diff --git a/inventory/sample/group_vars/k8s_cluster/addons.yml b/inventory/sample/group_vars/k8s_cluster/addons.yml index bf0588dda..955cc69ca 100644 --- a/inventory/sample/group_vars/k8s_cluster/addons.yml +++ b/inventory/sample/group_vars/k8s_cluster/addons.yml @@ -171,6 +171,7 @@ cert_manager_enabled: false # MetalLB deployment metallb_enabled: false metallb_speaker_enabled: "{{ metallb_enabled }}" +metallb_namespace: "metallb-system" # metallb_version: v0.13.9 # metallb_protocol: "layer2" # metallb_port: "7472" diff --git a/roles/kubernetes-apps/metallb/tasks/main.yml b/roles/kubernetes-apps/metallb/tasks/main.yml index 221fe3c79..6a804cbef 100644 --- a/roles/kubernetes-apps/metallb/tasks/main.yml +++ b/roles/kubernetes-apps/metallb/tasks/main.yml @@ -33,7 +33,7 @@ - inventory_hostname == groups['kube_control_plane'][0] - name: Kubernetes Apps | Wait for MetalLB controller to be running - command: "{{ bin_dir }}/kubectl rollout status -n metallb-system deployment -l app=metallb,component=controller --timeout=2m" + command: "{{ bin_dir }}/kubectl rollout status -n {{ metallb_namespace }} deployment -l app=metallb,component=controller --timeout=2m" become: true when: - inventory_hostname == groups['kube_control_plane'][0] @@ -104,5 +104,5 @@ name: config kubectl: "{{ bin_dir }}/kubectl" resource: ConfigMap - namespace: metallb-system + namespace: "{{ metallb_namespace }}" state: absent diff --git a/roles/kubernetes-apps/metallb/templates/layer2.yaml.j2 b/roles/kubernetes-apps/metallb/templates/layer2.yaml.j2 index d24973288..e3fdb191a 100644 --- a/roles/kubernetes-apps/metallb/templates/layer2.yaml.j2 +++ b/roles/kubernetes-apps/metallb/templates/layer2.yaml.j2 @@ -11,7 +11,7 @@ apiVersion: metallb.io/v1beta1 kind: L2Advertisement metadata: name: "{{ entry }}" - namespace: metallb-system + namespace: "{{ metallb_namespace }}" spec: ipAddressPools: - "{{ entry }}" diff --git a/roles/kubernetes-apps/metallb/templates/layer3.yaml.j2 b/roles/kubernetes-apps/metallb/templates/layer3.yaml.j2 index 490bae24f..b32c19403 100644 --- a/roles/kubernetes-apps/metallb/templates/layer3.yaml.j2 +++ b/roles/kubernetes-apps/metallb/templates/layer3.yaml.j2 @@ -9,7 +9,7 @@ apiVersion: metallb.io/v1beta1 kind: Community metadata: name: "{{ community_name }}" - namespace: metallb-system + namespace: "{{ metallb_namespace }}" spec: communities: - name: "{{ community_name }}" @@ -21,7 +21,7 @@ apiVersion: metallb.io/v1beta1 kind: Community metadata: name: well-known - namespace: metallb-system + namespace: "{{ metallb_namespace }}" spec: communities: - name: no-export @@ -51,7 +51,7 @@ apiVersion: metallb.io/v1beta1 kind: BGPAdvertisement metadata: name: "{{ peer_name }}-local" - namespace: metallb-system + namespace: "{{ metallb_namespace }}" spec: aggregationLength: 32 aggregationLengthV6: 128 @@ -70,7 +70,7 @@ apiVersion: metallb.io/v1beta1 kind: BGPAdvertisement metadata: name: "{{ peer_name }}-external" - namespace: metallb-system + namespace: "{{ metallb_namespace }}" spec: {% if peer.aggregation_length is defined and peer.aggregation_length <= 30 %} aggregationLength: {{ peer.aggregation_length }} @@ -93,7 +93,7 @@ apiVersion: metallb.io/v1beta2 kind: BGPPeer metadata: name: "{{ peer_name }}" - namespace: metallb-system + namespace: "{{ metallb_namespace }}" spec: myASN: {{ peer.my_asn }} peerASN: {{ peer.peer_asn }} diff --git a/roles/kubernetes-apps/metallb/templates/metallb.yaml.j2 b/roles/kubernetes-apps/metallb/templates/metallb.yaml.j2 index af18a100b..ebdea51e3 100644 --- a/roles/kubernetes-apps/metallb/templates/metallb.yaml.j2 +++ b/roles/kubernetes-apps/metallb/templates/metallb.yaml.j2 @@ -6,7 +6,7 @@ metadata: pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/warn: privileged - name: metallb-system + name: {{ metallb_namespace }} --- apiVersion: apiextensions.k8s.io/v1 @@ -23,7 +23,7 @@ spec: caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGWlRDQ0EwMmdBd0lCQWdJVU5GRW1XcTM3MVpKdGkrMmlSQzk1WmpBV1MxZ3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3UWpFTE1Ba0dBMVVFQmhNQ1dGZ3hGVEFUQmdOVkJBY01ERVJsWm1GMWJIUWdRMmwwZVRFY01Cb0dBMVVFDQpDZ3dUUkdWbVlYVnNkQ0JEYjIxd1lXNTVJRXgwWkRBZUZ3MHlNakEzTVRrd09UTXlNek5hRncweU1qQTRNVGd3DQpPVE15TXpOYU1FSXhDekFKQmdOVkJBWVRBbGhZTVJVd0V3WURWUVFIREF4RVpXWmhkV3gwSUVOcGRIa3hIREFhDQpCZ05WQkFvTUUwUmxabUYxYkhRZ1EyOXRjR0Z1ZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDDQpEd0F3Z2dJS0FvSUNBUUNxVFpxMWZRcC9vYkdlenhES0o3OVB3Ny94azJwellualNzMlkzb1ZYSm5sRmM4YjVlDQpma2ZZQnY2bndscW1keW5PL2phWFBaQmRQSS82aFdOUDBkdVhadEtWU0NCUUpyZzEyOGNXb3F0MGNTN3pLb1VpDQpvcU1tQ0QvRXVBeFFNZjhRZDF2c1gvVllkZ0poVTZBRXJLZEpIaXpFOUJtUkNkTDBGMW1OVW55Rk82UnRtWFZUDQpidkxsTDVYeTc2R0FaQVBLOFB4aVlDa0NtbDdxN0VnTWNiOXlLWldCYmlxQ3VkTXE5TGJLNmdKNzF6YkZnSXV4DQo1L1pXK2JraTB2RlplWk9ZODUxb1psckFUNzJvMDI4NHNTWW9uN0pHZVZkY3NoUnh5R1VpSFpSTzdkaXZVTDVTDQpmM2JmSDFYbWY1ZDQzT0NWTWRuUUV2NWVaOG8zeWVLa3ZrbkZQUGVJMU9BbjdGbDlFRVNNR2dhOGFaSG1URSttDQpsLzlMSmdDYjBnQmtPT0M0WnV4bWh2aERKV1EzWnJCS3pMQlNUZXN0NWlLNVlwcXRWVVk2THRyRW9FelVTK1lsDQpwWndXY2VQWHlHeHM5ZURsR3lNVmQraW15Y3NTU1UvVno2Mmx6MnZCS21NTXBkYldDQWhud0RsRTVqU2dyMjRRDQp0eGNXLys2N3d5KzhuQlI3UXdqVTFITndVRjBzeERWdEwrZ1NHVERnSEVZSlhZelYvT05zMy94TkpoVFNPSkxNDQpoeXNVdyttaGdackdhbUdXcHVIVU1DUitvTWJzMTc1UkcrQjJnUFFHVytPTjJnUTRyOXN2b0ZBNHBBQm8xd1dLDQpRYjRhY3pmeVVscElBOVFoSmFsZEY3S3dPSHVlV3gwRUNrNXg0T2tvVDBvWVp0dzFiR0JjRGtaSmF3SURBUUFCDQpvMU13VVRBZEJnTlZIUTRFRmdRVW90UlNIUm9IWTEyRFZ4R0NCdEhpb1g2ZmVFQXdId1lEVlIwakJCZ3dGb0FVDQpvdFJTSFJvSFkxMkRWeEdDQnRIaW9YNmZlRUF3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCDQpBUXNGQUFPQ0FnRUFSbkpsWWRjMTFHd0VxWnh6RDF2R3BDR2pDN2VWTlQ3aVY1d3IybXlybHdPYi9aUWFEa0xYDQpvVStaOVVXT1VlSXJTdzUydDdmQUpvVVAwSm5iYkMveVIrU1lqUGhvUXNiVHduOTc2ZldBWTduM3FMOXhCd1Y0DQphek41OXNjeUp0dlhMeUtOL2N5ak1ReDRLajBIMFg0bWJ6bzVZNUtzWWtYVU0vOEFPdWZMcEd0S1NGVGgrSEFDDQpab1Q5YnZHS25adnNHd0tYZFF0Wnh0akhaUjVqK3U3ZGtQOTJBT051RFNabS8rWVV4b2tBK09JbzdSR3BwSHNXDQo1ZTdNY0FTVXRtb1FORXd6dVFoVkJaRWQ1OGtKYjUrV0VWbGNzanlXNnRTbzErZ25tTWNqR1BsMWgxR2hVbjV4DQpFY0lWRnBIWXM5YWo1NmpBSjk1MVQvZjhMaWxmTlVnanBLQ0c1bnl0SUt3emxhOHNtdGlPdm1UNEpYbXBwSkI2DQo4bmdHRVluVjUrUTYwWFJ2OEhSSGp1VG9CRHVhaERrVDA2R1JGODU1d09FR2V4bkZpMXZYWUxLVllWb1V2MXRKDQo4dVdUR1pwNllDSVJldlBqbzg5ZytWTlJSaVFYUThJd0dybXE5c0RoVTlqTjA0SjdVL1RvRDFpNHE3VnlsRUc5DQorV1VGNkNLaEdBeTJIaEhwVncyTGFoOS9lUzdZMUZ1YURrWmhPZG1laG1BOCtqdHNZamJadnR5Mm1SWlF0UUZzDQpUU1VUUjREbUR2bVVPRVRmeStpRHdzK2RkWXVNTnJGeVVYV2dkMnpBQU4ydVl1UHFGY2pRcFNPODFzVTJTU3R3DQoxVzAyeUtYOGJEYmZFdjBzbUh3UzliQnFlSGo5NEM1Mjg0YXpsdTBmaUdpTm1OUEM4ckJLRmhBPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== service: name: webhook-service - namespace: metallb-system + namespace: "{{ metallb_namespace }}" path: /convert conversionReviewVersions: - v1alpha1 @@ -544,7 +544,7 @@ spec: caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGWlRDQ0EwMmdBd0lCQWdJVU5GRW1XcTM3MVpKdGkrMmlSQzk1WmpBV1MxZ3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3UWpFTE1Ba0dBMVVFQmhNQ1dGZ3hGVEFUQmdOVkJBY01ERVJsWm1GMWJIUWdRMmwwZVRFY01Cb0dBMVVFDQpDZ3dUUkdWbVlYVnNkQ0JEYjIxd1lXNTVJRXgwWkRBZUZ3MHlNakEzTVRrd09UTXlNek5hRncweU1qQTRNVGd3DQpPVE15TXpOYU1FSXhDekFKQmdOVkJBWVRBbGhZTVJVd0V3WURWUVFIREF4RVpXWmhkV3gwSUVOcGRIa3hIREFhDQpCZ05WQkFvTUUwUmxabUYxYkhRZ1EyOXRjR0Z1ZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDDQpEd0F3Z2dJS0FvSUNBUUNxVFpxMWZRcC9vYkdlenhES0o3OVB3Ny94azJwellualNzMlkzb1ZYSm5sRmM4YjVlDQpma2ZZQnY2bndscW1keW5PL2phWFBaQmRQSS82aFdOUDBkdVhadEtWU0NCUUpyZzEyOGNXb3F0MGNTN3pLb1VpDQpvcU1tQ0QvRXVBeFFNZjhRZDF2c1gvVllkZ0poVTZBRXJLZEpIaXpFOUJtUkNkTDBGMW1OVW55Rk82UnRtWFZUDQpidkxsTDVYeTc2R0FaQVBLOFB4aVlDa0NtbDdxN0VnTWNiOXlLWldCYmlxQ3VkTXE5TGJLNmdKNzF6YkZnSXV4DQo1L1pXK2JraTB2RlplWk9ZODUxb1psckFUNzJvMDI4NHNTWW9uN0pHZVZkY3NoUnh5R1VpSFpSTzdkaXZVTDVTDQpmM2JmSDFYbWY1ZDQzT0NWTWRuUUV2NWVaOG8zeWVLa3ZrbkZQUGVJMU9BbjdGbDlFRVNNR2dhOGFaSG1URSttDQpsLzlMSmdDYjBnQmtPT0M0WnV4bWh2aERKV1EzWnJCS3pMQlNUZXN0NWlLNVlwcXRWVVk2THRyRW9FelVTK1lsDQpwWndXY2VQWHlHeHM5ZURsR3lNVmQraW15Y3NTU1UvVno2Mmx6MnZCS21NTXBkYldDQWhud0RsRTVqU2dyMjRRDQp0eGNXLys2N3d5KzhuQlI3UXdqVTFITndVRjBzeERWdEwrZ1NHVERnSEVZSlhZelYvT05zMy94TkpoVFNPSkxNDQpoeXNVdyttaGdackdhbUdXcHVIVU1DUitvTWJzMTc1UkcrQjJnUFFHVytPTjJnUTRyOXN2b0ZBNHBBQm8xd1dLDQpRYjRhY3pmeVVscElBOVFoSmFsZEY3S3dPSHVlV3gwRUNrNXg0T2tvVDBvWVp0dzFiR0JjRGtaSmF3SURBUUFCDQpvMU13VVRBZEJnTlZIUTRFRmdRVW90UlNIUm9IWTEyRFZ4R0NCdEhpb1g2ZmVFQXdId1lEVlIwakJCZ3dGb0FVDQpvdFJTSFJvSFkxMkRWeEdDQnRIaW9YNmZlRUF3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCDQpBUXNGQUFPQ0FnRUFSbkpsWWRjMTFHd0VxWnh6RDF2R3BDR2pDN2VWTlQ3aVY1d3IybXlybHdPYi9aUWFEa0xYDQpvVStaOVVXT1VlSXJTdzUydDdmQUpvVVAwSm5iYkMveVIrU1lqUGhvUXNiVHduOTc2ZldBWTduM3FMOXhCd1Y0DQphek41OXNjeUp0dlhMeUtOL2N5ak1ReDRLajBIMFg0bWJ6bzVZNUtzWWtYVU0vOEFPdWZMcEd0S1NGVGgrSEFDDQpab1Q5YnZHS25adnNHd0tYZFF0Wnh0akhaUjVqK3U3ZGtQOTJBT051RFNabS8rWVV4b2tBK09JbzdSR3BwSHNXDQo1ZTdNY0FTVXRtb1FORXd6dVFoVkJaRWQ1OGtKYjUrV0VWbGNzanlXNnRTbzErZ25tTWNqR1BsMWgxR2hVbjV4DQpFY0lWRnBIWXM5YWo1NmpBSjk1MVQvZjhMaWxmTlVnanBLQ0c1bnl0SUt3emxhOHNtdGlPdm1UNEpYbXBwSkI2DQo4bmdHRVluVjUrUTYwWFJ2OEhSSGp1VG9CRHVhaERrVDA2R1JGODU1d09FR2V4bkZpMXZYWUxLVllWb1V2MXRKDQo4dVdUR1pwNllDSVJldlBqbzg5ZytWTlJSaVFYUThJd0dybXE5c0RoVTlqTjA0SjdVL1RvRDFpNHE3VnlsRUc5DQorV1VGNkNLaEdBeTJIaEhwVncyTGFoOS9lUzdZMUZ1YURrWmhPZG1laG1BOCtqdHNZamJadnR5Mm1SWlF0UUZzDQpUU1VUUjREbUR2bVVPRVRmeStpRHdzK2RkWXVNTnJGeVVYV2dkMnpBQU4ydVl1UHFGY2pRcFNPODFzVTJTU3R3DQoxVzAyeUtYOGJEYmZFdjBzbUh3UzliQnFlSGo5NEM1Mjg0YXpsdTBmaUdpTm1OUEM4ckJLRmhBPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== service: name: webhook-service - namespace: metallb-system + namespace: "{{ metallb_namespace }}" path: /convert conversionReviewVersions: - v1beta1 @@ -1291,7 +1291,7 @@ metadata: pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/warn: privileged name: controller - namespace: metallb-system + namespace: "{{ metallb_namespace }}" {% if metallb_speaker_enabled %} --- @@ -1301,7 +1301,7 @@ metadata: labels: app: metallb name: speaker - namespace: metallb-system + namespace: "{{ metallb_namespace }}" {% endif %} --- apiVersion: rbac.authorization.k8s.io/v1 @@ -1310,7 +1310,7 @@ metadata: labels: app: metallb name: controller - namespace: metallb-system + namespace: "{{ metallb_namespace }}" rules: - apiGroups: - "" @@ -1402,7 +1402,7 @@ metadata: labels: app: metallb name: pod-lister - namespace: metallb-system + namespace: "{{ metallb_namespace }}" rules: - apiGroups: - "" @@ -1480,7 +1480,7 @@ kind: ClusterRole metadata: labels: app: metallb - name: metallb-system:controller + name: {{ metallb_namespace }}:controller rules: - apiGroups: - "" @@ -1561,7 +1561,7 @@ kind: ClusterRole metadata: labels: app: metallb - name: metallb-system:speaker + name: {{ metallb_namespace }}:speaker rules: - apiGroups: - "" @@ -1598,7 +1598,7 @@ metadata: labels: app: metallb name: controller - namespace: metallb-system + namespace: "{{ metallb_namespace }}" roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -1606,7 +1606,7 @@ roleRef: subjects: - kind: ServiceAccount name: controller - namespace: metallb-system + namespace: "{{ metallb_namespace }}" --- apiVersion: rbac.authorization.k8s.io/v1 @@ -1615,7 +1615,7 @@ metadata: labels: app: metallb name: pod-lister - namespace: metallb-system + namespace: "{{ metallb_namespace }}" roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -1623,7 +1623,7 @@ roleRef: subjects: - kind: ServiceAccount name: speaker - namespace: metallb-system + namespace: "{{ metallb_namespace }}" --- apiVersion: rbac.authorization.k8s.io/v1 @@ -1631,15 +1631,15 @@ kind: ClusterRoleBinding metadata: labels: app: metallb - name: metallb-system:controller + name: {{ metallb_namespace }}:controller roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: metallb-system:controller + name: {{ metallb_namespace }}:controller subjects: - kind: ServiceAccount name: controller - namespace: metallb-system + namespace: "{{ metallb_namespace }}" {% if metallb_speaker_enabled %} --- @@ -1648,15 +1648,15 @@ kind: ClusterRoleBinding metadata: labels: app: metallb - name: metallb-system:speaker + name: {{ metallb_namespace }}:speaker roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: metallb-system:speaker + name: {{ metallb_namespace }}:speaker subjects: - kind: ServiceAccount name: speaker - namespace: metallb-system + namespace: "{{ metallb_namespace }}" {% endif %} --- @@ -1664,14 +1664,14 @@ apiVersion: v1 kind: Secret metadata: name: webhook-server-cert - namespace: metallb-system + namespace: "{{ metallb_namespace }}" --- apiVersion: v1 kind: Service metadata: name: webhook-service - namespace: metallb-system + namespace: "{{ metallb_namespace }}" spec: ports: - port: 443 @@ -1687,7 +1687,7 @@ metadata: app: metallb component: controller name: controller - namespace: metallb-system + namespace: "{{ metallb_namespace }}" spec: revisionHistoryLimit: 3 selector: @@ -1782,7 +1782,7 @@ metadata: app: metallb component: speaker name: speaker - namespace: metallb-system + namespace: "{{ metallb_namespace }}" spec: selector: matchLabels: @@ -1888,7 +1888,7 @@ webhooks: clientConfig: service: name: webhook-service - namespace: metallb-system + namespace: "{{ metallb_namespace }}" path: /validate-metallb-io-v1beta2-bgppeer failurePolicy: Fail name: bgppeersvalidationwebhook.metallb.io @@ -1908,7 +1908,7 @@ webhooks: clientConfig: service: name: webhook-service - namespace: metallb-system + namespace: "{{ metallb_namespace }}" path: /validate-metallb-io-v1beta1-addresspool failurePolicy: Fail name: addresspoolvalidationwebhook.metallb.io @@ -1928,7 +1928,7 @@ webhooks: clientConfig: service: name: webhook-service - namespace: metallb-system + namespace: "{{ metallb_namespace }}" path: /validate-metallb-io-v1beta1-bfdprofile failurePolicy: Fail name: bfdprofilevalidationwebhook.metallb.io @@ -1948,7 +1948,7 @@ webhooks: clientConfig: service: name: webhook-service - namespace: metallb-system + namespace: "{{ metallb_namespace }}" path: /validate-metallb-io-v1beta1-bgpadvertisement failurePolicy: Fail name: bgpadvertisementvalidationwebhook.metallb.io @@ -1968,7 +1968,7 @@ webhooks: clientConfig: service: name: webhook-service - namespace: metallb-system + namespace: "{{ metallb_namespace }}" path: /validate-metallb-io-v1beta1-community failurePolicy: Fail name: communityvalidationwebhook.metallb.io @@ -1988,7 +1988,7 @@ webhooks: clientConfig: service: name: webhook-service - namespace: metallb-system + namespace: "{{ metallb_namespace }}" path: /validate-metallb-io-v1beta1-ipaddresspool failurePolicy: Fail name: ipaddresspoolvalidationwebhook.metallb.io @@ -2008,7 +2008,7 @@ webhooks: clientConfig: service: name: webhook-service - namespace: metallb-system + namespace: "{{ metallb_namespace }}" path: /validate-metallb-io-v1beta1-l2advertisement failurePolicy: Fail name: l2advertisementvalidationwebhook.metallb.io diff --git a/roles/kubernetes-apps/metallb/templates/pools.yaml.j2 b/roles/kubernetes-apps/metallb/templates/pools.yaml.j2 index f22a4e3d1..42cc6ec1a 100644 --- a/roles/kubernetes-apps/metallb/templates/pools.yaml.j2 +++ b/roles/kubernetes-apps/metallb/templates/pools.yaml.j2 @@ -9,7 +9,7 @@ apiVersion: metallb.io/v1beta1 kind: IPAddressPool metadata: - namespace: metallb-system + namespace: "{{ metallb_namespace }}" name: "{{ pool_name }}" spec: addresses: