diff --git a/bitnami/metallb/Chart.lock b/bitnami/metallb/Chart.lock index 705d90f027..2ba14eaf01 100644 --- a/bitnami/metallb/Chart.lock +++ b/bitnami/metallb/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.14.1 -digest: sha256:5ccbe5f1fe4459864a8c9d7329c400b678666b6cfb1450818a830bda81995bc3 -generated: "2024-01-10T22:03:38.650283854Z" + version: 2.15.3 +digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 +generated: "2024-02-14T15:30:04.851044293+01:00" diff --git a/bitnami/metallb/Chart.yaml b/bitnami/metallb/Chart.yaml index 2033b742f1..aa1d600e7b 100644 --- a/bitnami/metallb/Chart.yaml +++ b/bitnami/metallb/Chart.yaml @@ -35,4 +35,4 @@ maintainers: name: metallb sources: - https://github.com/bitnami/charts/tree/main/bitnami/metallb -version: 4.12.2 +version: 4.13.0 diff --git a/bitnami/metallb/README.md b/bitnami/metallb/README.md index e68fe7f26c..2112a0b141 100644 --- a/bitnami/metallb/README.md +++ b/bitnami/metallb/README.md @@ -96,90 +96,90 @@ The command removes all the Kubernetes components associated with the chart and ### Controller parameters -| Name | Description | Value | -| -------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------ | -| `controller.image.registry` | MetalLB Controller image registry | `REGISTRY_NAME` | -| `controller.image.repository` | MetalLB Controller image repository | `REPOSITORY_NAME/metallb-controller` | -| `controller.image.digest` | MetalLB Controller image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `controller.image.pullPolicy` | MetalLB Controller image pull policy | `IfNotPresent` | -| `controller.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `controller.updateStrategy.type` | MetalLB controller deployment strategy type. | `RollingUpdate` | -| `controller.automountServiceAccountToken` | Mount Service Account token in pod | `true` | -| `controller.hostAliases` | Deployment pod host aliases | `[]` | -| `controller.rbac.create` | create specifies whether to install and use RBAC rules. | `true` | -| `controller.psp.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `true` | -| `controller.priorityClassName` | MetalLB controller pods' priorityClassName | `""` | -| `controller.runtimeClassName` | Name of the runtime class to be used by MetalLB controller pod(s) | `""` | -| `controller.schedulerName` | Name of the k8s scheduler (other than default) | `""` | -| `controller.terminationGracePeriodSeconds` | In seconds, time the given to the MetalLB controller pod needs to terminate gracefully | `0` | -| `controller.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | -| `controller.resources.limits` | The resources limits for the container | `{}` | -| `controller.resources.requests` | The requested resources for the container | `{}` | -| `controller.nodeSelector` | Node labels for controller pod assignment | `{}` | -| `controller.tolerations` | Tolerations for controller pod assignment | `[]` | -| `controller.affinity` | Affinity for controller pod assignment | `{}` | -| `controller.podAnnotations` | Controller Pod annotations | `{}` | -| `controller.podLabels` | Controller Pod labels | `{}` | -| `controller.podAffinityPreset` | Controller Pod affinitypreset. Allowed values: soft, hard | `""` | -| `controller.podAntiAffinityPreset` | Controller Pod anti affinitypreset. Allowed values: soft, hard | `soft` | -| `controller.nodeAffinityPreset.type` | Controller Pod Node affinity preset. Allowed values: soft, hard | `""` | -| `controller.nodeAffinityPreset.key` | Controller Pod Node affinity label key to match | `""` | -| `controller.nodeAffinityPreset.values` | Controller Pod Node affinity label values to match | `[]` | -| `controller.podSecurityContext.enabled` | Enabled MetalLB Controller pods' Security Context | `true` | -| `controller.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `controller.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `controller.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `controller.podSecurityContext.fsGroup` | Set MetalLB Controller pod's Security Context fsGroup | `1001` | -| `controller.containerSecurityContext.enabled` | Enabled MetalLB Controller containers' Security Context | `true` | -| `controller.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `controller.containerSecurityContext.runAsUser` | Set MetalLB Controller containers' Security Context runAsUser | `1001` | -| `controller.containerSecurityContext.runAsNonRoot` | Set MetalLB Controller container's Security Context runAsNonRoot | `true` | -| `controller.containerSecurityContext.allowPrivilegeEscalation` | Enables privilege Escalation context for the pod. | `false` | -| `controller.containerSecurityContext.readOnlyRootFilesystem` | Allows the pod to mount the RootFS as ReadOnly | `true` | -| `controller.containerSecurityContext.capabilities.drop` | Drop capabilities for the securityContext | `[]` | -| `controller.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `controller.command` | Override default container command (useful when using custom images) | `[]` | -| `controller.args` | Override default container args (useful when using custom images) | `[]` | -| `controller.lifecycleHooks` | for the MetalLB Controller container(s) to automate configuration before or after startup | `{}` | -| `controller.extraEnvVars` | Extra environment variable to pass to the running container. | `[]` | -| `controller.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MetalLB controller nodes | `""` | -| `controller.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MetalLB controller nodes | `""` | -| `controller.extraVolumes` | Optionally specify extra list of additional volumes for the MetalLB controller pod(s) | `[]` | -| `controller.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MetalLB controller container(s) | `[]` | -| `controller.sidecars` | Add additional sidecar containers to the MetalLB Controller pod(s) | `[]` | -| `controller.initContainers` | Add additional init containers to the MetalLB Controller pod(s) | `[]` | -| `controller.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `controller.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` | -| `controller.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | -| `controller.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | -| `controller.revisionHistoryLimit` | Configure the revisionHistoryLimit of the Controller deployment | `3` | -| `controller.containerPorts.metrics` | Configures the ports the MetalLB Controller listens on for metrics | `7472` | -| `controller.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `controller.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `controller.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `controller.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `controller.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `controller.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `controller.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `controller.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `controller.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `controller.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `controller.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `controller.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `controller.startupProbe.enabled` | Enable startupProbe | `false` | -| `controller.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | -| `controller.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `controller.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `controller.startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` | -| `controller.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `controller.customStartupProbe` | Custom liveness probe for the Web component | `{}` | -| `controller.customLivenessProbe` | Custom liveness probe for the Web component | `{}` | -| `controller.customReadinessProbe` | Custom readiness probe for the Web component | `{}` | -| `controller.logLevel` | Sets the controller log level. Does not work if the args are overridden | `info` | -| `controller.tlsMinVersion` | Sets the minimum TLS version for the controller | `""` | -| `controller.tlsCipherSuites` | Comma separated list of TLS cipher suites for the controller | `""` | -| `controller.webhookMode` | Controller webhook mode | `enabled` | -| `controller.extraArgs` | Add extra arguments to the default arguments for the controller | `[]` | +| Name | Description | Value | +| -------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------ | +| `controller.image.registry` | MetalLB Controller image registry | `REGISTRY_NAME` | +| `controller.image.repository` | MetalLB Controller image repository | `REPOSITORY_NAME/metallb-controller` | +| `controller.image.digest` | MetalLB Controller image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `controller.image.pullPolicy` | MetalLB Controller image pull policy | `IfNotPresent` | +| `controller.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `controller.updateStrategy.type` | MetalLB controller deployment strategy type. | `RollingUpdate` | +| `controller.automountServiceAccountToken` | Mount Service Account token in pod | `true` | +| `controller.hostAliases` | Deployment pod host aliases | `[]` | +| `controller.rbac.create` | create specifies whether to install and use RBAC rules. | `true` | +| `controller.psp.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `true` | +| `controller.priorityClassName` | MetalLB controller pods' priorityClassName | `""` | +| `controller.runtimeClassName` | Name of the runtime class to be used by MetalLB controller pod(s) | `""` | +| `controller.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `controller.terminationGracePeriodSeconds` | In seconds, time the given to the MetalLB controller pod needs to terminate gracefully | `0` | +| `controller.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `controller.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if controller.resources is set (controller.resources is recommended for production). | `none` | +| `controller.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `controller.nodeSelector` | Node labels for controller pod assignment | `{}` | +| `controller.tolerations` | Tolerations for controller pod assignment | `[]` | +| `controller.affinity` | Affinity for controller pod assignment | `{}` | +| `controller.podAnnotations` | Controller Pod annotations | `{}` | +| `controller.podLabels` | Controller Pod labels | `{}` | +| `controller.podAffinityPreset` | Controller Pod affinitypreset. Allowed values: soft, hard | `""` | +| `controller.podAntiAffinityPreset` | Controller Pod anti affinitypreset. Allowed values: soft, hard | `soft` | +| `controller.nodeAffinityPreset.type` | Controller Pod Node affinity preset. Allowed values: soft, hard | `""` | +| `controller.nodeAffinityPreset.key` | Controller Pod Node affinity label key to match | `""` | +| `controller.nodeAffinityPreset.values` | Controller Pod Node affinity label values to match | `[]` | +| `controller.podSecurityContext.enabled` | Enabled MetalLB Controller pods' Security Context | `true` | +| `controller.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `controller.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `controller.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `controller.podSecurityContext.fsGroup` | Set MetalLB Controller pod's Security Context fsGroup | `1001` | +| `controller.containerSecurityContext.enabled` | Enabled MetalLB Controller containers' Security Context | `true` | +| `controller.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `controller.containerSecurityContext.runAsUser` | Set MetalLB Controller containers' Security Context runAsUser | `1001` | +| `controller.containerSecurityContext.runAsNonRoot` | Set MetalLB Controller container's Security Context runAsNonRoot | `true` | +| `controller.containerSecurityContext.allowPrivilegeEscalation` | Enables privilege Escalation context for the pod. | `false` | +| `controller.containerSecurityContext.readOnlyRootFilesystem` | Allows the pod to mount the RootFS as ReadOnly | `true` | +| `controller.containerSecurityContext.capabilities.drop` | Drop capabilities for the securityContext | `[]` | +| `controller.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `controller.command` | Override default container command (useful when using custom images) | `[]` | +| `controller.args` | Override default container args (useful when using custom images) | `[]` | +| `controller.lifecycleHooks` | for the MetalLB Controller container(s) to automate configuration before or after startup | `{}` | +| `controller.extraEnvVars` | Extra environment variable to pass to the running container. | `[]` | +| `controller.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MetalLB controller nodes | `""` | +| `controller.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MetalLB controller nodes | `""` | +| `controller.extraVolumes` | Optionally specify extra list of additional volumes for the MetalLB controller pod(s) | `[]` | +| `controller.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MetalLB controller container(s) | `[]` | +| `controller.sidecars` | Add additional sidecar containers to the MetalLB Controller pod(s) | `[]` | +| `controller.initContainers` | Add additional init containers to the MetalLB Controller pod(s) | `[]` | +| `controller.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `controller.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` | +| `controller.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | +| `controller.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | +| `controller.revisionHistoryLimit` | Configure the revisionHistoryLimit of the Controller deployment | `3` | +| `controller.containerPorts.metrics` | Configures the ports the MetalLB Controller listens on for metrics | `7472` | +| `controller.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `controller.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `controller.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `controller.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `controller.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `controller.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `controller.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `controller.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `controller.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `controller.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `controller.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `controller.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `controller.startupProbe.enabled` | Enable startupProbe | `false` | +| `controller.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `controller.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `controller.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `controller.startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` | +| `controller.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `controller.customStartupProbe` | Custom liveness probe for the Web component | `{}` | +| `controller.customLivenessProbe` | Custom liveness probe for the Web component | `{}` | +| `controller.customReadinessProbe` | Custom readiness probe for the Web component | `{}` | +| `controller.logLevel` | Sets the controller log level. Does not work if the args are overridden | `info` | +| `controller.tlsMinVersion` | Sets the minimum TLS version for the controller | `""` | +| `controller.tlsCipherSuites` | Comma separated list of TLS cipher suites for the controller | `""` | +| `controller.webhookMode` | Controller webhook mode | `enabled` | +| `controller.extraArgs` | Add extra arguments to the default arguments for the controller | `[]` | ### MetalLB controller Prometheus metrics export @@ -201,95 +201,95 @@ The command removes all the Kubernetes components associated with the chart and ### Speaker parameters -| Name | Description | Value | -| ----------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- | -| `speaker.enabled` | Whether to enable BGP speakers or not | `true` | -| `speaker.image.registry` | MetalLB Speaker image registry | `REGISTRY_NAME` | -| `speaker.image.repository` | MetalLB Speaker image repository | `REPOSITORY_NAME/metallb-speaker` | -| `speaker.image.digest` | MetalLB Speaker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `speaker.image.pullPolicy` | MetalLB Speaker image pull policy | `IfNotPresent` | -| `speaker.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `speaker.updateStrategy.type` | Speaker daemonset strategy type | `RollingUpdate` | -| `speaker.rbac.create` | create specifies whether to install and use RBAC rules. | `true` | -| `speaker.automountServiceAccountToken` | Mount Service Account token in pod | `true` | -| `speaker.networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `true` | -| `speaker.networkPolicy.allowExternal` | The Policy model to apply | `true` | -| `speaker.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `speaker.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | -| `speaker.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `speaker.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `speaker.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `speaker.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `speaker.hostAliases` | Deployment pod host aliases | `[]` | -| `speaker.psp.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `true` | -| `speaker.priorityClassName` | Speaker pods' priorityClassName | `""` | -| `speaker.runtimeClassName` | Name of the runtime class to be used by Speaker pod(s) | `""` | -| `speaker.terminationGracePeriodSeconds` | In seconds, time the given to the Speaker pod needs to terminate gracefully | `2` | -| `speaker.resources.limits` | The resources limits for the container | `{}` | -| `speaker.resources.requests` | The requested resources for the container | `{}` | -| `speaker.nodeSelector` | Node labels for speaker pod assignment | `{}` | -| `speaker.tolerations` | Tolerations for speaker pod assignment | `[]` | -| `speaker.affinity` | Affinity for speaker pod assignment | `{}` | -| `speaker.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `speaker.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `speaker.nodeAffinityPreset.key` | Node label key to match. Ignored if `speaker.affinity` is set | `""` | -| `speaker.nodeAffinityPreset.values` | Node label values to match. Ignored if `speaker.affinity` is set | `[]` | -| `speaker.podAffinityPreset` | Pod affinity preset. Ignored if `speaker.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `speaker.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `speaker.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `speaker.podAnnotations` | Speaker Pod annotations | `{}` | -| `speaker.podLabels` | Speaker Pod labels | `{}` | -| `speaker.podSecurityContext.enabled` | Enabled Speaker pods' Security Context | `true` | -| `speaker.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `speaker.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `speaker.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `speaker.podSecurityContext.fsGroup` | Set Speaker pod's Security Context fsGroup | `0` | -| `speaker.containerSecurityContext.enabled` | Enabled Speaker containers' Security Context | `true` | -| `speaker.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `speaker.containerSecurityContext.runAsUser` | Set Speaker containers' Security Context runAsUser | `0` | -| `speaker.containerSecurityContext.allowPrivilegeEscalation` | Enables privilege Escalation context for the pod. | `false` | -| `speaker.containerSecurityContext.readOnlyRootFilesystem` | Allows the pod to mount the RootFS as ReadOnly | `true` | -| `speaker.containerSecurityContext.capabilities.drop` | Drop capabilities for the securityContext | `[]` | -| `speaker.containerSecurityContext.capabilities.add` | Add capabilities for the securityContext | `[]` | -| `speaker.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `speaker.command` | Override default container command (useful when using custom images) | `[]` | -| `speaker.args` | Override default container args (useful when using custom images) | `[]` | -| `speaker.lifecycleHooks` | for the Speaker container(s) to automate configuration before or after startup | `{}` | -| `speaker.sidecars` | Add additional sidecar containers to the Speaker pod(s) | `[]` | -| `speaker.initContainers` | Add additional init containers to the Speaker pod(s) | `[]` | -| `speaker.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `speaker.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` | -| `speaker.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | -| `speaker.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | -| `speaker.secretName` | References a Secret name for the member secret outside of the helm chart | `""` | -| `speaker.secretKey` | References a Secret key the member secret outside of the helm chart | `""` | -| `speaker.secretValue` | Custom value for `speaker.secretKey` | `""` | -| `speaker.extraEnvVars` | Extra environment variable to pass to the running container. | `[]` | -| `speaker.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Speaker nodes | `""` | -| `speaker.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Speaker nodes | `""` | -| `speaker.extraVolumes` | Optionally specify extra list of additional volumes for the Speaker pod(s) | `[]` | -| `speaker.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Speaker container(s) | `[]` | -| `speaker.containerPorts.metrics` | HTTP Metrics Endpoint | `7472` | -| `speaker.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `speaker.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `speaker.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `speaker.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `speaker.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `speaker.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `speaker.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `speaker.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `speaker.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `speaker.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `speaker.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `speaker.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `speaker.startupProbe.enabled` | Enable startupProbe | `false` | -| `speaker.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | -| `speaker.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `speaker.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `speaker.startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` | -| `speaker.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `speaker.customStartupProbe` | Custom liveness probe for the Web component | `{}` | -| `speaker.customLivenessProbe` | Custom liveness probe for the Web component | `{}` | -| `speaker.customReadinessProbe` | Custom readiness probe for the Web component | `{}` | -| `speaker.logLevel` | Sets the speaker log level. Does not work if the args are overridden | `info` | +| Name | Description | Value | +| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- | +| `speaker.enabled` | Whether to enable BGP speakers or not | `true` | +| `speaker.image.registry` | MetalLB Speaker image registry | `REGISTRY_NAME` | +| `speaker.image.repository` | MetalLB Speaker image repository | `REPOSITORY_NAME/metallb-speaker` | +| `speaker.image.digest` | MetalLB Speaker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `speaker.image.pullPolicy` | MetalLB Speaker image pull policy | `IfNotPresent` | +| `speaker.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `speaker.updateStrategy.type` | Speaker daemonset strategy type | `RollingUpdate` | +| `speaker.rbac.create` | create specifies whether to install and use RBAC rules. | `true` | +| `speaker.automountServiceAccountToken` | Mount Service Account token in pod | `true` | +| `speaker.networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `true` | +| `speaker.networkPolicy.allowExternal` | The Policy model to apply | `true` | +| `speaker.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `speaker.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | +| `speaker.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `speaker.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `speaker.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `speaker.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `speaker.hostAliases` | Deployment pod host aliases | `[]` | +| `speaker.psp.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `true` | +| `speaker.priorityClassName` | Speaker pods' priorityClassName | `""` | +| `speaker.runtimeClassName` | Name of the runtime class to be used by Speaker pod(s) | `""` | +| `speaker.terminationGracePeriodSeconds` | In seconds, time the given to the Speaker pod needs to terminate gracefully | `2` | +| `speaker.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if speaker.resources is set (speaker.resources is recommended for production). | `none` | +| `speaker.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `speaker.nodeSelector` | Node labels for speaker pod assignment | `{}` | +| `speaker.tolerations` | Tolerations for speaker pod assignment | `[]` | +| `speaker.affinity` | Affinity for speaker pod assignment | `{}` | +| `speaker.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `speaker.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `speaker.nodeAffinityPreset.key` | Node label key to match. Ignored if `speaker.affinity` is set | `""` | +| `speaker.nodeAffinityPreset.values` | Node label values to match. Ignored if `speaker.affinity` is set | `[]` | +| `speaker.podAffinityPreset` | Pod affinity preset. Ignored if `speaker.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `speaker.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `speaker.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `speaker.podAnnotations` | Speaker Pod annotations | `{}` | +| `speaker.podLabels` | Speaker Pod labels | `{}` | +| `speaker.podSecurityContext.enabled` | Enabled Speaker pods' Security Context | `true` | +| `speaker.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `speaker.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `speaker.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `speaker.podSecurityContext.fsGroup` | Set Speaker pod's Security Context fsGroup | `0` | +| `speaker.containerSecurityContext.enabled` | Enabled Speaker containers' Security Context | `true` | +| `speaker.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `speaker.containerSecurityContext.runAsUser` | Set Speaker containers' Security Context runAsUser | `0` | +| `speaker.containerSecurityContext.allowPrivilegeEscalation` | Enables privilege Escalation context for the pod. | `false` | +| `speaker.containerSecurityContext.readOnlyRootFilesystem` | Allows the pod to mount the RootFS as ReadOnly | `true` | +| `speaker.containerSecurityContext.capabilities.drop` | Drop capabilities for the securityContext | `[]` | +| `speaker.containerSecurityContext.capabilities.add` | Add capabilities for the securityContext | `[]` | +| `speaker.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `speaker.command` | Override default container command (useful when using custom images) | `[]` | +| `speaker.args` | Override default container args (useful when using custom images) | `[]` | +| `speaker.lifecycleHooks` | for the Speaker container(s) to automate configuration before or after startup | `{}` | +| `speaker.sidecars` | Add additional sidecar containers to the Speaker pod(s) | `[]` | +| `speaker.initContainers` | Add additional init containers to the Speaker pod(s) | `[]` | +| `speaker.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `speaker.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` | +| `speaker.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | +| `speaker.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | +| `speaker.secretName` | References a Secret name for the member secret outside of the helm chart | `""` | +| `speaker.secretKey` | References a Secret key the member secret outside of the helm chart | `""` | +| `speaker.secretValue` | Custom value for `speaker.secretKey` | `""` | +| `speaker.extraEnvVars` | Extra environment variable to pass to the running container. | `[]` | +| `speaker.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Speaker nodes | `""` | +| `speaker.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Speaker nodes | `""` | +| `speaker.extraVolumes` | Optionally specify extra list of additional volumes for the Speaker pod(s) | `[]` | +| `speaker.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Speaker container(s) | `[]` | +| `speaker.containerPorts.metrics` | HTTP Metrics Endpoint | `7472` | +| `speaker.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `speaker.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `speaker.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `speaker.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `speaker.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `speaker.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `speaker.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `speaker.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `speaker.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `speaker.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `speaker.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `speaker.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `speaker.startupProbe.enabled` | Enable startupProbe | `false` | +| `speaker.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `speaker.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `speaker.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `speaker.startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` | +| `speaker.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `speaker.customStartupProbe` | Custom liveness probe for the Web component | `{}` | +| `speaker.customLivenessProbe` | Custom liveness probe for the Web component | `{}` | +| `speaker.customReadinessProbe` | Custom readiness probe for the Web component | `{}` | +| `speaker.logLevel` | Sets the speaker log level. Does not work if the args are overridden | `info` | ### Speaker Prometheus metrics export @@ -321,6 +321,12 @@ The above command sets the `readinessProbe.successThreshold` to `5`. ## Configuration and installation details +### Resource requests and limits + +Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + ### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers) It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. diff --git a/bitnami/metallb/templates/NOTES.txt b/bitnami/metallb/templates/NOTES.txt index 811668a547..c92e193da5 100644 --- a/bitnami/metallb/templates/NOTES.txt +++ b/bitnami/metallb/templates/NOTES.txt @@ -49,3 +49,4 @@ If it is missing create it with: kubectl create secret {{ include "metallb.speaker.secretName" . }} --from-file={{ include "metallb.speaker.secretKey" . }} {{- end }} {{- end }} +{{- include "common.warnings.resources" (dict "sections" (list "controller" "speaker") "context" $) }} diff --git a/bitnami/metallb/templates/controller/deployment.yaml b/bitnami/metallb/templates/controller/deployment.yaml index b0c135ca82..85e7ff34e5 100644 --- a/bitnami/metallb/templates/controller/deployment.yaml +++ b/bitnami/metallb/templates/controller/deployment.yaml @@ -168,6 +168,8 @@ spec: {{- end }} {{- if .Values.controller.resources }} resources: {{- toYaml .Values.controller.resources | nindent 12 }} + {{- else if ne .Values.controller.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.controller.resourcesPreset) | nindent 12 }} {{- end }} {{- if .Values.controller.sidecars }} {{- include "common.tplvalues.render" ( dict "value" .Values.controller.sidecars "context" $) | nindent 8 }} diff --git a/bitnami/metallb/templates/speaker/daemonset.yaml b/bitnami/metallb/templates/speaker/daemonset.yaml index b166c6c5e7..45b9835288 100644 --- a/bitnami/metallb/templates/speaker/daemonset.yaml +++ b/bitnami/metallb/templates/speaker/daemonset.yaml @@ -157,6 +157,8 @@ spec: {{- end }} {{- if .Values.speaker.resources }} resources: {{- toYaml .Values.speaker.resources | nindent 12 }} + {{- else if ne .Values.speaker.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.speaker.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: memberlist-secret diff --git a/bitnami/metallb/values.yaml b/bitnami/metallb/values.yaml index 9d2e3492d8..f05f822c03 100644 --- a/bitnami/metallb/values.yaml +++ b/bitnami/metallb/values.yaml @@ -16,7 +16,6 @@ global: ## - myRegistryKeySecretName ## imagePullSecrets: [] - ## @section Common parameters ## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) @@ -37,7 +36,6 @@ commonAnnotations: {} ## @param extraDeploy Array of extra objects to deploy with the release ## extraDeploy: [] - ## Enable diagnostic mode in the deployment(s)/statefulset(s) ## diagnosticMode: @@ -69,7 +67,6 @@ psp: ## @param psp.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later ## create: false - ## Network Policy configuration ## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ ## @@ -127,15 +124,12 @@ networkPolicy: ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} - - ## Prometheus Operator alertmanager alerts ## ## @param prometheusRule.enabled Prometheus Operator alertmanager alerts are created ## prometheusRule: enabled: false - ## @section Controller parameters ## MetalLB Controller deployment. @@ -227,20 +221,21 @@ controller: ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param controller.resources.limits The resources limits for the container - ## @param controller.resources.requests The requested resources for the container + ## @param controller.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if controller.resources is set (controller.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 100Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 25m - ## memory: 25Mi - requests: {} + resourcesPreset: "none" + ## @param controller.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## @param controller.nodeSelector Node labels for controller pod assignment ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## @@ -452,7 +447,6 @@ controller: ## @param controller.customReadinessProbe Custom readiness probe for the Web component ## customReadinessProbe: {} - ## @param controller.logLevel Sets the controller log level. Does not work if the args are overridden ## logLevel: info @@ -471,7 +465,6 @@ controller: ## @param controller.extraArgs Add extra arguments to the default arguments for the controller ## extraArgs: [] - ## @section MetalLB controller Prometheus metrics export ## metrics: @@ -489,7 +482,7 @@ controller: annotations: prometheus.io/scrape: "true" prometheus.io/port: "7472" - prometheus.io/path: "/metrics" ## Prometheus Operator service monitors + prometheus.io/path: "/metrics" ## Prometheus Operator service monitors ## serviceMonitor: ## @param controller.metrics.serviceMonitor.enabled Specify if a servicemonitor will be deployed for prometheus-operator @@ -529,7 +522,6 @@ controller: ## @param controller.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels ## honorLabels: false - ## @section Speaker parameters ## MetalLB Speaker daemonset. @@ -671,20 +663,21 @@ speaker: ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param speaker.resources.limits The resources limits for the container - ## @param speaker.resources.requests The requested resources for the container + ## @param speaker.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if speaker.resources is set (speaker.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 100Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 25m - ## memory: 25Mi - requests: {} + resourcesPreset: "none" + ## @param speaker.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## @param speaker.nodeSelector Node labels for speaker pod assignment ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ##