diff --git a/bitnami/metallb/Chart.yaml b/bitnami/metallb/Chart.yaml index fb95c1b69f..366dc26488 100644 --- a/bitnami/metallb/Chart.yaml +++ b/bitnami/metallb/Chart.yaml @@ -6,11 +6,11 @@ annotations: licenses: Apache-2.0 images: | - name: metallb-controller - image: docker.io/bitnami/metallb-controller:0.14.3-debian-12-r7 + image: docker.io/bitnami/metallb-controller:0.14.5-debian-12-r1 - name: metallb-speaker - image: docker.io/bitnami/metallb-speaker:0.14.3-debian-12-r8 + image: docker.io/bitnami/metallb-speaker:0.14.5-debian-12-r0 apiVersion: v2 -appVersion: 0.14.3 +appVersion: 0.14.5 dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts @@ -35,4 +35,4 @@ maintainers: name: metallb sources: - https://github.com/bitnami/charts/tree/main/bitnami/metallb -version: 5.0.3 +version: 6.0.0 diff --git a/bitnami/metallb/README.md b/bitnami/metallb/README.md index fd6c108b7a..64f2d77c8b 100644 --- a/bitnami/metallb/README.md +++ b/bitnami/metallb/README.md @@ -127,91 +127,91 @@ spec: ### Controller parameters -| Name | Description | Value | -| -------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------ | -| `controller.image.registry` | MetalLB Controller image registry | `REGISTRY_NAME` | -| `controller.image.repository` | MetalLB Controller image repository | `REPOSITORY_NAME/metallb-controller` | -| `controller.image.digest` | MetalLB Controller image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `controller.image.pullPolicy` | MetalLB Controller image pull policy | `IfNotPresent` | -| `controller.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `controller.updateStrategy.type` | MetalLB controller deployment strategy type. | `RollingUpdate` | -| `controller.automountServiceAccountToken` | Mount Service Account token in pod | `true` | -| `controller.hostAliases` | Deployment pod host aliases | `[]` | -| `controller.rbac.create` | create specifies whether to install and use RBAC rules. | `true` | -| `controller.psp.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `true` | -| `controller.priorityClassName` | MetalLB controller pods' priorityClassName | `""` | -| `controller.runtimeClassName` | Name of the runtime class to be used by MetalLB controller pod(s) | `""` | -| `controller.schedulerName` | Name of the k8s scheduler (other than default) | `""` | -| `controller.terminationGracePeriodSeconds` | In seconds, time the given to the MetalLB controller pod needs to terminate gracefully | `0` | -| `controller.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | -| `controller.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if controller.resources is set (controller.resources is recommended for production). | `nano` | -| `controller.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `controller.nodeSelector` | Node labels for controller pod assignment | `{}` | -| `controller.tolerations` | Tolerations for controller pod assignment | `[]` | -| `controller.affinity` | Affinity for controller pod assignment | `{}` | -| `controller.podAnnotations` | Controller Pod annotations | `{}` | -| `controller.podLabels` | Controller Pod labels | `{}` | -| `controller.podAffinityPreset` | Controller Pod affinitypreset. Allowed values: soft, hard | `""` | -| `controller.podAntiAffinityPreset` | Controller Pod anti affinitypreset. Allowed values: soft, hard | `soft` | -| `controller.nodeAffinityPreset.type` | Controller Pod Node affinity preset. Allowed values: soft, hard | `""` | -| `controller.nodeAffinityPreset.key` | Controller Pod Node affinity label key to match | `""` | -| `controller.nodeAffinityPreset.values` | Controller Pod Node affinity label values to match | `[]` | -| `controller.podSecurityContext.enabled` | Enabled MetalLB Controller pods' Security Context | `true` | -| `controller.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `controller.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `controller.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `controller.podSecurityContext.fsGroup` | Set MetalLB Controller pod's Security Context fsGroup | `1001` | -| `controller.containerSecurityContext.enabled` | Enabled MetalLB Controller containers' Security Context | `true` | -| `controller.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `controller.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `controller.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | -| `controller.containerSecurityContext.runAsNonRoot` | Set MetalLB Controller container's Security Context runAsNonRoot | `true` | -| `controller.containerSecurityContext.allowPrivilegeEscalation` | Enables privilege Escalation context for the pod. | `false` | -| `controller.containerSecurityContext.readOnlyRootFilesystem` | Allows the pod to mount the RootFS as ReadOnly | `true` | -| `controller.containerSecurityContext.capabilities.drop` | Drop capabilities for the securityContext | `[]` | -| `controller.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `controller.command` | Override default container command (useful when using custom images) | `[]` | -| `controller.args` | Override default container args (useful when using custom images) | `[]` | -| `controller.lifecycleHooks` | for the MetalLB Controller container(s) to automate configuration before or after startup | `{}` | -| `controller.extraEnvVars` | Extra environment variable to pass to the running container. | `[]` | -| `controller.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MetalLB controller nodes | `""` | -| `controller.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MetalLB controller nodes | `""` | -| `controller.extraVolumes` | Optionally specify extra list of additional volumes for the MetalLB controller pod(s) | `[]` | -| `controller.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MetalLB controller container(s) | `[]` | -| `controller.sidecars` | Add additional sidecar containers to the MetalLB Controller pod(s) | `[]` | -| `controller.initContainers` | Add additional init containers to the MetalLB Controller pod(s) | `[]` | -| `controller.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `controller.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` | -| `controller.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | -| `controller.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | -| `controller.revisionHistoryLimit` | Configure the revisionHistoryLimit of the Controller deployment | `3` | -| `controller.containerPorts.metrics` | Configures the ports the MetalLB Controller listens on for metrics | `7472` | -| `controller.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `controller.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `controller.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `controller.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `controller.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `controller.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `controller.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `controller.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `controller.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `controller.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `controller.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `controller.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `controller.startupProbe.enabled` | Enable startupProbe | `false` | -| `controller.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | -| `controller.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `controller.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `controller.startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` | -| `controller.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `controller.customStartupProbe` | Custom liveness probe for the Web component | `{}` | -| `controller.customLivenessProbe` | Custom liveness probe for the Web component | `{}` | -| `controller.customReadinessProbe` | Custom readiness probe for the Web component | `{}` | -| `controller.logLevel` | Sets the controller log level. Does not work if the args are overridden | `info` | -| `controller.tlsMinVersion` | Sets the minimum TLS version for the controller | `""` | -| `controller.tlsCipherSuites` | Comma separated list of TLS cipher suites for the controller | `""` | -| `controller.webhookMode` | Controller webhook mode | `enabled` | -| `controller.extraArgs` | Add extra arguments to the default arguments for the controller | `[]` | +| Name | Description | Value | +| -------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------ | +| `controller.image.registry` | MetalLB Controller image registry | `REGISTRY_NAME` | +| `controller.image.repository` | MetalLB Controller image repository | `REPOSITORY_NAME/metallb-controller` | +| `controller.image.digest` | MetalLB Controller image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `controller.image.pullPolicy` | MetalLB Controller image pull policy | `IfNotPresent` | +| `controller.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `controller.updateStrategy.type` | MetalLB controller deployment strategy type. | `RollingUpdate` | +| `controller.automountServiceAccountToken` | Mount Service Account token in pod | `true` | +| `controller.hostAliases` | Deployment pod host aliases | `[]` | +| `controller.rbac.create` | create specifies whether to install and use RBAC rules. | `true` | +| `controller.psp.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `true` | +| `controller.priorityClassName` | MetalLB controller pods' priorityClassName | `""` | +| `controller.runtimeClassName` | Name of the runtime class to be used by MetalLB controller pod(s) | `""` | +| `controller.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `controller.terminationGracePeriodSeconds` | In seconds, time the given to the MetalLB controller pod needs to terminate gracefully | `0` | +| `controller.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `controller.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if controller.resources is set (controller.resources is recommended for production). | `nano` | +| `controller.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `controller.nodeSelector` | Node labels for controller pod assignment | `{}` | +| `controller.tolerations` | Tolerations for controller pod assignment | `[]` | +| `controller.affinity` | Affinity for controller pod assignment | `{}` | +| `controller.podAnnotations` | Controller Pod annotations | `{}` | +| `controller.podLabels` | Controller Pod labels | `{}` | +| `controller.podAffinityPreset` | Controller Pod affinitypreset. Allowed values: soft, hard | `""` | +| `controller.podAntiAffinityPreset` | Controller Pod anti affinitypreset. Allowed values: soft, hard | `soft` | +| `controller.nodeAffinityPreset.type` | Controller Pod Node affinity preset. Allowed values: soft, hard | `""` | +| `controller.nodeAffinityPreset.key` | Controller Pod Node affinity label key to match | `""` | +| `controller.nodeAffinityPreset.values` | Controller Pod Node affinity label values to match | `[]` | +| `controller.podSecurityContext.enabled` | Enabled MetalLB Controller pods' Security Context | `true` | +| `controller.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `controller.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `controller.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `controller.podSecurityContext.fsGroup` | Set MetalLB Controller pod's Security Context fsGroup | `1001` | +| `controller.containerSecurityContext.enabled` | Enabled MetalLB Controller containers' Security Context | `true` | +| `controller.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `controller.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `controller.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | +| `controller.containerSecurityContext.runAsNonRoot` | Set MetalLB Controller container's Security Context runAsNonRoot | `true` | +| `controller.containerSecurityContext.allowPrivilegeEscalation` | Enables privilege Escalation context for the pod. | `false` | +| `controller.containerSecurityContext.readOnlyRootFilesystem` | Allows the pod to mount the RootFS as ReadOnly | `true` | +| `controller.containerSecurityContext.capabilities.drop` | Drop capabilities for the securityContext | `[]` | +| `controller.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `controller.command` | Override default container command (useful when using custom images) | `[]` | +| `controller.args` | Override default container args (useful when using custom images) | `[]` | +| `controller.lifecycleHooks` | for the MetalLB Controller container(s) to automate configuration before or after startup | `{}` | +| `controller.extraEnvVars` | Extra environment variable to pass to the running container. | `[]` | +| `controller.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MetalLB controller nodes | `""` | +| `controller.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MetalLB controller nodes | `""` | +| `controller.extraVolumes` | Optionally specify extra list of additional volumes for the MetalLB controller pod(s) | `[]` | +| `controller.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MetalLB controller container(s) | `[]` | +| `controller.sidecars` | Add additional sidecar containers to the MetalLB Controller pod(s) | `[]` | +| `controller.initContainers` | Add additional init containers to the MetalLB Controller pod(s) | `[]` | +| `controller.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `controller.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` | +| `controller.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | +| `controller.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | +| `controller.revisionHistoryLimit` | Configure the revisionHistoryLimit of the Controller deployment | `3` | +| `controller.containerPorts.metrics` | Configures the ports the MetalLB Controller listens on for metrics | `7472` | +| `controller.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `controller.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `controller.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `controller.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `controller.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `controller.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `controller.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `controller.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `controller.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `controller.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `controller.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `controller.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `controller.startupProbe.enabled` | Enable startupProbe | `false` | +| `controller.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `controller.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `controller.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `controller.startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` | +| `controller.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `controller.customStartupProbe` | Custom liveness probe for the Web component | `{}` | +| `controller.customLivenessProbe` | Custom liveness probe for the Web component | `{}` | +| `controller.customReadinessProbe` | Custom readiness probe for the Web component | `{}` | +| `controller.logLevel` | Sets the controller log level. Does not work if the args are overridden | `info` | +| `controller.tlsMinVersion` | Sets the minimum TLS version for the controller | `""` | +| `controller.tlsCipherSuites` | Comma separated list of TLS cipher suites for the controller | `""` | +| `controller.webhookMode` | Controller webhook mode | `enabled` | +| `controller.extraArgs` | Add extra arguments to the default arguments for the controller | `[]` | ### MetalLB controller Prometheus metrics export @@ -233,96 +233,96 @@ spec: ### Speaker parameters -| Name | Description | Value | -| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- | -| `speaker.enabled` | Whether to enable BGP speakers or not | `true` | -| `speaker.image.registry` | MetalLB Speaker image registry | `REGISTRY_NAME` | -| `speaker.image.repository` | MetalLB Speaker image repository | `REPOSITORY_NAME/metallb-speaker` | -| `speaker.image.digest` | MetalLB Speaker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `speaker.image.pullPolicy` | MetalLB Speaker image pull policy | `IfNotPresent` | -| `speaker.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `speaker.updateStrategy.type` | Speaker daemonset strategy type | `RollingUpdate` | -| `speaker.rbac.create` | create specifies whether to install and use RBAC rules. | `true` | -| `speaker.automountServiceAccountToken` | Mount Service Account token in pod | `true` | -| `speaker.networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `true` | -| `speaker.networkPolicy.allowExternal` | The Policy model to apply | `true` | -| `speaker.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `speaker.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | -| `speaker.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `speaker.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `speaker.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `speaker.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `speaker.hostAliases` | Deployment pod host aliases | `[]` | -| `speaker.psp.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `true` | -| `speaker.priorityClassName` | Speaker pods' priorityClassName | `""` | -| `speaker.runtimeClassName` | Name of the runtime class to be used by Speaker pod(s) | `""` | -| `speaker.terminationGracePeriodSeconds` | In seconds, time the given to the Speaker pod needs to terminate gracefully | `2` | -| `speaker.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if speaker.resources is set (speaker.resources is recommended for production). | `nano` | -| `speaker.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `speaker.nodeSelector` | Node labels for speaker pod assignment | `{}` | -| `speaker.tolerations` | Tolerations for speaker pod assignment | `[]` | -| `speaker.affinity` | Affinity for speaker pod assignment | `{}` | -| `speaker.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `speaker.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `speaker.nodeAffinityPreset.key` | Node label key to match. Ignored if `speaker.affinity` is set | `""` | -| `speaker.nodeAffinityPreset.values` | Node label values to match. Ignored if `speaker.affinity` is set | `[]` | -| `speaker.podAffinityPreset` | Pod affinity preset. Ignored if `speaker.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `speaker.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `speaker.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `speaker.podAnnotations` | Speaker Pod annotations | `{}` | -| `speaker.podLabels` | Speaker Pod labels | `{}` | -| `speaker.podSecurityContext.enabled` | Enabled Speaker pods' Security Context | `true` | -| `speaker.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `speaker.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `speaker.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `speaker.podSecurityContext.fsGroup` | Set Speaker pod's Security Context fsGroup | `0` | -| `speaker.containerSecurityContext.enabled` | Enabled Speaker containers' Security Context | `true` | -| `speaker.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `speaker.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `0` | -| `speaker.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` | -| `speaker.containerSecurityContext.allowPrivilegeEscalation` | Enables privilege Escalation context for the pod. | `false` | -| `speaker.containerSecurityContext.readOnlyRootFilesystem` | Allows the pod to mount the RootFS as ReadOnly | `true` | -| `speaker.containerSecurityContext.capabilities.drop` | Drop capabilities for the securityContext. You need to comment out this block if you would like to use `tcpdump` for debugging purposes. | `[]` | -| `speaker.containerSecurityContext.capabilities.add` | Add capabilities for the securityContext | `[]` | -| `speaker.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `speaker.command` | Override default container command (useful when using custom images) | `[]` | -| `speaker.args` | Override default container args (useful when using custom images) | `[]` | -| `speaker.lifecycleHooks` | for the Speaker container(s) to automate configuration before or after startup | `{}` | -| `speaker.sidecars` | Add additional sidecar containers to the Speaker pod(s) | `[]` | -| `speaker.initContainers` | Add additional init containers to the Speaker pod(s) | `[]` | -| `speaker.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `speaker.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` | -| `speaker.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | -| `speaker.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | -| `speaker.secretName` | References a Secret name for the member secret outside of the helm chart | `""` | -| `speaker.secretKey` | References a Secret key the member secret outside of the helm chart | `""` | -| `speaker.secretValue` | Custom value for `speaker.secretKey` | `""` | -| `speaker.extraEnvVars` | Extra environment variable to pass to the running container. | `[]` | -| `speaker.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Speaker nodes | `""` | -| `speaker.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Speaker nodes | `""` | -| `speaker.extraVolumes` | Optionally specify extra list of additional volumes for the Speaker pod(s) | `[]` | -| `speaker.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Speaker container(s) | `[]` | -| `speaker.containerPorts.metrics` | HTTP Metrics Endpoint | `7472` | -| `speaker.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `speaker.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `speaker.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `speaker.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `speaker.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `speaker.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `speaker.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `speaker.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `speaker.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `speaker.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `speaker.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `speaker.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `speaker.startupProbe.enabled` | Enable startupProbe | `false` | -| `speaker.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | -| `speaker.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `speaker.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `speaker.startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` | -| `speaker.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `speaker.customStartupProbe` | Custom liveness probe for the Web component | `{}` | -| `speaker.customLivenessProbe` | Custom liveness probe for the Web component | `{}` | -| `speaker.customReadinessProbe` | Custom readiness probe for the Web component | `{}` | -| `speaker.logLevel` | Sets the speaker log level. Does not work if the args are overridden | `info` | +| Name | Description | Value | +| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- | +| `speaker.enabled` | Whether to enable BGP speakers or not | `true` | +| `speaker.image.registry` | MetalLB Speaker image registry | `REGISTRY_NAME` | +| `speaker.image.repository` | MetalLB Speaker image repository | `REPOSITORY_NAME/metallb-speaker` | +| `speaker.image.digest` | MetalLB Speaker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `speaker.image.pullPolicy` | MetalLB Speaker image pull policy | `IfNotPresent` | +| `speaker.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `speaker.updateStrategy.type` | Speaker daemonset strategy type | `RollingUpdate` | +| `speaker.rbac.create` | create specifies whether to install and use RBAC rules. | `true` | +| `speaker.automountServiceAccountToken` | Mount Service Account token in pod | `true` | +| `speaker.networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `true` | +| `speaker.networkPolicy.allowExternal` | The Policy model to apply | `true` | +| `speaker.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `speaker.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | +| `speaker.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `speaker.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `speaker.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `speaker.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `speaker.hostAliases` | Deployment pod host aliases | `[]` | +| `speaker.psp.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `true` | +| `speaker.priorityClassName` | Speaker pods' priorityClassName | `""` | +| `speaker.runtimeClassName` | Name of the runtime class to be used by Speaker pod(s) | `""` | +| `speaker.terminationGracePeriodSeconds` | In seconds, time the given to the Speaker pod needs to terminate gracefully | `2` | +| `speaker.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if speaker.resources is set (speaker.resources is recommended for production). | `nano` | +| `speaker.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `speaker.nodeSelector` | Node labels for speaker pod assignment | `{}` | +| `speaker.tolerations` | Tolerations for speaker pod assignment | `[]` | +| `speaker.affinity` | Affinity for speaker pod assignment | `{}` | +| `speaker.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `speaker.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `speaker.nodeAffinityPreset.key` | Node label key to match. Ignored if `speaker.affinity` is set | `""` | +| `speaker.nodeAffinityPreset.values` | Node label values to match. Ignored if `speaker.affinity` is set | `[]` | +| `speaker.podAffinityPreset` | Pod affinity preset. Ignored if `speaker.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `speaker.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `speaker.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `speaker.podAnnotations` | Speaker Pod annotations | `{}` | +| `speaker.podLabels` | Speaker Pod labels | `{}` | +| `speaker.podSecurityContext.enabled` | Enabled Speaker pods' Security Context | `true` | +| `speaker.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `speaker.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `speaker.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `speaker.podSecurityContext.fsGroup` | Set Speaker pod's Security Context fsGroup | `0` | +| `speaker.containerSecurityContext.enabled` | Enabled Speaker containers' Security Context | `true` | +| `speaker.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `speaker.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `0` | +| `speaker.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` | +| `speaker.containerSecurityContext.allowPrivilegeEscalation` | Enables privilege Escalation context for the pod. | `false` | +| `speaker.containerSecurityContext.readOnlyRootFilesystem` | Allows the pod to mount the RootFS as ReadOnly | `true` | +| `speaker.containerSecurityContext.capabilities.drop` | Drop capabilities for the securityContext. You need to comment out this block if you would like to use `tcpdump` for debugging purposes. | `[]` | +| `speaker.containerSecurityContext.capabilities.add` | Add capabilities for the securityContext | `[]` | +| `speaker.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `speaker.command` | Override default container command (useful when using custom images) | `[]` | +| `speaker.args` | Override default container args (useful when using custom images) | `[]` | +| `speaker.lifecycleHooks` | for the Speaker container(s) to automate configuration before or after startup | `{}` | +| `speaker.sidecars` | Add additional sidecar containers to the Speaker pod(s) | `[]` | +| `speaker.initContainers` | Add additional init containers to the Speaker pod(s) | `[]` | +| `speaker.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `speaker.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` | +| `speaker.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | +| `speaker.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | +| `speaker.secretName` | References a Secret name for the member secret outside of the helm chart | `""` | +| `speaker.secretKey` | References a Secret key the member secret outside of the helm chart | `""` | +| `speaker.secretValue` | Custom value for `speaker.secretKey` | `""` | +| `speaker.extraEnvVars` | Extra environment variable to pass to the running container. | `[]` | +| `speaker.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Speaker nodes | `""` | +| `speaker.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Speaker nodes | `""` | +| `speaker.extraVolumes` | Optionally specify extra list of additional volumes for the Speaker pod(s) | `[]` | +| `speaker.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Speaker container(s) | `[]` | +| `speaker.containerPorts.metrics` | HTTP Metrics Endpoint | `7472` | +| `speaker.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `speaker.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `speaker.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `speaker.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `speaker.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `speaker.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `speaker.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `speaker.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `speaker.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `speaker.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `speaker.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `speaker.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `speaker.startupProbe.enabled` | Enable startupProbe | `false` | +| `speaker.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `speaker.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `speaker.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `speaker.startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` | +| `speaker.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `speaker.customStartupProbe` | Custom liveness probe for the Web component | `{}` | +| `speaker.customLivenessProbe` | Custom liveness probe for the Web component | `{}` | +| `speaker.customReadinessProbe` | Custom readiness probe for the Web component | `{}` | +| `speaker.logLevel` | Sets the speaker log level. Does not work if the args are overridden | `info` | ### Speaker Prometheus metrics export @@ -358,6 +358,10 @@ Find more information about how to deal with common errors related to Bitnami's ## Upgrading +### To 6.0.0 + +This major release includes the changes and features available in MetalLB from version 0.14.x. This new version includes some breaking changes like AddressPool removal or the several changes about the `webhook-server-cert secret`. For more details about MetaLB changes please visit [the release notes](https://metallb.universe.tf/release-notes/). + ### To 5.0.0 This major bump changes the following security defaults: diff --git a/bitnami/metallb/templates/controller/deployment.yaml b/bitnami/metallb/templates/controller/deployment.yaml index 3175069885..cebeb7207c 100644 --- a/bitnami/metallb/templates/controller/deployment.yaml +++ b/bitnami/metallb/templates/controller/deployment.yaml @@ -178,7 +178,7 @@ spec: - name: cert secret: defaultMode: 420 - secretName: webhook-server-cert + secretName: metallb-webhook-cert {{- if .Values.controller.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" .Values.controller.extraVolumes "context" $) | nindent 8 }} {{- end }} diff --git a/bitnami/metallb/templates/controller/rbac.yaml b/bitnami/metallb/templates/controller/rbac.yaml index 6159f75efc..2d6fbc595e 100644 --- a/bitnami/metallb/templates/controller/rbac.yaml +++ b/bitnami/metallb/templates/controller/rbac.yaml @@ -135,14 +135,6 @@ rules: - patch - update - watch - - apiGroups: - - metallb.io - resources: - - addresspools - verbs: - - get - - list - - watch - apiGroups: - metallb.io resources: diff --git a/bitnami/metallb/templates/controller/webhooks.yaml b/bitnami/metallb/templates/controller/webhooks.yaml index 787c80561d..ad539285aa 100644 --- a/bitnami/metallb/templates/controller/webhooks.yaml +++ b/bitnami/metallb/templates/controller/webhooks.yaml @@ -166,6 +166,6 @@ spec: apiVersion: v1 kind: Secret metadata: - name: webhook-server-cert + name: metallb-webhook-cert namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} diff --git a/bitnami/metallb/templates/crds/crds.yaml b/bitnami/metallb/templates/crds/crds.yaml index 0c00aac1e6..6a2ecb9c7f 100644 --- a/bitnami/metallb/templates/crds/crds.yaml +++ b/bitnami/metallb/templates/crds/crds.yaml @@ -6,8 +6,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: bfdprofiles.metallb.io spec: group: metallb.io @@ -34,13 +33,24 @@ spec: name: v1beta1 schema: openAPIV3Schema: - description: BFDProfile represents the settings of the bfd session that can be optionally associated with a BGP session. + description: |- + BFDProfile represents the settings of the bfd session that can be + optionally associated with a BGP session. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -48,37 +58,57 @@ spec: description: BFDProfileSpec defines the desired state of BFDProfile. properties: detectMultiplier: - description: Configures the detection multiplier to determine packet loss. The remote transmission interval will be multiplied by this value to determine the connection loss detection timer. + description: |- + Configures the detection multiplier to determine + packet loss. The remote transmission interval will be multiplied + by this value to determine the connection loss detection timer. format: int32 maximum: 255 minimum: 2 type: integer echoInterval: - description: Configures the minimal echo receive transmission interval that this system is capable of handling in milliseconds. Defaults to 50ms + description: |- + Configures the minimal echo receive transmission + interval that this system is capable of handling in milliseconds. + Defaults to 50ms format: int32 maximum: 60000 minimum: 10 type: integer echoMode: - description: Enables or disables the echo transmission mode. This mode is disabled by default, and not supported on multi hops setups. + description: |- + Enables or disables the echo transmission mode. + This mode is disabled by default, and not supported on multi + hops setups. type: boolean minimumTtl: - description: 'For multi hop sessions only: configure the minimum expected TTL for an incoming BFD control packet.' + description: |- + For multi hop sessions only: configure the minimum + expected TTL for an incoming BFD control packet. format: int32 maximum: 254 minimum: 1 type: integer passiveMode: - description: 'Mark session as passive: a passive session will not attempt to start the connection and will wait for control packets from peer before it begins replying.' + description: |- + Mark session as passive: a passive session will not + attempt to start the connection and will wait for control packets + from peer before it begins replying. type: boolean receiveInterval: - description: The minimum interval that this system is capable of receiving control packets in milliseconds. Defaults to 300ms. + description: |- + The minimum interval that this system is capable of + receiving control packets in milliseconds. + Defaults to 300ms. format: int32 maximum: 60000 minimum: 10 type: integer transmitInterval: - description: The minimum transmission interval (less jitter) that this system wants to use to send BFD control packets in milliseconds. Defaults to 300ms + description: |- + The minimum transmission interval (less jitter) + that this system wants to use to send BFD control packets in + milliseconds. Defaults to 300ms format: int32 maximum: 60000 minimum: 10 @@ -97,8 +127,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: bgpadvertisements.metallb.io spec: group: metallb.io @@ -126,13 +155,25 @@ spec: name: v1beta1 schema: openAPIV3Schema: - description: BGPAdvertisement allows to advertise the IPs coming from the selected IPAddressPools via BGP, setting the parameters of the BGP Advertisement. + description: |- + BGPAdvertisement allows to advertise the IPs coming + from the selected IPAddressPools via BGP, setting the parameters of the + BGP Advertisement. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -151,28 +192,44 @@ spec: format: int32 type: integer communities: - description: The BGP communities to be associated with the announcement. Each item can be a standard community of the form 1234:1234, a large community of the form large:1234:1234:1234 or the name of an alias defined in the Community CRD. + description: |- + The BGP communities to be associated with the announcement. Each item can be a standard community of the + form 1234:1234, a large community of the form large:1234:1234:1234 or the name of an alias defined in the + Community CRD. items: type: string type: array ipAddressPoolSelectors: - description: A selector for the IPAddressPools which would get advertised via this advertisement. If no IPAddressPool is selected by this or by the list, the advertisement is applied to all the IPAddressPools. + description: |- + A selector for the IPAddressPools which would get advertised via this advertisement. + If no IPAddressPool is selected by this or by the list, the advertisement is applied to all the IPAddressPools. items: - description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -184,7 +241,10 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic @@ -195,27 +255,40 @@ spec: type: string type: array localPref: - description: The BGP LOCAL_PREF attribute which is used by BGP best path algorithm, Path with higher localpref is preferred over one with lower localpref. + description: |- + The BGP LOCAL_PREF attribute which is used by BGP best path algorithm, + Path with higher localpref is preferred over one with lower localpref. format: int32 type: integer nodeSelectors: description: NodeSelectors allows to limit the nodes to announce as next hops for the LoadBalancer IP. When empty, all the nodes having are announced as next hops. items: - description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -227,13 +300,18 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic type: array peers: - description: Peers limits the bgppeer to advertise the ips of the selected pools to. When empty, the loadbalancer IP is announced to all the BGPPeers configured. + description: |- + Peers limits the bgppeer to advertise the ips of the selected pools to. + When empty, the loadbalancer IP is announced to all the BGPPeers configured. items: type: string type: array @@ -251,8 +329,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: bgppeers.metallb.io spec: conversion: @@ -294,10 +371,19 @@ spec: description: BGPPeer is the Schema for the peers API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -322,7 +408,9 @@ spec: minimum: 0 type: integer nodeSelectors: - description: Only connect to this peer on nodes that match one of these selectors. + description: |- + Only connect to this peer on nodes that match one of these + selectors. items: properties: matchExpressions: @@ -404,10 +492,19 @@ spec: description: BGPPeer is the Schema for the peers API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -417,6 +514,18 @@ spec: bfdProfile: description: The name of the BFD Profile to be used for the BFD session associated to the BGP session. If not set, the BFD session won't be set up. type: string + connectTime: + description: Requested BGP connect time, controls how long BGP waits between connection attempts to a neighbor. + type: string + x-kubernetes-validations: + - message: connect time should be between 1 seconds to 65535 + rule: duration(self).getSeconds() >= 1 && duration(self).getSeconds() <= 65535 + - message: connect time should contain a whole number of seconds + rule: duration(self).getMilliseconds() % 1000 == 0 + disableMP: + default: false + description: To set if we want to disable MP BGP that will separate IPv4 and IPv6 route exchanges into distinct BGP sessions. + type: boolean ebgpMultiHop: description: To set if the BGPPeer is multi-hops away. Needed for FRR mode only. type: boolean @@ -433,23 +542,36 @@ spec: minimum: 0 type: integer nodeSelectors: - description: Only connect to this peer on nodes that match one of these selectors. + description: |- + Only connect to this peer on nodes that match one of these + selectors. items: - description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -461,7 +583,10 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic @@ -470,7 +595,11 @@ spec: description: Authentication password for routers enforcing TCP MD5 authenticated sessions type: string passwordSecret: - description: passwordSecret is name of the authentication secret for BGP Peer. the secret must be of type "kubernetes.io/basic-auth", and created in the same namespace as the MetalLB deployment. The password is stored in the secret as the key "password". + description: |- + passwordSecret is name of the authentication secret for BGP Peer. + the secret must be of type "kubernetes.io/basic-auth", and created in the + same namespace as the MetalLB deployment. The password is stored in the + secret as the key "password". properties: name: description: name is unique within a namespace to reference a secret resource. @@ -502,7 +631,9 @@ spec: description: Source address to use when establishing the session. type: string vrf: - description: To set if we want to peer with the BGPPeer using an interface belonging to a host vrf + description: |- + To set if we want to peer with the BGPPeer using an interface belonging to + a host vrf type: string required: - myASN @@ -522,8 +653,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: communities.metallb.io spec: group: metallb.io @@ -537,13 +667,24 @@ spec: - name: v1beta1 schema: openAPIV3Schema: - description: Community is a collection of aliases for communities. Users can define named aliases to be used in the BGPPeer CRD. + description: |- + Community is a collection of aliases for communities. + Users can define named aliases to be used in the BGPPeer CRD. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -557,7 +698,9 @@ spec: description: The name of the alias for the community. type: string value: - description: The BGP community value corresponding to the given name. Can be a standard community of the form 1234:1234 or a large community of the form large:1234:1234:1234. + description: |- + The BGP community value corresponding to the given name. Can be a standard community of the form 1234:1234 + or a large community of the form large:1234:1234:1234. type: string type: object type: array @@ -575,8 +718,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: ipaddresspools.metallb.io spec: group: metallb.io @@ -600,13 +742,24 @@ spec: name: v1beta1 schema: openAPIV3Schema: - description: IPAddressPool represents a pool of IP addresses that can be allocated to LoadBalancer services. + description: |- + IPAddressPool represents a pool of IP addresses that can be allocated + to LoadBalancer services. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -614,39 +767,67 @@ spec: description: IPAddressPoolSpec defines the desired state of IPAddressPool. properties: addresses: - description: A list of IP address ranges over which MetalLB has authority. You can list multiple ranges in a single pool, they will all share the same settings. Each range can be either a CIDR prefix, or an explicit start-end range of IPs. + description: |- + A list of IP address ranges over which MetalLB has authority. + You can list multiple ranges in a single pool, they will all share the + same settings. Each range can be either a CIDR prefix, or an explicit + start-end range of IPs. items: type: string type: array autoAssign: default: true - description: AutoAssign flag used to prevent MetallB from automatic allocation for a pool. + description: |- + AutoAssign flag used to prevent MetallB from automatic allocation + for a pool. type: boolean avoidBuggyIPs: default: false - description: AvoidBuggyIPs prevents addresses ending with .0 and .255 to be used by a pool. + description: |- + AvoidBuggyIPs prevents addresses ending with .0 and .255 + to be used by a pool. type: boolean serviceAllocation: - description: AllocateTo makes ip pool allocation to specific namespace and/or service. The controller will use the pool with lowest value of priority in case of multiple matches. A pool with no priority set will be used only if the pools with priority can't be used. If multiple matching IPAddressPools are available it will check for the availability of IPs sorting the matching IPAddressPools by priority, starting from the highest to the lowest. If multiple IPAddressPools have the same priority, choice will be random. + description: |- + AllocateTo makes ip pool allocation to specific namespace and/or service. + The controller will use the pool with lowest value of priority in case of + multiple matches. A pool with no priority set will be used only if the + pools with priority can't be used. If multiple matching IPAddressPools are + available it will check for the availability of IPs sorting the matching + IPAddressPools by priority, starting from the highest to the lowest. If + multiple IPAddressPools have the same priority, choice will be random. properties: namespaceSelectors: - description: NamespaceSelectors list of label selectors to select namespace(s) for ip pool, an alternative to using namespace list. + description: |- + NamespaceSelectors list of label selectors to select namespace(s) for ip pool, + an alternative to using namespace list. items: - description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -658,7 +839,10 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic @@ -672,23 +856,36 @@ spec: description: Priority priority given for ip pool while ip allocation on a service. type: integer serviceSelectors: - description: ServiceSelectors list of label selector to select service(s) for which ip pool can be used for ip allocation. + description: |- + ServiceSelectors list of label selector to select service(s) for which ip pool + can be used for ip allocation. items: - description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -700,7 +897,10 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic @@ -724,8 +924,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: l2advertisements.metallb.io spec: group: metallb.io @@ -753,13 +952,24 @@ spec: name: v1beta1 schema: openAPIV3Schema: - description: L2Advertisement allows to advertise the LoadBalancer IPs provided by the selected pools via L2. + description: |- + L2Advertisement allows to advertise the LoadBalancer IPs provided + by the selected pools via L2. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -767,28 +977,43 @@ spec: description: L2AdvertisementSpec defines the desired state of L2Advertisement. properties: interfaces: - description: A list of interfaces to announce from. The LB IP will be announced only from these interfaces. If the field is not set, we advertise from all the interfaces on the host. + description: |- + A list of interfaces to announce from. The LB IP will be announced only from these interfaces. + If the field is not set, we advertise from all the interfaces on the host. items: type: string type: array ipAddressPoolSelectors: - description: A selector for the IPAddressPools which would get advertised via this advertisement. If no IPAddressPool is selected by this or by the list, the advertisement is applied to all the IPAddressPools. + description: |- + A selector for the IPAddressPools which would get advertised via this advertisement. + If no IPAddressPool is selected by this or by the list, the advertisement is applied to all the IPAddressPools. items: - description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -800,7 +1025,10 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic @@ -813,21 +1041,32 @@ spec: nodeSelectors: description: NodeSelectors allows to limit the nodes to announce as next hops for the LoadBalancer IP. When empty, all the nodes having are announced as next hops. items: - description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -839,7 +1078,10 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic @@ -853,4 +1095,71 @@ spec: storage: true subresources: status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: servicel2statuses.metallb.io +spec: + group: metallb.io + names: + kind: ServiceL2Status + listKind: ServiceL2StatusList + plural: servicel2statuses + singular: servicel2status + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.node + name: Allocated Node + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: ServiceL2Status reveals the actual traffic status of loadbalancer services in layer2 mode. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ServiceL2StatusSpec defines the desired state of ServiceL2Status. + type: object + status: + description: MetalLBServiceL2Status defines the observed state of ServiceL2Status. + properties: + interfaces: + description: Interfaces indicates the interfaces that receive the directed traffic + items: + description: InterfaceInfo defines interface info of layer2 announcement. + properties: + name: + description: Name the name of network interface card + type: string + type: object + type: array + node: + description: Node indicates the node that receives the directed traffic + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} {{- end }} diff --git a/bitnami/metallb/templates/speaker/rbac.yaml b/bitnami/metallb/templates/speaker/rbac.yaml index 8998a3a21a..e62409b3cd 100644 --- a/bitnami/metallb/templates/speaker/rbac.yaml +++ b/bitnami/metallb/templates/speaker/rbac.yaml @@ -17,6 +17,13 @@ metadata: {{- end }} rules: - apiGroups: + - "metallb.io" + resources: + - "servicel2statuses" + - "servicel2statuses/status" + verbs: + - "*" + apiGroups: - '' resources: - services diff --git a/bitnami/metallb/values.yaml b/bitnami/metallb/values.yaml index 0785912114..e9e796d02e 100644 --- a/bitnami/metallb/values.yaml +++ b/bitnami/metallb/values.yaml @@ -155,7 +155,7 @@ controller: image: registry: docker.io repository: bitnami/metallb-controller - tag: 0.14.3-debian-12-r7 + tag: 0.14.5-debian-12-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -554,7 +554,7 @@ speaker: image: registry: docker.io repository: bitnami/metallb-speaker - tag: 0.14.3-debian-12-r8 + tag: 0.14.5-debian-12-r0 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'