tls.
|
||||||
|
# secureMetricsPort: 9121
|
||||||
|
|
||||||
|
reloader:
|
||||||
|
resources: {}
|
||||||
|
|
||||||
|
frrMetrics:
|
||||||
|
resources: {}
|
||||||
|
|
||||||
|
crds:
|
||||||
|
enabled: true
|
||||||
|
validationFailurePolicy: Fail
|
21
metallb/metallb-system/helmrelease-metallb.yaml
Normal file
21
metallb/metallb-system/helmrelease-metallb.yaml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: metallb
|
||||||
|
namespace: metallb-system
|
||||||
|
spec:
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: metallb
|
||||||
|
version: 0.13.7
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: metallb
|
||||||
|
namespace: flux-system
|
||||||
|
interval: 15m
|
||||||
|
timeout: 5m
|
||||||
|
releaseName: metallb
|
||||||
|
valuesFrom:
|
||||||
|
- kind: ConfigMap
|
||||||
|
name: metallb-helm-chart-value-overrides
|
||||||
|
valuesKey: values.yaml
|
8
metallb/metallb-system/ipaddresspool.yaml
Normal file
8
metallb/metallb-system/ipaddresspool.yaml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
apiVersion: metallb.io/v1beta1
|
||||||
|
kind: IPAddressPool
|
||||||
|
metadata:
|
||||||
|
name: metallb-pool
|
||||||
|
namespace: metallb-system
|
||||||
|
spec:
|
||||||
|
addresses:
|
||||||
|
- 192.168.1.104-192.168.1.108
|
8
metallb/metallb-system/l2-advertisement.yaml
Normal file
8
metallb/metallb-system/l2-advertisement.yaml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
apiVersion: metallb.io/v1beta1
|
||||||
|
kind: L2Advertisement
|
||||||
|
metadata:
|
||||||
|
name: my-l2-advertisment
|
||||||
|
namespace: metallb-system
|
||||||
|
spec:
|
||||||
|
ipAddressPools:
|
||||||
|
- metallb-pool
|
Loading…
Reference in New Issue
Block a user