Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-02-19 19:47:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/metallb] Add hostAlias and lint (#5268)

Browse Source 
* [bitnami/metallb] Add hostAlias

* Lint

* Lint
This commit is contained in:
Javier J. Salmerón-García
2021-01-28 13:18:49 +01:00
committed by GitHub
parent bd52726070
commit 70869aae80
8 changed files with 305 additions and 284 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bitnami/metallb/Chart.yaml
View File

@@ -30,4 +30,4 @@ sources:
- https://github.com/metallb/metallb
- https://github.com/bitnami/bitnami-docker-metallb
- https://metallb.universe.tf
version: 2.1.2
version: 2.2.0

232
bitnami/metallb/README.md
View File

@@ -51,130 +51,131 @@ The following tables lists the configurable parameters of the metallb chart and
### Global parameters
| Parameter | Description | Default |
|----------------------------------------------------------|------------------------------------------------------------------------------------------------------|---------------------------------------------------------|
| `global.imageRegistry` | Global Docker image registry | `nil` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| Parameter | Description | Default |
|---------------------------|-------------------------------------------------|---------------------------------------------------------|
| `global.imageRegistry` | Global Docker image registry | `nil` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
### Common parameters
| Parameter | Description | Default |
|----------------------------------------------------------|------------------------------------------------------------------------------------------------------|---------------------------------------------------------|
| `nameOverride` | String to partially override metallb.fullname template with a string (will prepend the release name) | `nil` |
| `fullnameOverride` | String to fully override metallb.fullname template with a string | `nil` |
| `existingConfigMap` | Specify an existing configMapName to use. (this is mutually exclusive with the configInline option) | `nil` |
| `configInline` | Specify the config for metallb as a new configMap inline. | `{}` (does not create configMap) |
| `rbac.create` | Specify if an rbac authorization should be created with the necessarry Rolebindings. | `true` |
| `prometheusRule.enabled` | Enable for Prometheus alertmanager basic alerts. | `false` |
| `commonLabels` | Add common Labels to all Resources of the helmchart | `{}` |
| `commonAnnotations` | Add common Annotations to all Resources of the helmchart | `{}` |
| `networkPolicy.enabled` | Enable NetworkPolicy | `false` |
| `networkPolicy.ingressNSMatchLabels` | Allow connections from other namespaces | `{}` |
| `networkPolicy.ingressNSPodMatchLabels` | For other namespaces match by pod labels and namespace labels | `{}` |
| Parameter | Description | Default |
|-----------------------------------------|------------------------------------------------------------------------------------------------------|----------------------------------|
| `nameOverride` | String to partially override metallb.fullname template with a string (will prepend the release name) | `nil` |
| `fullnameOverride` | String to fully override metallb.fullname template with a string | `nil` |
| `existingConfigMap` | Specify an existing configMapName to use. (this is mutually exclusive with the configInline option) | `nil` |
| `configInline` | Specify the config for metallb as a new configMap inline. | `{}` (does not create configMap) |
| `rbac.create` | Specify if an rbac authorization should be created with the necessarry Rolebindings. | `true` |
| `prometheusRule.enabled` | Enable for Prometheus alertmanager basic alerts. | `false` |
| `commonLabels` | Add common Labels to all Resources of the helmchart | `{}` |
| `commonAnnotations` | Add common Annotations to all Resources of the helmchart | `{}` |
| `networkPolicy.enabled` | Enable NetworkPolicy | `false` |
| `networkPolicy.ingressNSMatchLabels` | Allow connections from other namespaces | `{}` |
| `networkPolicy.ingressNSPodMatchLabels` | For other namespaces match by pod labels and namespace labels | `{}` |
### Controller parameters
| Parameter | Description | Default |
|----------------------------------------------------------|------------------------------------------------------------------------------------------------------|---------------------------------------------------------|
| `controller.image.registry` | MetalLB Controller image registry | `docker.io` |
| `controller.image.repository` | MetalLB Controller image name | `bitnami/metallb-controller` |
| `controller.image.tag` | MetalLB Controller image tag | `{TAG_NAME}` |
| `controller.image.pullPolicy` | MetalLB Controller image pull policy | `IfNotPresent` |
| `controller.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `controller.rbac.create` | create specifies whether to install and use RBAC rules. | `true` |
| `controller.psp.create` | create specifies whether to install Pod Security Policies. | `true` |
| `controller.resources.limits` | Specify resource limits which the container is not allowed to succeed. | `{}` (does not add resource limits to deployed pods) |
| `controller.resources.requests` | Specify resource requests which the container needs to spawn. | `{}` (does not add resource limits to deployed pods) |
| `controller.nodeSelector` | Node labels for controller pod assignment | `{}` |
| `controller.tolerations` | Tolerations for controller pod assignment | `[]` |
| `controller.affinity` | Affinity for controller pod assignment | `{}` |
| `controller.podAnnotations` | Controller Pod annotations | `{}` |
| `controller.podLabels` | Controller Pod labels | `{}` |
| `controller.podAffinityPreset` | Controller Pod affinitypreset | `""` |
| `controller.podAntiAffinityPreset` | Controller Pod anti affinitypreset | `soft` |
| `controller.nodeAffinityPreset.type` | Controller Pod Node affinity preset | `""` |
| `controller.nodeAffinityPreset.key` | Controller Pod Node affinity label key to match | `""` |
| `controller.nodeAffinityPreset.values` | Controller Pod Node affinity label values to match | `[]` |
| `controller.serviceAccount.create` | create a serviceAccount for the controller pod | `true` |
| `controller.serviceAccount.name` | use the serviceAccount with the specified name | `""` |
| `controller.revisionHistoryLimit` | the revision history limit for the deployment. | `3` |
| `controller.terminationGracePeriodSeconds` | the termination grace period for pods | `0` |
| `controller.containerPort.metrics` | Controller Pod metrics listening port | `7472` |
| `controller.livenessProbe.enabled` | Enable/disable the Liveness probe | `true` |
| `controller.livenessProbe.failureThreshold` | Delay before liveness probe is initiated | `3` |
| `controller.livenessProbe.initialDelaySeconds` | How often to perform the probe | `10` |
| `controller.livenessProbe.periodSeconds` | When the probe times out | `10` |
| `controller.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` |
| `controller.livenessProbe.timeoutSeconds` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `1` |
| `controller.readinessProbe.enabled` | Enable/disable the Readiness probe | `true` |
| `controller.readinessProbe.failureThreshold` | Delay before readiness probe is initiated | `3` |
| `controller.readinessProbe.initialDelaySeconds` | How often to perform the probe | `10` |
| `controller.readinessProbe.periodSeconds` | When the probe times out | `10` |
| `controller.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` |
| `controller.readinessProbe.timeoutSeconds` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `1` |
| `controller.securityContext.enabled` | Enable pods' security context | `true` |
| `controller.securityContext.runAsNonRoot` | MetalLB Controller must runs as nonRoot. | `true` |
| `controller.securityContext.runAsUser` | User ID for the pods. | `1001` |
| `controller.securityContext.fsGroup` | Group ID for the pods. | `1001` |
| `controller.securityContext.allowPrivilegeEscalation` | This defines if privilegeEscalation is allowed on that container | `false` |
| `controller.securityContext.readOnlyRootFilesystem` | This defines if the container can read the root fs on the host | `true` |
| `controller.securityContext.capabilities.drop` | Drop capabilities for the securityContext | `["ALL"]` |
| `controller.prometheus.serviceMonitor.enabled` | Specify if a servicemonitor will be deployed for prometheus-operator. | `false` |
| `controller.prometheus.serviceMonitor.jobLabel` | Specify the jobLabel to use for the prometheus-operator | `app.kubernetes.io/name` |
| `controller.prometheus.serviceMonitor.interval` | Specify the scrape interval if not specified use defaul prometheus scrapeIntervall | `""` |
| `controller.prometheus.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics. | `[]` |
| `controller.prometheus.serviceMonitor.relabelings` | Specify general relabeling. | `[]` |
| Parameter | Description | Default |
|----------------------------------------------------------|----------------------------------------------------------------------------------------------|---------------------------------------------------------|
| `controller.image.registry` | MetalLB Controller image registry | `docker.io` |
| `controller.image.repository` | MetalLB Controller image name | `bitnami/metallb-controller` |
| `controller.image.tag` | MetalLB Controller image tag | `{TAG_NAME}` |
| `controller.image.pullPolicy` | MetalLB Controller image pull policy | `IfNotPresent` |
| `controller.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `controller.hostAliases` | Add deployment host aliases | `[]` |
| `controller.rbac.create` | create specifies whether to install and use RBAC rules. | `true` |
| `controller.psp.create` | create specifies whether to install Pod Security Policies. | `true` |
| `controller.resources.limits` | Specify resource limits which the container is not allowed to succeed. | `{}` (does not add resource limits to deployed pods) |
| `controller.resources.requests` | Specify resource requests which the container needs to spawn. | `{}` (does not add resource limits to deployed pods) |
| `controller.nodeSelector` | Node labels for controller pod assignment | `{}` |
| `controller.tolerations` | Tolerations for controller pod assignment | `[]` |
| `controller.affinity` | Affinity for controller pod assignment | `{}` |
| `controller.podAnnotations` | Controller Pod annotations | `{}` |
| `controller.podLabels` | Controller Pod labels | `{}` |
| `controller.podAffinityPreset` | Controller Pod affinitypreset | `""` |
| `controller.podAntiAffinityPreset` | Controller Pod anti affinitypreset | `soft` |
| `controller.nodeAffinityPreset.type` | Controller Pod Node affinity preset | `""` |
| `controller.nodeAffinityPreset.key` | Controller Pod Node affinity label key to match | `""` |
| `controller.nodeAffinityPreset.values` | Controller Pod Node affinity label values to match | `[]` |
| `controller.serviceAccount.create` | create a serviceAccount for the controller pod | `true` |
| `controller.serviceAccount.name` | use the serviceAccount with the specified name | `""` |
| `controller.revisionHistoryLimit` | the revision history limit for the deployment. | `3` |
| `controller.terminationGracePeriodSeconds` | the termination grace period for pods | `0` |
| `controller.containerPort.metrics` | Controller Pod metrics listening port | `7472` |
| `controller.livenessProbe.enabled` | Enable/disable the Liveness probe | `true` |
| `controller.livenessProbe.failureThreshold` | Delay before liveness probe is initiated | `3` |
| `controller.livenessProbe.initialDelaySeconds` | How often to perform the probe | `10` |
| `controller.livenessProbe.periodSeconds` | When the probe times out | `10` |
| `controller.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` |
| `controller.livenessProbe.timeoutSeconds` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `1` |
| `controller.readinessProbe.enabled` | Enable/disable the Readiness probe | `true` |
| `controller.readinessProbe.failureThreshold` | Delay before readiness probe is initiated | `3` |
| `controller.readinessProbe.initialDelaySeconds` | How often to perform the probe | `10` |
| `controller.readinessProbe.periodSeconds` | When the probe times out | `10` |
| `controller.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` |
| `controller.readinessProbe.timeoutSeconds` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `1` |
| `controller.securityContext.enabled` | Enable pods' security context | `true` |
| `controller.securityContext.runAsNonRoot` | MetalLB Controller must runs as nonRoot. | `true` |
| `controller.securityContext.runAsUser` | User ID for the pods. | `1001` |
| `controller.securityContext.fsGroup` | Group ID for the pods. | `1001` |
| `controller.securityContext.allowPrivilegeEscalation` | This defines if privilegeEscalation is allowed on that container | `false` |
| `controller.securityContext.readOnlyRootFilesystem` | This defines if the container can read the root fs on the host | `true` |
| `controller.securityContext.capabilities.drop` | Drop capabilities for the securityContext | `["ALL"]` |
| `controller.prometheus.serviceMonitor.enabled` | Specify if a servicemonitor will be deployed for prometheus-operator. | `false` |
| `controller.prometheus.serviceMonitor.jobLabel` | Specify the jobLabel to use for the prometheus-operator | `app.kubernetes.io/name` |
| `controller.prometheus.serviceMonitor.interval` | Specify the scrape interval if not specified use defaul prometheus scrapeIntervall | `""` |
| `controller.prometheus.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics. | `[]` |
| `controller.prometheus.serviceMonitor.relabelings` | Specify general relabeling. | `[]` |
### Speaker parameters
| Parameter | Description | Default |
|----------------------------------------------------------|------------------------------------------------------------------------------------------------------|---------------------------------------------------------|
| `speaker.image.registry` | MetalLB Speaker image registry | `docker.io` |
| `speaker.image.repository` | MetalLB Speaker image name | `bitnami/metallb-speaker` |
| `speaker.image.tag` | MetalLB Speaker image tag | `{TAG_NAME}` |
| `speaker.image.pullPolicy` | MetalLB Speaker image pull policy | `IfNotPresent` |
| `speaker.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `speaker.rbac.create` | create specifies whether to install and use RBAC rules. | `true` |
| `speaker.psp.create` | create specifies whether to install Pod Security Policies. | `true` |
| `speaker.resources.limits` | Specify resource limits which the container is not allowed to succeed. | `{}` (does not add resource limits to deployed pods) |
| `speaker.resources.requests` | Specify resource requests which the container needs to spawn. | `{}` (does not add resource limits to deployed pods) |
| `speaker.nodeSelector` | Node labels for speaker pod assignment | `{}` |
| `speaker.tolerations` | Tolerations for speaker pod assignment | `[]` |
| `speaker.affinity` | Affinity for speaker pod assignment | `{}` |
| `speaker.podAnnotations` | Speaker Pod annotations | `{}` |
| `speaker.podLabels` | Speaker Pod labels | `{}` |
| `speaker.serviceAccount.create` | create a serviceAccount for the speaker pod | `true` |
| `speaker.serviceAccount.name` | use the serviceAccount with the specified name | "" |
| `speaker.daemonset.hostPorts.metrics` | the tcp port to listen on for the openmetrics endpoint. | `7472` |
| `speaker.daemonset.terminationGracePeriodSeconds` | The terminationGracePeriod in seconds for the daemonset to stop | `2` |
| `speaker.securityContext.enabled` | Enable pods' security context | `true` |
| `speaker.securityContext.runAsUser` | User ID for the pods. | `0` |
| `speaker.securityContext.allowPrivilegeEscalation` | Enables privilege Escalation context for the pod. | `false` |
| `speaker.securityContext.readOnlyRootFilesystem` | Allows the pod to mount the RootFS as ReadOnly | `true` |
| `speaker.securityContext.capabilities.drop` | Drop capabilities for the securityContext | `["ALL"]` |
| `speaker.securityContext.capabilities.add` | Add capabilities for the securityContext | `["NET_ADMIN", "NET_RAW", "SYS_ADMIN"]` |
| `speaker.secretName` | References a Secret name for the member secret outside of the helm chart | `nil` |
| `speaker.secretKey` | References a Secret key the member secret outside of the helm chart | `nil` |
| `speaker.secretValue` | Custom value for `speaker.secretKey` | _random 256 character alphanumeric string_ |
| `speaker.extraEnvVars` | Extra environment variable to pass to the running container. | `[]` |
| `speaker.livenessProbe.enabled` | Enable/disable the Liveness probe | `true` |
| `speaker.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `60` |
| `speaker.livenessProbe.periodSeconds` | How often to perform the probe | `10` |
| `speaker.livenessProbe.timeoutSeconds` | When the probe times out | `5` |
| `speaker.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` |
| `speaker.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `6` |
| `speaker.readinessProbe.enabled` | Enable/disable the Readiness probe | `true` |
| `speaker.readinessProbe.failureThreshold` | Delay before readiness probe is initiated | `3` |
| `speaker.readinessProbe.initialDelaySeconds` | How often to perform the probe | `10` |
| `speaker.readinessProbe.periodSeconds` | When the probe times out | `10` |
| `speaker.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` |
| `speaker.readinessProbe.timeoutSeconds` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `1` |
| `speaker.prometheus.serviceMonitor.enabled` | Specify if a servicemonitor will be deployed for prometheus-operator. | `false` |
| `speaker.prometheus.serviceMonitor.jobLabel` | Specify the jobLabel to use for the prometheus-operator | `app.kubernetes.io/name"` |
| `speaker.prometheus.serviceMonitor.interval` | Specify the scrape interval if not specified use defaul prometheus scrapeIntervall | `""` |
| `speaker.prometheus.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics. | `[]` |
| `speaker.prometheus.serviceMonitor.relabelings` | Specify general relabeling. | `[]` |
| Parameter | Description | Default |
|-------------------------------------------------------|----------------------------------------------------------------------------------------------|---------------------------------------------------------|
| `speaker.image.registry` | MetalLB Speaker image registry | `docker.io` |
| `speaker.image.repository` | MetalLB Speaker image name | `bitnami/metallb-speaker` |
| `speaker.image.tag` | MetalLB Speaker image tag | `{TAG_NAME}` |
| `speaker.image.pullPolicy` | MetalLB Speaker image pull policy | `IfNotPresent` |
| `speaker.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `speaker.rbac.create` | create specifies whether to install and use RBAC rules. | `true` |
| `speaker.psp.create` | create specifies whether to install Pod Security Policies. | `true` |
| `speaker.resources.limits` | Specify resource limits which the container is not allowed to succeed. | `{}` (does not add resource limits to deployed pods) |
| `speaker.resources.requests` | Specify resource requests which the container needs to spawn. | `{}` (does not add resource limits to deployed pods) |
| `speaker.nodeSelector` | Node labels for speaker pod assignment | `{}` |
| `speaker.tolerations` | Tolerations for speaker pod assignment | `[]` |
| `speaker.affinity` | Affinity for speaker pod assignment | `{}` |
| `speaker.podAnnotations` | Speaker Pod annotations | `{}` |
| `speaker.podLabels` | Speaker Pod labels | `{}` |
| `speaker.hostAliases` | Add deployment host aliases | `[]` |
| `speaker.serviceAccount.create` | create a serviceAccount for the speaker pod | `true` |
| `speaker.serviceAccount.name` | use the serviceAccount with the specified name | "" |
| `speaker.daemonset.hostPorts.metrics` | the tcp port to listen on for the openmetrics endpoint. | `7472` |
| `speaker.daemonset.terminationGracePeriodSeconds` | The terminationGracePeriod in seconds for the daemonset to stop | `2` |
| `speaker.securityContext.enabled` | Enable pods' security context | `true` |
| `speaker.securityContext.runAsUser` | User ID for the pods. | `0` |
| `speaker.securityContext.allowPrivilegeEscalation` | Enables privilege Escalation context for the pod. | `false` |
| `speaker.securityContext.readOnlyRootFilesystem` | Allows the pod to mount the RootFS as ReadOnly | `true` |
| `speaker.securityContext.capabilities.drop` | Drop capabilities for the securityContext | `["ALL"]` |
| `speaker.securityContext.capabilities.add` | Add capabilities for the securityContext | `["NET_ADMIN", "NET_RAW", "SYS_ADMIN"]` |
| `speaker.secretName` | References a Secret name for the member secret outside of the helm chart | `nil` |
| `speaker.secretKey` | References a Secret key the member secret outside of the helm chart | `nil` |
| `speaker.secretValue` | Custom value for `speaker.secretKey` | _random 256 character alphanumeric string_ |
| `speaker.extraEnvVars` | Extra environment variable to pass to the running container. | `[]` |
| `speaker.livenessProbe.enabled` | Enable/disable the Liveness probe | `true` |
| `speaker.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `60` |
| `speaker.livenessProbe.periodSeconds` | How often to perform the probe | `10` |
| `speaker.livenessProbe.timeoutSeconds` | When the probe times out | `5` |
| `speaker.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` |
| `speaker.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `6` |
| `speaker.readinessProbe.enabled` | Enable/disable the Readiness probe | `true` |
| `speaker.readinessProbe.failureThreshold` | Delay before readiness probe is initiated | `3` |
| `speaker.readinessProbe.initialDelaySeconds` | How often to perform the probe | `10` |
| `speaker.readinessProbe.periodSeconds` | When the probe times out | `10` |
| `speaker.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` |
| `speaker.readinessProbe.timeoutSeconds` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `1` |
| `speaker.prometheus.serviceMonitor.enabled` | Specify if a servicemonitor will be deployed for prometheus-operator. | `false` |
| `speaker.prometheus.serviceMonitor.jobLabel` | Specify the jobLabel to use for the prometheus-operator | `app.kubernetes.io/name"` |
| `speaker.prometheus.serviceMonitor.interval` | Specify the scrape interval if not specified use defaul prometheus scrapeIntervall | `""` |
| `speaker.prometheus.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics. | `[]` |
| `speaker.prometheus.serviceMonitor.relabelings` | Specify general relabeling. | `[]` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
@@ -225,7 +226,6 @@ Find more information about how to deal with common errors related to Bitnami
## Upgrading
### To 2.0.0
**What changes were introduced in this major version?**

92
bitnami/metallb/templates/controller/deployment.yaml
View File

@@ -25,12 +25,16 @@ spec:
{{- if .Values.controller.podAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.controller.podAnnotations "context" $) | nindent 8 }}
{{- end }}
spec:
spec:
{{- include "common.images.pullSecrets" (dict "images" (list .Values.speaker.image .Values.controller.image) "global" .Values.global) | nindent 6 }}
{{- if .Values.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "metallb.controllerServiceAccountName" . }}
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
nodeSelector:
{{- if .Values.controller.nodeSelector }} {{- include "common.tplvalues.render" (dict "value" .Values.controller.nodeSelector "context" $) | nindent 8 }}
{{- if .Values.controller.nodeSelector }}
{{- include "common.tplvalues.render" (dict "value" .Values.controller.nodeSelector "context" $) | nindent 8 }}
{{- end }}
"kubernetes.io/os": linux
{{- if .Values.affinity }}
@@ -41,51 +45,51 @@ spec:
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.controller.podAntiAffinityPreset "component" "controller" "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.controller.nodeAffinityPreset.type "key" .Values.controller.nodeAffinityPreset.key "values" .Values.controller.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.controller.tolerations}}
{{- if .Values.controller.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.controller.tolerations "context" $) | nindent 8 }}
{{- end }}
containers:
- name: metallb-controller
image: {{ include "common.images.image" (dict "imageRoot" .Values.controller.image "global" .Values.global) }}
imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
args:
- --port={{ .Values.controller.containerPort.metrics }}
- --config={{ include "metallb.configMapName" . }}
ports:
- name: metrics
containerPort: {{ .Values.controller.containerPort.metrics }}
{{- if .Values.controller.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /metrics
port: metrics
initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.controller.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.controller.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /metrics
port: metrics
initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
{{- end }}
{{- if .Values.controller.securityContext.enabled }}
securityContext:
allowPrivilegeEscalation: {{ .Values.controller.securityContext.allowPrivilegeEscalation }}
readOnlyRootFilesystem: {{ .Values.controller.securityContext.readOnlyRootFilesystem }}
capabilities:
drop: {{- toYaml .Values.controller.securityContext.capabilities.drop | nindent 12 }}
{{- end }}
{{- if .Values.controller.resources }}
resources: {{- toYaml .Values.controller.resources | nindent 10 }}
{{- end }}
- name: metallb-controller
image: {{ include "common.images.image" (dict "imageRoot" .Values.controller.image "global" .Values.global) }}
imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
args:
- --port={{ .Values.controller.containerPort.metrics }}
- --config={{ include "metallb.configMapName" . }}
ports:
- name: metrics
containerPort: {{ .Values.controller.containerPort.metrics }}
{{- if .Values.controller.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /metrics
port: metrics
initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.controller.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.controller.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /metrics
port: metrics
initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
{{- end }}
{{- if .Values.controller.securityContext.enabled }}
securityContext:
allowPrivilegeEscalation: {{ .Values.controller.securityContext.allowPrivilegeEscalation }}
readOnlyRootFilesystem: {{ .Values.controller.securityContext.readOnlyRootFilesystem }}
capabilities:
drop: {{- toYaml .Values.controller.securityContext.capabilities.drop | nindent 16 }}
{{- end }}
{{- if .Values.controller.resources }}
resources: {{- toYaml .Values.controller.resources | nindent 12 }}
{{- end }}
{{- if .Values.controller.securityContext.enabled }}
securityContext:
runAsUser: {{ .Values.controller.securityContext.runAsUser }}

6
bitnami/metallb/templates/controller/rbac.yaml
View File

@@ -58,9 +58,9 @@ metadata:
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
subjects:
- kind: ServiceAccount
name: {{ include "metallb.controllerServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
- kind: ServiceAccount
name: {{ include "metallb.controllerServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole

8
bitnami/metallb/templates/rbac.yaml
View File

@@ -34,12 +34,12 @@ metadata:
{{- end }}
subjects:
{{- if .Values.controller.rbac.create }}
- kind: ServiceAccount
name: {{ include "metallb.controllerServiceAccountName" . }}
- kind: ServiceAccount
name: {{ include "metallb.controllerServiceAccountName" . }}
{{- end }}
{{- if .Values.speaker.rbac.create }}
- kind: ServiceAccount
name: {{ include "metallb.speakerServiceAccountName" . }}
- kind: ServiceAccount
name: {{ include "metallb.speakerServiceAccountName" . }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io

162
bitnami/metallb/templates/speaker/daemonset.yaml
View File

@@ -24,92 +24,96 @@ spec:
{{- if .Values.speaker.podAnnotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.speaker.podAnnotations "context" $) | nindent 8 }}
{{- end }}
spec:
spec:
{{- include "common.images.pullSecrets" (dict "images" (list .Values.speaker.image .Values.controller.image) "global" .Values.global) | nindent 6 }}
{{- if .Values.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
{{- end }}
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: node-role.kubernetes.io/master
effect: NoSchedule
serviceAccountName: {{ include "metallb.speakerServiceAccountName" . }}
terminationGracePeriodSeconds: {{ .Values.speaker.daemonset.terminationGracePeriodSeconds }}
hostNetwork: true
containers:
- name: metallb-speaker
image: {{ include "common.images.image" (dict "imageRoot" .Values.speaker.image "global" .Values.global) }}
imagePullPolicy: {{ .Values.speaker.image.pullPolicy }}
args:
- --port={{ .Values.speaker.daemonset.hostPorts.metrics }}
- --config={{ include "metallb.configMapName" . }}
env:
- name: METALLB_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: METALLB_HOST
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: METALLB_ML_BIND_ADDR
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: METALLB_ML_LABELS
value: "app.kubernetes.io/name={{ include "common.names.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=speaker"
- name: METALLB_ML_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: METALLB_ML_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ include "metallb.speaker.secretName" . }}
key: {{ include "metallb.speaker.secretKey" . }}
{{- if .Values.speaker.extraEnvVars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.speaker.extraEnvVars "context" $ ) | nindent 8 }}
{{- end }}
{{- if .Values.extraEnvVarsSecret }}
envFrom:
- secretRef:
name: {{ include "common.tplvalues.render" ( dict "value" .Values.speaker.extraEnvVarsSecret "context" $ ) }}
{{- end }}
ports:
- name: metrics
containerPort: {{ .Values.speaker.daemonset.hostPorts.metrics }}
{{- if .Values.speaker.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /metrics
port: metrics
initialDelaySeconds: {{ .Values.speaker.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.speaker.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.speaker.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.speaker.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.speaker.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.speaker.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /metrics
port: metrics
initialDelaySeconds: {{ .Values.speaker.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.speaker.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.speaker.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.speaker.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.speaker.readinessProbe.failureThreshold }}
{{- end }}
{{- if .Values.speaker.resources }}
resources: {{- toYaml .Values.speaker.resources | nindent 10 }}
{{- end }}
{{- if .Values.speaker.securityContext.enabled }}
securityContext:
runAsUser: {{ .Values.speaker.securityContext.runAsUser }}
allowPrivilegeEscalation: {{ .Values.speaker.securityContext.allowPrivilegeEscalation }}
readOnlyRootFilesystem: {{ .Values.speaker.securityContext.readOnlyRootFilesystem }}
capabilities:
drop: {{- toYaml .Values.speaker.securityContext.capabilities.drop | nindent 12 }}
add: {{- toYaml .Values.speaker.securityContext.capabilities.add | nindent 12 }}
{{- end }}
- name: metallb-speaker
image: {{ include "common.images.image" (dict "imageRoot" .Values.speaker.image "global" .Values.global) }}
imagePullPolicy: {{ .Values.speaker.image.pullPolicy }}
args:
- --port={{ .Values.speaker.daemonset.hostPorts.metrics }}
- --config={{ include "metallb.configMapName" . }}
env:
- name: METALLB_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: METALLB_HOST
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: METALLB_ML_BIND_ADDR
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: METALLB_ML_LABELS
value: "app.kubernetes.io/name={{ include "common.names.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=speaker"
- name: METALLB_ML_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: METALLB_ML_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ include "metallb.speaker.secretName" . }}
key: {{ include "metallb.speaker.secretKey" . }}
{{- if .Values.speaker.extraEnvVars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.speaker.extraEnvVars "context" $ ) | nindent 12 }}
{{- end }}
{{- if .Values.extraEnvVarsSecret }}
envFrom:
- secretRef:
name: {{ include "common.tplvalues.render" ( dict "value" .Values.speaker.extraEnvVarsSecret "context" $ ) }}
{{- end }}
ports:
- name: metrics
containerPort: {{ .Values.speaker.daemonset.hostPorts.metrics }}
{{- if .Values.speaker.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /metrics
port: metrics
initialDelaySeconds: {{ .Values.speaker.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.speaker.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.speaker.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.speaker.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.speaker.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.speaker.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /metrics
port: metrics
initialDelaySeconds: {{ .Values.speaker.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.speaker.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.speaker.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.speaker.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.speaker.readinessProbe.failureThreshold }}
{{- end }}
{{- if .Values.speaker.resources }}
resources: {{- toYaml .Values.speaker.resources | nindent 12 }}
{{- end }}
{{- if .Values.speaker.securityContext.enabled }}
securityContext:
runAsUser: {{ .Values.speaker.securityContext.runAsUser }}
allowPrivilegeEscalation: {{ .Values.speaker.securityContext.allowPrivilegeEscalation }}
readOnlyRootFilesystem: {{ .Values.speaker.securityContext.readOnlyRootFilesystem }}
capabilities:
drop: {{- toYaml .Values.speaker.securityContext.capabilities.drop | nindent 16 }}
add: {{- toYaml .Values.speaker.securityContext.capabilities.add | nindent 16 }}
{{- end }}
nodeSelector:
{{- if .Values.speaker.nodeSelector }} {{- include "common.tplvalues.render" (dict "value" .Values.speaker.nodeSelector "context" $) | nindent 8 }}
{{- if .Values.speaker.nodeSelector }}
{{- include "common.tplvalues.render" (dict "value" .Values.speaker.nodeSelector "context" $) | nindent 8 }}
{{- end }}
"kubernetes.io/os": linux
{{- if .Values.speaker.affinity }}

22
bitnami/metallb/templates/speaker/rbac.yaml
View File

@@ -52,12 +52,12 @@ metadata:
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
rules:
- apiGroups:
- ''
resources:
- pods
verbs:
- list
- apiGroups:
- ''
resources:
- pods
verbs:
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
@@ -72,9 +72,9 @@ metadata:
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
subjects:
- kind: ServiceAccount
name: {{ include "metallb.speakerServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
- kind: ServiceAccount
name: {{ include "metallb.speakerServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
@@ -97,6 +97,6 @@ roleRef:
kind: Role
name: {{ include "common.names.fullname" . }}-pod-lister
subjects:
- kind: ServiceAccount
name: {{ include "metallb.speakerServiceAccountName" . }}
- kind: ServiceAccount
name: {{ include "metallb.speakerServiceAccountName" . }}
{{- end -}}

65
bitnami/metallb/values.yaml
View File

@@ -1,6 +1,7 @@
## Default values for metallb.
## This is a YAML-formatted file.
## Declare variables to be passed into your templates.
##
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
@@ -79,6 +80,7 @@ commonAnnotations: {}
## Metallb Controller deployment.
## ref: https://hub.docker.com/r/bitnami/metallb-controller/tags
##
controller:
image:
registry: docker.io
@@ -96,6 +98,11 @@ controller:
# pullSecrets:
# - myRegistryKeySecretName
## Deployment pod host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## If global .Values.rbac.create is disabled no rbac is created.
## This value is then meaningless
## Defines if the controller rbac should be created.
@@ -118,16 +125,16 @@ controller:
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources: {}
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 100Mi
# requests:
# memory: 25Mi
# cpu: 25m
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 100Mi
# requests:
# memory: 25Mi
# cpu: 25m
## Node labels for pod assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
@@ -172,6 +179,7 @@ controller:
nodeAffinityPreset:
## Node affinity type
## Allowed values: soft, hard
##
type: ""
## Node label key to match
## E.g.
@@ -193,7 +201,6 @@ controller:
# true, a name is generated using the fullname template
name: ""
## Pod securityContext
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
@@ -206,7 +213,7 @@ controller:
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
- ALL
## Configure the revisionHistoryLimit of the Controller deployment
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#revision-history-limit
@@ -259,6 +266,7 @@ controller:
## Metallb Speaker daemonset.
## ref: https://hub.docker.com/r/bitnami/metallb-speaker/tags
##
speaker:
image:
registry: docker.io
@@ -285,6 +293,11 @@ speaker:
##
create: true
## Deployment pod host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## If global .Values.psp.create is disabled no psp is created.
## This value is then meaningless
## Defines if the speaker psp should be created.
@@ -298,16 +311,16 @@ speaker:
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources: {}
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 100Mi
# requests:
# memory: 25Mi
# cpu: 25m
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 100Mi
# requests:
# memory: 25Mi
# cpu: 25m
## Node labels for pod assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
@@ -373,11 +386,11 @@ speaker:
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
- ALL
add:
- NET_ADMIN
- NET_RAW
- SYS_ADMIN
- NET_ADMIN
- NET_RAW
- SYS_ADMIN
## An array to add extra env vars
## For example: