diff --git a/assets/icons/metallb.png b/assets/icons/metallb.png deleted file mode 100644 index 8a19cd00b..000000000 Binary files a/assets/icons/metallb.png and /dev/null differ diff --git a/assets/metallb/metallb-0.13.11.tgz b/assets/metallb/metallb-0.13.11.tgz deleted file mode 100644 index 49551eab2..000000000 Binary files a/assets/metallb/metallb-0.13.11.tgz and /dev/null differ diff --git a/assets/metallb/metallb-0.13.12.tgz b/assets/metallb/metallb-0.13.12.tgz deleted file mode 100644 index 956f42930..000000000 Binary files a/assets/metallb/metallb-0.13.12.tgz and /dev/null differ diff --git a/assets/metallb/metallb-0.14.3.tgz b/assets/metallb/metallb-0.14.3.tgz deleted file mode 100644 index 372f502a6..000000000 Binary files a/assets/metallb/metallb-0.14.3.tgz and /dev/null differ diff --git a/assets/metallb/metallb-0.14.4.tgz b/assets/metallb/metallb-0.14.4.tgz deleted file mode 100644 index 7fc25ea14..000000000 Binary files a/assets/metallb/metallb-0.14.4.tgz and /dev/null differ diff --git a/assets/metallb/metallb-0.14.5.tgz b/assets/metallb/metallb-0.14.5.tgz deleted file mode 100644 index 3675351e7..000000000 Binary files a/assets/metallb/metallb-0.14.5.tgz and /dev/null differ diff --git a/charts/metallb/metallb/.helmignore b/charts/metallb/metallb/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/metallb/metallb/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/metallb/metallb/Chart.lock b/charts/metallb/metallb/Chart.lock deleted file mode 100644 index 2c0f03028..000000000 --- a/charts/metallb/metallb/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: crds - repository: "" - version: 0.14.5 -- name: frr-k8s - repository: https://metallb.github.io/frr-k8s - version: 0.0.11 -digest: sha256:d427d5fe27f36681760453c22f8df5664e1d04b33bc6f495b46a6645d68b46ec -generated: "2024-04-19T16:34:12.167710407+02:00" diff --git a/charts/metallb/metallb/Chart.yaml b/charts/metallb/metallb/Chart.yaml deleted file mode 100644 index 51ecef5f4..000000000 --- a/charts/metallb/metallb/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: MetalLB - catalog.cattle.io/kube-version: '>= 1.19.0-0' - catalog.cattle.io/namespace: metallb-system - catalog.cattle.io/release-name: metallb -apiVersion: v2 -appVersion: v0.14.5 -dependencies: -- condition: crds.enabled - name: crds - repository: file://./charts/crds - version: 0.14.5 -- condition: frrk8s.enabled - name: frr-k8s - repository: file://./charts/frr-k8s - version: 0.0.11 -description: A network load-balancer implementation for Kubernetes using standard - routing protocols -home: https://metallb.universe.tf -icon: https://metallb.universe.tf/images/logo/metallb-blue.png -kubeVersion: '>= 1.19.0-0' -name: metallb -sources: -- https://github.com/metallb/metallb -type: application -version: 0.14.5 diff --git a/charts/metallb/metallb/README.md b/charts/metallb/metallb/README.md deleted file mode 100644 index 66f3a6171..000000000 --- a/charts/metallb/metallb/README.md +++ /dev/null @@ -1,167 +0,0 @@ -# metallb - -![Version: 0.0.0](https://img.shields.io/badge/Version-0.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.0](https://img.shields.io/badge/AppVersion-v0.0.0-informational?style=flat-square) - -A network load-balancer implementation for Kubernetes using standard routing protocols - -**Homepage:** - -## Source Code - -* - -## Requirements - -Kubernetes: `>= 1.19.0-0` - -| Repository | Name | Version | -|------------|------|---------| -| | crds | 0.0.0 | -| https://metallb.github.io/frr-k8s | frr-k8s | 0.0.11 | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| controller.affinity | object | `{}` | | -| controller.enabled | bool | `true` | | -| controller.extraContainers | list | `[]` | | -| controller.image.pullPolicy | string | `nil` | | -| controller.image.repository | string | `"quay.io/metallb/controller"` | | -| controller.image.tag | string | `nil` | | -| controller.labels | object | `{}` | | -| controller.livenessProbe.enabled | bool | `true` | | -| controller.livenessProbe.failureThreshold | int | `3` | | -| controller.livenessProbe.initialDelaySeconds | int | `10` | | -| controller.livenessProbe.periodSeconds | int | `10` | | -| controller.livenessProbe.successThreshold | int | `1` | | -| controller.livenessProbe.timeoutSeconds | int | `1` | | -| controller.logLevel | string | `"info"` | Controller log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none` | -| controller.nodeSelector | object | `{}` | | -| controller.podAnnotations | object | `{}` | | -| controller.priorityClassName | string | `""` | | -| controller.readinessProbe.enabled | bool | `true` | | -| controller.readinessProbe.failureThreshold | int | `3` | | -| controller.readinessProbe.initialDelaySeconds | int | `10` | | -| controller.readinessProbe.periodSeconds | int | `10` | | -| controller.readinessProbe.successThreshold | int | `1` | | -| controller.readinessProbe.timeoutSeconds | int | `1` | | -| controller.resources | object | `{}` | | -| controller.runtimeClassName | string | `""` | | -| controller.securityContext.fsGroup | int | `65534` | | -| controller.securityContext.runAsNonRoot | bool | `true` | | -| controller.securityContext.runAsUser | int | `65534` | | -| controller.serviceAccount.annotations | object | `{}` | | -| controller.serviceAccount.create | bool | `true` | | -| controller.serviceAccount.name | string | `""` | | -| controller.strategy.type | string | `"RollingUpdate"` | | -| controller.tlsCipherSuites | string | `""` | | -| controller.tlsMinVersion | string | `"VersionTLS12"` | | -| controller.tolerations | list | `[]` | | -| crds.enabled | bool | `true` | | -| crds.validationFailurePolicy | string | `"Fail"` | | -| frrk8s.enabled | bool | `false` | | -| fullnameOverride | string | `""` | | -| imagePullSecrets | list | `[]` | | -| loadBalancerClass | string | `""` | | -| nameOverride | string | `""` | | -| prometheus.controllerMetricsTLSSecret | string | `""` | | -| prometheus.metricsPort | int | `7472` | | -| prometheus.namespace | string | `""` | | -| prometheus.podMonitor.additionalLabels | object | `{}` | | -| prometheus.podMonitor.annotations | object | `{}` | | -| prometheus.podMonitor.enabled | bool | `false` | | -| prometheus.podMonitor.interval | string | `nil` | | -| prometheus.podMonitor.jobLabel | string | `"app.kubernetes.io/name"` | | -| prometheus.podMonitor.metricRelabelings | list | `[]` | | -| prometheus.podMonitor.relabelings | list | `[]` | | -| prometheus.prometheusRule.additionalLabels | object | `{}` | | -| prometheus.prometheusRule.addressPoolExhausted.enabled | bool | `true` | | -| prometheus.prometheusRule.addressPoolExhausted.labels.severity | string | `"alert"` | | -| prometheus.prometheusRule.addressPoolUsage.enabled | bool | `true` | | -| prometheus.prometheusRule.addressPoolUsage.thresholds[0].labels.severity | string | `"warning"` | | -| prometheus.prometheusRule.addressPoolUsage.thresholds[0].percent | int | `75` | | -| prometheus.prometheusRule.addressPoolUsage.thresholds[1].labels.severity | string | `"warning"` | | -| prometheus.prometheusRule.addressPoolUsage.thresholds[1].percent | int | `85` | | -| prometheus.prometheusRule.addressPoolUsage.thresholds[2].labels.severity | string | `"alert"` | | -| prometheus.prometheusRule.addressPoolUsage.thresholds[2].percent | int | `95` | | -| prometheus.prometheusRule.annotations | object | `{}` | | -| prometheus.prometheusRule.bgpSessionDown.enabled | bool | `true` | | -| prometheus.prometheusRule.bgpSessionDown.labels.severity | string | `"alert"` | | -| prometheus.prometheusRule.configNotLoaded.enabled | bool | `true` | | -| prometheus.prometheusRule.configNotLoaded.labels.severity | string | `"warning"` | | -| prometheus.prometheusRule.enabled | bool | `false` | | -| prometheus.prometheusRule.extraAlerts | list | `[]` | | -| prometheus.prometheusRule.staleConfig.enabled | bool | `true` | | -| prometheus.prometheusRule.staleConfig.labels.severity | string | `"warning"` | | -| prometheus.rbacPrometheus | bool | `true` | | -| prometheus.rbacProxy.pullPolicy | string | `nil` | | -| prometheus.rbacProxy.repository | string | `"gcr.io/kubebuilder/kube-rbac-proxy"` | | -| prometheus.rbacProxy.tag | string | `"v0.12.0"` | | -| prometheus.scrapeAnnotations | bool | `false` | | -| prometheus.serviceAccount | string | `""` | | -| prometheus.serviceMonitor.controller.additionalLabels | object | `{}` | | -| prometheus.serviceMonitor.controller.annotations | object | `{}` | | -| prometheus.serviceMonitor.controller.tlsConfig.insecureSkipVerify | bool | `true` | | -| prometheus.serviceMonitor.enabled | bool | `false` | | -| prometheus.serviceMonitor.interval | string | `nil` | | -| prometheus.serviceMonitor.jobLabel | string | `"app.kubernetes.io/name"` | | -| prometheus.serviceMonitor.metricRelabelings | list | `[]` | | -| prometheus.serviceMonitor.relabelings | list | `[]` | | -| prometheus.serviceMonitor.speaker.additionalLabels | object | `{}` | | -| prometheus.serviceMonitor.speaker.annotations | object | `{}` | | -| prometheus.serviceMonitor.speaker.tlsConfig.insecureSkipVerify | bool | `true` | | -| prometheus.speakerMetricsTLSSecret | string | `""` | | -| rbac.create | bool | `true` | | -| speaker.affinity | object | `{}` | | -| speaker.enabled | bool | `true` | | -| speaker.excludeInterfaces.enabled | bool | `true` | | -| speaker.extraContainers | list | `[]` | | -| speaker.frr.enabled | bool | `true` | | -| speaker.frr.image.pullPolicy | string | `nil` | | -| speaker.frr.image.repository | string | `"quay.io/frrouting/frr"` | | -| speaker.frr.image.tag | string | `"9.0.2"` | | -| speaker.frr.metricsPort | int | `7473` | | -| speaker.frr.resources | object | `{}` | | -| speaker.frrMetrics.resources | object | `{}` | | -| speaker.ignoreExcludeLB | bool | `false` | | -| speaker.image.pullPolicy | string | `nil` | | -| speaker.image.repository | string | `"quay.io/metallb/speaker"` | | -| speaker.image.tag | string | `nil` | | -| speaker.labels | object | `{}` | | -| speaker.livenessProbe.enabled | bool | `true` | | -| speaker.livenessProbe.failureThreshold | int | `3` | | -| speaker.livenessProbe.initialDelaySeconds | int | `10` | | -| speaker.livenessProbe.periodSeconds | int | `10` | | -| speaker.livenessProbe.successThreshold | int | `1` | | -| speaker.livenessProbe.timeoutSeconds | int | `1` | | -| speaker.logLevel | string | `"info"` | Speaker log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none` | -| speaker.memberlist.enabled | bool | `true` | | -| speaker.memberlist.mlBindAddrOverride | string | `""` | | -| speaker.memberlist.mlBindPort | int | `7946` | | -| speaker.memberlist.mlSecretKeyPath | string | `"/etc/ml_secret_key"` | | -| speaker.nodeSelector | object | `{}` | | -| speaker.podAnnotations | object | `{}` | | -| speaker.priorityClassName | string | `""` | | -| speaker.readinessProbe.enabled | bool | `true` | | -| speaker.readinessProbe.failureThreshold | int | `3` | | -| speaker.readinessProbe.initialDelaySeconds | int | `10` | | -| speaker.readinessProbe.periodSeconds | int | `10` | | -| speaker.readinessProbe.successThreshold | int | `1` | | -| speaker.readinessProbe.timeoutSeconds | int | `1` | | -| speaker.reloader.resources | object | `{}` | | -| speaker.resources | object | `{}` | | -| speaker.runtimeClassName | string | `""` | | -| speaker.securityContext | object | `{}` | | -| speaker.serviceAccount.annotations | object | `{}` | | -| speaker.serviceAccount.create | bool | `true` | | -| speaker.serviceAccount.name | string | `""` | | -| speaker.startupProbe.enabled | bool | `true` | | -| speaker.startupProbe.failureThreshold | int | `30` | | -| speaker.startupProbe.periodSeconds | int | `5` | | -| speaker.tolerateMaster | bool | `true` | | -| speaker.tolerations | list | `[]` | | -| speaker.updateStrategy.type | string | `"RollingUpdate"` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0) diff --git a/charts/metallb/metallb/charts/crds/.helmignore b/charts/metallb/metallb/charts/crds/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/metallb/metallb/charts/crds/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/metallb/metallb/charts/crds/Chart.yaml b/charts/metallb/metallb/charts/crds/Chart.yaml deleted file mode 100644 index 1cd137c77..000000000 --- a/charts/metallb/metallb/charts/crds/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v2 -appVersion: v0.14.5 -description: MetalLB CRDs -home: https://metallb.universe.tf -icon: https://metallb.universe.tf/images/logo/metallb-white.png -name: crds -sources: -- https://github.com/metallb/metallb -type: application -version: 0.14.5 diff --git a/charts/metallb/metallb/charts/crds/README.md b/charts/metallb/metallb/charts/crds/README.md deleted file mode 100644 index 15bf8a7b7..000000000 --- a/charts/metallb/metallb/charts/crds/README.md +++ /dev/null @@ -1,14 +0,0 @@ -# crds - -![Version: 0.0.0](https://img.shields.io/badge/Version-0.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.0](https://img.shields.io/badge/AppVersion-v0.0.0-informational?style=flat-square) - -MetalLB CRDs - -**Homepage:** - -## Source Code - -* - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0) diff --git a/charts/metallb/metallb/charts/crds/templates/crds.yaml b/charts/metallb/metallb/charts/crds/templates/crds.yaml deleted file mode 100644 index 79497f125..000000000 --- a/charts/metallb/metallb/charts/crds/templates/crds.yaml +++ /dev/null @@ -1,1160 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: bfdprofiles.metallb.io -spec: - group: metallb.io - names: - kind: BFDProfile - listKind: BFDProfileList - plural: bfdprofiles - singular: bfdprofile - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.passiveMode - name: Passive Mode - type: boolean - - jsonPath: .spec.transmitInterval - name: Transmit Interval - type: integer - - jsonPath: .spec.receiveInterval - name: Receive Interval - type: integer - - jsonPath: .spec.detectMultiplier - name: Multiplier - type: integer - name: v1beta1 - schema: - openAPIV3Schema: - description: |- - BFDProfile represents the settings of the bfd session that can be - optionally associated with a BGP session. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: BFDProfileSpec defines the desired state of BFDProfile. - properties: - detectMultiplier: - description: |- - Configures the detection multiplier to determine - packet loss. The remote transmission interval will be multiplied - by this value to determine the connection loss detection timer. - format: int32 - maximum: 255 - minimum: 2 - type: integer - echoInterval: - description: |- - Configures the minimal echo receive transmission - interval that this system is capable of handling in milliseconds. - Defaults to 50ms - format: int32 - maximum: 60000 - minimum: 10 - type: integer - echoMode: - description: |- - Enables or disables the echo transmission mode. - This mode is disabled by default, and not supported on multi - hops setups. - type: boolean - minimumTtl: - description: |- - For multi hop sessions only: configure the minimum - expected TTL for an incoming BFD control packet. - format: int32 - maximum: 254 - minimum: 1 - type: integer - passiveMode: - description: |- - Mark session as passive: a passive session will not - attempt to start the connection and will wait for control packets - from peer before it begins replying. - type: boolean - receiveInterval: - description: |- - The minimum interval that this system is capable of - receiving control packets in milliseconds. - Defaults to 300ms. - format: int32 - maximum: 60000 - minimum: 10 - type: integer - transmitInterval: - description: |- - The minimum transmission interval (less jitter) - that this system wants to use to send BFD control packets in - milliseconds. Defaults to 300ms - format: int32 - maximum: 60000 - minimum: 10 - type: integer - type: object - status: - description: BFDProfileStatus defines the observed state of BFDProfile. - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: bgpadvertisements.metallb.io -spec: - group: metallb.io - names: - kind: BGPAdvertisement - listKind: BGPAdvertisementList - plural: bgpadvertisements - singular: bgpadvertisement - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.ipAddressPools - name: IPAddressPools - type: string - - jsonPath: .spec.ipAddressPoolSelectors - name: IPAddressPool Selectors - type: string - - jsonPath: .spec.peers - name: Peers - type: string - - jsonPath: .spec.nodeSelectors - name: Node Selectors - priority: 10 - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: |- - BGPAdvertisement allows to advertise the IPs coming - from the selected IPAddressPools via BGP, setting the parameters of the - BGP Advertisement. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: BGPAdvertisementSpec defines the desired state of BGPAdvertisement. - properties: - aggregationLength: - default: 32 - description: The aggregation-length advertisement option lets you “roll up” the /32s into a larger prefix. Defaults to 32. Works for IPv4 addresses. - format: int32 - minimum: 1 - type: integer - aggregationLengthV6: - default: 128 - description: The aggregation-length advertisement option lets you “roll up” the /128s into a larger prefix. Defaults to 128. Works for IPv6 addresses. - format: int32 - type: integer - communities: - description: |- - The BGP communities to be associated with the announcement. Each item can be a standard community of the - form 1234:1234, a large community of the form large:1234:1234:1234 or the name of an alias defined in the - Community CRD. - items: - type: string - type: array - ipAddressPoolSelectors: - description: |- - A selector for the IPAddressPools which would get advertised via this advertisement. - If no IPAddressPool is selected by this or by the list, the advertisement is applied to all the IPAddressPools. - items: - description: |- - A label selector is a label query over a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector matches all objects. A null - label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: array - ipAddressPools: - description: The list of IPAddressPools to advertise via this advertisement, selected by name. - items: - type: string - type: array - localPref: - description: |- - The BGP LOCAL_PREF attribute which is used by BGP best path algorithm, - Path with higher localpref is preferred over one with lower localpref. - format: int32 - type: integer - nodeSelectors: - description: NodeSelectors allows to limit the nodes to announce as next hops for the LoadBalancer IP. When empty, all the nodes having are announced as next hops. - items: - description: |- - A label selector is a label query over a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector matches all objects. A null - label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: array - peers: - description: |- - Peers limits the bgppeer to advertise the ips of the selected pools to. - When empty, the loadbalancer IP is announced to all the BGPPeers configured. - items: - type: string - type: array - type: object - status: - description: BGPAdvertisementStatus defines the observed state of BGPAdvertisement. - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: bgppeers.metallb.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGWlRDQ0EwMmdBd0lCQWdJVU5GRW1XcTM3MVpKdGkrMmlSQzk1WmpBV1MxZ3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3UWpFTE1Ba0dBMVVFQmhNQ1dGZ3hGVEFUQmdOVkJBY01ERVJsWm1GMWJIUWdRMmwwZVRFY01Cb0dBMVVFDQpDZ3dUUkdWbVlYVnNkQ0JEYjIxd1lXNTVJRXgwWkRBZUZ3MHlNakEzTVRrd09UTXlNek5hRncweU1qQTRNVGd3DQpPVE15TXpOYU1FSXhDekFKQmdOVkJBWVRBbGhZTVJVd0V3WURWUVFIREF4RVpXWmhkV3gwSUVOcGRIa3hIREFhDQpCZ05WQkFvTUUwUmxabUYxYkhRZ1EyOXRjR0Z1ZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDDQpEd0F3Z2dJS0FvSUNBUUNxVFpxMWZRcC9vYkdlenhES0o3OVB3Ny94azJwellualNzMlkzb1ZYSm5sRmM4YjVlDQpma2ZZQnY2bndscW1keW5PL2phWFBaQmRQSS82aFdOUDBkdVhadEtWU0NCUUpyZzEyOGNXb3F0MGNTN3pLb1VpDQpvcU1tQ0QvRXVBeFFNZjhRZDF2c1gvVllkZ0poVTZBRXJLZEpIaXpFOUJtUkNkTDBGMW1OVW55Rk82UnRtWFZUDQpidkxsTDVYeTc2R0FaQVBLOFB4aVlDa0NtbDdxN0VnTWNiOXlLWldCYmlxQ3VkTXE5TGJLNmdKNzF6YkZnSXV4DQo1L1pXK2JraTB2RlplWk9ZODUxb1psckFUNzJvMDI4NHNTWW9uN0pHZVZkY3NoUnh5R1VpSFpSTzdkaXZVTDVTDQpmM2JmSDFYbWY1ZDQzT0NWTWRuUUV2NWVaOG8zeWVLa3ZrbkZQUGVJMU9BbjdGbDlFRVNNR2dhOGFaSG1URSttDQpsLzlMSmdDYjBnQmtPT0M0WnV4bWh2aERKV1EzWnJCS3pMQlNUZXN0NWlLNVlwcXRWVVk2THRyRW9FelVTK1lsDQpwWndXY2VQWHlHeHM5ZURsR3lNVmQraW15Y3NTU1UvVno2Mmx6MnZCS21NTXBkYldDQWhud0RsRTVqU2dyMjRRDQp0eGNXLys2N3d5KzhuQlI3UXdqVTFITndVRjBzeERWdEwrZ1NHVERnSEVZSlhZelYvT05zMy94TkpoVFNPSkxNDQpoeXNVdyttaGdackdhbUdXcHVIVU1DUitvTWJzMTc1UkcrQjJnUFFHVytPTjJnUTRyOXN2b0ZBNHBBQm8xd1dLDQpRYjRhY3pmeVVscElBOVFoSmFsZEY3S3dPSHVlV3gwRUNrNXg0T2tvVDBvWVp0dzFiR0JjRGtaSmF3SURBUUFCDQpvMU13VVRBZEJnTlZIUTRFRmdRVW90UlNIUm9IWTEyRFZ4R0NCdEhpb1g2ZmVFQXdId1lEVlIwakJCZ3dGb0FVDQpvdFJTSFJvSFkxMkRWeEdDQnRIaW9YNmZlRUF3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCDQpBUXNGQUFPQ0FnRUFSbkpsWWRjMTFHd0VxWnh6RDF2R3BDR2pDN2VWTlQ3aVY1d3IybXlybHdPYi9aUWFEa0xYDQpvVStaOVVXT1VlSXJTdzUydDdmQUpvVVAwSm5iYkMveVIrU1lqUGhvUXNiVHduOTc2ZldBWTduM3FMOXhCd1Y0DQphek41OXNjeUp0dlhMeUtOL2N5ak1ReDRLajBIMFg0bWJ6bzVZNUtzWWtYVU0vOEFPdWZMcEd0S1NGVGgrSEFDDQpab1Q5YnZHS25adnNHd0tYZFF0Wnh0akhaUjVqK3U3ZGtQOTJBT051RFNabS8rWVV4b2tBK09JbzdSR3BwSHNXDQo1ZTdNY0FTVXRtb1FORXd6dVFoVkJaRWQ1OGtKYjUrV0VWbGNzanlXNnRTbzErZ25tTWNqR1BsMWgxR2hVbjV4DQpFY0lWRnBIWXM5YWo1NmpBSjk1MVQvZjhMaWxmTlVnanBLQ0c1bnl0SUt3emxhOHNtdGlPdm1UNEpYbXBwSkI2DQo4bmdHRVluVjUrUTYwWFJ2OEhSSGp1VG9CRHVhaERrVDA2R1JGODU1d09FR2V4bkZpMXZYWUxLVllWb1V2MXRKDQo4dVdUR1pwNllDSVJldlBqbzg5ZytWTlJSaVFYUThJd0dybXE5c0RoVTlqTjA0SjdVL1RvRDFpNHE3VnlsRUc5DQorV1VGNkNLaEdBeTJIaEhwVncyTGFoOS9lUzdZMUZ1YURrWmhPZG1laG1BOCtqdHNZamJadnR5Mm1SWlF0UUZzDQpUU1VUUjREbUR2bVVPRVRmeStpRHdzK2RkWXVNTnJGeVVYV2dkMnpBQU4ydVl1UHFGY2pRcFNPODFzVTJTU3R3DQoxVzAyeUtYOGJEYmZFdjBzbUh3UzliQnFlSGo5NEM1Mjg0YXpsdTBmaUdpTm1OUEM4ckJLRmhBPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== - service: - name: metallb-webhook-service - namespace: {{ .Release.Namespace }} - path: /convert - conversionReviewVersions: - - v1beta1 - - v1beta2 - group: metallb.io - names: - kind: BGPPeer - listKind: BGPPeerList - plural: bgppeers - singular: bgppeer - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.peerAddress - name: Address - type: string - - jsonPath: .spec.peerASN - name: ASN - type: string - - jsonPath: .spec.bfdProfile - name: BFD Profile - type: string - - jsonPath: .spec.ebgpMultiHop - name: Multi Hops - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: BGPPeer is the Schema for the peers API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: BGPPeerSpec defines the desired state of Peer. - properties: - bfdProfile: - type: string - ebgpMultiHop: - description: EBGP peer is multi-hops away - type: boolean - holdTime: - description: Requested BGP hold time, per RFC4271. - type: string - keepaliveTime: - description: Requested BGP keepalive time, per RFC4271. - type: string - myASN: - description: AS number to use for the local end of the session. - format: int32 - maximum: 4294967295 - minimum: 0 - type: integer - nodeSelectors: - description: |- - Only connect to this peer on nodes that match one of these - selectors. - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - minItems: 1 - type: array - required: - - key - - operator - - values - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - password: - description: Authentication password for routers enforcing TCP MD5 authenticated sessions - type: string - peerASN: - description: AS number to expect from the remote end of the session. - format: int32 - maximum: 4294967295 - minimum: 0 - type: integer - peerAddress: - description: Address to dial when establishing the session. - type: string - peerPort: - description: Port to dial when establishing the session. - maximum: 16384 - minimum: 0 - type: integer - routerID: - description: BGP router ID to advertise to the peer - type: string - sourceAddress: - description: Source address to use when establishing the session. - type: string - required: - - myASN - - peerASN - - peerAddress - type: object - status: - description: BGPPeerStatus defines the observed state of Peer. - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.peerAddress - name: Address - type: string - - jsonPath: .spec.peerASN - name: ASN - type: string - - jsonPath: .spec.bfdProfile - name: BFD Profile - type: string - - jsonPath: .spec.ebgpMultiHop - name: Multi Hops - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: BGPPeer is the Schema for the peers API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: BGPPeerSpec defines the desired state of Peer. - properties: - bfdProfile: - description: The name of the BFD Profile to be used for the BFD session associated to the BGP session. If not set, the BFD session won't be set up. - type: string - connectTime: - description: Requested BGP connect time, controls how long BGP waits between connection attempts to a neighbor. - type: string - x-kubernetes-validations: - - message: connect time should be between 1 seconds to 65535 - rule: duration(self).getSeconds() >= 1 && duration(self).getSeconds() <= 65535 - - message: connect time should contain a whole number of seconds - rule: duration(self).getMilliseconds() % 1000 == 0 - disableMP: - default: false - description: To set if we want to disable MP BGP that will separate IPv4 and IPv6 route exchanges into distinct BGP sessions. - type: boolean - ebgpMultiHop: - description: To set if the BGPPeer is multi-hops away. Needed for FRR mode only. - type: boolean - holdTime: - description: Requested BGP hold time, per RFC4271. - type: string - keepaliveTime: - description: Requested BGP keepalive time, per RFC4271. - type: string - myASN: - description: AS number to use for the local end of the session. - format: int32 - maximum: 4294967295 - minimum: 0 - type: integer - nodeSelectors: - description: |- - Only connect to this peer on nodes that match one of these - selectors. - items: - description: |- - A label selector is a label query over a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector matches all objects. A null - label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: array - password: - description: Authentication password for routers enforcing TCP MD5 authenticated sessions - type: string - passwordSecret: - description: |- - passwordSecret is name of the authentication secret for BGP Peer. - the secret must be of type "kubernetes.io/basic-auth", and created in the - same namespace as the MetalLB deployment. The password is stored in the - secret as the key "password". - properties: - name: - description: name is unique within a namespace to reference a secret resource. - type: string - namespace: - description: namespace defines the space within which the secret name must be unique. - type: string - type: object - x-kubernetes-map-type: atomic - peerASN: - description: AS number to expect from the remote end of the session. - format: int32 - maximum: 4294967295 - minimum: 0 - type: integer - peerAddress: - description: Address to dial when establishing the session. - type: string - peerPort: - default: 179 - description: Port to dial when establishing the session. - maximum: 16384 - minimum: 0 - type: integer - routerID: - description: BGP router ID to advertise to the peer - type: string - sourceAddress: - description: Source address to use when establishing the session. - type: string - vrf: - description: |- - To set if we want to peer with the BGPPeer using an interface belonging to - a host vrf - type: string - required: - - myASN - - peerASN - - peerAddress - type: object - status: - description: BGPPeerStatus defines the observed state of Peer. - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: communities.metallb.io -spec: - group: metallb.io - names: - kind: Community - listKind: CommunityList - plural: communities - singular: community - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: |- - Community is a collection of aliases for communities. - Users can define named aliases to be used in the BGPPeer CRD. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: CommunitySpec defines the desired state of Community. - properties: - communities: - items: - properties: - name: - description: The name of the alias for the community. - type: string - value: - description: |- - The BGP community value corresponding to the given name. Can be a standard community of the form 1234:1234 - or a large community of the form large:1234:1234:1234. - type: string - type: object - type: array - type: object - status: - description: CommunityStatus defines the observed state of Community. - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: ipaddresspools.metallb.io -spec: - group: metallb.io - names: - kind: IPAddressPool - listKind: IPAddressPoolList - plural: ipaddresspools - singular: ipaddresspool - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.autoAssign - name: Auto Assign - type: boolean - - jsonPath: .spec.avoidBuggyIPs - name: Avoid Buggy IPs - type: boolean - - jsonPath: .spec.addresses - name: Addresses - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: |- - IPAddressPool represents a pool of IP addresses that can be allocated - to LoadBalancer services. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IPAddressPoolSpec defines the desired state of IPAddressPool. - properties: - addresses: - description: |- - A list of IP address ranges over which MetalLB has authority. - You can list multiple ranges in a single pool, they will all share the - same settings. Each range can be either a CIDR prefix, or an explicit - start-end range of IPs. - items: - type: string - type: array - autoAssign: - default: true - description: |- - AutoAssign flag used to prevent MetallB from automatic allocation - for a pool. - type: boolean - avoidBuggyIPs: - default: false - description: |- - AvoidBuggyIPs prevents addresses ending with .0 and .255 - to be used by a pool. - type: boolean - serviceAllocation: - description: |- - AllocateTo makes ip pool allocation to specific namespace and/or service. - The controller will use the pool with lowest value of priority in case of - multiple matches. A pool with no priority set will be used only if the - pools with priority can't be used. If multiple matching IPAddressPools are - available it will check for the availability of IPs sorting the matching - IPAddressPools by priority, starting from the highest to the lowest. If - multiple IPAddressPools have the same priority, choice will be random. - properties: - namespaceSelectors: - description: |- - NamespaceSelectors list of label selectors to select namespace(s) for ip pool, - an alternative to using namespace list. - items: - description: |- - A label selector is a label query over a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector matches all objects. A null - label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: array - namespaces: - description: Namespaces list of namespace(s) on which ip pool can be attached. - items: - type: string - type: array - priority: - description: Priority priority given for ip pool while ip allocation on a service. - type: integer - serviceSelectors: - description: |- - ServiceSelectors list of label selector to select service(s) for which ip pool - can be used for ip allocation. - items: - description: |- - A label selector is a label query over a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector matches all objects. A null - label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: array - type: object - required: - - addresses - type: object - status: - description: IPAddressPoolStatus defines the observed state of IPAddressPool. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: l2advertisements.metallb.io -spec: - group: metallb.io - names: - kind: L2Advertisement - listKind: L2AdvertisementList - plural: l2advertisements - singular: l2advertisement - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.ipAddressPools - name: IPAddressPools - type: string - - jsonPath: .spec.ipAddressPoolSelectors - name: IPAddressPool Selectors - type: string - - jsonPath: .spec.interfaces - name: Interfaces - type: string - - jsonPath: .spec.nodeSelectors - name: Node Selectors - priority: 10 - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: |- - L2Advertisement allows to advertise the LoadBalancer IPs provided - by the selected pools via L2. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: L2AdvertisementSpec defines the desired state of L2Advertisement. - properties: - interfaces: - description: |- - A list of interfaces to announce from. The LB IP will be announced only from these interfaces. - If the field is not set, we advertise from all the interfaces on the host. - items: - type: string - type: array - ipAddressPoolSelectors: - description: |- - A selector for the IPAddressPools which would get advertised via this advertisement. - If no IPAddressPool is selected by this or by the list, the advertisement is applied to all the IPAddressPools. - items: - description: |- - A label selector is a label query over a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector matches all objects. A null - label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: array - ipAddressPools: - description: The list of IPAddressPools to advertise via this advertisement, selected by name. - items: - type: string - type: array - nodeSelectors: - description: NodeSelectors allows to limit the nodes to announce as next hops for the LoadBalancer IP. When empty, all the nodes having are announced as next hops. - items: - description: |- - A label selector is a label query over a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector matches all objects. A null - label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: array - type: object - status: - description: L2AdvertisementStatus defines the observed state of L2Advertisement. - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: servicel2statuses.metallb.io -spec: - group: metallb.io - names: - kind: ServiceL2Status - listKind: ServiceL2StatusList - plural: servicel2statuses - singular: servicel2status - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.node - name: Allocated Node - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: ServiceL2Status reveals the actual traffic status of loadbalancer services in layer2 mode. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ServiceL2StatusSpec defines the desired state of ServiceL2Status. - type: object - status: - description: MetalLBServiceL2Status defines the observed state of ServiceL2Status. - properties: - interfaces: - description: Interfaces indicates the interfaces that receive the directed traffic - items: - description: InterfaceInfo defines interface info of layer2 announcement. - properties: - name: - description: Name the name of network interface card - type: string - type: object - type: array - node: - description: Node indicates the node that receives the directed traffic - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/charts/metallb/metallb/charts/frr-k8s/.helmignore b/charts/metallb/metallb/charts/frr-k8s/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/metallb/metallb/charts/frr-k8s/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/metallb/metallb/charts/frr-k8s/Chart.lock b/charts/metallb/metallb/charts/frr-k8s/Chart.lock deleted file mode 100644 index 490ad005a..000000000 --- a/charts/metallb/metallb/charts/frr-k8s/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: crds - repository: "" - version: 0.0.11 -digest: sha256:d4f716be0c84de180654aad05ce63aa91826873eaec2dd18e0fb5d7842a9d527 -generated: "2024-04-04T14:08:46.064693384+02:00" diff --git a/charts/metallb/metallb/charts/frr-k8s/Chart.yaml b/charts/metallb/metallb/charts/frr-k8s/Chart.yaml deleted file mode 100644 index 656a4d1c4..000000000 --- a/charts/metallb/metallb/charts/frr-k8s/Chart.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v2 -appVersion: v0.0.11 -dependencies: -- condition: crds.enabled - name: crds - repository: "" - version: 0.0.11 -description: A cloud native wrapper of FRR -home: https://metallb.universe.tf -icon: https://metallb.universe.tf/images/logo/metallb-white.png -kubeVersion: '>= 1.19.0-0' -name: frr-k8s -sources: -- https://github.com/metallb/frr-k8s -type: application -version: 0.0.11 diff --git a/charts/metallb/metallb/charts/frr-k8s/README.md b/charts/metallb/metallb/charts/frr-k8s/README.md deleted file mode 100644 index eedb0b707..000000000 --- a/charts/metallb/metallb/charts/frr-k8s/README.md +++ /dev/null @@ -1,96 +0,0 @@ -# frr-k8s - -![Version: 0.0.11](https://img.shields.io/badge/Version-0.0.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.11](https://img.shields.io/badge/AppVersion-v0.0.11-informational?style=flat-square) - -A cloud native wrapper of FRR - -**Homepage:** - -## Source Code - -* - -## Requirements - -Kubernetes: `>= 1.19.0-0` - -| Repository | Name | Version | -|------------|------|---------| -| | crds | 0.0.11 | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| crds.enabled | bool | `true` | | -| crds.validationFailurePolicy | string | `"Fail"` | | -| frrk8s.affinity | object | `{}` | | -| frrk8s.alwaysBlock | string | `""` | | -| frrk8s.disableCertRotation | bool | `false` | | -| frrk8s.frr.image.pullPolicy | string | `nil` | | -| frrk8s.frr.image.repository | string | `"quay.io/frrouting/frr"` | | -| frrk8s.frr.image.tag | string | `"9.0.2"` | | -| frrk8s.frr.metricsBindAddress | string | `"127.0.0.1"` | | -| frrk8s.frr.metricsPort | int | `7573` | | -| frrk8s.frr.resources | object | `{}` | | -| frrk8s.frr.secureMetricsPort | int | `9141` | | -| frrk8s.frrMetrics.resources | object | `{}` | | -| frrk8s.healthPort | int | `8081` | | -| frrk8s.image.pullPolicy | string | `nil` | | -| frrk8s.image.repository | string | `"quay.io/metallb/frr-k8s"` | | -| frrk8s.image.tag | string | `nil` | | -| frrk8s.labels.app | string | `"frr-k8s"` | | -| frrk8s.livenessProbe.enabled | bool | `true` | | -| frrk8s.livenessProbe.failureThreshold | int | `3` | | -| frrk8s.livenessProbe.initialDelaySeconds | int | `10` | | -| frrk8s.livenessProbe.periodSeconds | int | `10` | | -| frrk8s.livenessProbe.successThreshold | int | `1` | | -| frrk8s.livenessProbe.timeoutSeconds | int | `1` | | -| frrk8s.logLevel | string | `"info"` | Controller log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none` | -| frrk8s.nodeSelector | object | `{}` | | -| frrk8s.podAnnotations | object | `{}` | | -| frrk8s.priorityClassName | string | `""` | | -| frrk8s.readinessProbe.enabled | bool | `true` | | -| frrk8s.readinessProbe.failureThreshold | int | `3` | | -| frrk8s.readinessProbe.initialDelaySeconds | int | `10` | | -| frrk8s.readinessProbe.periodSeconds | int | `10` | | -| frrk8s.readinessProbe.successThreshold | int | `1` | | -| frrk8s.readinessProbe.timeoutSeconds | int | `1` | | -| frrk8s.reloader.resources | object | `{}` | | -| frrk8s.resources | object | `{}` | | -| frrk8s.restartOnRotatorSecretRefresh | bool | `false` | | -| frrk8s.runtimeClassName | string | `""` | | -| frrk8s.serviceAccount.annotations | object | `{}` | | -| frrk8s.serviceAccount.create | bool | `true` | | -| frrk8s.serviceAccount.name | string | `""` | | -| frrk8s.startupProbe.enabled | bool | `true` | | -| frrk8s.startupProbe.failureThreshold | int | `30` | | -| frrk8s.startupProbe.periodSeconds | int | `5` | | -| frrk8s.tolerateMaster | bool | `true` | | -| frrk8s.tolerations | list | `[]` | | -| frrk8s.updateStrategy.type | string | `"RollingUpdate"` | | -| fullnameOverride | string | `""` | | -| nameOverride | string | `""` | | -| prometheus.metricsBindAddress | string | `"127.0.0.1"` | | -| prometheus.metricsPort | int | `7572` | | -| prometheus.metricsTLSSecret | string | `""` | | -| prometheus.namespace | string | `""` | | -| prometheus.rbacPrometheus | bool | `false` | | -| prometheus.rbacProxy.pullPolicy | string | `nil` | | -| prometheus.rbacProxy.repository | string | `"gcr.io/kubebuilder/kube-rbac-proxy"` | | -| prometheus.rbacProxy.tag | string | `"v0.12.0"` | | -| prometheus.scrapeAnnotations | bool | `false` | | -| prometheus.secureMetricsPort | int | `9140` | | -| prometheus.serviceAccount | string | `""` | | -| prometheus.serviceMonitor.additionalLabels | object | `{}` | | -| prometheus.serviceMonitor.annotations | object | `{}` | | -| prometheus.serviceMonitor.enabled | bool | `false` | | -| prometheus.serviceMonitor.interval | string | `nil` | | -| prometheus.serviceMonitor.jobLabel | string | `"app.kubernetes.io/name"` | | -| prometheus.serviceMonitor.metricRelabelings | list | `[]` | | -| prometheus.serviceMonitor.relabelings | list | `[]` | | -| prometheus.serviceMonitor.tlsConfig.insecureSkipVerify | bool | `true` | | -| rbac.create | bool | `true` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0) diff --git a/charts/metallb/metallb/charts/frr-k8s/charts/crds/.helmignore b/charts/metallb/metallb/charts/frr-k8s/charts/crds/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/metallb/metallb/charts/frr-k8s/charts/crds/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/metallb/metallb/charts/frr-k8s/charts/crds/Chart.yaml b/charts/metallb/metallb/charts/frr-k8s/charts/crds/Chart.yaml deleted file mode 100644 index fb9e2a141..000000000 --- a/charts/metallb/metallb/charts/frr-k8s/charts/crds/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v2 -appVersion: v0.0.11 -description: FRR K8s CRDs -home: https://metallb.universe.tf -icon: https://metallb.universe.tf/images/logo/metallb-white.png -name: crds -sources: -- https://github.com/metallb/frr-k8s -type: application -version: 0.0.11 diff --git a/charts/metallb/metallb/charts/frr-k8s/charts/crds/README.md b/charts/metallb/metallb/charts/frr-k8s/charts/crds/README.md deleted file mode 100644 index 65e636c6d..000000000 --- a/charts/metallb/metallb/charts/frr-k8s/charts/crds/README.md +++ /dev/null @@ -1,14 +0,0 @@ -# crds - -![Version: 0.0.0](https://img.shields.io/badge/Version-0.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.0](https://img.shields.io/badge/AppVersion-v0.0.0-informational?style=flat-square) - -FRR-K8s CRDs - -**Homepage:** - -## Source Code - -* - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0) diff --git a/charts/metallb/metallb/charts/frr-k8s/charts/crds/templates/frrk8s.metallb.io_frrconfigurations.yaml b/charts/metallb/metallb/charts/frr-k8s/charts/crds/templates/frrk8s.metallb.io_frrconfigurations.yaml deleted file mode 100644 index 9f83ce7f1..000000000 --- a/charts/metallb/metallb/charts/frr-k8s/charts/crds/templates/frrk8s.metallb.io_frrconfigurations.yaml +++ /dev/null @@ -1,424 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null - name: frrconfigurations.frrk8s.metallb.io -spec: - group: frrk8s.metallb.io - names: - kind: FRRConfiguration - listKind: FRRConfigurationList - plural: frrconfigurations - singular: frrconfiguration - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: FRRConfiguration is a piece of FRR configuration. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: FRRConfigurationSpec defines the desired state of FRRConfiguration. - properties: - bgp: - description: BGP is the configuration related to the BGP protocol. - properties: - bfdProfiles: - description: BFDProfiles is the list of bfd profiles to be used - when configuring the neighbors. - items: - description: BFDProfile is the configuration related to the - BFD protocol associated to a BGP session. - properties: - detectMultiplier: - description: Configures the detection multiplier to determine - packet loss. The remote transmission interval will be - multiplied by this value to determine the connection loss - detection timer. - format: int32 - maximum: 255 - minimum: 2 - type: integer - echoInterval: - description: Configures the minimal echo receive transmission - interval that this system is capable of handling in milliseconds. - Defaults to 50ms - format: int32 - maximum: 60000 - minimum: 10 - type: integer - echoMode: - description: Enables or disables the echo transmission mode. - This mode is disabled by default, and not supported on - multi hops setups. - type: boolean - minimumTtl: - description: 'For multi hop sessions only: configure the - minimum expected TTL for an incoming BFD control packet.' - format: int32 - maximum: 254 - minimum: 1 - type: integer - name: - description: The name of the BFD Profile to be referenced - in other parts of the configuration. - type: string - passiveMode: - description: 'Mark session as passive: a passive session - will not attempt to start the connection and will wait - for control packets from peer before it begins replying.' - type: boolean - receiveInterval: - description: The minimum interval that this system is capable - of receiving control packets in milliseconds. Defaults - to 300ms. - format: int32 - maximum: 60000 - minimum: 10 - type: integer - transmitInterval: - description: The minimum transmission interval (less jitter) - that this system wants to use to send BFD control packets - in milliseconds. Defaults to 300ms - format: int32 - maximum: 60000 - minimum: 10 - type: integer - required: - - name - type: object - type: array - routers: - description: Routers is the list of routers we want FRR to configure - (one per VRF). - items: - description: Router represent a neighbor router we want FRR - to connect to. - properties: - asn: - description: ASN is the AS number to use for the local end - of the session. - format: int32 - maximum: 4294967295 - minimum: 0 - type: integer - id: - description: ID is the BGP router ID - type: string - neighbors: - description: Neighbors is the list of neighbors we want - to establish BGP sessions with. - items: - description: Neighbor represents a BGP Neighbor we want - FRR to connect to. - properties: - address: - description: Address is the IP address to establish - the session with. - type: string - asn: - description: ASN is the AS number to use for the local - end of the session. - format: int32 - maximum: 4294967295 - minimum: 0 - type: integer - bfdProfile: - description: BFDProfile is the name of the BFD Profile - to be used for the BFD session associated to the - BGP session. If not set, the BFD session won't be - set up. - type: string - connectTime: - description: Requested BGP connect time, controls - how long BGP waits between connection attempts to - a neighbor. - type: string - x-kubernetes-validations: - - message: connect time should be between 1 seconds - to 65535 - rule: duration(self).getSeconds() >= 1 && duration(self).getSeconds() - <= 65535 - - message: connect time should contain a whole number - of seconds - rule: duration(self).getMilliseconds() % 1000 == - 0 - disableMP: - default: false - description: To set if we want to disable MP BGP that - will separate IPv4 and IPv6 route exchanges into - distinct BGP sessions. - type: boolean - ebgpMultiHop: - description: EBGPMultiHop indicates if the BGPPeer - is multi-hops away. - type: boolean - holdTime: - description: HoldTime is the requested BGP hold time, - per RFC4271. Defaults to 180s. - type: string - keepaliveTime: - description: KeepaliveTime is the requested BGP keepalive - time, per RFC4271. Defaults to 60s. - type: string - password: - description: Password to be used for establishing - the BGP session. Password and PasswordSecret are - mutually exclusive. - type: string - passwordSecret: - description: PasswordSecret is name of the authentication - secret for the neighbor. the secret must be of type - "kubernetes.io/basic-auth", and created in the same - namespace as the frr-k8s daemon. The password is - stored in the secret as the key "password". Password - and PasswordSecret are mutually exclusive. - properties: - name: - description: name is unique within a namespace - to reference a secret resource. - type: string - namespace: - description: namespace defines the space within - which the secret name must be unique. - type: string - type: object - x-kubernetes-map-type: atomic - port: - description: Port is the port to dial when establishing - the session. Defaults to 179. - maximum: 16384 - minimum: 0 - type: integer - toAdvertise: - description: ToAdvertise represents the list of prefixes - to advertise to the given neighbor and the associated - properties. - properties: - allowed: - description: Allowed is is the list of prefixes - allowed to be propagated to this neighbor. They - must match the prefixes defined in the router. - properties: - mode: - default: filtered - description: Mode is the mode to use when - handling the prefixes. When set to "filtered", - only the prefixes in the given list will - be allowed. When set to "all", all the prefixes - configured on the router will be allowed. - enum: - - all - - filtered - type: string - prefixes: - items: - type: string - type: array - type: object - withCommunity: - description: PrefixesWithCommunity is a list of - prefixes that are associated to a bgp community - when being advertised. The prefixes associated - to a given local pref must be in the prefixes - allowed to be advertised. - items: - description: CommunityPrefixes is a list of - prefixes associated to a community. - properties: - community: - description: Community is the community - associated to the prefixes. - type: string - prefixes: - description: Prefixes is the list of prefixes - associated to the community. - format: cidr - items: - type: string - minItems: 1 - type: array - type: object - type: array - withLocalPref: - description: PrefixesWithLocalPref is a list of - prefixes that are associated to a local preference - when being advertised. The prefixes associated - to a given local pref must be in the prefixes - allowed to be advertised. - items: - description: LocalPrefPrefixes is a list of - prefixes associated to a local preference. - properties: - localPref: - description: LocalPref is the local preference - associated to the prefixes. - format: int32 - type: integer - prefixes: - description: Prefixes is the list of prefixes - associated to the local preference. - format: cidr - items: - type: string - minItems: 1 - type: array - type: object - type: array - type: object - toReceive: - description: ToReceive represents the list of prefixes - to receive from the given neighbor. - properties: - allowed: - description: Allowed is the list of prefixes allowed - to be received from this neighbor. - properties: - mode: - default: filtered - description: Mode is the mode to use when - handling the prefixes. When set to "filtered", - only the prefixes in the given list will - be allowed. When set to "all", all the prefixes - configured on the router will be allowed. - enum: - - all - - filtered - type: string - prefixes: - items: - description: PrefixSelector is a filter - of prefixes to receive. - properties: - ge: - description: The prefix length modifier. - This selector accepts any matching - prefix with length greater or equal - the given value. - format: int32 - maximum: 128 - minimum: 1 - type: integer - le: - description: The prefix length modifier. - This selector accepts any matching - prefix with length less or equal the - given value. - format: int32 - maximum: 128 - minimum: 1 - type: integer - prefix: - format: cidr - type: string - type: object - type: array - type: object - type: object - required: - - address - - asn - type: object - type: array - prefixes: - description: Prefixes is the list of prefixes we want to - advertise from this router instance. - items: - type: string - type: array - vrf: - description: VRF is the host vrf used to establish sessions - from this router. - type: string - required: - - asn - type: object - type: array - type: object - nodeSelector: - description: NodeSelector limits the nodes that will attempt to apply - this config. When specified, the configuration will be considered - only on nodes whose labels match the specified selectors. When it - is not specified all nodes will attempt to apply this config. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - raw: - description: Raw is a snippet of raw frr configuration that gets appended - to the one rendered translating the type safe API. - properties: - priority: - description: Priority is the order with this configuration is - appended to the bottom of the rendered configuration. A higher - value means the raw config is appended later in the configuration - file. - type: integer - rawConfig: - description: Config is a raw FRR configuration to be appended - to the configuration rendered via the k8s api. - type: string - type: object - type: object - status: - description: FRRConfigurationStatus defines the observed state of FRRConfiguration. - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/charts/metallb/metallb/charts/frr-k8s/charts/crds/templates/frrk8s.metallb.io_frrnodestates.yaml b/charts/metallb/metallb/charts/frr-k8s/charts/crds/templates/frrk8s.metallb.io_frrnodestates.yaml deleted file mode 100644 index b0d25c30d..000000000 --- a/charts/metallb/metallb/charts/frr-k8s/charts/crds/templates/frrk8s.metallb.io_frrnodestates.yaml +++ /dev/null @@ -1,61 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null - name: frrnodestates.frrk8s.metallb.io -spec: - group: frrk8s.metallb.io - names: - kind: FRRNodeState - listKind: FRRNodeStateList - plural: frrnodestates - singular: frrnodestate - scope: Cluster - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: FRRNodeState exposes the status of the FRR instance running on - each node. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: FRRNodeStateSpec defines the desired state of FRRNodeState. - type: object - status: - description: FRRNodeStateStatus defines the observed state of FRRNodeState. - properties: - lastConversionResult: - description: LastConversionResult is the status of the last translation - between the `FRRConfiguration`s resources and FRR's configuration, - contains "success" or an error. - type: string - lastReloadResult: - description: LastReloadResult represents the status of the last configuration - update operation by FRR, contains "success" or an error. - type: string - runningConfig: - description: RunningConfig represents the current FRR running config, - which is the configuration the FRR instance is currently running - with. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/charts/metallb/metallb/charts/frr-k8s/templates/NOTES.txt b/charts/metallb/metallb/charts/frr-k8s/templates/NOTES.txt deleted file mode 100644 index 5b5b84a17..000000000 --- a/charts/metallb/metallb/charts/frr-k8s/templates/NOTES.txt +++ /dev/null @@ -1,4 +0,0 @@ -FRR-k8s is now running in the cluster. - -Now you can configure it via its CRs. Please refer to the frr-k8s official docs -on how to use the CRs. diff --git a/charts/metallb/metallb/charts/frr-k8s/templates/_helpers.tpl b/charts/metallb/metallb/charts/frr-k8s/templates/_helpers.tpl deleted file mode 100644 index 4e35f6fc6..000000000 --- a/charts/metallb/metallb/charts/frr-k8s/templates/_helpers.tpl +++ /dev/null @@ -1,63 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "frrk8s.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "frrk8s.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "frrk8s.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "frrk8s.labels" -}} -helm.sh/chart: {{ include "frrk8s.chart" . }} -{{ include "frrk8s.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "frrk8s.selectorLabels" -}} -app.kubernetes.io/name: {{ include "frrk8s.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the frrk8s service account to use -*/}} -{{- define "frrk8s.serviceAccountName" -}} -{{- if .Values.frrk8s.serviceAccount.create }} -{{- default (printf "%s-controller" (include "frrk8s.fullname" .)) .Values.frrk8s.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.frrk8s.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/charts/metallb/metallb/charts/frr-k8s/templates/controller.yaml b/charts/metallb/metallb/charts/frr-k8s/templates/controller.yaml deleted file mode 100644 index 76dfcef7d..000000000 --- a/charts/metallb/metallb/charts/frr-k8s/templates/controller.yaml +++ /dev/null @@ -1,431 +0,0 @@ -# FRR expects to have these files owned by frr:frr on startup. -# Having them in a ConfigMap allows us to modify behaviors: for example enabling more daemons on startup. -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "frrk8s.fullname" . }}-frr-startup - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "frrk8s.labels" . | nindent 4 }} - app.kubernetes.io/component: frr-k8s -data: - daemons: | - # This file tells the frr package which daemons to start. - # - # Sample configurations for these daemons can be found in - # /usr/share/doc/frr/examples/. - # - # ATTENTION: - # - # When activating a daemon for the first time, a config file, even if it is - # empty, has to be present *and* be owned by the user and group "frr", else - # the daemon will not be started by /etc/init.d/frr. The permissions should - # be u=rw,g=r,o=. - # When using "vtysh" such a config file is also needed. It should be owned by - # group "frrvty" and set to ug=rw,o= though. Check /etc/pam.d/frr, too. - # - # The watchfrr and zebra daemons are always started. - # - bgpd=yes - ospfd=no - ospf6d=no - ripd=no - ripngd=no - isisd=no - pimd=no - ldpd=no - nhrpd=no - eigrpd=no - babeld=no - sharpd=no - pbrd=no - bfdd=yes - fabricd=no - vrrpd=no - - # - # If this option is set the /etc/init.d/frr script automatically loads - # the config via "vtysh -b" when the servers are started. - # Check /etc/pam.d/frr if you intend to use "vtysh"! - # - vtysh_enable=yes - zebra_options=" -A 127.0.0.1 -s 90000000" - bgpd_options=" -A 127.0.0.1 -p 0" - ospfd_options=" -A 127.0.0.1" - ospf6d_options=" -A ::1" - ripd_options=" -A 127.0.0.1" - ripngd_options=" -A ::1" - isisd_options=" -A 127.0.0.1" - pimd_options=" -A 127.0.0.1" - ldpd_options=" -A 127.0.0.1" - nhrpd_options=" -A 127.0.0.1" - eigrpd_options=" -A 127.0.0.1" - babeld_options=" -A 127.0.0.1" - sharpd_options=" -A 127.0.0.1" - pbrd_options=" -A 127.0.0.1" - staticd_options="-A 127.0.0.1" - bfdd_options=" -A 127.0.0.1" - fabricd_options="-A 127.0.0.1" - vrrpd_options=" -A 127.0.0.1" - - # configuration profile - # - #frr_profile="traditional" - #frr_profile="datacenter" - - # - # This is the maximum number of FD's that will be available. - # Upon startup this is read by the control files and ulimit - # is called. Uncomment and use a reasonable value for your - # setup if you are expecting a large number of peers in - # say BGP. - #MAX_FDS=1024 - - # The list of daemons to watch is automatically generated by the init script. - #watchfrr_options="" - - # for debugging purposes, you can specify a "wrap" command to start instead - # of starting the daemon directly, e.g. to use valgrind on ospfd: - # ospfd_wrap="/usr/bin/valgrind" - # or you can use "all_wrap" for all daemons, e.g. to use perf record: - # all_wrap="/usr/bin/perf record --call-graph -" - # the normal daemon command is added to this at the end. - vtysh.conf: |+ - service integrated-vtysh-config - frr.conf: |+ - ! This file gets overriden the first time the speaker renders a config. - ! So anything configured here is only temporary. - frr version 7.5.1 - frr defaults traditional - hostname Router - line vty - log file /etc/frr/frr.log informational ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "frrk8s.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "frrk8s.labels" . | nindent 4 }} - app.kubernetes.io/component: frr-k8s - {{- range $key, $value := .Values.frrk8s.labels }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - {{- if .Values.frrk8s.updateStrategy }} - updateStrategy: {{- toYaml .Values.frrk8s.updateStrategy | nindent 4 }} - {{- end }} - selector: - matchLabels: - {{- include "frrk8s.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: frr-k8s - template: - metadata: - labels: - {{- include "frrk8s.selectorLabels" . | nindent 8 }} - app.kubernetes.io/component: frr-k8s - {{- range $key, $value := .Values.frrk8s.labels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - spec: - {{- if .Values.frrk8s.runtimeClassName }} - runtimeClassName: {{ .Values.frrk8s.runtimeClassName }} - {{- end }} - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "frrk8s.serviceAccountName" . }} - terminationGracePeriodSeconds: 0 - hostNetwork: true - volumes: - - name: frr-sockets - emptyDir: {} - - name: frr-startup - configMap: - name: {{ template "frrk8s.fullname" . }}-frr-startup - - name: frr-conf - emptyDir: {} - - name: reloader - emptyDir: {} - - name: metrics - emptyDir: {} - {{- if .Values.prometheus.metricsTLSSecret }} - - name: metrics-certs - secret: - secretName: {{ .Values.prometheus.metricsTLSSecret }} - {{- end }} - initContainers: - # Copies the initial config files with the right permissions to the shared volume. - - name: cp-frr-files - image: {{ .Values.frrk8s.frr.image.repository }}:{{ .Values.frrk8s.frr.image.tag | default .Chart.AppVersion }} - securityContext: - runAsUser: 100 - runAsGroup: 101 - command: ["/bin/sh", "-c", "cp -rLf /tmp/frr/* /etc/frr/"] - volumeMounts: - - name: frr-startup - mountPath: /tmp/frr - - name: frr-conf - mountPath: /etc/frr - # Copies the reloader to the shared volume between the speaker and reloader. - - name: cp-reloader - image: {{ .Values.frrk8s.image.repository }}:{{ .Values.frrk8s.image.tag | default .Chart.AppVersion }} - command: ["/bin/sh", "-c", "cp -f /frr-reloader.sh /etc/frr_reloader/"] - volumeMounts: - - name: reloader - mountPath: /etc/frr_reloader - # Copies the metrics exporter - - name: cp-metrics - image: {{ .Values.frrk8s.image.repository }}:{{ .Values.frrk8s.image.tag | default .Chart.AppVersion }} - command: ["/bin/sh", "-c", "cp -f /frr-metrics /etc/frr_metrics/"] - volumeMounts: - - name: metrics - mountPath: /etc/frr_metrics - shareProcessNamespace: true - containers: - - name: controller - image: {{ .Values.frrk8s.image.repository }}:{{ .Values.frrk8s.image.tag | default .Chart.AppVersion }} - {{- if .Values.frrk8s.image.pullPolicy }} - imagePullPolicy: {{ .Values.frrk8s.image.pullPolicy }} - {{- end }} - command: - - /frr-k8s - args: - - "--node-name=$(NODE_NAME)" - - "--namespace=$(NAMESPACE)" - - "--metrics-bind-address={{.Values.prometheus.metricsBindAddress}}:{{ .Values.prometheus.metricsPort }}" - {{- with .Values.frrk8s.logLevel }} - - --log-level={{ . }} - {{- end }} - - --health-probe-bind-address={{.Values.prometheus.metricsBindAddress}}:{{ .Values.frrk8s.healthPort }} - {{- if .Values.frrk8s.alwaysBlock }} - - --always-block={{ .Values.frrk8s.alwaysBlock }} - {{- end }} - env: - - name: FRR_CONFIG_FILE - value: /etc/frr_reloader/frr.conf - - name: FRR_RELOADER_PID_FILE - value: /etc/frr_reloader/reloader.pid - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: {{ .Values.prometheus.metricsPort }} - name: monitoring - {{- if .Values.frrk8s.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /healthz - port: {{ .Values.frrk8s.healthPort }} - host: {{ .Values.prometheus.metricsBindAddress }} - initialDelaySeconds: {{ .Values.frrk8s.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.frrk8s.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.frrk8s.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.frrk8s.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.frrk8s.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.frrk8s.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /healthz - port: {{ .Values.frrk8s.healthPort }} - host: {{ .Values.prometheus.metricsBindAddress }} - initialDelaySeconds: {{ .Values.frrk8s.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.frrk8s.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.frrk8s.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.frrk8s.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.frrk8s.readinessProbe.failureThreshold }} - {{- end }} - {{- with .Values.frrk8s.resources }} - resources: - {{- toYaml . | nindent 10 }} - {{- end }} - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - add: - - NET_RAW - volumeMounts: - - name: reloader - mountPath: /etc/frr_reloader - - name: frr - securityContext: - capabilities: - add: - - NET_ADMIN - - NET_RAW - - SYS_ADMIN - - NET_BIND_SERVICE - image: {{ .Values.frrk8s.frr.image.repository }}:{{ .Values.frrk8s.frr.image.tag | default .Chart.AppVersion }} - {{- if .Values.frrk8s.frr.image.pullPolicy }} - imagePullPolicy: {{ .Values.frrk8s.frr.image.pullPolicy }} - {{- end }} - env: - - name: TINI_SUBREAPER - value: "true" - volumeMounts: - - name: frr-sockets - mountPath: /var/run/frr - - name: frr-conf - mountPath: /etc/frr - # The command is FRR's default entrypoint & waiting for the log file to appear and tailing it. - # If the log file isn't created in 60 seconds the tail fails and the container is restarted. - # This workaround is needed to have the frr logs as part of kubectl logs -c frr < controller_pod_name >. - command: - - /bin/sh - - -c - - | - /sbin/tini -- /usr/lib/frr/docker-start & - attempts=0 - until [[ -f /etc/frr/frr.log || $attempts -eq 60 ]]; do - sleep 1 - attempts=$(( $attempts + 1 )) - done - tail -f /etc/frr/frr.log - {{- with .Values.frrk8s.frr.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- if .Values.frrk8s.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /livez - port: {{ .Values.frrk8s.frr.metricsPort }} - host: {{ .Values.frrk8s.frr.metricsBindAddress }} - periodSeconds: {{ .Values.frrk8s.livenessProbe.periodSeconds }} - failureThreshold: {{ .Values.frrk8s.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.frrk8s.startupProbe.enabled }} - startupProbe: - httpGet: - path: /livez - port: {{ .Values.frrk8s.frr.metricsPort }} - host: {{ .Values.frrk8s.frr.metricsBindAddress }} - failureThreshold: {{ .Values.frrk8s.startupProbe.failureThreshold }} - periodSeconds: {{ .Values.frrk8s.startupProbe.periodSeconds }} - {{- end }} - - name: reloader - image: {{ .Values.frrk8s.frr.image.repository }}:{{ .Values.frrk8s.frr.image.tag | default .Chart.AppVersion }} - {{- if .Values.frrk8s.frr.image.pullPolicy }} - imagePullPolicy: {{ .Values.frrk8s.frr.image.pullPolicy }} - {{- end }} - command: ["/etc/frr_reloader/frr-reloader.sh"] - volumeMounts: - - name: frr-sockets - mountPath: /var/run/frr - - name: frr-conf - mountPath: /etc/frr - - name: reloader - mountPath: /etc/frr_reloader - {{- with .Values.frrk8s.reloader.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - - name: frr-metrics - image: {{ .Values.frrk8s.frr.image.repository }}:{{ .Values.frrk8s.frr.image.tag | default .Chart.AppVersion }} - command: ["/etc/frr_metrics/frr-metrics"] - args: - - --metrics-port={{ .Values.frrk8s.frr.metricsPort }} - - --metrics-bind-address={{ .Values.frrk8s.frr.metricsBindAddress }} - ports: - - containerPort: {{ .Values.frrk8s.frr.metricsPort }} - name: monitoring - volumeMounts: - - name: frr-sockets - mountPath: /var/run/frr - - name: frr-conf - mountPath: /etc/frr - - name: metrics - mountPath: /etc/frr_metrics - {{- with .Values.frrk8s.frrMetrics.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - - name: kube-rbac-proxy - image: {{ .Values.prometheus.rbacProxy.repository }}:{{ .Values.prometheus.rbacProxy.tag }} - imagePullPolicy: {{ .Values.prometheus.rbacProxy.pullPolicy }} - args: - - --logtostderr - - --secure-listen-address=:{{ .Values.prometheus.secureMetricsPort }} - - --upstream=http://{{.Values.prometheus.metricsBindAddress}}:{{ .Values.prometheus.metricsPort }}/ - - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - {{- if .Values.prometheus.metricsTLSSecret }} - - --tls-private-key-file=/etc/metrics/tls.key - - --tls-cert-file=/etc/metrics/tls.crt - {{- end }} - ports: - - containerPort: {{ .Values.prometheus.secureMetricsPort }} - name: metricshttps - resources: - requests: - cpu: 10m - memory: 20Mi - terminationMessagePolicy: FallbackToLogsOnError - {{- if .Values.prometheus.metricsTLSSecret }} - volumeMounts: - - name: metrics-certs - mountPath: /etc/metrics - readOnly: true - {{- end }} - - name: kube-rbac-proxy-frr - image: {{ .Values.prometheus.rbacProxy.repository }}:{{ .Values.prometheus.rbacProxy.tag | default .Chart.AppVersion }} - imagePullPolicy: {{ .Values.prometheus.rbacProxy.pullPolicy }} - args: - - --logtostderr - - --secure-listen-address=:{{ .Values.frrk8s.frr.secureMetricsPort }} - - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - - --upstream=http://{{ .Values.frrk8s.frr.metricsBindAddress }}:{{ .Values.frrk8s.frr.metricsPort }}/ - {{- if .Values.prometheus.metricsTLSSecret }} - - --tls-private-key-file=/etc/metrics/tls.key - - --tls-cert-file=/etc/metrics/tls.crt - {{- end }} - ports: - - containerPort: {{ .Values.frrk8s.frr.secureMetricsPort }} - name: metricshttps - resources: - requests: - cpu: 10m - memory: 20Mi - terminationMessagePolicy: FallbackToLogsOnError - {{- if .Values.prometheus.metricsTLSSecret }} - volumeMounts: - - name: metrics-certs - mountPath: /etc/metrics - readOnly: true - {{- end }} - nodeSelector: - "kubernetes.io/os": linux - {{- with .Values.frrk8s.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.frrk8s.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if or .Values.frrk8s.tolerateMaster .Values.frrk8s.tolerations }} - tolerations: - {{- if .Values.frrk8s.tolerateMaster }} - - key: node-role.kubernetes.io/master - effect: NoSchedule - operator: Exists - - key: node-role.kubernetes.io/control-plane - effect: NoSchedule - operator: Exists - {{- end }} - {{- with .Values.frrk8s.tolerations }} - {{- toYaml . | nindent 6 }} - {{- end }} - {{- end }} - {{- with .Values.frrk8s.priorityClassName }} - priorityClassName: {{ . | quote }} - {{- end }} diff --git a/charts/metallb/metallb/charts/frr-k8s/templates/rbac.yaml b/charts/metallb/metallb/charts/frr-k8s/templates/rbac.yaml deleted file mode 100644 index e9beef897..000000000 --- a/charts/metallb/metallb/charts/frr-k8s/templates/rbac.yaml +++ /dev/null @@ -1,73 +0,0 @@ -{{- if .Values.rbac.create -}} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "frrk8s.fullname" . }}-controller - labels: {{- include "frrk8s.labels" . | nindent 4 }} -rules: -- apiGroups: ["frrk8s.metallb.io"] - resources: ["frrconfigurations"] - verbs: ["get", "list", "watch"] -- apiGroups: ["frrk8s.metallb.io"] - resources: ["frrnodestates"] - verbs: ["get", "list", "watch", "create", "delete", "patch", "update"] -- apiGroups: ["frrk8s.metallb.io"] - resources: ["frrnodestates/status"] - verbs: ["get", "patch", "update"] -- apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] -- apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] -- apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get", "list", "watch"] -- apiGroups: ["admissionregistration.k8s.io"] - resourceNames: ["frr-k8s-validating-webhook-configuration"] - resources: ["validatingwebhookconfigurations"] - verbs: ["update"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "frrk8s.fullname" . }}-controller - labels: {{- include "frrk8s.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "frrk8s.fullname" . }}-controller -subjects: -- kind: ServiceAccount - name: {{ include "frrk8s.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "frrk8s.fullname" . }}-controller - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "frrk8s.labels" . | nindent 4 }} -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "watch","update"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "frrk8s.fullname" . }}-controller - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "frrk8s.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "frrk8s.fullname" . }}-controller -subjects: -- kind: ServiceAccount - name: {{ include "frrk8s.serviceAccountName" . }} -{{ end -}} diff --git a/charts/metallb/metallb/charts/frr-k8s/templates/service-accounts.yaml b/charts/metallb/metallb/charts/frr-k8s/templates/service-accounts.yaml deleted file mode 100644 index 3c64c5cb2..000000000 --- a/charts/metallb/metallb/charts/frr-k8s/templates/service-accounts.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.frrk8s.serviceAccount.create }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "frrk8s.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "frrk8s.labels" . | nindent 4 }} - app.kubernetes.io/component: controller - {{- with .Values.frrk8s.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} - diff --git a/charts/metallb/metallb/charts/frr-k8s/templates/service-monitor.yaml b/charts/metallb/metallb/charts/frr-k8s/templates/service-monitor.yaml deleted file mode 100644 index c6f91304e..000000000 --- a/charts/metallb/metallb/charts/frr-k8s/templates/service-monitor.yaml +++ /dev/null @@ -1,128 +0,0 @@ -{{- if .Values.prometheus.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "frrk8s.fullname" . }}-frr-k8s-monitor - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "frrk8s.labels" . | nindent 4 }} - app.kubernetes.io/component: frr-k8s - {{- if .Values.prometheus.serviceMonitor.additionalLabels }} -{{ toYaml .Values.prometheus.serviceMonitor.additionalLabels | indent 4 }} - {{- end }} - {{- if .Values.prometheus.serviceMonitor.annotations }} - annotations: -{{ toYaml .Values.prometheus.serviceMonitor.annotations | indent 4 }} - {{- end }} -spec: - endpoints: - - port: "metricshttps" - honorLabels: true - {{- if .Values.prometheus.serviceMonitor.metricRelabelings }} - metricRelabelings: - {{- toYaml .Values.prometheus.serviceMonitor.metricRelabelings | nindent 8 }} - {{- end -}} - {{- if .Values.prometheus.serviceMonitor.relabelings }} - relabelings: - {{- toYaml .Values.prometheus.serviceMonitor.relabelings | nindent 8 }} - {{- end }} - {{- if .Values.prometheus.serviceMonitor.interval }} - interval: {{ .Values.prometheus.serviceMonitor.interval }} - {{- end -}} -{{ if .Values.prometheus.secureMetricsPort }} - bearerTokenFile: "/var/run/secrets/kubernetes.io/serviceaccount/token" - scheme: "https" -{{- if .Values.prometheus.serviceMonitor.tlsConfig }} - tlsConfig: -{{ toYaml .Values.prometheus.serviceMonitor.tlsConfig | indent 8 }} -{{- end }} -{{ end }} -{{ if .Values.frrk8s.frr.secureMetricsPort }} - - port: "frrmetricshttps" - honorLabels: true - {{- if .Values.prometheus.serviceMonitor.metricRelabelings }} - metricRelabelings: - {{- toYaml .Values.prometheus.serviceMonitor.metricRelabelings | nindent 8 }} - {{- end -}} - {{- if .Values.prometheus.serviceMonitor.relabelings }} - relabelings: - {{- toYaml .Values.prometheus.serviceMonitor.relabelings | nindent 8 }} - {{- end }} - {{- if .Values.prometheus.serviceMonitor.interval }} - interval: {{ .Values.prometheus.serviceMonitor.interval }} - {{- end }} - bearerTokenFile: "/var/run/secrets/kubernetes.io/serviceaccount/token" - scheme: "https" -{{- if .Values.prometheus.serviceMonitor.tlsConfig }} - tlsConfig: -{{ toYaml .Values.prometheus.serviceMonitor.tlsConfig | indent 8 }} -{{- end }} -{{- end }} - jobLabel: {{ .Values.prometheus.serviceMonitor.jobLabel | quote }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - name: {{ template "frrk8s.fullname" . }}-frr-k8s-monitor-service ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - prometheus.io/scrape: "true" - {{- if .Values.prometheus.serviceMonitor.annotations }} -{{ toYaml .Values.prometheus.serviceMonitor.annotations | indent 4 }} - {{- end }} - labels: - name: {{ template "frrk8s.fullname" . }}-frr-k8s-monitor-service - name: {{ template "frrk8s.fullname" . }}-frr-k8s-monitor-service - namespace: {{ .Release.Namespace | quote }} -spec: - selector: - {{- include "frrk8s.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: frr-k8s - clusterIP: None - ports: - - name: "metricshttps" - port: {{ .Values.prometheus.secureMetricsPort }} - targetPort: {{ .Values.prometheus.secureMetricsPort }} - - name: frrmetricshttps - port: {{ .Values.frrk8s.frr.secureMetricsPort }} - targetPort: {{ .Values.frrk8s.frr.secureMetricsPort }} - sessionAffinity: None - type: ClusterIP ---- -{{- if .Values.prometheus.rbacPrometheus }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "frrk8s.fullname" . }}-prometheus - namespace: {{ .Release.Namespace | quote }} -rules: - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "frrk8s.fullname" . }}-prometheus - namespace: {{ .Release.Namespace | quote }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "frrk8s.fullname" . }}-prometheus -subjects: - - kind: ServiceAccount - name: {{ required ".Values.prometheus.serviceAccount must be defined when .Values.prometheus.serviceMonitor.enabled == true" .Values.prometheus.serviceAccount }} - namespace: {{ required ".Values.prometheus.namespace must be defined when .Values.prometheus.serviceMonitor.enabled == true" .Values.prometheus.namespace }} -{{- end }} -{{- end }} diff --git a/charts/metallb/metallb/charts/frr-k8s/templates/webhooks.yaml b/charts/metallb/metallb/charts/frr-k8s/templates/webhooks.yaml deleted file mode 100644 index 3a4b9cd14..000000000 --- a/charts/metallb/metallb/charts/frr-k8s/templates/webhooks.yaml +++ /dev/null @@ -1,159 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "frrk8s.fullname" . }}-webhook-server - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "frrk8s.labels" . | nindent 4 }} - app.kubernetes.io/component: frr-k8s-webhook-server - {{- range $key, $value := .Values.frrk8s.labels }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - selector: - matchLabels: - app.kubernetes.io/component: frr-k8s-webhook-server - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: frr-k8s-webhook-server - labels: - app.kubernetes.io/component: frr-k8s-webhook-server - spec: - {{- if .Values.frrk8s.runtimeClassName }} - runtimeClassName: {{ .Values.frrk8s.runtimeClassName }} - {{- end }} - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - command: - - /frr-k8s - args: - {{- with .Values.frrk8s.logLevel }} - - --log-level={{ . }} - {{- end }} - - "--webhook-mode=onlywebhook" - {{- if .Values.frrk8s.disableCertRotation }} - - "--disable-cert-rotation=true" - {{- end }} - {{- if .Values.frrk8s.restartOnRotatorSecretRefresh }} - - "--restart-on-rotator-secret-refresh=true" - {{- end }} - - "--namespace=$(NAMESPACE)" - - --health-probe-bind-address=:8081 - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: {{ .Values.frrk8s.image.repository }}:{{ .Values.frrk8s.image.tag | default .Chart.AppVersion }} - {{- if .Values.frrk8s.image.pullPolicy }} - imagePullPolicy: {{ .Values.frrk8s.image.pullPolicy }} - {{- end }} - name: frr-k8s-webhook-server - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - {{- if .Values.frrk8s.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: {{ .Values.frrk8s.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.frrk8s.livenessProbe.periodSeconds }} - failureThreshold: {{ .Values.frrk8s.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.frrk8s.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: {{ .Values.frrk8s.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.frrk8s.readinessProbe.periodSeconds }} - failureThreshold: {{ .Values.frrk8s.readinessProbe.failureThreshold }} - {{- end }} - {{- with .Values.frrk8s.resources }} - resources: - {{- toYaml . | nindent 10 }} - {{- end }} - volumeMounts: - - name: cert - mountPath: /tmp/k8s-webhook-server/serving-certs - readOnly: true - {{- with .Values.frrk8s.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if or .Values.frrk8s.tolerateMaster .Values.frrk8s.tolerations }} - tolerations: - {{- if .Values.frrk8s.tolerateMaster }} - - key: node-role.kubernetes.io/master - effect: NoSchedule - operator: Exists - - key: node-role.kubernetes.io/control-plane - effect: NoSchedule - operator: Exists - {{- end }} - {{- with .Values.frrk8s.tolerations }} - {{- toYaml . | nindent 6 }} - {{- end }} - {{- end }} - {{- with .Values.frrk8s.priorityClassName }} - priorityClassName: {{ . | quote }} - {{- end }} - volumes: - - name: cert - secret: - defaultMode: 420 - secretName: frr-k8s-webhook-server-cert - serviceAccountName: {{ template "frrk8s.serviceAccountName" . }} - terminationGracePeriodSeconds: 10 ---- -apiVersion: v1 -kind: Secret -metadata: - name: frr-k8s-webhook-server-cert - namespace: {{ .Release.Namespace | quote }} ---- -apiVersion: v1 -kind: Service -metadata: - name: frr-k8s-webhook-service - namespace: {{ .Release.Namespace | quote }} -spec: - ports: - - port: 443 - targetPort: 9443 - selector: - app.kubernetes.io/component: frr-k8s-webhook-server ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: frr-k8s-validating-webhook-configuration -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: frr-k8s-webhook-service - namespace: {{ .Release.Namespace }} - path: /validate-frrk8s-metallb-io-v1beta1-frrconfiguration - failurePolicy: {{ .Values.crds.validationFailurePolicy }} - name: frrconfigurationsvalidationwebhook.metallb.io - rules: - - apiGroups: - - frrk8s.metallb.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - frrconfigurations - sideEffects: None diff --git a/charts/metallb/metallb/charts/frr-k8s/values.schema.json b/charts/metallb/metallb/charts/frr-k8s/values.schema.json deleted file mode 100644 index cb7b914c7..000000000 --- a/charts/metallb/metallb/charts/frr-k8s/values.schema.json +++ /dev/null @@ -1,387 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft-07/schema#", - "title": "Values", - "type": "object", - "definitions": { - "prometheusAlert": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "labels": { - "type": "object", - "additionalProperties": { - "type": "string" - } - } - }, - "required": [ - "enabled" - ] - }, - "probe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - }, - "required": [ - "failureThreshold", - "initialDelaySeconds", - "periodSeconds", - "successThreshold", - "timeoutSeconds" - ] - }, - "component": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "logLevel": { - "type": "string", - "enum": [ - "all", - "debug", - "info", - "warn", - "error", - "none" - ] - }, - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "null" - } - ] - }, - "pullPolicy": { - "anyOf": [ - { - "type": "null" - }, - { - "type": "string", - "enum": [ - "Always", - "IfNotPresent", - "Never" - ] - } - ] - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "create": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "annotations": { - "type": "object" - } - } - }, - "resources": { - "type": "object" - }, - "nodeSelector": { - "type": "object" - }, - "tolerations": { - "type": "array", - "items": { - "type": "object" - } - }, - "priorityClassName": { - "type": "string" - }, - "runtimeClassName": { - "type": "string" - }, - "affinity": { - "type": "object" - }, - "podAnnotations": { - "type": "object" - }, - "livenessProbe": { - "$ref": "#/definitions/probe" - }, - "readinessProbe": { - "$ref": "#/definitions/probe" - } - }, - "required": [ - "image", - "serviceAccount" - ] - } - }, - "properties": { - "imagePullSecrets": { - "description": "Secrets used for pulling images", - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - } - }, - "required": [ - "name" - ], - "additionalProperties": false - } - }, - "nameOverride": { - "description": "Override chart name", - "type": "string" - }, - "fullNameOverride": { - "description": "Override fully qualified app name", - "type": "string" - }, - "rbac": { - "description": "RBAC configuration", - "type": "object", - "properties": { - "create": { - "description": "Enable RBAC", - "type": "boolean" - } - } - }, - "prometheus": { - "description": "Prometheus monitoring config", - "type": "object", - "properties": { - "scrapeAnnotations": { - "type": "boolean" - }, - "metricsPort": { - "type": "integer" - }, - "secureMetricsPort": { - "type": "integer" - }, - "rbacPrometheus": { - "type": "boolean" - }, - "serviceAccount": { - "type": "string" - }, - "namespace": { - "type": "string" - }, - "rbacProxy": { - "description": "kube-rbac-proxy configuration", - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "serviceMonitor": { - "description": "Prometheus Operator ServiceMonitors", - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "jobLabel": { - "type": "string" - }, - "interval": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "null" - } - ] - }, - "metricRelabelings": { - "type": "array", - "items": { - "type": "object" - } - }, - "relabelings": { - "type": "array", - "items": { - "type": "object" - } - } - } - } - }, - "frrk8s": { - "allOf": [ - { - "$ref": "#/definitions/component" - }, - { - "description": "FRR-K8s controller", - "type": "object", - "properties": { - "tolerateMaster": { - "type": "boolean" - }, - "updateStrategy": { - "type": "object", - "properties": { - "type": { - "type": "string" - } - }, - "required": [ - "type" - ] - }, - "runtimeClassName": { - "type": "string" - }, - "secretName": { - "type": "string" - }, - "frr": { - "description": "The FRR properties in the controller", - "type": "object", - "properties": { - "image": { - "$ref": "#/definitions/component/properties/image" - }, - "metricsPort": { - "type": "integer" - }, - "secureMetricsPort": { - "type": "integer" - }, - "resources:": { - "type": "object" - } - }, - "required": [ - "enabled" - ] - }, - "command": { - "type": "string" - }, - "reloader": { - "type": "object", - "properties": { - "resources": { - "type": "object" - } - } - }, - "frrMetrics": { - "type": "object", - "properties": { - "resources": { - "type": "object" - } - } - } - }, - "required": [ - "tolerateMaster" - ] - } - ] - }, - "crds": { - "description": "CRD configuration", - "type": "object", - "properties": { - "enabled": { - "description": "Enable CRDs", - "type": "boolean" - }, - "validationFailurePolicy": { - "description": "Failure policy to use with validating webhooks", - "type": "string", - "enum": [ - "Ignore", - "Fail" - ] - } - } - } - }, - "frrk8s": { - "allOf": [ - { - "$ref": "#/definitions/component" - }, - { - "description": "FRRk8s Controller", - "type": "object", - "properties": { - "strategy": { - "type": "object", - "properties": { - "type": { - "type": "string" - } - }, - "required": [ - "type" - ] - }, - "command": { - "type": "string" - }, - "webhookMode": { - "type": "string" - } - } - } - ] - } - }, - "required": [ - "frrk8s" - ] -} \ No newline at end of file diff --git a/charts/metallb/metallb/charts/frr-k8s/values.yaml b/charts/metallb/metallb/charts/frr-k8s/values.yaml deleted file mode 100644 index 32d118b9c..000000000 --- a/charts/metallb/metallb/charts/frr-k8s/values.yaml +++ /dev/null @@ -1,173 +0,0 @@ -# Default values for frr-k8s. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -nameOverride: "" -fullnameOverride: "" - -rbac: - # create specifies whether to install and use RBAC rules. - create: true - -prometheus: - # scrape annotations specifies whether to add Prometheus metric - # auto-collection annotations to pods. See - # https://github.com/prometheus/prometheus/blob/release-2.1/documentation/examples/prometheus-kubernetes.yml - # for a corresponding Prometheus configuration. Alternatively, you - # may want to use the Prometheus Operator - # (https://github.com/coreos/prometheus-operator) for more powerful - # monitoring configuration. If you use the Prometheus operator, this - # can be left at false. - scrapeAnnotations: false - - # bind addr frr-k8s will use for metrics - metricsBindAddress: 127.0.0.1 - - # port frr-k8s will listen on for metrics - metricsPort: 7572 - - # if set, enables rbac proxy on frr-k8s to expose - # the metrics via tls. - secureMetricsPort: 9140 - - # the name of the secret to be mounted in the frr-k8s pod - # to expose the metrics securely. If not present, a self signed - # certificate to be used. - metricsTLSSecret: "" - - # prometheus doens't have the permission to scrape all namespaces so we give it permission to scrape metallb's one - rbacPrometheus: false - - # the service account used by prometheus - # required when " .Values.prometheus.rbacPrometheus == true " and " prometheus.serviceMonitor.enabled=true " - serviceAccount: "" - - # the namespace where prometheus is deployed - # required when " .Values.prometheus.rbacPrometheus == true " and " prometheus.serviceMonitor.enabled=true " - namespace: "" - - # the image to be used for the kuberbacproxy container - rbacProxy: - repository: gcr.io/kubebuilder/kube-rbac-proxy - tag: v0.12.0 - pullPolicy: - - # Prometheus Operator ServiceMonitors. - serviceMonitor: - # enable support for Prometheus Operator - enabled: false - - additionalLabels: {} - # optional additional annotations for the controller serviceMonitor - annotations: {} - # optional tls configuration for the controller serviceMonitor, in case - # secure metrics are enabled. - tlsConfig: - insecureSkipVerify: true - - # Job label for scrape target - jobLabel: "app.kubernetes.io/name" - - # Scrape interval. If not set, the Prometheus default scrape interval is used. - interval: - - # metric relabel configs to apply to samples before ingestion. - metricRelabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] - - # relabel configs to apply to samples before ingestion. - relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # target_label: nodename - # replacement: $1 - # action: replace - -# controller contains configuration specific to the FRRK8s controller -# daemonset. -frrk8s: - # -- Controller log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none` - logLevel: info - tolerateMaster: true - image: - repository: quay.io/metallb/frr-k8s - tag: - pullPolicy: - ## @param controller.updateStrategy.type FRR-K8s controller daemonset strategy type - ## ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/ - ## - updateStrategy: - ## StrategyType - ## Can be set to RollingUpdate or OnDelete - ## - type: RollingUpdate - serviceAccount: - # Specifies whether a ServiceAccount should be created - create: true - # The name of the ServiceAccount to use. If not set and create is - # true, a name is generated using the fullname template - name: "" - annotations: {} - ## Defines a secret name for the controller to generate a memberlist encryption secret - ## By default secretName: {{ "metallb.fullname" }}-memberlist - ## - # secretName: - resources: {} - # limits: - # cpu: 100m - # memory: 100Mi - nodeSelector: {} - tolerations: [] - priorityClassName: "" - affinity: {} - ## Selects which runtime class will be used by the pod. - runtimeClassName: "" - podAnnotations: {} - labels: - app: frr-k8s - healthPort: 8081 - livenessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - startupProbe: - enabled: true - failureThreshold: 30 - periodSeconds: 5 - ## A comma separated list of cidrs we want always to block for incoming routes - alwaysBlock: "" - ## Specifies whether the cert rotator works as part of the webhook. - disableCertRotation: false - ## Specifies whether the pod restarts when the rotator refreshes the cert secret. - ## Enabling this proved useful for the webhook's stability when it is redeployed multiple times in succession. - restartOnRotatorSecretRefresh: false - # frr contains configuration specific to the FRR container, - frr: - image: - repository: quay.io/frrouting/frr - tag: 9.0.2 - pullPolicy: - metricsBindAddress: 127.0.0.1 - metricsPort: 7573 - resources: {} - secureMetricsPort: 9141 - reloader: - resources: {} - frrMetrics: - resources: {} -crds: - enabled: true - validationFailurePolicy: Fail diff --git a/charts/metallb/metallb/policy/controller.rego b/charts/metallb/metallb/policy/controller.rego deleted file mode 100644 index b7a0ea1a0..000000000 --- a/charts/metallb/metallb/policy/controller.rego +++ /dev/null @@ -1,16 +0,0 @@ -package main - -# validate serviceAccountName -deny[msg] { - input.kind == "Deployment" - serviceAccountName := input.spec.template.spec.serviceAccountName - not serviceAccountName == "release-name-metallb-controller" - msg = sprintf("controller serviceAccountName '%s' does not match expected value", [serviceAccountName]) -} - -# validate node selector includes builtin when custom ones are provided -deny[msg] { - input.kind == "Deployment" - not input.spec.template.spec.nodeSelector["kubernetes.io/os"] == "linux" - msg = "controller nodeSelector does not include '\"kubernetes.io/os\": linux'" -} diff --git a/charts/metallb/metallb/policy/rbac.rego b/charts/metallb/metallb/policy/rbac.rego deleted file mode 100644 index 047345ebf..000000000 --- a/charts/metallb/metallb/policy/rbac.rego +++ /dev/null @@ -1,27 +0,0 @@ -package main - -# Validate PSP exists in ClusterRole :controller -deny[msg] { - input.kind == "ClusterRole" - input.metadata.name == "metallb:controller" - input.rules[3] == { - "apiGroups": ["policy"], - "resources": ["podsecuritypolicies"], - "resourceNames": ["metallb-controller"], - "verbs": ["use"] - } - msg = "ClusterRole metallb:controller does not include PSP rule" -} - -# Validate PSP exists in ClusterRole :speaker -deny[msg] { - input.kind == "ClusterRole" - input.metadata.name == "metallb:speaker" - input.rules[3] == { - "apiGroups": ["policy"], - "resources": ["podsecuritypolicies"], - "resourceNames": ["metallb-controller"], - "verbs": ["use"] - } - msg = "ClusterRole metallb:speaker does not include PSP rule" -} diff --git a/charts/metallb/metallb/policy/speaker.rego b/charts/metallb/metallb/policy/speaker.rego deleted file mode 100644 index 146a0373c..000000000 --- a/charts/metallb/metallb/policy/speaker.rego +++ /dev/null @@ -1,30 +0,0 @@ -package main - -# validate serviceAccountName -deny[msg] { - input.kind == "DaemonSet" - serviceAccountName := input.spec.template.spec.serviceAccountName - not serviceAccountName == "release-name-metallb-speaker" - msg = sprintf("speaker serviceAccountName '%s' does not match expected value", [serviceAccountName]) -} - -# validate METALLB_ML_SECRET_KEY (memberlist) -deny[msg] { - input.kind == "DaemonSet" - not input.spec.template.spec.containers[0].env[5].name == "METALLB_ML_SECRET_KEY_PATH" - msg = "speaker env does not contain METALLB_ML_SECRET_KEY_PATH at env[5]" -} - -# validate node selector includes builtin when custom ones are provided -deny[msg] { - input.kind == "DaemonSet" - not input.spec.template.spec.nodeSelector["kubernetes.io/os"] == "linux" - msg = "controller nodeSelector does not include '\"kubernetes.io/os\": linux'" -} - -# validate tolerations include the builtins when custom ones are provided -deny[msg] { - input.kind == "DaemonSet" - not input.spec.template.spec.tolerations[0] == { "key": "node-role.kubernetes.io/master", "effect": "NoSchedule", "operator": "Exists" } - msg = "controller tolerations does not include node-role.kubernetes.io/master:NoSchedule" -} diff --git a/charts/metallb/metallb/templates/NOTES.txt b/charts/metallb/metallb/templates/NOTES.txt deleted file mode 100644 index 23d1d5bc1..000000000 --- a/charts/metallb/metallb/templates/NOTES.txt +++ /dev/null @@ -1,4 +0,0 @@ -MetalLB is now running in the cluster. - -Now you can configure it via its CRs. Please refer to the metallb official docs -on how to use the CRs. diff --git a/charts/metallb/metallb/templates/_helpers.tpl b/charts/metallb/metallb/templates/_helpers.tpl deleted file mode 100644 index 53d9528d8..000000000 --- a/charts/metallb/metallb/templates/_helpers.tpl +++ /dev/null @@ -1,113 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "metallb.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "metallb.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "metallb.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "metallb.labels" -}} -helm.sh/chart: {{ include "metallb.chart" . }} -{{ include "metallb.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "metallb.selectorLabels" -}} -app.kubernetes.io/name: {{ include "metallb.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the controller service account to use -*/}} -{{- define "metallb.controller.serviceAccountName" -}} -{{- if .Values.controller.serviceAccount.create }} -{{- default (printf "%s-controller" (include "metallb.fullname" .)) .Values.controller.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.controller.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Create the name of the speaker service account to use -*/}} -{{- define "metallb.speaker.serviceAccountName" -}} -{{- if .Values.speaker.serviceAccount.create }} -{{- default (printf "%s-speaker" (include "metallb.fullname" .)) .Values.speaker.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.speaker.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Create the name of the settings Secret to use. -*/}} -{{- define "metallb.secretName" -}} - {{ default ( printf "%s-memberlist" (include "metallb.fullname" .)) .Values.speaker.secretName | trunc 63 | trimSuffix "-" }} -{{- end -}} - -{{- define "metrics.exposedportname" -}} -{{- if .Values.prometheus.secureMetricsPort -}} -"metricshttps" -{{- else -}} -"metrics" -{{- end -}} -{{- end -}} - -{{- define "metrics.exposedfrrportname" -}} -{{- if .Values.speaker.frr.secureMetricsPort -}} -"frrmetricshttps" -{{- else -}} -"frrmetrics" -{{- end }} -{{- end }} - -{{- define "metrics.exposedport" -}} -{{- if .Values.prometheus.secureMetricsPort -}} -{{ .Values.prometheus.secureMetricsPort }} -{{- else -}} -{{ .Values.prometheus.metricsPort }} -{{- end -}} -{{- end }} - -{{- define "metrics.exposedfrrport" -}} -{{- if .Values.speaker.frr.secureMetricsPort -}} -{{ .Values.speaker.frr.secureMetricsPort }} -{{- else -}} -{{ .Values.speaker.frr.metricsPort }} -{{- end }} -{{- end }} diff --git a/charts/metallb/metallb/templates/controller.yaml b/charts/metallb/metallb/templates/controller.yaml deleted file mode 100644 index d7d299e29..000000000 --- a/charts/metallb/metallb/templates/controller.yaml +++ /dev/null @@ -1,194 +0,0 @@ -{{- if .Values.controller.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "metallb.fullname" . }}-controller - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "metallb.labels" . | nindent 4 }} - app.kubernetes.io/component: controller - {{- range $key, $value := .Values.controller.labels }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - {{- if .Values.controller.strategy }} - strategy: {{- toYaml .Values.controller.strategy | nindent 4 }} - {{- end }} - selector: - matchLabels: - {{- include "metallb.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: controller - template: - metadata: - {{- if or .Values.prometheus.scrapeAnnotations .Values.controller.podAnnotations }} - annotations: - {{- if .Values.prometheus.scrapeAnnotations }} - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.prometheus.metricsPort }}" - {{- end }} - {{- with .Values.controller.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - labels: - {{- include "metallb.selectorLabels" . | nindent 8 }} - app.kubernetes.io/component: controller - {{- range $key, $value := .Values.controller.labels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - spec: - {{- with .Values.controller.runtimeClassName }} - runtimeClassName: {{ . | quote }} - {{- end }} - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "metallb.controller.serviceAccountName" . }} - terminationGracePeriodSeconds: 0 -{{- if .Values.controller.securityContext }} - securityContext: -{{ toYaml .Values.controller.securityContext | indent 8 }} -{{- end }} - containers: - - name: controller - image: {{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag | default .Chart.AppVersion }} - {{- if .Values.controller.image.pullPolicy }} - imagePullPolicy: {{ .Values.controller.image.pullPolicy }} - {{- end }} - {{- if .Values.controller.command }} - command: - - {{ .Values.controller.command }} - {{- end }} - args: - - --port={{ .Values.prometheus.metricsPort }} - {{- with .Values.controller.logLevel }} - - --log-level={{ . }} - {{- end }} - {{- if .Values.loadBalancerClass }} - - --lb-class={{ .Values.loadBalancerClass }} - {{- end }} - {{- if .Values.controller.webhookMode }} - - --webhook-mode={{ .Values.controller.webhookMode }} - {{- end }} - {{- if .Values.controller.tlsMinVersion }} - - --tls-min-version={{ .Values.controller.tlsMinVersion }} - {{- end }} - {{- if .Values.controller.tlsCipherSuites }} - - --tls-cipher-suites={{ .Values.controller.tlsCipherSuites }} - {{- end }} - env: - {{- if and .Values.speaker.enabled .Values.speaker.memberlist.enabled }} - - name: METALLB_ML_SECRET_NAME - value: {{ include "metallb.secretName" . }} - - name: METALLB_DEPLOYMENT - value: {{ template "metallb.fullname" . }}-controller - {{- end }} - {{- if .Values.speaker.frr.enabled }} - - name: METALLB_BGP_TYPE - value: frr - {{- end }} - {{- if .Values.frrk8s.enabled }} - - name: METALLB_BGP_TYPE - value: frr-k8s - {{- end }} - ports: - - name: monitoring - containerPort: {{ .Values.prometheus.metricsPort }} - - containerPort: 9443 - name: webhook-server - protocol: TCP - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - {{- if .Values.controller.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /metrics - port: monitoring - initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.controller.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /metrics - port: monitoring - initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} - {{- end }} - {{- with .Values.controller.resources }} - resources: - {{- toYaml . | nindent 10 }} - {{- end }} - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - {{- if .Values.prometheus.secureMetricsPort }} - - name: kube-rbac-proxy - image: {{ .Values.prometheus.rbacProxy.repository }}:{{ .Values.prometheus.rbacProxy.tag }} - imagePullPolicy: {{ .Values.prometheus.rbacProxy.pullPolicy }} - args: - - --logtostderr - - --secure-listen-address=:{{ .Values.prometheus.secureMetricsPort }} - - --upstream=http://127.0.0.1:{{ .Values.prometheus.metricsPort }}/ - - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - {{- if .Values.prometheus.controllerMetricsTLSSecret }} - - --tls-private-key-file=/etc/metrics/tls.key - - --tls-cert-file=/etc/metrics/tls.crt - {{- end }} - ports: - - containerPort: {{ .Values.prometheus.secureMetricsPort }} - name: metricshttps - resources: - requests: - cpu: 10m - memory: 20Mi - terminationMessagePolicy: FallbackToLogsOnError - {{- if .Values.prometheus.controllerMetricsTLSSecret }} - volumeMounts: - - name: metrics-certs - mountPath: /etc/metrics - readOnly: true - {{- end }} - {{ end }} - {{- if .Values.controller.extraContainers }} - {{- toYaml .Values.controller.extraContainers | nindent 6 }} - {{- end }} - nodeSelector: - "kubernetes.io/os": linux - {{- with .Values.controller.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controller.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controller.tolerations }} - tolerations: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.controller.priorityClassName }} - priorityClassName: {{ . | quote }} - {{- end }} - volumes: - - name: cert - secret: - defaultMode: 420 - secretName: metallb-webhook-cert - {{- if .Values.prometheus.controllerMetricsTLSSecret }} - - name: metrics-certs - secret: - secretName: {{ .Values.prometheus.controllerMetricsTLSSecret }} - {{- end }} -{{- end }} diff --git a/charts/metallb/metallb/templates/deprecated_configInline.yaml b/charts/metallb/metallb/templates/deprecated_configInline.yaml deleted file mode 100644 index 8a1a551cc..000000000 --- a/charts/metallb/metallb/templates/deprecated_configInline.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{- if .Values.configInline }} -{{- fail "Starting from v0.13.0 configInline is no longer supported. Please see https://metallb.universe.tf/#backward-compatibility" }} -{{- end }} diff --git a/charts/metallb/metallb/templates/exclude-l2-config.yaml b/charts/metallb/metallb/templates/exclude-l2-config.yaml deleted file mode 100644 index 932c2d62a..000000000 --- a/charts/metallb/metallb/templates/exclude-l2-config.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.speaker.enabled .Values.speaker.excludeInterfaces.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: metallb-excludel2 - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "metallb.labels" . | nindent 4 }} -data: - excludel2.yaml: | - announcedInterfacesToExclude: - - ^docker.* - - ^cbr.* - - ^dummy.* - - ^virbr.* - - ^lxcbr.* - - ^veth.* - - ^lo$ - - ^cali.* - - ^tunl.* - - ^flannel.* - - ^kube-ipvs.* - - ^cni.* - - ^nodelocaldns.* -{{- end }} \ No newline at end of file diff --git a/charts/metallb/metallb/templates/podmonitor.yaml b/charts/metallb/metallb/templates/podmonitor.yaml deleted file mode 100644 index 93a7fd699..000000000 --- a/charts/metallb/metallb/templates/podmonitor.yaml +++ /dev/null @@ -1,106 +0,0 @@ -{{- if .Values.prometheus.podMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PodMonitor -metadata: - name: {{ template "metallb.fullname" . }}-controller - labels: - {{- include "metallb.labels" . | nindent 4 }} - app.kubernetes.io/component: controller - {{- if .Values.prometheus.podMonitor.additionalLabels }} -{{ toYaml .Values.prometheus.podMonitor.additionalLabels | indent 4 }} - {{- end }} - {{- if .Values.prometheus.podMonitor.annotations }} - annotations: -{{ toYaml .Values.prometheus.podMonitor.annotations | indent 4 }} - {{- end }} -spec: - jobLabel: {{ .Values.prometheus.podMonitor.jobLabel | quote }} - selector: - matchLabels: - {{- include "metallb.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: controller - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - podMetricsEndpoints: - - port: monitoring - path: /metrics - {{- if .Values.prometheus.podMonitor.interval }} - interval: {{ .Values.prometheus.podMonitor.interval }} - {{- end }} -{{- if .Values.prometheus.podMonitor.metricRelabelings }} - metricRelabelings: -{{- toYaml .Values.prometheus.podMonitor.metricRelabelings | nindent 4 }} -{{- end }} -{{- if .Values.prometheus.podMonitor.relabelings }} - relabelings: -{{- toYaml .Values.prometheus.podMonitor.relabelings | nindent 4 }} -{{- end }} ---- -apiVersion: monitoring.coreos.com/v1 -kind: PodMonitor -metadata: - name: {{ template "metallb.fullname" . }}-speaker - labels: - {{- include "metallb.labels" . | nindent 4 }} - app.kubernetes.io/component: speaker - {{- if .Values.prometheus.podMonitor.additionalLabels }} -{{ toYaml .Values.prometheus.podMonitor.additionalLabels | indent 4 }} - {{- end }} - {{- if .Values.prometheus.podMonitor.annotations }} - annotations: -{{ toYaml .Values.prometheus.podMonitor.annotations | indent 4 }} - {{- end }} -spec: - jobLabel: {{ .Values.prometheus.podMonitor.jobLabel | quote }} - selector: - matchLabels: - {{- include "metallb.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: speaker - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - podMetricsEndpoints: - - port: monitoring - path: /metrics - {{- if .Values.prometheus.podMonitor.interval }} - interval: {{ .Values.prometheus.podMonitor.interval }} - {{- end }} -{{- if .Values.prometheus.podMonitor.metricRelabelings }} - metricRelabelings: -{{- toYaml .Values.prometheus.podMonitor.metricRelabelings | nindent 4 }} -{{- end }} -{{- if .Values.prometheus.podMonitor.relabelings }} - relabelings: -{{- toYaml .Values.prometheus.podMonitor.relabelings | nindent 4 }} -{{- end }} ---- -{{- if .Values.prometheus.rbacPrometheus }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "metallb.fullname" . }}-prometheus -rules: - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "metallb.fullname" . }}-prometheus -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "metallb.fullname" . }}-prometheus -subjects: - - kind: ServiceAccount - name: {{ required ".Values.prometheus.serviceAccount must be defined when .Values.prometheus.podMonitor.enabled == true" .Values.prometheus.serviceAccount }} - namespace: {{ required ".Values.prometheus.namespace must be defined when .Values.prometheus.podMonitor.enabled == true" .Values.prometheus.namespace }} -{{- end }} -{{- end }} diff --git a/charts/metallb/metallb/templates/prometheusrules.yaml b/charts/metallb/metallb/templates/prometheusrules.yaml deleted file mode 100644 index 463aacafb..000000000 --- a/charts/metallb/metallb/templates/prometheusrules.yaml +++ /dev/null @@ -1,84 +0,0 @@ -{{- if .Values.prometheus.prometheusRule.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ template "metallb.fullname" . }} - labels: - {{- include "metallb.labels" . | nindent 4 }} - {{- if .Values.prometheus.prometheusRule.additionalLabels }} -{{ toYaml .Values.prometheus.prometheusRule.additionalLabels | indent 4 }} - {{- end }} - {{- if .Values.prometheus.prometheusRule.annotations }} - annotations: -{{ toYaml .Values.prometheus.prometheusRule.annotations | indent 4 }} - {{- end }} -spec: - groups: - - name: {{ template "metallb.fullname" . }}.rules - rules: - {{- if .Values.prometheus.prometheusRule.staleConfig.enabled }} - - alert: MetalLBStaleConfig - annotations: - message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod - }} has a stale config for > 1 minute'`}} - expr: metallb_k8s_client_config_stale_bool{job="{{ include "metallb.name" . }}"} == 1 - for: 1m - {{- with .Values.prometheus.prometheusRule.staleConfig.labels }} - labels: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - {{- if .Values.prometheus.prometheusRule.configNotLoaded.enabled }} - - alert: MetalLBConfigNotLoaded - annotations: - message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod - }} has not loaded for > 1 minute'`}} - expr: metallb_k8s_client_config_loaded_bool{job="{{ include "metallb.name" . }}"} == 0 - for: 1m - {{- with .Values.prometheus.prometheusRule.configNotLoaded.labels }} - labels: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - {{- if .Values.prometheus.prometheusRule.addressPoolExhausted.enabled }} - - alert: MetalLBAddressPoolExhausted - annotations: - message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod - }} has exhausted address pool {{ $labels.pool }} for > 1 minute'`}} - expr: metallb_allocator_addresses_in_use_total >= on(pool) metallb_allocator_addresses_total - for: 1m - {{- with .Values.prometheus.prometheusRule.addressPoolExhausted.labels }} - labels: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - - {{- if .Values.prometheus.prometheusRule.addressPoolUsage.enabled }} - {{- range .Values.prometheus.prometheusRule.addressPoolUsage.thresholds }} - - alert: MetalLBAddressPoolUsage{{ .percent }}Percent - annotations: - message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod - }} has address pool {{ $labels.pool }} past `}}{{ .percent }}{{`% usage for > 1 minute'`}} - expr: ( metallb_allocator_addresses_in_use_total / on(pool) metallb_allocator_addresses_total ) * 100 > {{ .percent }} - {{- with .labels }} - labels: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.prometheus.prometheusRule.bgpSessionDown.enabled }} - - alert: MetalLBBGPSessionDown - annotations: - message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod - }} has BGP session {{ $labels.peer }} down for > 1 minute'`}} - expr: metallb_bgp_session_up{job="{{ include "metallb.name" . }}"} == 0 - for: 1m - {{- with .Values.prometheus.prometheusRule.bgpSessionDown.labels }} - labels: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - {{- with .Values.prometheus.prometheusRule.extraAlerts }} - {{- toYaml . | nindent 4 }} - {{- end}} -{{- end }} diff --git a/charts/metallb/metallb/templates/rbac.yaml b/charts/metallb/metallb/templates/rbac.yaml deleted file mode 100644 index 914ff82af..000000000 --- a/charts/metallb/metallb/templates/rbac.yaml +++ /dev/null @@ -1,212 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "metallb.fullname" . }}:controller - labels: - {{- include "metallb.labels" . | nindent 4 }} -rules: -- apiGroups: [""] - resources: ["services", "namespaces"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["nodes"] - verbs: ["list"] -- apiGroups: [""] - resources: ["services/status"] - verbs: ["update"] -- apiGroups: [""] - resources: ["events"] - verbs: ["create", "patch"] -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] - resourceNames: ["metallb-webhook-configuration"] - verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] - verbs: ["list", "watch"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - resourceNames: ["bfdprofiles.metallb.io","bgpadvertisements.metallb.io", - "bgppeers.metallb.io","ipaddresspools.metallb.io","l2advertisements.metallb.io","communities.metallb.io"] - verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["list", "watch"] -{{- if .Values.prometheus.secureMetricsPort }} -- apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] -- apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "metallb.fullname" . }}:speaker - labels: - {{- include "metallb.labels" . | nindent 4 }} -rules: -- apiGroups: [""] - resources: ["services", "endpoints", "nodes", "namespaces"] - verbs: ["get", "list", "watch"] -- apiGroups: ["discovery.k8s.io"] - resources: ["endpointslices"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["events"] - verbs: ["create", "patch"] -- apiGroups: ["metallb.io"] - resources: ["servicel2statuses","servicel2statuses/status"] - verbs: ["*"] -{{- if .Values.prometheus.secureMetricsPort }} -- apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] -- apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "metallb.fullname" . }}-pod-lister - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "metallb.labels" . | nindent 4 }} -rules: -- apiGroups: [""] - resources: ["pods"] - verbs: ["list"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "list", "watch"] -- apiGroups: ["metallb.io"] - resources: ["bfdprofiles"] - verbs: ["get", "list", "watch"] -- apiGroups: ["metallb.io"] - resources: ["bgppeers"] - verbs: ["get", "list", "watch"] -- apiGroups: ["metallb.io"] - resources: ["l2advertisements"] - verbs: ["get", "list", "watch"] -- apiGroups: ["metallb.io"] - resources: ["bgpadvertisements"] - verbs: ["get", "list", "watch"] -- apiGroups: ["metallb.io"] - resources: ["ipaddresspools"] - verbs: ["get", "list", "watch"] -- apiGroups: ["metallb.io"] - resources: ["communities"] - verbs: ["get", "list", "watch"] -{{- if .Values.frrk8s.enabled }} -- apiGroups: ["frrk8s.metallb.io"] - resources: ["frrconfigurations"] - verbs: ["get", "list", "watch","create","update"] -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "metallb.fullname" . }}-controller - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "metallb.labels" . | nindent 4 }} -rules: -{{- if .Values.speaker.memberlist.enabled }} -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create", "get", "list", "watch"] -- apiGroups: [""] - resources: ["secrets"] - resourceNames: [{{ include "metallb.secretName" . | quote }}] - verbs: ["list"] -- apiGroups: ["apps"] - resources: ["deployments"] - resourceNames: ["{{ template "metallb.fullname" . }}-controller"] - verbs: ["get"] -{{- end }} -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] -- apiGroups: ["metallb.io"] - resources: ["ipaddresspools"] - verbs: ["get", "list", "watch"] -- apiGroups: ["metallb.io"] - resources: ["bgppeers"] - verbs: ["get", "list"] -- apiGroups: ["metallb.io"] - resources: ["bgpadvertisements"] - verbs: ["get", "list"] -- apiGroups: ["metallb.io"] - resources: ["l2advertisements"] - verbs: ["get", "list"] -- apiGroups: ["metallb.io"] - resources: ["communities"] - verbs: ["get", "list","watch"] -- apiGroups: ["metallb.io"] - resources: ["bfdprofiles"] - verbs: ["get", "list","watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "metallb.fullname" . }}:controller - labels: - {{- include "metallb.labels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: {{ template "metallb.controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "metallb.fullname" . }}:controller ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "metallb.fullname" . }}:speaker - labels: - {{- include "metallb.labels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: {{ template "metallb.speaker.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "metallb.fullname" . }}:speaker ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "metallb.fullname" . }}-pod-lister - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "metallb.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "metallb.fullname" . }}-pod-lister -subjects: -- kind: ServiceAccount - name: {{ include "metallb.speaker.serviceAccountName" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "metallb.fullname" . }}-controller - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "metallb.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "metallb.fullname" . }}-controller -subjects: -- kind: ServiceAccount - name: {{ include "metallb.controller.serviceAccountName" . }} -{{- end -}} diff --git a/charts/metallb/metallb/templates/service-accounts.yaml b/charts/metallb/metallb/templates/service-accounts.yaml deleted file mode 100644 index 9615acf34..000000000 --- a/charts/metallb/metallb/templates/service-accounts.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- if .Values.controller.serviceAccount.create }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "metallb.controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "metallb.labels" . | nindent 4 }} - app.kubernetes.io/component: controller - {{- with .Values.controller.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} -{{- if .Values.speaker.serviceAccount.create }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "metallb.speaker.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "metallb.labels" . | nindent 4 }} - app.kubernetes.io/component: speaker - {{- with .Values.speaker.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/metallb/metallb/templates/servicemonitor.yaml b/charts/metallb/metallb/templates/servicemonitor.yaml deleted file mode 100644 index 1cfc0c43b..000000000 --- a/charts/metallb/metallb/templates/servicemonitor.yaml +++ /dev/null @@ -1,193 +0,0 @@ -{{- if .Values.prometheus.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "metallb.fullname" . }}-speaker-monitor - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "metallb.labels" . | nindent 4 }} - app.kubernetes.io/component: speaker - {{- if .Values.prometheus.serviceMonitor.speaker.additionalLabels }} -{{ toYaml .Values.prometheus.serviceMonitor.speaker.additionalLabels | indent 4 }} - {{- end }} - {{- if .Values.prometheus.serviceMonitor.speaker.annotations }} - annotations: -{{ toYaml .Values.prometheus.serviceMonitor.speaker.annotations | indent 4 }} - {{- end }} -spec: - endpoints: - - port: {{ template "metrics.exposedportname" . }} - honorLabels: true - {{- if .Values.prometheus.serviceMonitor.metricRelabelings }} - metricRelabelings: - {{- toYaml .Values.prometheus.serviceMonitor.metricRelabelings | nindent 8 }} - {{- end -}} - {{- if .Values.prometheus.serviceMonitor.relabelings }} - relabelings: - {{- toYaml .Values.prometheus.serviceMonitor.relabelings | nindent 8 }} - {{- end }} - {{- if .Values.prometheus.serviceMonitor.interval }} - interval: {{ .Values.prometheus.serviceMonitor.interval }} - {{- end -}} -{{ if .Values.prometheus.secureMetricsPort }} - bearerTokenFile: "/var/run/secrets/kubernetes.io/serviceaccount/token" - scheme: "https" -{{- if .Values.prometheus.serviceMonitor.speaker.tlsConfig }} - tlsConfig: -{{ toYaml .Values.prometheus.serviceMonitor.speaker.tlsConfig | indent 8 }} -{{- end }} -{{ end }} -{{- if .Values.speaker.frr.enabled }} - - port: {{ template "metrics.exposedfrrportname" . }} - honorLabels: true -{{ if .Values.speaker.frr.secureMetricsPort }} - {{- if .Values.prometheus.serviceMonitor.interval }} - interval: {{ .Values.prometheus.serviceMonitor.interval }} - {{- end }} - bearerTokenFile: "/var/run/secrets/kubernetes.io/serviceaccount/token" - scheme: "https" -{{- if .Values.prometheus.serviceMonitor.speaker.tlsConfig }} - tlsConfig: -{{ toYaml .Values.prometheus.serviceMonitor.speaker.tlsConfig | indent 8 }} -{{- end }} -{{- end }} -{{- end }} - jobLabel: {{ .Values.prometheus.serviceMonitor.jobLabel | quote }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - name: {{ template "metallb.fullname" . }}-speaker-monitor-service ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - prometheus.io/scrape: "true" - {{- if .Values.prometheus.serviceMonitor.speaker.annotations }} -{{ toYaml .Values.prometheus.serviceMonitor.speaker.annotations | indent 4 }} - {{- end }} - labels: - name: {{ template "metallb.fullname" . }}-speaker-monitor-service - name: {{ template "metallb.fullname" . }}-speaker-monitor-service - namespace: {{ .Release.Namespace | quote }} -spec: - selector: - {{- include "metallb.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: speaker - clusterIP: None - ports: - - name: {{ template "metrics.exposedportname" . }} - port: {{ template "metrics.exposedport" . }} - targetPort: {{ template "metrics.exposedport" . }} -{{- if .Values.speaker.frr.enabled }} - - name: {{ template "metrics.exposedfrrportname" . }} - port: {{ template "metrics.exposedfrrport" . }} - targetPort: {{ template "metrics.exposedfrrport" . }} -{{- end }} - sessionAffinity: None - type: ClusterIP ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "metallb.fullname" . }}-controller-monitor - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "metallb.labels" . | nindent 4 }} - app.kubernetes.io/component: speaker - {{- if .Values.prometheus.serviceMonitor.controller.additionalLabels }} -{{ toYaml .Values.prometheus.serviceMonitor.controller.additionalLabels | indent 4 }} - {{- end }} - {{- if .Values.prometheus.serviceMonitor.controller.annotations }} - annotations: -{{ toYaml .Values.prometheus.serviceMonitor.controller.annotations | indent 4 }} - {{- end }} -spec: - endpoints: - - port: {{ template "metrics.exposedportname" . }} - {{- if .Values.prometheus.serviceMonitor.metricRelabelings }} - metricRelabelings: - {{- toYaml .Values.prometheus.serviceMonitor.metricRelabelings | nindent 8 }} - {{- end -}} - {{- if .Values.prometheus.serviceMonitor.relabelings }} - relabelings: - {{- toYaml .Values.prometheus.serviceMonitor.relabelings | nindent 8 }} - {{- end }} - {{- if .Values.prometheus.serviceMonitor.interval }} - interval: {{ .Values.prometheus.serviceMonitor.interval }} - {{- end }} - honorLabels: true -{{- if .Values.prometheus.secureMetricsPort }} - bearerTokenFile: "/var/run/secrets/kubernetes.io/serviceaccount/token" - scheme: "https" -{{- if .Values.prometheus.serviceMonitor.controller.tlsConfig }} - tlsConfig: -{{ toYaml .Values.prometheus.serviceMonitor.controller.tlsConfig | indent 8 }} -{{- end }} -{{- end }} - jobLabel: {{ .Values.prometheus.serviceMonitor.jobLabel | quote }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - name: {{ template "metallb.fullname" . }}-controller-monitor-service ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - prometheus.io/scrape: "true" - {{- if .Values.prometheus.serviceMonitor.controller.annotations }} -{{ toYaml .Values.prometheus.serviceMonitor.controller.annotations | indent 4 }} - {{- end }} - labels: - name: {{ template "metallb.fullname" . }}-controller-monitor-service - name: {{ template "metallb.fullname" . }}-controller-monitor-service -spec: - selector: - {{- include "metallb.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: controller - clusterIP: None - ports: - - name: {{ template "metrics.exposedportname" . }} - port: {{ template "metrics.exposedport" . }} - targetPort: {{ template "metrics.exposedport" . }} - sessionAffinity: None - type: ClusterIP ---- -{{- if .Values.prometheus.rbacPrometheus }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "metallb.fullname" . }}-prometheus - namespace: {{ .Release.Namespace | quote }} -rules: - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "metallb.fullname" . }}-prometheus - namespace: {{ .Release.Namespace | quote }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "metallb.fullname" . }}-prometheus -subjects: - - kind: ServiceAccount - name: {{ required ".Values.prometheus.serviceAccount must be defined when .Values.prometheus.serviceMonitor.enabled == true" .Values.prometheus.serviceAccount }} - namespace: {{ required ".Values.prometheus.namespace must be defined when .Values.prometheus.serviceMonitor.enabled == true" .Values.prometheus.namespace }} -{{- end }} -{{- end }} diff --git a/charts/metallb/metallb/templates/speaker.yaml b/charts/metallb/metallb/templates/speaker.yaml deleted file mode 100644 index ac7ee6298..000000000 --- a/charts/metallb/metallb/templates/speaker.yaml +++ /dev/null @@ -1,553 +0,0 @@ -{{- if .Values.speaker.frr.enabled }} -{{- if .Values.frrk8s.enabled }} -{{- fail "speaker.frr.enabled and frrk8s.enabled are mutually exclusive!" }} -{{- end }} -{{- end }} -{{- if .Values.speaker.frr.enabled }} - -# FRR expects to have these files owned by frr:frr on startup. -# Having them in a ConfigMap allows us to modify behaviors: for example enabling more daemons on startup. -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "metallb.fullname" . }}-frr-startup - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "metallb.labels" . | nindent 4 }} - app.kubernetes.io/component: speaker -data: - daemons: | - # This file tells the frr package which daemons to start. - # - # Sample configurations for these daemons can be found in - # /usr/share/doc/frr/examples/. - # - # ATTENTION: - # - # When activating a daemon for the first time, a config file, even if it is - # empty, has to be present *and* be owned by the user and group "frr", else - # the daemon will not be started by /etc/init.d/frr. The permissions should - # be u=rw,g=r,o=. - # When using "vtysh" such a config file is also needed. It should be owned by - # group "frrvty" and set to ug=rw,o= though. Check /etc/pam.d/frr, too. - # - # The watchfrr and zebra daemons are always started. - # - bgpd=yes - ospfd=no - ospf6d=no - ripd=no - ripngd=no - isisd=no - pimd=no - ldpd=no - nhrpd=no - eigrpd=no - babeld=no - sharpd=no - pbrd=no - bfdd=yes - fabricd=no - vrrpd=no - - # - # If this option is set the /etc/init.d/frr script automatically loads - # the config via "vtysh -b" when the servers are started. - # Check /etc/pam.d/frr if you intend to use "vtysh"! - # - vtysh_enable=yes - zebra_options=" -A 127.0.0.1 -s 90000000" - bgpd_options=" -A 127.0.0.1 -p 0" - ospfd_options=" -A 127.0.0.1" - ospf6d_options=" -A ::1" - ripd_options=" -A 127.0.0.1" - ripngd_options=" -A ::1" - isisd_options=" -A 127.0.0.1" - pimd_options=" -A 127.0.0.1" - ldpd_options=" -A 127.0.0.1" - nhrpd_options=" -A 127.0.0.1" - eigrpd_options=" -A 127.0.0.1" - babeld_options=" -A 127.0.0.1" - sharpd_options=" -A 127.0.0.1" - pbrd_options=" -A 127.0.0.1" - staticd_options="-A 127.0.0.1" - bfdd_options=" -A 127.0.0.1" - fabricd_options="-A 127.0.0.1" - vrrpd_options=" -A 127.0.0.1" - - # configuration profile - # - #frr_profile="traditional" - #frr_profile="datacenter" - - # - # This is the maximum number of FD's that will be available. - # Upon startup this is read by the control files and ulimit - # is called. Uncomment and use a reasonable value for your - # setup if you are expecting a large number of peers in - # say BGP. - #MAX_FDS=1024 - - # The list of daemons to watch is automatically generated by the init script. - #watchfrr_options="" - - # for debugging purposes, you can specify a "wrap" command to start instead - # of starting the daemon directly, e.g. to use valgrind on ospfd: - # ospfd_wrap="/usr/bin/valgrind" - # or you can use "all_wrap" for all daemons, e.g. to use perf record: - # all_wrap="/usr/bin/perf record --call-graph -" - # the normal daemon command is added to this at the end. - vtysh.conf: |+ - service integrated-vtysh-config - frr.conf: |+ - ! This file gets overriden the first time the speaker renders a config. - ! So anything configured here is only temporary. - frr version 7.5.1 - frr defaults traditional - hostname Router - line vty - log file /etc/frr/frr.log informational -{{- end }} ---- -{{- if .Values.speaker.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "metallb.fullname" . }}-speaker - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "metallb.labels" . | nindent 4 }} - app.kubernetes.io/component: speaker - {{- range $key, $value := .Values.speaker.labels }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - {{- if .Values.speaker.updateStrategy }} - updateStrategy: {{- toYaml .Values.speaker.updateStrategy | nindent 4 }} - {{- end }} - selector: - matchLabels: - {{- include "metallb.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: speaker - template: - metadata: - {{- if or .Values.prometheus.scrapeAnnotations .Values.speaker.podAnnotations }} - annotations: - {{- if .Values.prometheus.scrapeAnnotations }} - prometheus.io/scrape: "true" - {{- if not .Values.speaker.frr.enabled }} - prometheus.io/port: "{{ .Values.prometheus.metricsPort }}" - {{- end }} - {{- end }} - {{- with .Values.speaker.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - labels: - {{- include "metallb.selectorLabels" . | nindent 8 }} - app.kubernetes.io/component: speaker - {{- range $key, $value := .Values.speaker.labels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - spec: - {{- if .Values.speaker.runtimeClassName }} - runtimeClassName: {{ .Values.speaker.runtimeClassName }} - {{- end }} - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "metallb.speaker.serviceAccountName" . }} - terminationGracePeriodSeconds: 0 - hostNetwork: true - {{- if .Values.speaker.securityContext }} - securityContext: - {{- toYaml .Values.speaker.securityContext | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.prometheus.speakerMetricsTLSSecret }} - - name: metrics-certs - secret: - secretName: {{ .Values.prometheus.speakerMetricsTLSSecret }} - {{- end }} - {{- if .Values.speaker.memberlist.enabled }} - - name: memberlist - secret: - secretName: {{ include "metallb.secretName" . }} - defaultMode: 420 - {{- end }} - {{- if .Values.speaker.excludeInterfaces.enabled }} - - name: metallb-excludel2 - configMap: - defaultMode: 256 - name: metallb-excludel2 - {{- end }} - {{- if .Values.speaker.frr.enabled }} - - name: frr-sockets - emptyDir: {} - - name: frr-startup - configMap: - name: {{ template "metallb.fullname" . }}-frr-startup - - name: frr-conf - emptyDir: {} - - name: reloader - emptyDir: {} - - name: metrics - emptyDir: {} - initContainers: - # Copies the initial config files with the right permissions to the shared volume. - - name: cp-frr-files - image: {{ .Values.speaker.frr.image.repository }}:{{ .Values.speaker.frr.image.tag | default .Chart.AppVersion }} - securityContext: - runAsUser: 100 - runAsGroup: 101 - command: ["/bin/sh", "-c", "cp -rLf /tmp/frr/* /etc/frr/"] - volumeMounts: - - name: frr-startup - mountPath: /tmp/frr - - name: frr-conf - mountPath: /etc/frr - # Copies the reloader to the shared volume between the speaker and reloader. - - name: cp-reloader - image: {{ .Values.speaker.image.repository }}:{{ .Values.speaker.image.tag | default .Chart.AppVersion }} - command: ["/bin/sh", "-c", "cp -f /frr-reloader.sh /etc/frr_reloader/"] - volumeMounts: - - name: reloader - mountPath: /etc/frr_reloader - # Copies the metrics exporter - - name: cp-metrics - image: {{ .Values.speaker.image.repository }}:{{ .Values.speaker.image.tag | default .Chart.AppVersion }} - command: ["/bin/sh", "-c", "cp -f /frr-metrics /etc/frr_metrics/"] - volumeMounts: - - name: metrics - mountPath: /etc/frr_metrics - shareProcessNamespace: true - {{- end }} - containers: - - name: speaker - image: {{ .Values.speaker.image.repository }}:{{ .Values.speaker.image.tag | default .Chart.AppVersion }} - {{- if .Values.speaker.image.pullPolicy }} - imagePullPolicy: {{ .Values.speaker.image.pullPolicy }} - {{- end }} - {{- if .Values.speaker.command }} - command: - - {{ .Values.speaker.command }} - {{- end }} - args: - - --port={{ .Values.prometheus.metricsPort }} - {{- with .Values.speaker.logLevel }} - - --log-level={{ . }} - {{- end }} - {{- if .Values.loadBalancerClass }} - - --lb-class={{ .Values.loadBalancerClass }} - {{- end }} - {{- if .Values.speaker.wanConfig }} - - --ml-wan-config - {{- end }} - {{- if .Values.speaker.ignoreExcludeLB}} - - --ignore-exclude-lb - {{- end }} - {{- if .Values.prometheus.secureMetricsPort }} - - --host=localhost - {{- end }} - env: - - name: METALLB_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: METALLB_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.speaker.memberlist.enabled }} - {{- if .Values.speaker.memberlist.mlBindAddrOverride }} - - name: METALLB_ML_BIND_ADDR - value: "{{ .Values.speaker.memberlist.mlBindAddrOverride }}" - {{ else }} - - name: METALLB_ML_BIND_ADDR - valueFrom: - fieldRef: - fieldPath: status.podIP - {{ end }} - - name: METALLB_ML_LABELS - value: "app.kubernetes.io/name={{ include "metallb.name" . }},app.kubernetes.io/component=speaker" - - name: METALLB_ML_BIND_PORT - value: "{{ .Values.speaker.memberlist.mlBindPort }}" - - name: METALLB_ML_SECRET_KEY_PATH - value: "{{ .Values.speaker.memberlist.mlSecretKeyPath }}" - {{- end }} - {{- if .Values.speaker.frr.enabled }} - - name: FRR_CONFIG_FILE - value: /etc/frr_reloader/frr.conf - - name: FRR_RELOADER_PID_FILE - value: /etc/frr_reloader/reloader.pid - - name: METALLB_BGP_TYPE - value: frr - {{- end }} - {{- if .Values.frrk8s.enabled }} - - name: METALLB_BGP_TYPE - value: frr-k8s - {{- end }} - ports: - - name: monitoring - containerPort: {{ .Values.prometheus.metricsPort }} - {{- if .Values.speaker.memberlist.enabled }} - - name: memberlist-tcp - containerPort: {{ .Values.speaker.memberlist.mlBindPort }} - protocol: TCP - - name: memberlist-udp - containerPort: {{ .Values.speaker.memberlist.mlBindPort }} - protocol: UDP - {{- end }} - {{- if .Values.speaker.livenessProbe.enabled }} - livenessProbe: - httpGet: - {{- if .Values.prometheus.secureMetricsPort }} - host: localhost - {{- end }} - path: /metrics - port: monitoring - initialDelaySeconds: {{ .Values.speaker.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.speaker.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.speaker.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.speaker.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.speaker.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.speaker.readinessProbe.enabled }} - readinessProbe: - httpGet: - {{- if .Values.prometheus.secureMetricsPort }} - host: localhost - {{- end }} - path: /metrics - port: monitoring - initialDelaySeconds: {{ .Values.speaker.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.speaker.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.speaker.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.speaker.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.speaker.readinessProbe.failureThreshold }} - {{- end }} - {{- with .Values.speaker.resources }} - resources: - {{- toYaml . | nindent 10 }} - {{- end }} - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - add: - - NET_RAW - {{- if or .Values.speaker.frr.enabled .Values.speaker.memberlist.enabled .Values.speaker.excludeInterfaces.enabled }} - volumeMounts: - {{- if .Values.speaker.memberlist.enabled }} - - name: memberlist - mountPath: {{ .Values.speaker.memberlist.mlSecretKeyPath }} - {{- end }} - {{- if .Values.speaker.frr.enabled }} - - name: reloader - mountPath: /etc/frr_reloader - {{- end }} - {{- if .Values.speaker.excludeInterfaces.enabled }} - - name: metallb-excludel2 - mountPath: /etc/metallb - {{- end }} - {{- end }} - {{- if .Values.speaker.frr.enabled }} - - name: frr - securityContext: - capabilities: - add: - - NET_ADMIN - - NET_RAW - - SYS_ADMIN - - NET_BIND_SERVICE - image: {{ .Values.speaker.frr.image.repository }}:{{ .Values.speaker.frr.image.tag | default .Chart.AppVersion }} - {{- if .Values.speaker.frr.image.pullPolicy }} - imagePullPolicy: {{ .Values.speaker.frr.image.pullPolicy }} - {{- end }} - env: - - name: TINI_SUBREAPER - value: "true" - volumeMounts: - - name: frr-sockets - mountPath: /var/run/frr - - name: frr-conf - mountPath: /etc/frr - # The command is FRR's default entrypoint & waiting for the log file to appear and tailing it. - # If the log file isn't created in 60 seconds the tail fails and the container is restarted. - # This workaround is needed to have the frr logs as part of kubectl logs -c frr < speaker_pod_name >. - command: - - /bin/sh - - -c - - | - /sbin/tini -- /usr/lib/frr/docker-start & - attempts=0 - until [[ -f /etc/frr/frr.log || $attempts -eq 60 ]]; do - sleep 1 - attempts=$(( $attempts + 1 )) - done - tail -f /etc/frr/frr.log - {{- with .Values.speaker.frr.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- if .Values.speaker.livenessProbe.enabled }} - livenessProbe: - httpGet: - {{- if .Values.prometheus.secureMetricsPort }} - host: localhost - {{- end }} - path: livez - port: {{ .Values.speaker.frr.metricsPort }} - initialDelaySeconds: {{ .Values.speaker.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.speaker.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.speaker.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.speaker.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.speaker.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.speaker.startupProbe.enabled }} - startupProbe: - httpGet: - {{- if .Values.prometheus.secureMetricsPort }} - host: localhost - {{- end }} - path: /livez - port: {{ .Values.speaker.frr.metricsPort }} - failureThreshold: {{ .Values.speaker.startupProbe.failureThreshold }} - periodSeconds: {{ .Values.speaker.startupProbe.periodSeconds }} - {{- end }} - - name: reloader - image: {{ .Values.speaker.frr.image.repository }}:{{ .Values.speaker.frr.image.tag | default .Chart.AppVersion }} - {{- if .Values.speaker.frr.image.pullPolicy }} - imagePullPolicy: {{ .Values.speaker.frr.image.pullPolicy }} - {{- end }} - command: ["/etc/frr_reloader/frr-reloader.sh"] - volumeMounts: - - name: frr-sockets - mountPath: /var/run/frr - - name: frr-conf - mountPath: /etc/frr - - name: reloader - mountPath: /etc/frr_reloader - {{- with .Values.speaker.reloader.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - - name: frr-metrics - image: {{ .Values.speaker.frr.image.repository }}:{{ .Values.speaker.frr.image.tag | default .Chart.AppVersion }} - command: ["/etc/frr_metrics/frr-metrics"] - args: - - --metrics-port={{ .Values.speaker.frr.metricsPort }} - {{- if .Values.prometheus.secureMetricsPort }} - - --host=localhost - {{- end }} - ports: - - containerPort: {{ .Values.speaker.frr.metricsPort }} - name: monitoring - volumeMounts: - - name: frr-sockets - mountPath: /var/run/frr - - name: frr-conf - mountPath: /etc/frr - - name: metrics - mountPath: /etc/frr_metrics - {{- with .Values.speaker.frrMetrics.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.prometheus.secureMetricsPort }} - - name: kube-rbac-proxy - image: {{ .Values.prometheus.rbacProxy.repository }}:{{ .Values.prometheus.rbacProxy.tag }} - imagePullPolicy: {{ .Values.prometheus.rbacProxy.pullPolicy }} - args: - - --logtostderr - - --secure-listen-address=:{{ .Values.prometheus.secureMetricsPort }} - - --upstream=http://localhost:{{ .Values.prometheus.metricsPort }}/ - - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - {{- if .Values.prometheus.speakerMetricsTLSSecret }} - - --tls-private-key-file=/etc/metrics/tls.key - - --tls-cert-file=/etc/metrics/tls.crt - {{- end }} - ports: - - containerPort: {{ .Values.prometheus.secureMetricsPort }} - name: metricshttps - resources: - requests: - cpu: 10m - memory: 20Mi - terminationMessagePolicy: FallbackToLogsOnError - {{- if .Values.prometheus.speakerMetricsTLSSecret }} - volumeMounts: - - name: metrics-certs - mountPath: /etc/metrics - readOnly: true - {{- end }} - {{ end }} - {{- if .Values.speaker.frr.enabled }} - {{- if .Values.speaker.frr.secureMetricsPort }} - - name: kube-rbac-proxy-frr - image: {{ .Values.prometheus.rbacProxy.repository }}:{{ .Values.prometheus.rbacProxy.tag | default .Chart.AppVersion }} - imagePullPolicy: {{ .Values.prometheus.rbacProxy.pullPolicy }} - args: - - --logtostderr - - --secure-listen-address=:{{ .Values.speaker.frr.secureMetricsPort }} - - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - - --upstream=http://localhost:{{ .Values.speaker.frr.metricsPort }}/ - {{- if .Values.prometheus.speakerMetricsTLSSecret }} - - --tls-private-key-file=/etc/metrics/tls.key - - --tls-cert-file=/etc/metrics/tls.crt - {{- end }} - ports: - - containerPort: {{ .Values.speaker.frr.secureMetricsPort }} - name: frrmetricshttps - env: - - name: METALLB_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - resources: - requests: - cpu: 10m - memory: 20Mi - terminationMessagePolicy: FallbackToLogsOnError - {{- if .Values.prometheus.speakerMetricsTLSSecret }} - volumeMounts: - - name: metrics-certs - mountPath: /etc/metrics - readOnly: true - {{- end }} - {{ end }} - {{- end }} - {{- if .Values.speaker.extraContainers }} - {{- toYaml .Values.speaker.extraContainers | nindent 6 }} - {{- end }} - nodeSelector: - "kubernetes.io/os": linux - {{- with .Values.speaker.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.speaker.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if or .Values.speaker.tolerateMaster .Values.speaker.tolerations }} - tolerations: - {{- if .Values.speaker.tolerateMaster }} - - key: node-role.kubernetes.io/master - effect: NoSchedule - operator: Exists - - key: node-role.kubernetes.io/control-plane - effect: NoSchedule - operator: Exists - {{- end }} - {{- with .Values.speaker.tolerations }} - {{- toYaml . | nindent 6 }} - {{- end }} - {{- end }} - {{- with .Values.speaker.priorityClassName }} - priorityClassName: {{ . | quote }} - {{- end }} -{{- end }} diff --git a/charts/metallb/metallb/templates/webhooks.yaml b/charts/metallb/metallb/templates/webhooks.yaml deleted file mode 100644 index e708beea6..000000000 --- a/charts/metallb/metallb/templates/webhooks.yaml +++ /dev/null @@ -1,150 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: metallb-webhook-configuration - labels: - {{- include "metallb.labels" . | nindent 4 }} -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: metallb-webhook-service - namespace: {{ .Release.Namespace }} - path: /validate-metallb-io-v1beta2-bgppeer - failurePolicy: {{ .Values.crds.validationFailurePolicy }} - name: bgppeervalidationwebhook.metallb.io - rules: - - apiGroups: - - metallb.io - apiVersions: - - v1beta2 - operations: - - CREATE - - UPDATE - resources: - - bgppeers - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: metallb-webhook-service - namespace: {{ .Release.Namespace }} - path: /validate-metallb-io-v1beta1-ipaddresspool - failurePolicy: {{ .Values.crds.validationFailurePolicy }} - name: ipaddresspoolvalidationwebhook.metallb.io - rules: - - apiGroups: - - metallb.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - ipaddresspools - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: metallb-webhook-service - namespace: {{ .Release.Namespace }} - path: /validate-metallb-io-v1beta1-bgpadvertisement - failurePolicy: {{ .Values.crds.validationFailurePolicy }} - name: bgpadvertisementvalidationwebhook.metallb.io - rules: - - apiGroups: - - metallb.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - bgpadvertisements - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: metallb-webhook-service - namespace: {{ .Release.Namespace }} - path: /validate-metallb-io-v1beta1-community - failurePolicy: {{ .Values.crds.validationFailurePolicy }} - name: communityvalidationwebhook.metallb.io - rules: - - apiGroups: - - metallb.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - communities - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: metallb-webhook-service - namespace: {{ .Release.Namespace }} - path: /validate-metallb-io-v1beta1-bfdprofile - failurePolicy: {{ .Values.crds.validationFailurePolicy }} - name: bfdprofilevalidationwebhook.metallb.io - rules: - - apiGroups: - - metallb.io - apiVersions: - - v1beta1 - operations: - - CREATE - - DELETE - resources: - - bfdprofiles - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: metallb-webhook-service - namespace: {{ .Release.Namespace }} - path: /validate-metallb-io-v1beta1-l2advertisement - failurePolicy: {{ .Values.crds.validationFailurePolicy }} - name: l2advertisementvalidationwebhook.metallb.io - rules: - - apiGroups: - - metallb.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - l2advertisements - sideEffects: None ---- -apiVersion: v1 -kind: Service -metadata: - name: metallb-webhook-service - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "metallb.labels" . | nindent 4 }} -spec: - ports: - - port: 443 - targetPort: 9443 - selector: - {{- include "metallb.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: controller ---- -apiVersion: v1 -kind: Secret -metadata: - name: metallb-webhook-cert - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "metallb.labels" . | nindent 4 }} diff --git a/charts/metallb/metallb/values.schema.json b/charts/metallb/metallb/values.schema.json deleted file mode 100644 index bc0dd8402..000000000 --- a/charts/metallb/metallb/values.schema.json +++ /dev/null @@ -1,448 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft-07/schema#", - "title": "Values", - "type": "object", - "definitions": { - "prometheusAlert": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "labels": { - "type": "object", - "additionalProperties": { "type": "string" } - } - }, - "required": [ "enabled" ] - }, - "probe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - }, - "required": [ - "failureThreshold", - "initialDelaySeconds", - "periodSeconds", - "successThreshold", - "timeoutSeconds" - ] - }, - "component": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "logLevel": { - "type": "string", - "enum": [ "all", "debug", "info", "warn", "error", "none" ] - }, - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "anyOf": [ - { "type": "string" }, - { "type": "null" } - ] - }, - "pullPolicy": { - "anyOf": [ - { - "type": "null" - }, - { - "type": "string", - "enum": [ "Always", "IfNotPresent", "Never" ] - } - ] - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "create": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "annotations": { - "type": "object" - } - } - }, - "resources": { - "type": "object" - }, - "nodeSelector": { - "type": "object" - }, - "tolerations": { - "type": "array", - "items": { - "type": "object" - } - }, - "priorityClassName": { - "type":"string" - }, - "runtimeClassName": { - "type":"string" - }, - "affinity": { - "type": "object" - }, - "podAnnotations": { - "type": "object" - }, - "livenessProbe": { - "$ref": "#/definitions/probe" - }, - "readinessProbe": { - "$ref": "#/definitions/probe" - } - }, - "required": [ - "image", - "serviceAccount" - ] - } - }, - "properties": { - "imagePullSecrets": { - "description": "Secrets used for pulling images", - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - } - }, - "required": [ "name" ], - "additionalProperties": false - } - }, - "nameOverride": { - "description": "Override chart name", - "type": "string" - }, - "fullNameOverride": { - "description": "Override fully qualified app name", - "type": "string" - }, - "configInLine": { - "description": "MetalLB configuration", - "type": "object" - }, - "loadBalancerClass": { - "type":"string" - }, - "rbac": { - "description": "RBAC configuration", - "type": "object", - "properties": { - "create": { - "description": "Enable RBAC", - "type": "boolean" - } - } - }, - "prometheus": { - "description": "Prometheus monitoring config", - "type": "object", - "properties": { - "scrapeAnnotations": { "type": "boolean" }, - "metricsPort": { "type": "integer" }, - "secureMetricsPort": { "type": "integer" }, - "rbacPrometheus": { "type": "boolean" }, - "serviceAccount": { "type": "string" }, - "namespace": { "type": "string" }, - "rbacProxy": { - "description": "kube-rbac-proxy configuration", - "type": "object", - "properties": { - "repository": { "type": "string" }, - "tag": { "type": "string" } - } - }, - "podMonitor": { - "description": "Prometheus Operator PodMonitors", - "type": "object", - "properties": { - "enabled": { "type": "boolean" }, - "additionalMonitors": { "type": "object" }, - "jobLabel": { "type": "string" }, - "interval": { - "anyOf": [ - { "type": "integer" }, - { "type": "null" } - ] - }, - "metricRelabelings": { - "type": "array", - "items": { - "type": "object" - } - }, - "relabelings": { - "type": "array", - "items": { - "type": "object" - } - } - } - }, - "serviceMonitor": { - "description": "Prometheus Operator ServiceMonitors", - "type": "object", - "properties": { - "enabled": { "type": "boolean" }, - "jobLabel": { "type": "string" }, - "interval": { - "anyOf": [ - { "type": "integer" }, - { "type": "null" } - ] - }, - "metricRelabelings": { - "type": "array", - "items": { - "type": "object" - } - }, - "relabelings": { - "type": "array", - "items": { - "type": "object" - } - } - } - }, - "prometheusRule": { - "description": "Prometheus Operator alertmanager alerts", - "type": "object", - "properties": { - "enabled": { "type": "boolean" }, - "additionalMonitors": { "type": "object" }, - "staleConfig": { "$ref": "#/definitions/prometheusAlert" }, - "configNotLoaded": { "$ref": "#/definitions/prometheusAlert" }, - "addressPoolExhausted": { "$ref": "#/definitions/prometheusAlert" }, - "addressPoolUsage": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "thresholds": { - "type": "array", - "items": { - "type": "object", - "properties": { - "percent": { - "type": "integer", - "minimum": 0, - "maximum": 100 - }, - "labels": { - "type": "object", - "additionalProperties": { "type": "string" } - } - }, - "required": [ "percent" ] - } - } - }, - "required": [ "enabled" ] - }, - "bgpSessionDown": { "$ref": "#/definitions/prometheusAlert" }, - "extraAlerts": { - "type": "array", - "items": { - "type": "object" - } - } - }, - "required": [ - "enabled", - "staleConfig", - "configNotLoaded", - "addressPoolExhausted", - "addressPoolUsage", - "bgpSessionDown" - ] - } - }, - "required": [ "podMonitor", "prometheusRule" ] - }, - "controller": { - "allOf": [ - { "$ref": "#/definitions/component" }, - { "description": "MetalLB Controller", - "type": "object", - "properties": { - "strategy": { - "type": "object", - "properties": { - "type": { - "type": "string" - } - }, - "required": [ "type" ] - }, - "command" : { - "type": "string" - }, - "webhookMode" : { - "type": "string" - }, - "extraContainers": { - "type": "array", - "items": { - "type": "object" - } - } - } - } - ] - }, - "speaker": { - "allOf": [ - { "$ref": "#/definitions/component" }, - { "description": "MetalLB Speaker", - "type": "object", - "properties": { - "tolerateMaster": { - "type": "boolean" - }, - "memberlist": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "mlBindPort": { - "type": "integer" - }, - "mlBindAddrOverride": { - "type": "string" - }, - "mlSecretKeyPath": { - "type": "string" - } - } - }, - "excludeInterfaces": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "ignoreExcludeLB": { - "type": "boolean" - }, - "updateStrategy": { - "type": "object", - "properties": { - "type": { - "type": "string" - } - }, - "required": [ "type" ] - }, - "runtimeClassName": { - "type": "string" - }, - "securityContext": { - "type": "object" - }, - "secretName": { - "type": "string" - }, - "frr": { - "description": "Install FRR container in speaker deployment", - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "image": { "$ref": "#/definitions/component/properties/image" }, - "metricsPort": { "type": "integer" }, - "secureMetricsPort": { "type": "integer" }, - "resources:": { "type": "object" } - }, - "required": [ "enabled" ] - }, - "command" : { - "type": "string" - }, - "reloader": { - "type": "object", - "properties": { - "resources": { "type": "object" } - } - }, - "frrMetrics": { - "type": "object", - "properties": { - "resources": { "type": "object" } - } - }, - "extraContainers": { - "type": "array", - "items": { - "type": "object" - } - } - }, - "required": [ "tolerateMaster" ] - } - ] - }, - "crds": { - "description": "CRD configuration", - "type": "object", - "properties": { - "enabled": { - "description": "Enable CRDs", - "type": "boolean" - }, - "validationFailurePolicy": { - "description": "Failure policy to use with validating webhooks", - "type": "string", - "enum": [ "Ignore", "Fail" ] - } - } - } - }, - "required": [ - "controller", - "speaker" - ] -} diff --git a/charts/metallb/metallb/values.yaml b/charts/metallb/metallb/values.yaml deleted file mode 100644 index 738f25f8a..000000000 --- a/charts/metallb/metallb/values.yaml +++ /dev/null @@ -1,363 +0,0 @@ -# Default values for metallb. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" -loadBalancerClass: "" - -# To configure MetalLB, you must specify ONE of the following two -# options. - -rbac: - # create specifies whether to install and use RBAC rules. - create: true - -prometheus: - # scrape annotations specifies whether to add Prometheus metric - # auto-collection annotations to pods. See - # https://github.com/prometheus/prometheus/blob/release-2.1/documentation/examples/prometheus-kubernetes.yml - # for a corresponding Prometheus configuration. Alternatively, you - # may want to use the Prometheus Operator - # (https://github.com/coreos/prometheus-operator) for more powerful - # monitoring configuration. If you use the Prometheus operator, this - # can be left at false. - scrapeAnnotations: false - - # port both controller and speaker will listen on for metrics - metricsPort: 7472 - - # if set, enables rbac proxy on the controller and speaker to expose - # the metrics via tls. - # secureMetricsPort: 9120 - - # the name of the secret to be mounted in the speaker pod - # to expose the metrics securely. If not present, a self signed - # certificate to be used. - speakerMetricsTLSSecret: "" - - # the name of the secret to be mounted in the controller pod - # to expose the metrics securely. If not present, a self signed - # certificate to be used. - controllerMetricsTLSSecret: "" - - # prometheus doens't have the permission to scrape all namespaces so we give it permission to scrape metallb's one - rbacPrometheus: true - - # the service account used by prometheus - # required when " .Values.prometheus.rbacPrometheus == true " and " .Values.prometheus.podMonitor.enabled=true or prometheus.serviceMonitor.enabled=true " - serviceAccount: "" - - # the namespace where prometheus is deployed - # required when " .Values.prometheus.rbacPrometheus == true " and " .Values.prometheus.podMonitor.enabled=true or prometheus.serviceMonitor.enabled=true " - namespace: "" - - # the image to be used for the kuberbacproxy container - rbacProxy: - repository: gcr.io/kubebuilder/kube-rbac-proxy - tag: v0.12.0 - pullPolicy: - - # Prometheus Operator PodMonitors - podMonitor: - # enable support for Prometheus Operator - enabled: false - - # optional additionnal labels for podMonitors - additionalLabels: {} - - # optional annotations for podMonitors - annotations: {} - - # Job label for scrape target - jobLabel: "app.kubernetes.io/name" - - # Scrape interval. If not set, the Prometheus default scrape interval is used. - interval: - - # metric relabel configs to apply to samples before ingestion. - metricRelabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] - - # relabel configs to apply to samples before ingestion. - relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # target_label: nodename - # replacement: $1 - # action: replace - - # Prometheus Operator ServiceMonitors. To be used as an alternative - # to podMonitor, supports secure metrics. - serviceMonitor: - # enable support for Prometheus Operator - enabled: false - - speaker: - # optional additional labels for the speaker serviceMonitor - additionalLabels: {} - # optional additional annotations for the speaker serviceMonitor - annotations: {} - # optional tls configuration for the speaker serviceMonitor, in case - # secure metrics are enabled. - tlsConfig: - insecureSkipVerify: true - - controller: - # optional additional labels for the controller serviceMonitor - additionalLabels: {} - # optional additional annotations for the controller serviceMonitor - annotations: {} - # optional tls configuration for the controller serviceMonitor, in case - # secure metrics are enabled. - tlsConfig: - insecureSkipVerify: true - - # Job label for scrape target - jobLabel: "app.kubernetes.io/name" - - # Scrape interval. If not set, the Prometheus default scrape interval is used. - interval: - - # metric relabel configs to apply to samples before ingestion. - metricRelabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] - - # relabel configs to apply to samples before ingestion. - relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # target_label: nodename - # replacement: $1 - # action: replace - - # Prometheus Operator alertmanager alerts - prometheusRule: - # enable alertmanager alerts - enabled: false - - # optional additionnal labels for prometheusRules - additionalLabels: {} - - # optional annotations for prometheusRules - annotations: {} - - # MetalLBStaleConfig - staleConfig: - enabled: true - labels: - severity: warning - - # MetalLBConfigNotLoaded - configNotLoaded: - enabled: true - labels: - severity: warning - - # MetalLBAddressPoolExhausted - addressPoolExhausted: - enabled: true - labels: - severity: alert - - addressPoolUsage: - enabled: true - thresholds: - - percent: 75 - labels: - severity: warning - - percent: 85 - labels: - severity: warning - - percent: 95 - labels: - severity: alert - - # MetalLBBGPSessionDown - bgpSessionDown: - enabled: true - labels: - severity: alert - - extraAlerts: [] - -# controller contains configuration specific to the MetalLB cluster -# controller. -controller: - enabled: true - # -- Controller log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none` - logLevel: info - # command: /controller - # webhookMode: enabled - image: - repository: quay.io/metallb/controller - tag: - pullPolicy: - ## @param controller.updateStrategy.type Metallb controller deployment strategy type. - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy - ## e.g: - ## strategy: - ## type: RollingUpdate - ## rollingUpdate: - ## maxSurge: 25% - ## maxUnavailable: 25% - ## - strategy: - type: RollingUpdate - serviceAccount: - # Specifies whether a ServiceAccount should be created - create: true - # The name of the ServiceAccount to use. If not set and create is - # true, a name is generated using the fullname template - name: "" - annotations: {} - securityContext: - runAsNonRoot: true - # nobody - runAsUser: 65534 - fsGroup: 65534 - resources: {} - # limits: - # cpu: 100m - # memory: 100Mi - nodeSelector: {} - tolerations: [] - priorityClassName: "" - runtimeClassName: "" - affinity: {} - podAnnotations: {} - labels: {} - livenessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - tlsMinVersion: "VersionTLS12" - tlsCipherSuites: "" - - extraContainers: [] - -# speaker contains configuration specific to the MetalLB speaker -# daemonset. -speaker: - enabled: true - # command: /speaker - # -- Speaker log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none` - logLevel: info - tolerateMaster: true - memberlist: - enabled: true - mlBindPort: 7946 - mlBindAddrOverride: "" - mlSecretKeyPath: "/etc/ml_secret_key" - excludeInterfaces: - enabled: true - # ignore the exclude-from-external-loadbalancer label - ignoreExcludeLB: false - - image: - repository: quay.io/metallb/speaker - tag: - pullPolicy: - ## @param speaker.updateStrategy.type Speaker daemonset strategy type - ## ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/ - ## - updateStrategy: - ## StrategyType - ## Can be set to RollingUpdate or OnDelete - ## - type: RollingUpdate - serviceAccount: - # Specifies whether a ServiceAccount should be created - create: true - # The name of the ServiceAccount to use. If not set and create is - # true, a name is generated using the fullname template - name: "" - annotations: {} - securityContext: {} - ## Defines a secret name for the controller to generate a memberlist encryption secret - ## By default secretName: {{ "metallb.fullname" }}-memberlist - ## - # secretName: - resources: {} - # limits: - # cpu: 100m - # memory: 100Mi - nodeSelector: {} - tolerations: [] - priorityClassName: "" - affinity: {} - ## Selects which runtime class will be used by the pod. - runtimeClassName: "" - podAnnotations: {} - labels: {} - livenessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - startupProbe: - enabled: true - failureThreshold: 30 - periodSeconds: 5 - # frr contains configuration specific to the MetalLB FRR container, - # for speaker running alongside FRR. - frr: - enabled: true - image: - repository: quay.io/frrouting/frr - tag: 9.0.2 - pullPolicy: - metricsPort: 7473 - resources: {} - - # if set, enables a rbac proxy sidecar container on the speaker to - # expose the frr metrics via tls. - # secureMetricsPort: 9121 - - - reloader: - resources: {} - - frrMetrics: - resources: {} - - extraContainers: [] - -crds: - enabled: true - validationFailurePolicy: Fail - -# frrk8s contains the configuration related to using an frrk8s instance -# (github.com/metallb/frr-k8s) as the backend for the BGP implementation. -# This allows configuring additional frr parameters in combination to those -# applied by MetalLB. -frrk8s: - # if set, enables frrk8s as a backend. This is mutually exclusive to frr - # mode. - enabled: false diff --git a/index.yaml b/index.yaml index 30ca7083e..3bd8e622e 100644 --- a/index.yaml +++ b/index.yaml @@ -20061,154 +20061,6 @@ entries: urls: - assets/loft/loft-3.2.0.tgz version: 3.2.0 - metallb: - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: MetalLB - catalog.cattle.io/kube-version: '>= 1.19.0-0' - catalog.cattle.io/namespace: metallb-system - catalog.cattle.io/release-name: metallb - apiVersion: v2 - appVersion: v0.14.5 - created: "2024-04-20T00:52:22.273537026Z" - dependencies: - - condition: crds.enabled - name: crds - repository: file://./charts/crds - version: 0.14.5 - - condition: frrk8s.enabled - name: frr-k8s - repository: file://./charts/frr-k8s - version: 0.0.11 - description: A network load-balancer implementation for Kubernetes using standard - routing protocols - digest: 83cb85da29b1007a4002280f5c8c93f50420793e550012270fe10e2e3790335a - home: https://metallb.universe.tf - icon: file://assets/icons/metallb.png - kubeVersion: '>= 1.19.0-0' - name: metallb - sources: - - https://github.com/metallb/metallb - type: application - urls: - - assets/metallb/metallb-0.14.5.tgz - version: 0.14.5 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: MetalLB - catalog.cattle.io/kube-version: '>= 1.19.0-0' - catalog.cattle.io/namespace: metallb-system - catalog.cattle.io/release-name: metallb - apiVersion: v2 - appVersion: v0.14.4 - created: "2024-04-03T10:30:29.963141386-06:00" - dependencies: - - condition: crds.enabled - name: crds - repository: file://./charts/crds - version: 0.14.4 - - condition: frrk8s.enabled - name: frr-k8s - repository: file://./charts/frr-k8s - version: 0.0.10 - description: A network load-balancer implementation for Kubernetes using standard - routing protocols - digest: 43b4e3fac14281b840f7b4fa1cdd90957a56eb9f28ce9522e1c753ad98ea5b65 - home: https://metallb.universe.tf - icon: file://assets/icons/metallb.png - kubeVersion: '>= 1.19.0-0' - name: metallb - sources: - - https://github.com/metallb/metallb - type: application - urls: - - assets/metallb/metallb-0.14.4.tgz - version: 0.14.4 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: MetalLB - catalog.cattle.io/kube-version: '>= 1.19.0-0' - catalog.cattle.io/namespace: metallb-system - catalog.cattle.io/release-name: metallb - apiVersion: v2 - appVersion: v0.14.3 - created: "2024-02-09T14:31:36.279713775Z" - dependencies: - - condition: crds.enabled - name: crds - repository: file://./charts/crds - version: 0.14.3 - - condition: frrk8s.enabled - name: frr-k8s - repository: file://./charts/frr-k8s - version: 0.0.8 - description: A network load-balancer implementation for Kubernetes using standard - routing protocols - digest: 201260d67c0960dddaa35572e5fbb2a774354013596ecf6f525016d216d9e487 - home: https://metallb.universe.tf - icon: file://assets/icons/metallb.png - kubeVersion: '>= 1.19.0-0' - name: metallb - sources: - - https://github.com/metallb/metallb - type: application - urls: - - assets/metallb/metallb-0.14.3.tgz - version: 0.14.3 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: MetalLB - catalog.cattle.io/kube-version: '>= 1.19.0-0' - catalog.cattle.io/namespace: metallb-system - catalog.cattle.io/release-name: metallb - apiVersion: v2 - appVersion: v0.13.12 - created: "2023-10-20T22:25:48.867455386Z" - dependencies: - - condition: crds.enabled - name: crds - repository: file://./charts/crds - version: 0.13.12 - description: A network load-balancer implementation for Kubernetes using standard - routing protocols - digest: dbea71b0de1ae5e5f18ad5536a33245d115a53bda2d3402a76e5a652c54cd8a1 - home: https://metallb.universe.tf - icon: file://assets/icons/metallb.png - kubeVersion: '>= 1.19.0-0' - name: metallb - sources: - - https://github.com/metallb/metallb - type: application - urls: - - assets/metallb/metallb-0.13.12.tgz - version: 0.13.12 - - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: MetalLB - catalog.cattle.io/kube-version: '>= 1.19.0-0' - catalog.cattle.io/namespace: metallb-system - catalog.cattle.io/release-name: metallb - apiVersion: v2 - appVersion: v0.13.11 - created: "2023-09-05T12:50:43.404217854Z" - dependencies: - - condition: crds.enabled - name: crds - repository: file://./charts/crds - version: 0.13.11 - description: A network load-balancer implementation for Kubernetes using standard - routing protocols - digest: 142c1d911670b47058094d22ee9288590f3daacdda9ceca3b8dff40bf7cd6848 - home: https://metallb.universe.tf - icon: file://assets/icons/metallb.png - kubeVersion: '>= 1.19.0-0' - name: metallb - sources: - - https://github.com/metallb/metallb - type: application - urls: - - assets/metallb/metallb-0.13.11.tgz - version: 0.13.11 minio-operator: - annotations: catalog.cattle.io/certified: partner diff --git a/packages/metallb/metallb/upstream.yaml b/packages/metallb/metallb/upstream.yaml deleted file mode 100644 index 94493b39b..000000000 --- a/packages/metallb/metallb/upstream.yaml +++ /dev/null @@ -1,7 +0,0 @@ -HelmRepo: https://metallb.github.io/metallb -HelmChart: metallb -Vendor: MetalLB -DisplayName: MetalLB -Namespace: metallb-system -ChartMetadata: - icon: https://metallb.universe.tf/images/logo/metallb-blue.png