feat: upgrade metallb to v0.11.0 (#8420)

Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
2 years ago · 01dcbc18ac
3 changed files with 42 additions and 6 deletions
--- a/inventory/sample/group_vars/k8s_cluster/addons.yml
+++ b/inventory/sample/group_vars/k8s_cluster/addons.yml
@ -182,7 +182,7 @@ metallb_speaker_enabled: true
 #     operator: "Equal"
 #     value: ""
 #     effect: "NoSchedule"
-# metallb_version: v0.10.3
+# metallb_version: v0.11.0
 # metallb_protocol: "layer2"
 # metallb_port: "7472"
 # metallb_memberlist_port: "7946"
--- a/roles/kubernetes-apps/metallb/defaults/main.yml
+++ b/roles/kubernetes-apps/metallb/defaults/main.yml
@ -1,6 +1,7 @@
 ---
 metallb_enabled: false
-metallb_version: v0.10.3
+metallb_version: v0.11.0
+metallb_log_level: info
 metallb_protocol: "layer2"
 metallb_port: "7472"
 metallb_memberlist_port: "7946"
--- a/roles/kubernetes-apps/metallb/templates/metallb.yml.j2
+++ b/roles/kubernetes-apps/metallb/templates/metallb.yml.j2
@ -31,10 +31,7 @@ spec:
  requiredDropCapabilities:
  - ALL
  runAsUser:
-    ranges:
-    - max: 65535
-      min: 1
-    rule: MustRunAs
+    rule: MustRunAsNonRoot
  seLinux:
    rule: RunAsAny
  supplementalGroups:
@ -354,6 +351,7 @@ spec:
      - args:
        - --port={{ metallb_port }}
        - --config=config
+        - --log-level={{ metallb_log_level }}
        env:
        - name: METALLB_NODE_NAME
          valueFrom:
@ -389,6 +387,24 @@ spec:
        - containerPort: {{ metallb_memberlist_port }}
          name: memberlist-udp
          protocol: UDP
+        livenessProbe:
+          httpGet:
+            path: /metrics
+            port: metrics
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          timeoutSeconds: 1
+          successThreshold: 1
+          failureThreshold: 3
+        readinessProbe:
+          httpGet:
+            path: /metrics
+            port: metrics
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          timeoutSeconds: 1
+          successThreshold: 1
+          failureThreshold: 3
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
@ -442,6 +458,7 @@ spec:
      - args:
        - --port={{ metallb_port }}
        - --config=config
+        - --log-level={{ metallb_log_level }}
        env:
        - name: METALLB_ML_SECRET_NAME
          value: memberlist
@ -458,6 +475,24 @@ spec:
            drop:
            - all
          readOnlyRootFilesystem: true
+        livenessProbe:
+          httpGet:
+            path: /metrics
+            port: metrics
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          timeoutSeconds: 1
+          successThreshold: 1
+          failureThreshold: 3
+        readinessProbe:
+          httpGet:
+            path: /metrics
+            port: metrics
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          timeoutSeconds: 1
+          successThreshold: 1
+          failureThreshold: 3
 {% if metallb_controller_nodeselector %}
      nodeSelector:
        {{ metallb_controller_nodeselector | to_nice_yaml | indent(width=8) }}