diff --git a/bitnami/metallb/Chart.yaml b/bitnami/metallb/Chart.yaml index 98821b854c..c9e4251324 100644 --- a/bitnami/metallb/Chart.yaml +++ b/bitnami/metallb/Chart.yaml @@ -30,4 +30,4 @@ sources: - https://github.com/metallb/metallb - https://github.com/bitnami/bitnami-docker-metallb - https://metallb.universe.tf -version: 2.1.2 +version: 2.2.0 diff --git a/bitnami/metallb/README.md b/bitnami/metallb/README.md index 77f45620ad..b8a8334ac6 100644 --- a/bitnami/metallb/README.md +++ b/bitnami/metallb/README.md @@ -51,130 +51,131 @@ The following tables lists the configurable parameters of the metallb chart and ### Global parameters -| Parameter | Description | Default | -|----------------------------------------------------------|------------------------------------------------------------------------------------------------------|---------------------------------------------------------| -| `global.imageRegistry` | Global Docker image registry | `nil` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| Parameter | Description | Default | +|---------------------------|-------------------------------------------------|---------------------------------------------------------| +| `global.imageRegistry` | Global Docker image registry | `nil` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | ### Common parameters -| Parameter | Description | Default | -|----------------------------------------------------------|------------------------------------------------------------------------------------------------------|---------------------------------------------------------| -| `nameOverride` | String to partially override metallb.fullname template with a string (will prepend the release name) | `nil` | -| `fullnameOverride` | String to fully override metallb.fullname template with a string | `nil` | -| `existingConfigMap` | Specify an existing configMapName to use. (this is mutually exclusive with the configInline option) | `nil` | -| `configInline` | Specify the config for metallb as a new configMap inline. | `{}` (does not create configMap) | -| `rbac.create` | Specify if an rbac authorization should be created with the necessarry Rolebindings. | `true` | -| `prometheusRule.enabled` | Enable for Prometheus alertmanager basic alerts. | `false` | -| `commonLabels` | Add common Labels to all Resources of the helmchart | `{}` | -| `commonAnnotations` | Add common Annotations to all Resources of the helmchart | `{}` | -| `networkPolicy.enabled` | Enable NetworkPolicy | `false` | -| `networkPolicy.ingressNSMatchLabels` | Allow connections from other namespaces | `{}` | -| `networkPolicy.ingressNSPodMatchLabels` | For other namespaces match by pod labels and namespace labels | `{}` | +| Parameter | Description | Default | +|-----------------------------------------|------------------------------------------------------------------------------------------------------|----------------------------------| +| `nameOverride` | String to partially override metallb.fullname template with a string (will prepend the release name) | `nil` | +| `fullnameOverride` | String to fully override metallb.fullname template with a string | `nil` | +| `existingConfigMap` | Specify an existing configMapName to use. (this is mutually exclusive with the configInline option) | `nil` | +| `configInline` | Specify the config for metallb as a new configMap inline. | `{}` (does not create configMap) | +| `rbac.create` | Specify if an rbac authorization should be created with the necessarry Rolebindings. | `true` | +| `prometheusRule.enabled` | Enable for Prometheus alertmanager basic alerts. | `false` | +| `commonLabels` | Add common Labels to all Resources of the helmchart | `{}` | +| `commonAnnotations` | Add common Annotations to all Resources of the helmchart | `{}` | +| `networkPolicy.enabled` | Enable NetworkPolicy | `false` | +| `networkPolicy.ingressNSMatchLabels` | Allow connections from other namespaces | `{}` | +| `networkPolicy.ingressNSPodMatchLabels` | For other namespaces match by pod labels and namespace labels | `{}` | ### Controller parameters -| Parameter | Description | Default | -|----------------------------------------------------------|------------------------------------------------------------------------------------------------------|---------------------------------------------------------| -| `controller.image.registry` | MetalLB Controller image registry | `docker.io` | -| `controller.image.repository` | MetalLB Controller image name | `bitnami/metallb-controller` | -| `controller.image.tag` | MetalLB Controller image tag | `{TAG_NAME}` | -| `controller.image.pullPolicy` | MetalLB Controller image pull policy | `IfNotPresent` | -| `controller.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `controller.rbac.create` | create specifies whether to install and use RBAC rules. | `true` | -| `controller.psp.create` | create specifies whether to install Pod Security Policies. | `true` | -| `controller.resources.limits` | Specify resource limits which the container is not allowed to succeed. | `{}` (does not add resource limits to deployed pods) | -| `controller.resources.requests` | Specify resource requests which the container needs to spawn. | `{}` (does not add resource limits to deployed pods) | -| `controller.nodeSelector` | Node labels for controller pod assignment | `{}` | -| `controller.tolerations` | Tolerations for controller pod assignment | `[]` | -| `controller.affinity` | Affinity for controller pod assignment | `{}` | -| `controller.podAnnotations` | Controller Pod annotations | `{}` | -| `controller.podLabels` | Controller Pod labels | `{}` | -| `controller.podAffinityPreset` | Controller Pod affinitypreset | `""` | -| `controller.podAntiAffinityPreset` | Controller Pod anti affinitypreset | `soft` | -| `controller.nodeAffinityPreset.type` | Controller Pod Node affinity preset | `""` | -| `controller.nodeAffinityPreset.key` | Controller Pod Node affinity label key to match | `""` | -| `controller.nodeAffinityPreset.values` | Controller Pod Node affinity label values to match | `[]` | -| `controller.serviceAccount.create` | create a serviceAccount for the controller pod | `true` | -| `controller.serviceAccount.name` | use the serviceAccount with the specified name | `""` | -| `controller.revisionHistoryLimit` | the revision history limit for the deployment. | `3` | -| `controller.terminationGracePeriodSeconds` | the termination grace period for pods | `0` | -| `controller.containerPort.metrics` | Controller Pod metrics listening port | `7472` | -| `controller.livenessProbe.enabled` | Enable/disable the Liveness probe | `true` | -| `controller.livenessProbe.failureThreshold` | Delay before liveness probe is initiated | `3` | -| `controller.livenessProbe.initialDelaySeconds` | How often to perform the probe | `10` | -| `controller.livenessProbe.periodSeconds` | When the probe times out | `10` | -| `controller.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | -| `controller.livenessProbe.timeoutSeconds` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `1` | -| `controller.readinessProbe.enabled` | Enable/disable the Readiness probe | `true` | -| `controller.readinessProbe.failureThreshold` | Delay before readiness probe is initiated | `3` | -| `controller.readinessProbe.initialDelaySeconds` | How often to perform the probe | `10` | -| `controller.readinessProbe.periodSeconds` | When the probe times out | `10` | -| `controller.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | -| `controller.readinessProbe.timeoutSeconds` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `1` | -| `controller.securityContext.enabled` | Enable pods' security context | `true` | -| `controller.securityContext.runAsNonRoot` | MetalLB Controller must runs as nonRoot. | `true` | -| `controller.securityContext.runAsUser` | User ID for the pods. | `1001` | -| `controller.securityContext.fsGroup` | Group ID for the pods. | `1001` | -| `controller.securityContext.allowPrivilegeEscalation` | This defines if privilegeEscalation is allowed on that container | `false` | -| `controller.securityContext.readOnlyRootFilesystem` | This defines if the container can read the root fs on the host | `true` | -| `controller.securityContext.capabilities.drop` | Drop capabilities for the securityContext | `["ALL"]` | -| `controller.prometheus.serviceMonitor.enabled` | Specify if a servicemonitor will be deployed for prometheus-operator. | `false` | -| `controller.prometheus.serviceMonitor.jobLabel` | Specify the jobLabel to use for the prometheus-operator | `app.kubernetes.io/name` | -| `controller.prometheus.serviceMonitor.interval` | Specify the scrape interval if not specified use defaul prometheus scrapeIntervall | `""` | -| `controller.prometheus.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics. | `[]` | -| `controller.prometheus.serviceMonitor.relabelings` | Specify general relabeling. | `[]` | +| Parameter | Description | Default | +|----------------------------------------------------------|----------------------------------------------------------------------------------------------|---------------------------------------------------------| +| `controller.image.registry` | MetalLB Controller image registry | `docker.io` | +| `controller.image.repository` | MetalLB Controller image name | `bitnami/metallb-controller` | +| `controller.image.tag` | MetalLB Controller image tag | `{TAG_NAME}` | +| `controller.image.pullPolicy` | MetalLB Controller image pull policy | `IfNotPresent` | +| `controller.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `controller.hostAliases` | Add deployment host aliases | `[]` | +| `controller.rbac.create` | create specifies whether to install and use RBAC rules. | `true` | +| `controller.psp.create` | create specifies whether to install Pod Security Policies. | `true` | +| `controller.resources.limits` | Specify resource limits which the container is not allowed to succeed. | `{}` (does not add resource limits to deployed pods) | +| `controller.resources.requests` | Specify resource requests which the container needs to spawn. | `{}` (does not add resource limits to deployed pods) | +| `controller.nodeSelector` | Node labels for controller pod assignment | `{}` | +| `controller.tolerations` | Tolerations for controller pod assignment | `[]` | +| `controller.affinity` | Affinity for controller pod assignment | `{}` | +| `controller.podAnnotations` | Controller Pod annotations | `{}` | +| `controller.podLabels` | Controller Pod labels | `{}` | +| `controller.podAffinityPreset` | Controller Pod affinitypreset | `""` | +| `controller.podAntiAffinityPreset` | Controller Pod anti affinitypreset | `soft` | +| `controller.nodeAffinityPreset.type` | Controller Pod Node affinity preset | `""` | +| `controller.nodeAffinityPreset.key` | Controller Pod Node affinity label key to match | `""` | +| `controller.nodeAffinityPreset.values` | Controller Pod Node affinity label values to match | `[]` | +| `controller.serviceAccount.create` | create a serviceAccount for the controller pod | `true` | +| `controller.serviceAccount.name` | use the serviceAccount with the specified name | `""` | +| `controller.revisionHistoryLimit` | the revision history limit for the deployment. | `3` | +| `controller.terminationGracePeriodSeconds` | the termination grace period for pods | `0` | +| `controller.containerPort.metrics` | Controller Pod metrics listening port | `7472` | +| `controller.livenessProbe.enabled` | Enable/disable the Liveness probe | `true` | +| `controller.livenessProbe.failureThreshold` | Delay before liveness probe is initiated | `3` | +| `controller.livenessProbe.initialDelaySeconds` | How often to perform the probe | `10` | +| `controller.livenessProbe.periodSeconds` | When the probe times out | `10` | +| `controller.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | +| `controller.livenessProbe.timeoutSeconds` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `1` | +| `controller.readinessProbe.enabled` | Enable/disable the Readiness probe | `true` | +| `controller.readinessProbe.failureThreshold` | Delay before readiness probe is initiated | `3` | +| `controller.readinessProbe.initialDelaySeconds` | How often to perform the probe | `10` | +| `controller.readinessProbe.periodSeconds` | When the probe times out | `10` | +| `controller.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | +| `controller.readinessProbe.timeoutSeconds` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `1` | +| `controller.securityContext.enabled` | Enable pods' security context | `true` | +| `controller.securityContext.runAsNonRoot` | MetalLB Controller must runs as nonRoot. | `true` | +| `controller.securityContext.runAsUser` | User ID for the pods. | `1001` | +| `controller.securityContext.fsGroup` | Group ID for the pods. | `1001` | +| `controller.securityContext.allowPrivilegeEscalation` | This defines if privilegeEscalation is allowed on that container | `false` | +| `controller.securityContext.readOnlyRootFilesystem` | This defines if the container can read the root fs on the host | `true` | +| `controller.securityContext.capabilities.drop` | Drop capabilities for the securityContext | `["ALL"]` | +| `controller.prometheus.serviceMonitor.enabled` | Specify if a servicemonitor will be deployed for prometheus-operator. | `false` | +| `controller.prometheus.serviceMonitor.jobLabel` | Specify the jobLabel to use for the prometheus-operator | `app.kubernetes.io/name` | +| `controller.prometheus.serviceMonitor.interval` | Specify the scrape interval if not specified use defaul prometheus scrapeIntervall | `""` | +| `controller.prometheus.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics. | `[]` | +| `controller.prometheus.serviceMonitor.relabelings` | Specify general relabeling. | `[]` | ### Speaker parameters -| Parameter | Description | Default | -|----------------------------------------------------------|------------------------------------------------------------------------------------------------------|---------------------------------------------------------| -| `speaker.image.registry` | MetalLB Speaker image registry | `docker.io` | -| `speaker.image.repository` | MetalLB Speaker image name | `bitnami/metallb-speaker` | -| `speaker.image.tag` | MetalLB Speaker image tag | `{TAG_NAME}` | -| `speaker.image.pullPolicy` | MetalLB Speaker image pull policy | `IfNotPresent` | -| `speaker.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `speaker.rbac.create` | create specifies whether to install and use RBAC rules. | `true` | -| `speaker.psp.create` | create specifies whether to install Pod Security Policies. | `true` | -| `speaker.resources.limits` | Specify resource limits which the container is not allowed to succeed. | `{}` (does not add resource limits to deployed pods) | -| `speaker.resources.requests` | Specify resource requests which the container needs to spawn. | `{}` (does not add resource limits to deployed pods) | -| `speaker.nodeSelector` | Node labels for speaker pod assignment | `{}` | -| `speaker.tolerations` | Tolerations for speaker pod assignment | `[]` | -| `speaker.affinity` | Affinity for speaker pod assignment | `{}` | -| `speaker.podAnnotations` | Speaker Pod annotations | `{}` | -| `speaker.podLabels` | Speaker Pod labels | `{}` | -| `speaker.serviceAccount.create` | create a serviceAccount for the speaker pod | `true` | -| `speaker.serviceAccount.name` | use the serviceAccount with the specified name | "" | -| `speaker.daemonset.hostPorts.metrics` | the tcp port to listen on for the openmetrics endpoint. | `7472` | -| `speaker.daemonset.terminationGracePeriodSeconds` | The terminationGracePeriod in seconds for the daemonset to stop | `2` | -| `speaker.securityContext.enabled` | Enable pods' security context | `true` | -| `speaker.securityContext.runAsUser` | User ID for the pods. | `0` | -| `speaker.securityContext.allowPrivilegeEscalation` | Enables privilege Escalation context for the pod. | `false` | -| `speaker.securityContext.readOnlyRootFilesystem` | Allows the pod to mount the RootFS as ReadOnly | `true` | -| `speaker.securityContext.capabilities.drop` | Drop capabilities for the securityContext | `["ALL"]` | -| `speaker.securityContext.capabilities.add` | Add capabilities for the securityContext | `["NET_ADMIN", "NET_RAW", "SYS_ADMIN"]` | -| `speaker.secretName` | References a Secret name for the member secret outside of the helm chart | `nil` | -| `speaker.secretKey` | References a Secret key the member secret outside of the helm chart | `nil` | -| `speaker.secretValue` | Custom value for `speaker.secretKey` | _random 256 character alphanumeric string_ | -| `speaker.extraEnvVars` | Extra environment variable to pass to the running container. | `[]` | -| `speaker.livenessProbe.enabled` | Enable/disable the Liveness probe | `true` | -| `speaker.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `60` | -| `speaker.livenessProbe.periodSeconds` | How often to perform the probe | `10` | -| `speaker.livenessProbe.timeoutSeconds` | When the probe times out | `5` | -| `speaker.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | -| `speaker.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `6` | -| `speaker.readinessProbe.enabled` | Enable/disable the Readiness probe | `true` | -| `speaker.readinessProbe.failureThreshold` | Delay before readiness probe is initiated | `3` | -| `speaker.readinessProbe.initialDelaySeconds` | How often to perform the probe | `10` | -| `speaker.readinessProbe.periodSeconds` | When the probe times out | `10` | -| `speaker.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | -| `speaker.readinessProbe.timeoutSeconds` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `1` | -| `speaker.prometheus.serviceMonitor.enabled` | Specify if a servicemonitor will be deployed for prometheus-operator. | `false` | -| `speaker.prometheus.serviceMonitor.jobLabel` | Specify the jobLabel to use for the prometheus-operator | `app.kubernetes.io/name"` | -| `speaker.prometheus.serviceMonitor.interval` | Specify the scrape interval if not specified use defaul prometheus scrapeIntervall | `""` | -| `speaker.prometheus.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics. | `[]` | -| `speaker.prometheus.serviceMonitor.relabelings` | Specify general relabeling. | `[]` | - +| Parameter | Description | Default | +|-------------------------------------------------------|----------------------------------------------------------------------------------------------|---------------------------------------------------------| +| `speaker.image.registry` | MetalLB Speaker image registry | `docker.io` | +| `speaker.image.repository` | MetalLB Speaker image name | `bitnami/metallb-speaker` | +| `speaker.image.tag` | MetalLB Speaker image tag | `{TAG_NAME}` | +| `speaker.image.pullPolicy` | MetalLB Speaker image pull policy | `IfNotPresent` | +| `speaker.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `speaker.rbac.create` | create specifies whether to install and use RBAC rules. | `true` | +| `speaker.psp.create` | create specifies whether to install Pod Security Policies. | `true` | +| `speaker.resources.limits` | Specify resource limits which the container is not allowed to succeed. | `{}` (does not add resource limits to deployed pods) | +| `speaker.resources.requests` | Specify resource requests which the container needs to spawn. | `{}` (does not add resource limits to deployed pods) | +| `speaker.nodeSelector` | Node labels for speaker pod assignment | `{}` | +| `speaker.tolerations` | Tolerations for speaker pod assignment | `[]` | +| `speaker.affinity` | Affinity for speaker pod assignment | `{}` | +| `speaker.podAnnotations` | Speaker Pod annotations | `{}` | +| `speaker.podLabels` | Speaker Pod labels | `{}` | +| `speaker.hostAliases` | Add deployment host aliases | `[]` | +| `speaker.serviceAccount.create` | create a serviceAccount for the speaker pod | `true` | +| `speaker.serviceAccount.name` | use the serviceAccount with the specified name | "" | +| `speaker.daemonset.hostPorts.metrics` | the tcp port to listen on for the openmetrics endpoint. | `7472` | +| `speaker.daemonset.terminationGracePeriodSeconds` | The terminationGracePeriod in seconds for the daemonset to stop | `2` | +| `speaker.securityContext.enabled` | Enable pods' security context | `true` | +| `speaker.securityContext.runAsUser` | User ID for the pods. | `0` | +| `speaker.securityContext.allowPrivilegeEscalation` | Enables privilege Escalation context for the pod. | `false` | +| `speaker.securityContext.readOnlyRootFilesystem` | Allows the pod to mount the RootFS as ReadOnly | `true` | +| `speaker.securityContext.capabilities.drop` | Drop capabilities for the securityContext | `["ALL"]` | +| `speaker.securityContext.capabilities.add` | Add capabilities for the securityContext | `["NET_ADMIN", "NET_RAW", "SYS_ADMIN"]` | +| `speaker.secretName` | References a Secret name for the member secret outside of the helm chart | `nil` | +| `speaker.secretKey` | References a Secret key the member secret outside of the helm chart | `nil` | +| `speaker.secretValue` | Custom value for `speaker.secretKey` | _random 256 character alphanumeric string_ | +| `speaker.extraEnvVars` | Extra environment variable to pass to the running container. | `[]` | +| `speaker.livenessProbe.enabled` | Enable/disable the Liveness probe | `true` | +| `speaker.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `60` | +| `speaker.livenessProbe.periodSeconds` | How often to perform the probe | `10` | +| `speaker.livenessProbe.timeoutSeconds` | When the probe times out | `5` | +| `speaker.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | +| `speaker.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `6` | +| `speaker.readinessProbe.enabled` | Enable/disable the Readiness probe | `true` | +| `speaker.readinessProbe.failureThreshold` | Delay before readiness probe is initiated | `3` | +| `speaker.readinessProbe.initialDelaySeconds` | How often to perform the probe | `10` | +| `speaker.readinessProbe.periodSeconds` | When the probe times out | `10` | +| `speaker.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | +| `speaker.readinessProbe.timeoutSeconds` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `1` | +| `speaker.prometheus.serviceMonitor.enabled` | Specify if a servicemonitor will be deployed for prometheus-operator. | `false` | +| `speaker.prometheus.serviceMonitor.jobLabel` | Specify the jobLabel to use for the prometheus-operator | `app.kubernetes.io/name"` | +| `speaker.prometheus.serviceMonitor.interval` | Specify the scrape interval if not specified use defaul prometheus scrapeIntervall | `""` | +| `speaker.prometheus.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics. | `[]` | +| `speaker.prometheus.serviceMonitor.relabelings` | Specify general relabeling. | `[]` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, @@ -225,7 +226,6 @@ Find more information about how to deal with common errors related to Bitnami’ ## Upgrading - ### To 2.0.0 **What changes were introduced in this major version?** diff --git a/bitnami/metallb/templates/controller/deployment.yaml b/bitnami/metallb/templates/controller/deployment.yaml index f03def24d9..20c967adad 100644 --- a/bitnami/metallb/templates/controller/deployment.yaml +++ b/bitnami/metallb/templates/controller/deployment.yaml @@ -25,12 +25,16 @@ spec: {{- if .Values.controller.podAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.controller.podAnnotations "context" $) | nindent 8 }} {{- end }} - spec: + spec: {{- include "common.images.pullSecrets" (dict "images" (list .Values.speaker.image .Values.controller.image) "global" .Values.global) | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} serviceAccountName: {{ include "metallb.controllerServiceAccountName" . }} terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} nodeSelector: - {{- if .Values.controller.nodeSelector }} {{- include "common.tplvalues.render" (dict "value" .Values.controller.nodeSelector "context" $) | nindent 8 }} + {{- if .Values.controller.nodeSelector }} + {{- include "common.tplvalues.render" (dict "value" .Values.controller.nodeSelector "context" $) | nindent 8 }} {{- end }} "kubernetes.io/os": linux {{- if .Values.affinity }} @@ -41,51 +45,51 @@ spec: podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.controller.podAntiAffinityPreset "component" "controller" "context" $) | nindent 10 }} nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.controller.nodeAffinityPreset.type "key" .Values.controller.nodeAffinityPreset.key "values" .Values.controller.nodeAffinityPreset.values) | nindent 10 }} {{- end }} - {{- if .Values.controller.tolerations}} + {{- if .Values.controller.tolerations }} tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.controller.tolerations "context" $) | nindent 8 }} {{- end }} containers: - - name: metallb-controller - image: {{ include "common.images.image" (dict "imageRoot" .Values.controller.image "global" .Values.global) }} - imagePullPolicy: {{ .Values.controller.image.pullPolicy }} - args: - - --port={{ .Values.controller.containerPort.metrics }} - - --config={{ include "metallb.configMapName" . }} - ports: - - name: metrics - containerPort: {{ .Values.controller.containerPort.metrics }} - {{- if .Values.controller.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.controller.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} - {{- end }} - {{- if .Values.controller.securityContext.enabled }} - securityContext: - allowPrivilegeEscalation: {{ .Values.controller.securityContext.allowPrivilegeEscalation }} - readOnlyRootFilesystem: {{ .Values.controller.securityContext.readOnlyRootFilesystem }} - capabilities: - drop: {{- toYaml .Values.controller.securityContext.capabilities.drop | nindent 12 }} - {{- end }} - {{- if .Values.controller.resources }} - resources: {{- toYaml .Values.controller.resources | nindent 10 }} - {{- end }} + - name: metallb-controller + image: {{ include "common.images.image" (dict "imageRoot" .Values.controller.image "global" .Values.global) }} + imagePullPolicy: {{ .Values.controller.image.pullPolicy }} + args: + - --port={{ .Values.controller.containerPort.metrics }} + - --config={{ include "metallb.configMapName" . }} + ports: + - name: metrics + containerPort: {{ .Values.controller.containerPort.metrics }} + {{- if .Values.controller.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.controller.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} + {{- end }} + {{- if .Values.controller.securityContext.enabled }} + securityContext: + allowPrivilegeEscalation: {{ .Values.controller.securityContext.allowPrivilegeEscalation }} + readOnlyRootFilesystem: {{ .Values.controller.securityContext.readOnlyRootFilesystem }} + capabilities: + drop: {{- toYaml .Values.controller.securityContext.capabilities.drop | nindent 16 }} + {{- end }} + {{- if .Values.controller.resources }} + resources: {{- toYaml .Values.controller.resources | nindent 12 }} + {{- end }} {{- if .Values.controller.securityContext.enabled }} securityContext: runAsUser: {{ .Values.controller.securityContext.runAsUser }} diff --git a/bitnami/metallb/templates/controller/rbac.yaml b/bitnami/metallb/templates/controller/rbac.yaml index 78351bb9cd..5f1ef6ccff 100644 --- a/bitnami/metallb/templates/controller/rbac.yaml +++ b/bitnami/metallb/templates/controller/rbac.yaml @@ -58,9 +58,9 @@ metadata: annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} subjects: -- kind: ServiceAccount - name: {{ include "metallb.controllerServiceAccountName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ include "metallb.controllerServiceAccountName" . }} + namespace: {{ .Release.Namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/bitnami/metallb/templates/rbac.yaml b/bitnami/metallb/templates/rbac.yaml index 9aef535e12..075b25ed92 100644 --- a/bitnami/metallb/templates/rbac.yaml +++ b/bitnami/metallb/templates/rbac.yaml @@ -34,12 +34,12 @@ metadata: {{- end }} subjects: {{- if .Values.controller.rbac.create }} -- kind: ServiceAccount - name: {{ include "metallb.controllerServiceAccountName" . }} + - kind: ServiceAccount + name: {{ include "metallb.controllerServiceAccountName" . }} {{- end }} {{- if .Values.speaker.rbac.create }} -- kind: ServiceAccount - name: {{ include "metallb.speakerServiceAccountName" . }} + - kind: ServiceAccount + name: {{ include "metallb.speakerServiceAccountName" . }} {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/bitnami/metallb/templates/speaker/daemonset.yaml b/bitnami/metallb/templates/speaker/daemonset.yaml index 688fdc8dc3..c8a59976d2 100644 --- a/bitnami/metallb/templates/speaker/daemonset.yaml +++ b/bitnami/metallb/templates/speaker/daemonset.yaml @@ -24,92 +24,96 @@ spec: {{- if .Values.speaker.podAnnotations }} annotations: {{- include "common.tplvalues.render" (dict "value" .Values.speaker.podAnnotations "context" $) | nindent 8 }} {{- end }} - spec: + spec: {{- include "common.images.pullSecrets" (dict "images" (list .Values.speaker.image .Values.controller.image) "global" .Values.global) | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} tolerations: - - key: node-role.kubernetes.io/master - effect: NoSchedule + - key: node-role.kubernetes.io/master + effect: NoSchedule serviceAccountName: {{ include "metallb.speakerServiceAccountName" . }} terminationGracePeriodSeconds: {{ .Values.speaker.daemonset.terminationGracePeriodSeconds }} hostNetwork: true containers: - - name: metallb-speaker - image: {{ include "common.images.image" (dict "imageRoot" .Values.speaker.image "global" .Values.global) }} - imagePullPolicy: {{ .Values.speaker.image.pullPolicy }} - args: - - --port={{ .Values.speaker.daemonset.hostPorts.metrics }} - - --config={{ include "metallb.configMapName" . }} - env: - - name: METALLB_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: METALLB_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: METALLB_ML_BIND_ADDR - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: METALLB_ML_LABELS - value: "app.kubernetes.io/name={{ include "common.names.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=speaker" - - name: METALLB_ML_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: METALLB_ML_SECRET_KEY - valueFrom: - secretKeyRef: - name: {{ include "metallb.speaker.secretName" . }} - key: {{ include "metallb.speaker.secretKey" . }} - {{- if .Values.speaker.extraEnvVars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.speaker.extraEnvVars "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - envFrom: - - secretRef: - name: {{ include "common.tplvalues.render" ( dict "value" .Values.speaker.extraEnvVarsSecret "context" $ ) }} - {{- end }} - ports: - - name: metrics - containerPort: {{ .Values.speaker.daemonset.hostPorts.metrics }} - {{- if .Values.speaker.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: {{ .Values.speaker.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.speaker.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.speaker.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.speaker.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.speaker.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.speaker.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: {{ .Values.speaker.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.speaker.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.speaker.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.speaker.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.speaker.readinessProbe.failureThreshold }} - {{- end }} - {{- if .Values.speaker.resources }} - resources: {{- toYaml .Values.speaker.resources | nindent 10 }} - {{- end }} - {{- if .Values.speaker.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.speaker.securityContext.runAsUser }} - allowPrivilegeEscalation: {{ .Values.speaker.securityContext.allowPrivilegeEscalation }} - readOnlyRootFilesystem: {{ .Values.speaker.securityContext.readOnlyRootFilesystem }} - capabilities: - drop: {{- toYaml .Values.speaker.securityContext.capabilities.drop | nindent 12 }} - add: {{- toYaml .Values.speaker.securityContext.capabilities.add | nindent 12 }} - {{- end }} + - name: metallb-speaker + image: {{ include "common.images.image" (dict "imageRoot" .Values.speaker.image "global" .Values.global) }} + imagePullPolicy: {{ .Values.speaker.image.pullPolicy }} + args: + - --port={{ .Values.speaker.daemonset.hostPorts.metrics }} + - --config={{ include "metallb.configMapName" . }} + env: + - name: METALLB_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: METALLB_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: METALLB_ML_BIND_ADDR + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: METALLB_ML_LABELS + value: "app.kubernetes.io/name={{ include "common.names.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=speaker" + - name: METALLB_ML_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: METALLB_ML_SECRET_KEY + valueFrom: + secretKeyRef: + name: {{ include "metallb.speaker.secretName" . }} + key: {{ include "metallb.speaker.secretKey" . }} + {{- if .Values.speaker.extraEnvVars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.speaker.extraEnvVars "context" $ ) | nindent 12 }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + envFrom: + - secretRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.speaker.extraEnvVarsSecret "context" $ ) }} + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.speaker.daemonset.hostPorts.metrics }} + {{- if .Values.speaker.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: {{ .Values.speaker.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.speaker.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.speaker.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.speaker.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.speaker.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.speaker.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: {{ .Values.speaker.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.speaker.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.speaker.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.speaker.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.speaker.readinessProbe.failureThreshold }} + {{- end }} + {{- if .Values.speaker.resources }} + resources: {{- toYaml .Values.speaker.resources | nindent 12 }} + {{- end }} + {{- if .Values.speaker.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.speaker.securityContext.runAsUser }} + allowPrivilegeEscalation: {{ .Values.speaker.securityContext.allowPrivilegeEscalation }} + readOnlyRootFilesystem: {{ .Values.speaker.securityContext.readOnlyRootFilesystem }} + capabilities: + drop: {{- toYaml .Values.speaker.securityContext.capabilities.drop | nindent 16 }} + add: {{- toYaml .Values.speaker.securityContext.capabilities.add | nindent 16 }} + {{- end }} nodeSelector: - {{- if .Values.speaker.nodeSelector }} {{- include "common.tplvalues.render" (dict "value" .Values.speaker.nodeSelector "context" $) | nindent 8 }} + {{- if .Values.speaker.nodeSelector }} + {{- include "common.tplvalues.render" (dict "value" .Values.speaker.nodeSelector "context" $) | nindent 8 }} {{- end }} "kubernetes.io/os": linux {{- if .Values.speaker.affinity }} diff --git a/bitnami/metallb/templates/speaker/rbac.yaml b/bitnami/metallb/templates/speaker/rbac.yaml index a2566ce94c..11fe8cbd1b 100644 --- a/bitnami/metallb/templates/speaker/rbac.yaml +++ b/bitnami/metallb/templates/speaker/rbac.yaml @@ -52,12 +52,12 @@ metadata: annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} rules: -- apiGroups: - - '' - resources: - - pods - verbs: - - list + - apiGroups: + - '' + resources: + - pods + verbs: + - list --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -72,9 +72,9 @@ metadata: annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} subjects: -- kind: ServiceAccount - name: {{ include "metallb.speakerServiceAccountName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ include "metallb.speakerServiceAccountName" . }} + namespace: {{ .Release.Namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -97,6 +97,6 @@ roleRef: kind: Role name: {{ include "common.names.fullname" . }}-pod-lister subjects: -- kind: ServiceAccount - name: {{ include "metallb.speakerServiceAccountName" . }} + - kind: ServiceAccount + name: {{ include "metallb.speakerServiceAccountName" . }} {{- end -}} diff --git a/bitnami/metallb/values.yaml b/bitnami/metallb/values.yaml index 5e82cd0e1b..db514efe00 100644 --- a/bitnami/metallb/values.yaml +++ b/bitnami/metallb/values.yaml @@ -1,6 +1,7 @@ ## Default values for metallb. ## This is a YAML-formatted file. ## Declare variables to be passed into your templates. +## ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value @@ -79,6 +80,7 @@ commonAnnotations: {} ## Metallb Controller deployment. ## ref: https://hub.docker.com/r/bitnami/metallb-controller/tags +## controller: image: registry: docker.io @@ -96,6 +98,11 @@ controller: # pullSecrets: # - myRegistryKeySecretName + ## Deployment pod host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## If global .Values.rbac.create is disabled no rbac is created. ## This value is then meaningless ## Defines if the controller rbac should be created. @@ -118,16 +125,16 @@ controller: ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: {} - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 100Mi - # requests: - # memory: 25Mi - # cpu: 25m + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 100Mi + # requests: + # memory: 25Mi + # cpu: 25m ## Node labels for pod assignment ## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## @@ -172,6 +179,7 @@ controller: nodeAffinityPreset: ## Node affinity type ## Allowed values: soft, hard + ## type: "" ## Node label key to match ## E.g. @@ -193,7 +201,6 @@ controller: # true, a name is generated using the fullname template name: "" - ## Pod securityContext ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @@ -206,7 +213,7 @@ controller: readOnlyRootFilesystem: true capabilities: drop: - - ALL + - ALL ## Configure the revisionHistoryLimit of the Controller deployment ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#revision-history-limit @@ -259,6 +266,7 @@ controller: ## Metallb Speaker daemonset. ## ref: https://hub.docker.com/r/bitnami/metallb-speaker/tags +## speaker: image: registry: docker.io @@ -285,6 +293,11 @@ speaker: ## create: true + ## Deployment pod host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## If global .Values.psp.create is disabled no psp is created. ## This value is then meaningless ## Defines if the speaker psp should be created. @@ -298,16 +311,16 @@ speaker: ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: {} - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 100Mi - # requests: - # memory: 25Mi - # cpu: 25m + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 100Mi + # requests: + # memory: 25Mi + # cpu: 25m ## Node labels for pod assignment ## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## @@ -373,11 +386,11 @@ speaker: readOnlyRootFilesystem: true capabilities: drop: - - ALL + - ALL add: - - NET_ADMIN - - NET_RAW - - SYS_ADMIN + - NET_ADMIN + - NET_RAW + - SYS_ADMIN ## An array to add extra env vars ## For example: