richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3578 Commits
33 Branches
82 Tags
153 MiB
Tree: a5cc8537f9
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a5cc8537f9'
${ noResults }
kubespray/contrib/metallb/roles/provision/templates/metallb.yml.j2

254 lines
5.2 KiB
Raw Normal View History

MetalLB as loadbalancer for on premise deployments (#3027) * add metallb as loadbalancer for on premise deployments * improve configuration * add variables to DaemonSet
6 years ago
  1. apiVersion: v1
  2. kind: Namespace
  3. metadata:
  4. name: metallb-system
  5. labels:
  6. app: metallb
  7. ---
  9. apiVersion: v1
  10. kind: ServiceAccount
  11. metadata:
  12. namespace: metallb-system
  13. name: controller
  14. labels:
  15. app: metallb
  16. ---
  17. apiVersion: v1
  18. kind: ServiceAccount
  19. metadata:
  20. namespace: metallb-system
  21. name: speaker
  22. labels:
  23. app: metallb
  25. ---
  26. apiVersion: rbac.authorization.k8s.io/v1
  27. kind: ClusterRole
  28. metadata:
  29. name: metallb-system:controller
  30. labels:
  31. app: metallb
  32. rules:
  33. - apiGroups: [""]
  34. resources: ["services"]
  35. verbs: ["get", "list", "watch", "update"]
  36. - apiGroups: [""]
  37. resources: ["services/status"]
  38. verbs: ["update"]
  39. - apiGroups: [""]
  40. resources: ["events"]
  41. verbs: ["create", "patch"]
  42. ---
  43. apiVersion: rbac.authorization.k8s.io/v1
  44. kind: ClusterRole
  45. metadata:
  46. name: metallb-system:speaker
  47. labels:
  48. app: metallb
  49. rules:
  50. - apiGroups: [""]
  51. resources: ["services", "endpoints", "nodes"]
  52. verbs: ["get", "list", "watch"]
  53. ---
  54. apiVersion: rbac.authorization.k8s.io/v1
  55. kind: Role
  56. metadata:
  57. namespace: metallb-system
  58. name: leader-election
  59. labels:
  60. app: metallb
  61. rules:
  62. - apiGroups: [""]
  63. resources: ["endpoints"]
  64. resourceNames: ["metallb-speaker"]
  65. verbs: ["get", "update"]
  66. - apiGroups: [""]
  67. resources: ["endpoints"]
  68. verbs: ["create"]
  69. ---
  70. apiVersion: rbac.authorization.k8s.io/v1
  71. kind: Role
  72. metadata:
  73. namespace: metallb-system
  74. name: config-watcher
  75. labels:
  76. app: metallb
  77. rules:
  78. - apiGroups: [""]
  79. resources: ["configmaps"]
  80. verbs: ["get", "list", "watch"]
  81. - apiGroups: [""]
  82. resources: ["events"]
  83. verbs: ["create"]
  84. ---
  86. ## Role bindings
  87. apiVersion: rbac.authorization.k8s.io/v1
  88. kind: ClusterRoleBinding
  89. metadata:
  90. name: metallb-system:controller
  91. labels:
  92. app: metallb
  93. subjects:
  94. - kind: ServiceAccount
  95. name: controller
  96. namespace: metallb-system
  97. roleRef:
  98. apiGroup: rbac.authorization.k8s.io
  99. kind: ClusterRole
  100. name: metallb-system:controller
  101. ---
  102. apiVersion: rbac.authorization.k8s.io/v1
  103. kind: ClusterRoleBinding
  104. metadata:
  105. name: metallb-system:speaker
  106. labels:
  107. app: metallb
  108. subjects:
  109. - kind: ServiceAccount
  110. name: speaker
  111. namespace: metallb-system
  112. roleRef:
  113. apiGroup: rbac.authorization.k8s.io
  114. kind: ClusterRole
  115. name: metallb-system:speaker
  116. ---
  117. apiVersion: rbac.authorization.k8s.io/v1
  118. kind: RoleBinding
  119. metadata:
  120. namespace: metallb-system
  121. name: config-watcher
  122. labels:
  123. app: metallb
  124. subjects:
  125. - kind: ServiceAccount
  126. name: controller
  127. - kind: ServiceAccount
  128. name: speaker
  129. roleRef:
  130. apiGroup: rbac.authorization.k8s.io
  131. kind: Role
  132. name: config-watcher
  133. ---
  134. apiVersion: rbac.authorization.k8s.io/v1
  135. kind: RoleBinding
  136. metadata:
  137. namespace: metallb-system
  138. name: leader-election
  139. labels:
  140. app: metallb
  141. subjects:
  142. - kind: ServiceAccount
  143. name: speaker
  144. roleRef:
  145. apiGroup: rbac.authorization.k8s.io
  146. kind: Role
  147. name: leader-election
  148. ---
  149. apiVersion: apps/v1beta2
  150. kind: DaemonSet
  151. metadata:
  152. namespace: metallb-system
  153. name: speaker
  154. labels:
  155. app: metallb
  156. component: speaker
  157. spec:
  158. selector:
  159. matchLabels:
  160. app: metallb
  161. component: speaker
  162. template:
  163. metadata:
  164. labels:
  165. app: metallb
  166. component: speaker
  167. annotations:
  168. prometheus.io/scrape: "true"
  169. prometheus.io/port: "{{ metallb.port }}"
  170. spec:
  171. serviceAccountName: speaker
  172. terminationGracePeriodSeconds: 0
  173. hostNetwork: true
  174. containers:
  175. - name: speaker
  176. image: metallb/speaker:v0.6.2
  177. imagePullPolicy: IfNotPresent
  178. args:
  179. - --port={{ metallb.port }}
  180. - --config=config
  181. env:
  182. - name: METALLB_NODE_NAME
  183. valueFrom:
  184. fieldRef:
  185. fieldPath: spec.nodeName
  186. ports:
  187. - name: monitoring
  188. containerPort: {{ metallb.port }}
  189. resources:
  190. limits:
  191. cpu: {{ metallb.limits.cpu }}
  192. memory: {{ metallb.limits.memory }}
  193. securityContext:
  194. allowPrivilegeEscalation: false
  195. readOnlyRootFilesystem: true
  196. capabilities:
  197. drop:
  198. - all
  199. add:
  200. - net_raw
  202. ---
  203. apiVersion: apps/v1beta2
  204. kind: Deployment
  205. metadata:
  206. namespace: metallb-system
  207. name: controller
  208. labels:
  209. app: metallb
  210. component: controller
  211. spec:
  212. revisionHistoryLimit: 3
  213. selector:
  214. matchLabels:
  215. app: metallb
  216. component: controller
  217. template:
  218. metadata:
  219. labels:
  220. app: metallb
  221. component: controller
  222. annotations:
  223. prometheus.io/scrape: "true"
  224. prometheus.io/port: "{{ metallb.port }}"
  225. spec:
  226. serviceAccountName: controller
  227. terminationGracePeriodSeconds: 0
  228. securityContext:
  229. runAsNonRoot: true
  230. runAsUser: 65534 # nobody
  231. containers:
  232. - name: controller
  233. image: metallb/controller:v0.6.2
  234. imagePullPolicy: IfNotPresent
  235. args:
  236. - --port={{ metallb.port }}
  237. - --config=config
  238. ports:
  239. - name: monitoring
  240. containerPort: {{ metallb.port }}
  241. resources:
  242. limits:
  243. cpu: {{ metallb.limits.cpu }}
  244. memory: {{ metallb.limits.memory }}
  245. securityContext:
  246. allowPrivilegeEscalation: false
  247. capabilities:
  248. drop:
  249. - all
  250. readOnlyRootFilesystem: true
  252. ---