Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-06 06:58:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/metallb] Chart standardised (#9787)

Browse Source 
* [bitnami/metallb] Chart standardised

Signed-off-by: Miguel Ruiz <miruiz@vmware.com>

* Fix issues with common.namespaces

Signed-off-by: Miguel Ruiz <miruiz@vmware.com>

* Apply suggestions

Signed-off-by: Miguel Ruiz <miruiz@vmware.com>

* Update README.md with readme-generator-for-helm

Signed-off-by: Bitnami Containers <containers@bitnami.com>

* Apply suggestions

Signed-off-by: Miguel Ruiz <miruiz@vmware.com>

* Update README.md with readme-generator-for-helm

Signed-off-by: Bitnami Containers <containers@bitnami.com>

* Restore terminationGracePeriod values

Signed-off-by: Miguel Ruiz <miruiz@vmware.com>

* Update README.md with readme-generator-for-helm

Signed-off-by: Bitnami Containers <containers@bitnami.com>

* Disable startupProbe default

Signed-off-by: Miguel Ruiz <miruiz@vmware.com>

* Update README.md with readme-generator-for-helm

Signed-off-by: Bitnami Containers <containers@bitnami.com>

* [bitnami/metallb] Update components versions

Signed-off-by: Bitnami Containers <containers@bitnami.com>

Co-authored-by: Bitnami Containers <containers@bitnami.com>
This commit is contained in:
Miguel Ruiz
2022-04-21 23:49:31 +02:00
committed by GitHub
parent d7447aa7ad
commit e65da333a8
22 changed files with 1000 additions and 405 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bitnami/metallb/Chart.yaml
View File

@@ -30,4 +30,4 @@ sources:
- https://github.com/metallb/metallb
- https://github.com/bitnami/bitnami-docker-metallb
- https://metallb.universe.tf
version: 2.6.14
version: 3.0.0

316
bitnami/metallb/README.md
View File

@@ -63,13 +63,17 @@ The command removes all the Kubernetes components associated with the chart and
### Common parameters
| Name | Description | Value |
| ------------------- | -------------------------------------------------------------------------------------- | ----- |
| `nameOverride` | String to partially override metallb.fullname include (will maintain the release name) | `""` |
| `fullnameOverride` | String to fully override metallb.fullname template | `""` |
| `commonLabels` | Add labels to all the deployed resources | `{}` |
| `commonAnnotations` | Add annotations to all the deployed resources | `{}` |
| `extraDeploy` | Array of extra objects to deploy with the release | `[]` |
| Name | Description | Value |
| ------------------------ | --------------------------------------------------------------------------------------- | -------------- |
| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` |
| `nameOverride` | String to partially override metallb.fullname include (will maintain the release name) | `""` |
| `fullnameOverride` | String to fully override metallb.fullname template | `""` |
| `commonLabels` | Add labels to all the deployed resources | `{}` |
| `commonAnnotations` | Add annotations to all the deployed resources | `{}` |
| `extraDeploy` | Array of extra objects to deploy with the release | `[]` |
| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` |
| `diagnosticMode.command` | Command to override all containers in the the deployment(s)/statefulset(s) | `["sleep"]` |
| `diagnosticMode.args` | Args to override all containers in the the deployment(s)/statefulset(s) | `["infinity"]` |
### MetalLB parameters
@@ -88,112 +92,192 @@ The command removes all the Kubernetes components associated with the chart and
### Controller parameters
| Name | Description | Value |
| -------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- |
| `controller.image.registry` | MetalLB Controller image registry | `docker.io` |
| `controller.image.repository` | MetalLB Controller image repository | `bitnami/metallb-controller` |
| `controller.image.tag` | MetalLB Controller image tag (immutable tags are recommended) | `0.11.0-debian-10-r73` |
| `controller.image.pullPolicy` | MetalLB Controller image pull policy | `IfNotPresent` |
| `controller.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `controller.hostAliases` | Deployment pod host aliases | `[]` |
| `controller.rbac.create` | create specifies whether to install and use RBAC rules. | `true` |
| `controller.psp.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `true` |
| `controller.priorityClassName` | Set pod priorityClassName | `""` |
| `controller.resources.limits` | The resources limits for the container | `{}` |
| `controller.resources.requests` | The requested resources for the container | `{}` |
| `controller.nodeSelector` | Node labels for controller pod assignment | `{}` |
| `controller.tolerations` | Tolerations for controller pod assignment | `[]` |
| `controller.affinity` | Affinity for controller pod assignment | `{}` |
| `controller.podAnnotations` | Controller Pod annotations | `{}` |
| `controller.podLabels` | Controller Pod labels | `{}` |
| `controller.podAffinityPreset` | Controller Pod affinitypreset. Allowed values: soft, hard | `""` |
| `controller.podAntiAffinityPreset` | Controller Pod anti affinitypreset. Allowed values: soft, hard | `soft` |
| `controller.nodeAffinityPreset.type` | Controller Pod Node affinity preset. Allowed values: soft, hard | `""` |
| `controller.nodeAffinityPreset.key` | Controller Pod Node affinity label key to match | `""` |
| `controller.nodeAffinityPreset.values` | Controller Pod Node affinity label values to match | `[]` |
| `controller.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
| `controller.serviceAccount.name` | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template | `""` |
| `controller.securityContext.enabled` | Enable pods' security context | `true` |
| `controller.securityContext.runAsNonRoot` | MetalLB Controller must runs as nonRoot. | `true` |
| `controller.securityContext.runAsUser` | User ID for the pods. | `1001` |
| `controller.securityContext.fsGroup` | Group ID for the pods. | `1001` |
| `controller.securityContext.allowPrivilegeEscalation` | This defines if privilegeEscalation is allowed on that container | `false` |
| `controller.securityContext.readOnlyRootFilesystem` | This defines if the container can read the root fs on the host | `true` |
| `controller.securityContext.capabilities.drop` | Drop capabilities for the securityContext | `[]` |
| `controller.revisionHistoryLimit` | Configure the revisionHistoryLimit of the Controller deployment | `3` |
| `controller.terminationGracePeriodSeconds` | Configure the grace time period for sig term | `0` |
| `controller.containerPort.metrics` | Configures the ports the MetalLB Controller listens on for metrics | `7472` |
| `controller.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `controller.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` |
| `controller.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `controller.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
| `controller.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `controller.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `controller.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `controller.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` |
| `controller.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `controller.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `controller.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `controller.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `controller.prometheus.serviceMonitor.enabled` | Specify if a servicemonitor will be deployed for prometheus-operator | `false` |
| `controller.prometheus.serviceMonitor.jobLabel` | Specify the jobLabel to use for the prometheus-operator | `app.kubernetes.io/name` |
| `controller.prometheus.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `""` |
| `controller.prometheus.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` |
| `controller.prometheus.serviceMonitor.relabelings` | Specify general relabeling | `[]` |
| Name | Description | Value |
| -------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- |
| `controller.image.registry` | MetalLB Controller image registry | `docker.io` |
| `controller.image.repository` | MetalLB Controller image repository | `bitnami/metallb-controller` |
| `controller.image.tag` | MetalLB Controller image tag (immutable tags are recommended) | `0.12.1-debian-10-r59` |
| `controller.image.pullPolicy` | MetalLB Controller image pull policy | `IfNotPresent` |
| `controller.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `controller.updateStrategy.type` | Metallb controller deployment strategy type. | `RollingUpdate` |
| `controller.hostAliases` | Deployment pod host aliases | `[]` |
| `controller.rbac.create` | create specifies whether to install and use RBAC rules. | `true` |
| `controller.psp.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `true` |
| `controller.priorityClassName` | Metallb controller pods' priorityClassName | `""` |
| `controller.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `controller.terminationGracePeriodSeconds` | In seconds, time the given to the Metallb controller pod needs to terminate gracefully | `0` |
| `controller.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
| `controller.resources.limits` | The resources limits for the container | `{}` |
| `controller.resources.requests` | The requested resources for the container | `{}` |
| `controller.nodeSelector` | Node labels for controller pod assignment | `{}` |
| `controller.tolerations` | Tolerations for controller pod assignment | `[]` |
| `controller.affinity` | Affinity for controller pod assignment | `{}` |
| `controller.podAnnotations` | Controller Pod annotations | `{}` |
| `controller.podLabels` | Controller Pod labels | `{}` |
| `controller.podAffinityPreset` | Controller Pod affinitypreset. Allowed values: soft, hard | `""` |
| `controller.podAntiAffinityPreset` | Controller Pod anti affinitypreset. Allowed values: soft, hard | `soft` |
| `controller.nodeAffinityPreset.type` | Controller Pod Node affinity preset. Allowed values: soft, hard | `""` |
| `controller.nodeAffinityPreset.key` | Controller Pod Node affinity label key to match | `""` |
| `controller.nodeAffinityPreset.values` | Controller Pod Node affinity label values to match | `[]` |
| `controller.podSecurityContext.enabled` | Enabled Metallb Controller pods' Security Context | `true` |
| `controller.podSecurityContext.fsGroup` | Set Metallb Controller pod's Security Context fsGroup | `1001` |
| `controller.containerSecurityContext.enabled` | Enabled Metallb Controller containers' Security Context | `true` |
| `controller.containerSecurityContext.runAsUser` | Set Metallb Controller containers' Security Context runAsUser | `1001` |
| `controller.containerSecurityContext.runAsNonRoot` | Set Metallb Controller container's Security Context runAsNonRoot | `true` |
| `controller.containerSecurityContext.allowPrivilegeEscalation` | Enables privilege Escalation context for the pod. | `false` |
| `controller.containerSecurityContext.readOnlyRootFilesystem` | Allows the pod to mount the RootFS as ReadOnly | `true` |
| `controller.containerSecurityContext.capabilities.drop` | Drop capabilities for the securityContext | `[]` |
| `controller.command` | Override default container command (useful when using custom images) | `[]` |
| `controller.args` | Override default container args (useful when using custom images) | `[]` |
| `controller.lifecycleHooks` | for the Metallb Controller container(s) to automate configuration before or after startup | `{}` |
| `controller.extraEnvVars` | Extra environment variable to pass to the running container. | `[]` |
| `controller.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Metallb controller nodes | `""` |
| `controller.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Metallb controller nodes | `""` |
| `controller.extraVolumes` | Optionally specify extra list of additional volumes for the Metallb controller pod(s) | `[]` |
| `controller.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Metallb controller container(s) | `[]` |
| `controller.sidecars` | Add additional sidecar containers to the Metallb Controller pod(s) | `[]` |
| `controller.initContainers` | Add additional init containers to the Metallb Controller pod(s) | `[]` |
| `controller.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
| `controller.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` |
| `controller.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `true` |
| `controller.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` |
| `controller.revisionHistoryLimit` | Configure the revisionHistoryLimit of the Controller deployment | `3` |
| `controller.containerPorts.metrics` | Configures the ports the MetalLB Controller listens on for metrics | `7472` |
| `controller.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `controller.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` |
| `controller.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `controller.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
| `controller.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `controller.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `controller.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `controller.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` |
| `controller.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `controller.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `controller.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `controller.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `controller.startupProbe.enabled` | Enable startupProbe | `false` |
| `controller.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` |
| `controller.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `controller.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `controller.startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` |
| `controller.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `controller.customStartupProbe` | Custom liveness probe for the Web component | `{}` |
| `controller.customLivenessProbe` | Custom liveness probe for the Web component | `{}` |
| `controller.customReadinessProbe` | Custom readiness probe for the Web component | `{}` |
### Metallb controller Prometheus metrics export
| Name | Description | Value |
| ----------------------------------------------------- | --------------------------------------------------------------------------- | ------------------------ |
| `controller.metrics.enabled` | Enable the export of Prometheus metrics | `false` |
| `controller.metrics.service.port` | Prometheus metrics service port | `7472` |
| `controller.metrics.service.annotations` | Annotations for the Prometheus Exporter service service | `{}` |
| `controller.metrics.serviceMonitor.enabled` | Specify if a servicemonitor will be deployed for prometheus-operator | `false` |
| `controller.metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` |
| `controller.metrics.serviceMonitor.jobLabel` | Specify the jobLabel to use for the prometheus-operator | `app.kubernetes.io/name` |
| `controller.metrics.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `""` |
| `controller.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` |
| `controller.metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` |
| `controller.metrics.serviceMonitor.relabelings` | Specify general relabeling | `[]` |
| `controller.metrics.serviceMonitor.selector` | ServiceMonitor selector labels | `{}` |
| `controller.metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` |
| `controller.metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` |
### Speaker parameters
| Name | Description | Value |
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- |
| `speaker.image.registry` | MetalLB Speaker image registry | `docker.io` |
| `speaker.image.repository` | MetalLB Speaker image repository | `bitnami/metallb-speaker` |
| `speaker.image.tag` | MetalLB Speaker image tag (immutable tags are recommended) | `0.11.0-debian-10-r74` |
| `speaker.image.pullPolicy` | MetalLB Speaker image pull policy | `IfNotPresent` |
| `speaker.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `speaker.rbac.create` | create specifies whether to install and use RBAC rules. | `true` |
| `speaker.hostAliases` | Deployment pod host aliases | `[]` |
| `speaker.psp.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `true` |
| `speaker.priorityClassName` | Set pod priorityClassName. | `""` |
| `speaker.resources.limits` | The resources limits for the container | `{}` |
| `speaker.resources.requests` | The requested resources for the container | `{}` |
| `speaker.nodeSelector` | Node labels for speaker pod assignment | `{}` |
| `speaker.tolerations` | Tolerations for speaker pod assignment | `[]` |
| `speaker.affinity` | Affinity for speaker pod assignment | `{}` |
| `speaker.podAnnotations` | Speaker Pod annotations | `{}` |
| `speaker.podLabels` | Speaker Pod labels | `{}` |
| `speaker.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
| `speaker.serviceAccount.name` | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template | `""` |
| `speaker.daemonset.terminationGracePeriodSeconds` | Configure the grace time period for sig term | `2` |
| `speaker.daemonset.hostPorts.metrics` | HTTP Metrics Endpoint | `7472` |
| `speaker.secretName` | References a Secret name for the member secret outside of the helm chart | `""` |
| `speaker.secretKey` | References a Secret key the member secret outside of the helm chart | `""` |
| `speaker.secretValue` | Custom value for `speaker.secretKey` | `""` |
| `speaker.initContainers` | Extra initContainers to add to the daemonset | `[]` |
| `speaker.securityContext.enabled` | Enable pods' security context | `true` |
| `speaker.securityContext.runAsUser` | User ID for the pods. | `0` |
| `speaker.securityContext.allowPrivilegeEscalation` | Enables privilege Escalation context for the pod. | `false` |
| `speaker.securityContext.readOnlyRootFilesystem` | Allows the pod to mount the RootFS as ReadOnly | `true` |
| `speaker.securityContext.capabilities.drop` | Drop capabilities for the securityContext | `[]` |
| `speaker.securityContext.capabilities.add` | Add capabilities for the securityContext | `[]` |
| `speaker.extraEnvVars` | Extra environment variable to pass to the running container. | `[]` |
| `speaker.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `speaker.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` |
| `speaker.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `speaker.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
| `speaker.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `speaker.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `speaker.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `speaker.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` |
| `speaker.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `speaker.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `speaker.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `speaker.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `speaker.prometheus.serviceMonitor.enabled` | Enable support for Prometheus Operator | `false` |
| `speaker.prometheus.serviceMonitor.jobLabel` | Job label for scrape target | `app.kubernetes.io/name` |
| `speaker.prometheus.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `""` |
| `speaker.prometheus.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` |
| `speaker.prometheus.serviceMonitor.relabelings` | Specify general relabeling | `[]` |
| Name | Description | Value |
| ----------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- |
| `speaker.image.registry` | MetalLB Speaker image registry | `docker.io` |
| `speaker.image.repository` | MetalLB Speaker image repository | `bitnami/metallb-speaker` |
| `speaker.image.tag` | MetalLB Speaker image tag (immutable tags are recommended) | `0.12.1-debian-10-r59` |
| `speaker.image.pullPolicy` | MetalLB Speaker image pull policy | `IfNotPresent` |
| `speaker.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `speaker.updateStrategy.type` | Speaker daemonset strategy type | `RollingUpdate` |
| `speaker.rbac.create` | create specifies whether to install and use RBAC rules. | `true` |
| `speaker.hostAliases` | Deployment pod host aliases | `[]` |
| `speaker.psp.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `true` |
| `speaker.priorityClassName` | Speaker pods' priorityClassName | `""` |
| `speaker.terminationGracePeriodSeconds` | In seconds, time the given to the Speaker pod needs to terminate gracefully | `2` |
| `speaker.resources.limits` | The resources limits for the container | `{}` |
| `speaker.resources.requests` | The requested resources for the container | `{}` |
| `speaker.nodeSelector` | Node labels for speaker pod assignment | `{}` |
| `speaker.tolerations` | Tolerations for speaker pod assignment | `[]` |
| `speaker.affinity` | Affinity for speaker pod assignment | `{}` |
| `speaker.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `speaker.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `speaker.nodeAffinityPreset.key` | Node label key to match. Ignored if `speaker.affinity` is set | `""` |
| `speaker.nodeAffinityPreset.values` | Node label values to match. Ignored if `speaker.affinity` is set | `[]` |
| `speaker.podAffinityPreset` | Pod affinity preset. Ignored if `speaker.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `speaker.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `speaker.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `speaker.podAnnotations` | Speaker Pod annotations | `{}` |
| `speaker.podLabels` | Speaker Pod labels | `{}` |
| `speaker.podSecurityContext.enabled` | Enabled Speaker pods' Security Context | `true` |
| `speaker.podSecurityContext.fsGroup` | Set Speaker pod's Security Context fsGroup | `0` |
| `speaker.containerSecurityContext.enabled` | Enabled Speaker containers' Security Context | `true` |
| `speaker.containerSecurityContext.runAsUser` | Set Speaker containers' Security Context runAsUser | `0` |
| `speaker.containerSecurityContext.allowPrivilegeEscalation` | Enables privilege Escalation context for the pod. | `false` |
| `speaker.containerSecurityContext.readOnlyRootFilesystem` | Allows the pod to mount the RootFS as ReadOnly | `true` |
| `speaker.containerSecurityContext.capabilities.drop` | Drop capabilities for the securityContext | `[]` |
| `speaker.containerSecurityContext.capabilities.add` | Add capabilities for the securityContext | `[]` |
| `speaker.command` | Override default container command (useful when using custom images) | `[]` |
| `speaker.args` | Override default container args (useful when using custom images) | `[]` |
| `speaker.lifecycleHooks` | for the Speaker container(s) to automate configuration before or after startup | `{}` |
| `speaker.sidecars` | Add additional sidecar containers to the Speaker pod(s) | `[]` |
| `speaker.initContainers` | Add additional init containers to the Speaker pod(s) | `[]` |
| `speaker.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
| `speaker.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` |
| `speaker.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `true` |
| `speaker.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` |
| `speaker.secretName` | References a Secret name for the member secret outside of the helm chart | `""` |
| `speaker.secretKey` | References a Secret key the member secret outside of the helm chart | `""` |
| `speaker.secretValue` | Custom value for `speaker.secretKey` | `""` |
| `speaker.extraEnvVars` | Extra environment variable to pass to the running container. | `[]` |
| `speaker.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Speaker nodes | `""` |
| `speaker.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Speaker nodes | `""` |
| `speaker.extraVolumes` | Optionally specify extra list of additional volumes for the Speaker pod(s) | `[]` |
| `speaker.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Speaker container(s) | `[]` |
| `speaker.containerPorts.metrics` | HTTP Metrics Endpoint | `7472` |
| `speaker.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `speaker.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` |
| `speaker.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `speaker.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
| `speaker.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `speaker.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `speaker.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `speaker.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` |
| `speaker.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `speaker.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `speaker.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `speaker.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `speaker.startupProbe.enabled` | Enable startupProbe | `false` |
| `speaker.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` |
| `speaker.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `speaker.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `speaker.startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` |
| `speaker.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `speaker.customStartupProbe` | Custom liveness probe for the Web component | `{}` |
| `speaker.customLivenessProbe` | Custom liveness probe for the Web component | `{}` |
| `speaker.customReadinessProbe` | Custom readiness probe for the Web component | `{}` |
### Speaker Prometheus metrics export
| Name | Description | Value |
| -------------------------------------------------- | --------------------------------------------------------------------------- | ------------------------ |
| `speaker.metrics.enabled` | Enable the export of Prometheus metrics | `false` |
| `speaker.metrics.service.port` | Prometheus metrics service port | `7472` |
| `speaker.metrics.service.annotations` | Annotations for the Prometheus Exporter service service | `{}` |
| `speaker.metrics.serviceMonitor.enabled` | Enable support for Prometheus Operator | `false` |
| `speaker.metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` |
| `speaker.metrics.serviceMonitor.jobLabel` | Job label for scrape target | `app.kubernetes.io/name` |
| `speaker.metrics.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `""` |
| `speaker.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` |
| `speaker.metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` |
| `speaker.metrics.serviceMonitor.relabelings` | Specify general relabeling | `[]` |
| `speaker.metrics.serviceMonitor.selector` | ServiceMonitor selector labels | `{}` |
| `speaker.metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` |
| `speaker.metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
@@ -245,6 +329,20 @@ Find more information about how to deal with common errors related to Bitnami's
## Upgrading
### To 3.0.0
This major release renames several values in this chart and adds missing features, in order to be aligned with the rest of the assets in the Bitnami charts repository.
Affected values:
- `<controller/speaker>.prometheus` has been renamed as `<controller/speaker>.metrics`.
- To enable the Prometheus serviceMonitors, it is necessary to enable both `<controller/speaker>.metrics.enabled` and `<controller/speaker>.metrics.serviceMonitor.enabled`.
- Added the values section `<controller/speaker>.metrics.service`.
- `<controller/speaker>.securityContext` has been split as `<controller/speaker>.podSecurityContext` and `<controller/speaker>.containerSecurityContext`
- `controller.containerPort` has been renamed as `controller.containerPorts`.
- `speaker.daemonset.hostPorts.metrics` renamed as `speaker.containerPorts.metrics`
- `speaker.daemonset.terminationGracePeriodSeconds` renamed as speaker.terminationGracePeriodSeconds
### To 2.0.0
**What changes were introduced in this major version?**

30
bitnami/metallb/templates/NOTES.txt
View File

@@ -4,6 +4,27 @@ APP VERSION: {{ .Chart.AppVersion }}
** Please be patient while the chart is being deployed **
{{- if .Values.diagnosticMode.enabled }}
The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with:
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }}
Get the list of pods by executing:
kubectl get pods --namespace {{ include "common.names.namespace" . }} -l app.kubernetes.io/instance={{ .Release.Name }}
Access the pod you want to debug by executing
kubectl exec --namespace {{ include "common.names.namespace" . }} -ti <NAME OF THE POD> -- bash
In order to replicate the container startup scripts execute these commands in their respective pods:
speaker --port={{ .Values.speaker.containerPorts.metrics }} --config={{ include "metallb.configMapName" . }}
controller --port={{ .Values.controller.containerPorts.metrics }} --config={{ include "metallb.configMapName" . }}
{{- else }}
MetalLB is now running in the cluster
LoadBalancer Services in your cluster are now available on the IPs you
@@ -15,7 +36,7 @@ should be executed.
To see the currently configured configuration for metallb run
kubectl get configmaps --namespace {{ .Release.Namespace }} {{ include "metallb.configMapName" . }} -o yaml
kubectl get configmaps --namespace {{ include "common.names.namespace" . }} {{ include "metallb.configMapName" . }} -o yaml
in your preferred shell.
@@ -26,20 +47,21 @@ ConfigMap to your cluster yourself.
Ensure you put the configmap in place
kubectl get configmaps --namespace {{ .Release.Namespace }} | grep --color=never -E "{{ include "metallb.configMapName" . }}|NAME"
kubectl get configmaps --namespace {{ include "common.names.namespace" . }} | grep --color=never -E "{{ include "metallb.configMapName" . }}|NAME"
If it is missing create it with:
kubectl create configmap {{ include "metallb.configMapName" . }} --namespace {{ .Release.Namespace }} --from-file=config
kubectl create configmap {{ include "metallb.configMapName" . }} --namespace {{ include "common.names.namespace" . }} --from-file=config
{{- end }}
{{- if .Values.speaker.secretName }}
WARNING: you specified a secretName that isn't managed by
Helm. The MetalLB speakers will not join without the secret in place.
kubectl get secrets --namespace {{ .Release.Namespace }} | grep --color=never -E "{{ include "metallb.speaker.secretName" . }}|NAME"
kubectl get secrets --namespace {{ include "common.names.namespace" . }} | grep --color=never -E "{{ include "metallb.speaker.secretName" . }}|NAME"
If it is missing create it with:
kubectl create secret {{ include "metallb.speaker.secretName" . }} --from-file={{ include "metallb.speaker.secretKey" . }}
{{- end }}
{{- end }}

4
bitnami/metallb/templates/_helpers.tpl
View File

@@ -3,14 +3,14 @@
{{/*
Create the name of the controller service account to use
*/}}
{{- define "metallb.controllerServiceAccountName" -}}
{{- define "metallb.controller.serviceAccountName" -}}
{{ include "common.secrets.name" (dict "existingSecret" .Values.controller.serviceAccount.name "defaultNameSuffix" "controller" "context" $) }}
{{- end -}}
{{/*
Create the name of the speaker service account to use
*/}}
{{- define "metallb.speakerServiceAccountName" -}}
{{- define "metallb.speaker.serviceAccountName" -}}
{{ include "common.secrets.name" (dict "existingSecret" .Values.speaker.serviceAccount.name "defaultNameSuffix" "speaker" "context" $) }}
{{- end -}}

1
bitnami/metallb/templates/controller/configmap.yaml
View File

@@ -3,6 +3,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "metallb.configMapName" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}

116
bitnami/metallb/templates/controller/deployment.yaml
View File

@@ -1,7 +1,8 @@
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ include "common.names.fullname" . }}-controller
name: {{ printf "%s-controller" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: controller
{{- if .Values.commonLabels }}
@@ -11,6 +12,10 @@ metadata:
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
replicas: 1
{{- if .Values.controller.updateStrategy }}
strategy: {{- toYaml .Values.controller.updateStrategy | nindent 4 }}
{{- end }}
revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
@@ -27,17 +32,16 @@ spec:
{{- end }}
spec:
{{- include "common.images.pullSecrets" (dict "images" (list .Values.speaker.image .Values.controller.image) "global" .Values.global) | nindent 6 }}
{{- if .Values.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
{{- if .Values.controller.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.controller.hostAliases "context" $) | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "metallb.controllerServiceAccountName" . }}
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
serviceAccountName: {{ include "metallb.controller.serviceAccountName" . }}
nodeSelector:
{{- if .Values.controller.nodeSelector }}
{{- include "common.tplvalues.render" (dict "value" .Values.controller.nodeSelector "context" $) | nindent 8 }}
{{- end }}
"kubernetes.io/os": linux
{{- if .Values.affinity }}
{{- if .Values.controller.nodeSelector }}
{{- include "common.tplvalues.render" (dict "value" .Values.controller.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.controller.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.controller.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
@@ -51,51 +55,95 @@ spec:
{{- if .Values.controller.priorityClassName }}
priorityClassName: {{ .Values.controller.priorityClassName | quote }}
{{- end }}
{{- if .Values.controller.schedulerName }}
schedulerName: {{ .Values.controller.schedulerName | quote }}
{{- end }}
{{- if .Values.controller.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.controller.topologySpreadConstraints "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.controller.podSecurityContext.enabled }}
securityContext: {{- omit .Values.controller.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.controller.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
{{- end }}
{{- if .Values.controller.initContainers }}
initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.controller.initContainers "context" $) | nindent 8 }}
{{- end }}
containers:
- name: metallb-controller
image: {{ include "common.images.image" (dict "imageRoot" .Values.controller.image "global" .Values.global) }}
imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
{{- if .Values.controller.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.controller.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if .Values.controller.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.controller.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if .Values.controller.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.controller.args "context" $) | nindent 12 }}
{{- else }}
args:
- --port={{ .Values.controller.containerPort.metrics }}
- --port={{ .Values.controller.containerPorts.metrics }}
- --config={{ include "metallb.configMapName" . }}
{{- end }}
{{- if .Values.controller.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.controller.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
env:
{{- if .Values.controller.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.controller.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
envFrom:
{{- if .Values.controller.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.controller.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.controller.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.controller.extraEnvVarsSecret "context" $) }}
{{- end }}
ports:
- name: metrics
containerPort: {{ .Values.controller.containerPort.metrics }}
containerPort: {{ .Values.controller.containerPorts.metrics }}
{{- if .Values.controller.extraVolumeMounts }}
volumeMounts: {{- include "common.tplvalues.render" (dict "value" .Values.controller.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.controller.livenessProbe.enabled }}
livenessProbe:
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.controller.livenessProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /metrics
port: metrics
initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.controller.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }}
{{- else if .Values.controller.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.controller.customLivenessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.controller.readinessProbe.enabled }}
readinessProbe:
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.controller.readinessProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /metrics
port: metrics
initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
{{- else if .Values.controller.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.controller.customReadinessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.controller.startupProbe.enabled }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.controller.startupProbe "enabled") "context" $) | nindent 12 }}
tcpSocket:
port: metrics
{{- else if .Values.controller.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.controller.customStartupProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.controller.securityContext.enabled }}
securityContext:
allowPrivilegeEscalation: {{ .Values.controller.securityContext.allowPrivilegeEscalation }}
readOnlyRootFilesystem: {{ .Values.controller.securityContext.readOnlyRootFilesystem }}
capabilities:
drop: {{- toYaml .Values.controller.securityContext.capabilities.drop | nindent 16 }}
{{- end }}
{{- if .Values.controller.resources }}
resources: {{- toYaml .Values.controller.resources | nindent 12 }}
{{- end }}
{{- if .Values.controller.securityContext.enabled }}
securityContext:
runAsUser: {{ .Values.controller.securityContext.runAsUser }}
fsGroup: {{ .Values.controller.securityContext.fsGroup }}
runAsNonRoot: {{ .Values.controller.securityContext.runAsNonRoot }}
{{- if .Values.controller.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.controller.sidecars "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.controller.extraVolumes }}
volumes: {{- include "common.tplvalues.render" (dict "value" .Values.controller.extraVolumes "context" $) | nindent 8 }}
{{- end }}

29
bitnami/metallb/templates/controller/psp.yaml
View File

@@ -3,7 +3,8 @@
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ include "common.names.fullname" . }}-controller
name: {{ printf "%s-controller" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: controller
{{- if .Values.commonLabels }}
@@ -13,36 +14,36 @@ metadata:
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
allowPrivilegeEscalation: {{ .Values.controller.securityContext.allowPrivilegeEscalation }}
allowPrivilegeEscalation: {{ .Values.controller.containerSecurityContext.allowPrivilegeEscalation }}
allowedCapabilities: []
allowedHostPaths: []
defaultAddCapabilities: []
defaultAllowPrivilegeEscalation: {{ .Values.controller.securityContext.allowPrivilegeEscalation }}
defaultAllowPrivilegeEscalation: {{ .Values.controller.containerSecurityContext.allowPrivilegeEscalation }}
fsGroup:
ranges:
- max: {{ .Values.controller.securityContext.fsGroup }}
min: {{ .Values.controller.securityContext.fsGroup }}
- max: {{ .Values.controller.podSecurityContext.fsGroup }}
min: {{ .Values.controller.podSecurityContext.fsGroup }}
rule: MustRunAs
hostIPC: false
hostNetwork: false
hostPID: false
privileged: false
readOnlyRootFilesystem: {{ .Values.controller.securityContext.readOnlyRootFilesystem }}
requiredDropCapabilities: {{- toYaml .Values.controller.securityContext.capabilities.drop | nindent 2 }}
readOnlyRootFilesystem: {{ .Values.controller.containerSecurityContext.readOnlyRootFilesystem }}
requiredDropCapabilities: {{- toYaml .Values.controller.containerSecurityContext.capabilities.drop | nindent 2 }}
runAsUser:
ranges:
- max: {{ .Values.controller.securityContext.runAsUser }}
min: {{ .Values.controller.securityContext.runAsUser }}
- max: {{ .Values.controller.containerSecurityContext.runAsUser }}
min: {{ .Values.controller.containerSecurityContext.runAsUser }}
rule: MustRunAs
seLinux:
rule: RunAsAny
supplementalGroups:
ranges:
- max: {{ .Values.controller.securityContext.runAsUser }}
min: {{ .Values.controller.securityContext.runAsUser }}
- max: {{ .Values.controller.containerSecurityContext.runAsUser }}
min: {{ .Values.controller.containerSecurityContext.runAsUser }}
rule: MustRunAs
volumes:
- configMap
- secret
- emptyDir
- configMap
- secret
- emptyDir
{{- end -}}

14
bitnami/metallb/templates/controller/rbac.yaml
View File

@@ -3,7 +3,8 @@
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: ClusterRole
metadata:
name: {{ include "common.names.fullname" . }}-controller
name: {{ printf "%s-controller" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: controller
{{- if .Values.commonLabels }}
@@ -38,7 +39,7 @@ rules:
- apiGroups:
- policy
resourceNames:
- {{ include "common.names.fullname" . }}-controller
- {{ printf "%s-controller" (include "common.names.fullname" .) }}
resources:
- podsecuritypolicies
verbs:
@@ -48,7 +49,8 @@ rules:
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: ClusterRoleBinding
metadata:
name: {{ include "common.names.fullname" . }}-controller
name: {{ printf "%s-controller" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: controller
{{- if .Values.commonLabels }}
@@ -59,10 +61,10 @@ metadata:
{{- end }}
subjects:
- kind: ServiceAccount
name: {{ include "metallb.controllerServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
name: {{ include "metallb.controller.serviceAccountName" . }}
namespace: {{ include "common.names.namespace" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "common.names.fullname" . }}-controller
name: {{ printf "%s-controller" (include "common.names.fullname" .) }}
{{- end -}}

23
bitnami/metallb/templates/controller/service.yaml
View File

@@ -1,24 +1,29 @@
{{- if .Values.controller.prometheus.serviceMonitor.enabled }}
{{- if .Values.controller.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.names.fullname" . }}-controller-metrics
name: {{ printf "%s-controller-metrics" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: controller
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.controller.metrics.service.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.controller.metrics.service.annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
type: ClusterIP
clusterIP: "None"
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: controller
ports:
- name: metrics
port: {{ .Values.controller.containerPort.metrics }}
protocol: TCP
targetPort: {{ .Values.controller.containerPort.metrics }}
- name: metrics
port: {{ .Values.controller.metrics.service.port }}
protocol: TCP
targetPort: {{ .Values.controller.containerPorts.metrics }}
{{- end }}

14
bitnami/metallb/templates/controller/serviceaccount.yaml
View File

@@ -2,13 +2,21 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "metallb.controllerServiceAccountName" . }}
name: {{ include "metallb.controller.serviceAccountName" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: controller
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- if or .Values.controller.serviceAccount.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.controller.serviceAccount.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.controller.serviceAccount.annotations "context" $) | nindent 4 }}
{{- end }}
{{- end }}
automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }}
{{- end -}}

52
bitnami/metallb/templates/controller/servicemonitor.yaml
View File

@@ -1,33 +1,51 @@
{{- if .Values.controller.prometheus.serviceMonitor.enabled }}
{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "common.names.fullname" . }}-controller
name: {{ printf "%s-controller" (include "common.names.fullname" .) }}
{{- if .Values.controller.metrics.serviceMonitor.namespace }}
namespace: {{ .Values.controller.metrics.serviceMonitor.namespace | quote }}
{{- else }}
namespace: {{ include "common.names.namespace" . | quote }}
{{- end }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: controller
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.controller.metrics.serviceMonitor.labels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.controller.metrics.serviceMonitor.labels "context" $ ) | nindent 4 }}
{{- end }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
jobLabel: {{ .Values.controller.prometheus.serviceMonitor.jobLabel | quote }}
jobLabel: {{ .Values.controller.metrics.serviceMonitor.jobLabel | quote }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: controller
{{- if .Values.controller.metrics.serviceMonitor.selector }}
{{- include "common.tplvalues.render" (dict "value" .Values.controller.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
- {{ include "common.names.namespace" .| quote }}
endpoints:
- port: metrics
{{- if .Values.controller.prometheus.serviceMonitor.interval }}
interval: {{ .Values.controller.prometheus.serviceMonitor.interval }}
{{- end }}
{{- if .Values.controller.prometheus.serviceMonitor.metricRelabelings }}
metricRelabelings: {{ toYaml .Values.controller.prometheus.serviceMonitor.metricRelabelings | nindent 4 }}
{{- end }}
{{- if .Values.controller.prometheus.serviceMonitor.relabelings }}
relabelings: {{ toYaml .Values.controller.prometheus.serviceMonitor.relabelings | nindent 4 }}
{{- end }}
- port: metrics
{{- if .Values.controller.metrics.serviceMonitor.interval }}
interval: {{ .Values.controller.metrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.controller.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.controller.metrics.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.controller.metrics.serviceMonitor.honorLabels }}
honorLabels: {{ .Values.controller.metrics.serviceMonitor.honorLabels }}
{{- end }}
{{- if .Values.controller.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.controller.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.controller.metrics.serviceMonitor.relabelings }}
relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.controller.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }}
{{- end }}
{{- end -}}

13
bitnami/metallb/templates/networkpolicy.yaml
View File

@@ -2,9 +2,16 @@
kind: NetworkPolicy
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
metadata:
name: {{ include "common.names.fullname" . }}-controller
labels:
name: {{ printf "%s-controller" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: controller
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
podSelector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
@@ -14,7 +21,7 @@ spec:
ingress:
# Allow prometheus scrapes for metrics
- ports:
- port: {{ .Values.controller.containerPort.metrics }}
- port: {{ .Values.controller.containerPorts.metrics }}
protocol: TCP
{{- if .Values.networkPolicy.ingressNSMatchLabels }}
from:

39
bitnami/metallb/templates/prometheus/metallb.alerts.yaml
View File

@@ -1,8 +1,9 @@
{{- if and .Values.prometheusRule.enabled .Values.speaker.prometheus.serviceMonitor.enabled .Values.controller.prometheus.serviceMonitor.enabled }}
{{- if and .Values.prometheusRule.enabled .Values.speaker.metrics.serviceMonitor.enabled .Values.controller.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
@@ -12,22 +13,22 @@ metadata:
{{- end }}
spec:
groups:
- name: {{ include "common.names.fullname" . }}.alerts
rules:
- alert: MetalLBStaleConfig
annotations:
message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container_name }} on {{ $labels.instance
}} has a stale config for > 1 minute'`}}
expr: metallb_k8s_client_config_stale_bool{job="{{ include "common.names.name" . }}"} == 1
for: 1m
labels:
severity: warning
- alert: MetalLBConfigNotLoaded
annotations:
message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container_name }} on {{ $labels.instance
}} has not loaded for > 1 minute'`}}
expr: metallb_k8s_client_config_loaded_bool{job="{{ include "common.names.name" . }}"} == 0
for: 1m
labels:
severity: warning
- name: {{ include "common.names.fullname" . }}.alerts
rules:
- alert: MetalLBStaleConfig
annotations:
message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container_name }} on {{ $labels.instance
}} has a stale config for > 1 minute'`}}
expr: metallb_k8s_client_config_stale_bool{job="{{ include "common.names.name" . }}"} == 1
for: 1m
labels:
severity: warning
- alert: MetalLBConfigNotLoaded
annotations:
message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container_name }} on {{ $labels.instance
}} has not loaded for > 1 minute'`}}
expr: metallb_k8s_client_config_loaded_bool{job="{{ include "common.names.name" . }}"} == 0
for: 1m
labels:
severity: warning
{{- end }}

12
bitnami/metallb/templates/rbac.yaml
View File

@@ -3,7 +3,8 @@
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: Role
metadata:
name: {{ include "common.names.fullname" . }}-config-watcher
name: {{ printf "%s-config-watcher" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
@@ -24,7 +25,8 @@ rules:
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: RoleBinding
metadata:
name: {{ include "common.names.fullname" . }}-config-watcher
name: {{ printf "%s-config-watcher" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
@@ -35,14 +37,14 @@ metadata:
subjects:
{{- if .Values.controller.rbac.create }}
- kind: ServiceAccount
name: {{ include "metallb.controllerServiceAccountName" . }}
name: {{ include "metallb.controller.serviceAccountName" . }}
{{- end }}
{{- if .Values.speaker.rbac.create }}
- kind: ServiceAccount
name: {{ include "metallb.speakerServiceAccountName" . }}
name: {{ include "metallb.speaker.serviceAccountName" . }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "common.names.fullname" . }}-config-watcher
name: {{ printf "%s-config-watcher" (include "common.names.fullname" .) }}
{{- end -}}

127
bitnami/metallb/templates/speaker/daemonset.yaml
View File

@@ -1,7 +1,8 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ include "common.names.fullname" . }}-speaker
name: {{ printf "%s-speaker" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: speaker
{{- if .Values.commonLabels }}
@@ -11,6 +12,9 @@ metadata:
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if .Values.speaker.updateStrategy }}
updateStrategy: {{- toYaml .Values.speaker.updateStrategy | nindent 4 }}
{{- end }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: speaker
@@ -26,26 +30,63 @@ spec:
{{- end }}
spec:
{{- include "common.images.pullSecrets" (dict "images" (list .Values.speaker.image .Values.controller.image) "global" .Values.global) | nindent 6 }}
{{- if .Values.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
{{- if .Values.speaker.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.speaker.hostAliases "context" $) | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "metallb.speaker.serviceAccountName" . }}
{{- if .Values.speaker.affinity }}
affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.speaker.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.speaker.podAffinityPreset "component" "speaker" "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.speaker.podAntiAffinityPreset "component" "speaker" "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.speaker.nodeAffinityPreset.type "key" .Values.speaker.nodeAffinityPreset.key "values" .Values.speaker.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
nodeSelector:
{{- if .Values.speaker.nodeSelector }}
{{- include "common.tplvalues.render" (dict "value" .Values.speaker.nodeSelector "context" $) | nindent 8 }}
{{- end }}
"kubernetes.io/os": linux
{{- if .Values.speaker.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.speaker.tolerations $) | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "metallb.speakerServiceAccountName" . }}
terminationGracePeriodSeconds: {{ .Values.speaker.daemonset.terminationGracePeriodSeconds }}
hostNetwork: true
{{- if .Values.speaker.initContainers }}
initContainers:
{{- include "common.tplvalues.render" (dict "value" .Values.speaker.initContainers "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.speaker.priorityClassName }}
priorityClassName: {{ .Values.speaker.priorityClassName | quote }}
{{- end }}
{{- if .Values.speaker.podSecurityContext.enabled }}
securityContext: {{- omit .Values.speaker.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.speaker.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.speaker.terminationGracePeriodSeconds }}
{{- end }}
{{- if .Values.speaker.initContainers }}
initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.speaker.initContainers "context" $) | nindent 8 }}
{{- end }}
containers:
- name: metallb-speaker
image: {{ include "common.images.image" (dict "imageRoot" .Values.speaker.image "global" .Values.global) }}
imagePullPolicy: {{ .Values.speaker.image.pullPolicy }}
{{- if .Values.speaker.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.speaker.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if .Values.speaker.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.speaker.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if .Values.speaker.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.speaker.args "context" $) | nindent 12 }}
{{- else }}
args:
- --port={{ .Values.speaker.daemonset.hostPorts.metrics }}
- --port={{ .Values.speaker.containerPorts.metrics }}
- --config={{ include "metallb.configMapName" . }}
{{- end }}
{{- if .Values.speaker.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.speaker.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
env:
- name: METALLB_NODE_NAME
valueFrom:
@@ -73,56 +114,52 @@ spec:
{{- if .Values.speaker.extraEnvVars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.speaker.extraEnvVars "context" $ ) | nindent 12 }}
{{- end }}
{{- if .Values.extraEnvVarsSecret }}
envFrom:
- secretRef:
name: {{ include "common.tplvalues.render" ( dict "value" .Values.speaker.extraEnvVarsSecret "context" $ ) }}
envFrom:
{{- if .Values.speaker.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.speaker.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.speaker.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.speaker.extraEnvVarsSecret "context" $) }}
{{- end }}
ports:
- name: metrics
containerPort: {{ .Values.speaker.daemonset.hostPorts.metrics }}
containerPort: {{ .Values.speaker.containerPorts.metrics }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.speaker.livenessProbe.enabled }}
livenessProbe:
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.speaker.livenessProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /metrics
port: metrics
initialDelaySeconds: {{ .Values.speaker.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.speaker.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.speaker.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.speaker.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.speaker.livenessProbe.failureThreshold }}
{{- else if .Values.speaker.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.speaker.customLivenessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.speaker.readinessProbe.enabled }}
readinessProbe:
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.speaker.readinessProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /metrics
port: metrics
initialDelaySeconds: {{ .Values.speaker.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.speaker.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.speaker.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.speaker.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.speaker.readinessProbe.failureThreshold }}
{{- else if .Values.speaker.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.speaker.customReadinessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.speaker.startupProbe.enabled }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.speaker.startupProbe "enabled") "context" $) | nindent 12 }}
tcpSocket:
port: metrics
{{- else if .Values.speaker.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.speaker.customStartupProbe "context" $) | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.speaker.resources }}
resources: {{- toYaml .Values.speaker.resources | nindent 12 }}
{{- end }}
{{- if .Values.speaker.securityContext.enabled }}
securityContext:
runAsUser: {{ .Values.speaker.securityContext.runAsUser }}
allowPrivilegeEscalation: {{ .Values.speaker.securityContext.allowPrivilegeEscalation }}
readOnlyRootFilesystem: {{ .Values.speaker.securityContext.readOnlyRootFilesystem }}
capabilities:
drop: {{- toYaml .Values.speaker.securityContext.capabilities.drop | nindent 16 }}
add: {{- toYaml .Values.speaker.securityContext.capabilities.add | nindent 16 }}
{{- if .Values.speaker.extraVolumeMounts }}
volumeMounts: {{- include "common.tplvalues.render" (dict "value" .Values.speaker.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
nodeSelector:
{{- if .Values.speaker.nodeSelector }}
{{- include "common.tplvalues.render" (dict "value" .Values.speaker.nodeSelector "context" $) | nindent 8 }}
{{- end }}
"kubernetes.io/os": linux
{{- if .Values.speaker.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.speaker.affinity "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.speaker.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.speaker.tolerations "context" $) | nindent 8 }}
{{- if .Values.speaker.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.speaker.sidecars "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.speaker.extraVolumes }}
volumes: {{- include "common.tplvalues.render" (dict "value" .Values.speaker.extraVolumes "context" $) | nindent 8 }}
{{- end }}

19
bitnami/metallb/templates/speaker/psp.yaml
View File

@@ -3,7 +3,8 @@
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ include "common.names.fullname" . }}-speaker
name: {{ printf "%s-speaker" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: speaker
{{- if .Values.commonLabels }}
@@ -13,22 +14,22 @@ metadata:
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
allowPrivilegeEscalation: {{ .Values.speaker.securityContext.allowPrivilegeEscalation }}
allowedCapabilities: {{- toYaml .Values.speaker.securityContext.capabilities.add | nindent 2 }}
allowPrivilegeEscalation: {{ .Values.speaker.containerSecurityContext.allowPrivilegeEscalation }}
allowedCapabilities: {{- toYaml .Values.speaker.containerSecurityContext.capabilities.add | nindent 2 }}
allowedHostPaths: []
defaultAddCapabilities: {{- toYaml .Values.speaker.securityContext.capabilities.add | nindent 2 }}
defaultAllowPrivilegeEscalation: {{ .Values.speaker.securityContext.allowPrivilegeEscalation }}
defaultAddCapabilities: {{- toYaml .Values.speaker.containerSecurityContext.capabilities.add | nindent 2 }}
defaultAllowPrivilegeEscalation: {{ .Values.speaker.containerSecurityContext.allowPrivilegeEscalation }}
fsGroup:
rule: RunAsAny
hostIPC: false
hostNetwork: true
hostPID: false
hostPorts:
- max: {{ .Values.speaker.daemonset.hostPorts.metrics }}
min: {{ .Values.speaker.daemonset.hostPorts.metrics }}
- max: {{ .Values.speaker.containerPorts.metrics }}
min: {{ .Values.speaker.containerPorts.metrics }}
privileged: true
readOnlyRootFilesystem: {{ .Values.speaker.securityContext.readOnlyRootFilesystem }}
requiredDropCapabilities: {{- toYaml .Values.speaker.securityContext.capabilities.drop | nindent 2 }}
readOnlyRootFilesystem: {{ .Values.speaker.containerSecurityContext.readOnlyRootFilesystem }}
requiredDropCapabilities: {{- toYaml .Values.speaker.containerSecurityContext.capabilities.drop | nindent 2 }}
runAsUser:
rule: RunAsAny
seLinux:

24
bitnami/metallb/templates/speaker/rbac.yaml
View File

@@ -3,7 +3,8 @@
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: ClusterRole
metadata:
name: {{ include "common.names.fullname" . }}-speaker
name: {{ printf "%s-speaker" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: speaker
{{- if .Values.commonLabels }}
@@ -33,7 +34,7 @@ rules:
- apiGroups:
- policy
resourceNames:
- {{ include "common.names.fullname" . }}-speaker
- {{ printf "%s-speaker" (include "common.names.fullname" .) }}
resources:
- podsecuritypolicies
verbs:
@@ -42,7 +43,8 @@ rules:
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: Role
metadata:
name: {{ include "common.names.fullname" . }}-pod-lister
name: {{ printf "%s-pod-lister" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: speaker
{{- if .Values.commonLabels }}
@@ -62,7 +64,8 @@ rules:
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: ClusterRoleBinding
metadata:
name: {{ include "common.names.fullname" . }}-speaker
name: {{ printf "%s-speaker" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: speaker
{{- if .Values.commonLabels }}
@@ -73,17 +76,18 @@ metadata:
{{- end }}
subjects:
- kind: ServiceAccount
name: {{ include "metallb.speakerServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
name: {{ include "metallb.speaker.serviceAccountName" . }}
namespace: {{ include "common.names.namespace" . | quote }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "common.names.fullname" . }}-speaker
name: {{ printf "%s-speaker" (include "common.names.fullname" .) }}
---
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: RoleBinding
metadata:
name: {{ include "common.names.fullname" . }}-pod-lister
name: {{ printf "%s-pod-lister" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: speaker
{{- if .Values.commonLabels }}
@@ -95,8 +99,8 @@ metadata:
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "common.names.fullname" . }}-pod-lister
name: {{ printf "%s-pod-lister" (include "common.names.fullname" .) }}
subjects:
- kind: ServiceAccount
name: {{ include "metallb.speakerServiceAccountName" . }}
name: {{ include "metallb.speaker.serviceAccountName" . }}
{{- end -}}

5
bitnami/metallb/templates/speaker/secret.yaml
View File

@@ -1,10 +1,9 @@
{{- if not .Values.speaker.secretName }}
apiVersion: v1
data:
{{ include "metallb.speaker.secretKey" . }}: {{ include "common.secrets.passwords.manage" (dict "secret" ( include "metallb.speaker.secretName" .) "key" ( include "metallb.speaker.secretKey" .) "providedValues" (list "speaker.secretValue") "length" 256 "context" $) }}
kind: Secret
metadata:
name: {{ include "metallb.speaker.secretName" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: speaker
{{- if .Values.commonLabels }}
@@ -16,4 +15,6 @@ metadata:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
{{ include "metallb.speaker.secretKey" . }}: {{ include "common.secrets.passwords.manage" (dict "secret" ( include "metallb.speaker.secretName" .) "key" ( include "metallb.speaker.secretKey" .) "providedValues" (list "speaker.secretValue") "length" 256 "context" $) }}
{{- end }}

23
bitnami/metallb/templates/speaker/service.yaml
View File

@@ -1,24 +1,29 @@
{{- if .Values.speaker.prometheus.serviceMonitor.enabled }}
{{- if .Values.speaker.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.names.fullname" . }}-speaker-metrics
name: {{ printf "%s-speaker-metrics" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: speaker
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.speaker.metrics.service.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.speaker.metrics.service.annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
type: ClusterIP
clusterIP: "None"
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: speaker
ports:
- name: metrics
port: {{ .Values.speaker.daemonset.hostPorts.metrics }}
protocol: TCP
targetPort: {{ .Values.speaker.daemonset.hostPorts.metrics }}
- name: metrics
port: {{ .Values.speaker.metrics.service.port }}
protocol: TCP
targetPort: {{ .Values.speaker.containerPorts.metrics }}
{{- end }}

14
bitnami/metallb/templates/speaker/serviceaccount.yaml
View File

@@ -2,13 +2,21 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "metallb.speakerServiceAccountName" . }}
name: {{ include "metallb.speaker.serviceAccountName" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: speaker
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- if or .Values.speaker.serviceAccount.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.speaker.serviceAccount.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.speaker.serviceAccount.annotations "context" $) | nindent 4 }}
{{- end }}
{{- end }}
automountServiceAccountToken: {{ .Values.speaker.serviceAccount.automountServiceAccountToken }}
{{- end -}}

54
bitnami/metallb/templates/speaker/servicemonitor.yaml
View File

@@ -1,33 +1,51 @@
{{- if .Values.speaker.prometheus.serviceMonitor.enabled }}
{{- if and .Values.speaker.metrics.enabled .Values.speaker.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "common.names.fullname" . }}-speaker
name: {{ printf "%s-speaker" (include "common.names.fullname" .) }}
{{- if .Values.speaker.metrics.serviceMonitor.namespace }}
namespace: {{ .Values.speaker.metrics.serviceMonitor.namespace | quote }}
{{- else }}
namespace: {{ include "common.names.namespace" . | quote }}
{{- end }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: speaker
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.speaker.metrics.serviceMonitor.labels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.speaker.metrics.serviceMonitor.labels "context" $ ) | nindent 4 }}
{{- end }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
jobLabel: {{ .Values.speaker.prometheus.serviceMonitor.jobLabel | quote }}
jobLabel: {{ .Values.speaker.metrics.serviceMonitor.jobLabel | quote }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: speaker
{{- if .Values.speaker.metrics.serviceMonitor.selector }}
{{- include "common.tplvalues.render" (dict "value" .Values.speaker.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
- {{ include "common.names.namespace" .| quote }}
endpoints:
- port: metrics
{{- if .Values.speaker.prometheus.serviceMonitor.interval }}
interval: {{ .Values.speaker.prometheus.serviceMonitor.interval }}
{{- end }}
{{- if .Values.speaker.prometheus.serviceMonitor.metricRelabelings }}
metricRelabelings: {{ toYaml .Values.speaker.prometheus.serviceMonitor.metricRelabelings | nindent 4 }}
{{- end }}
{{- if .Values.speaker.prometheus.serviceMonitor.relabelings }}
relabelings: {{ toYaml .Values.speaker.prometheus.serviceMonitor.relabelings | nindent 4 }}
{{- end }}
{{- end }}
- port: metrics
{{- if .Values.speaker.metrics.serviceMonitor.interval }}
interval: {{ .Values.speaker.metrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.speaker.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.speaker.metrics.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.speaker.metrics.serviceMonitor.honorLabels }}
honorLabels: {{ .Values.speaker.metrics.serviceMonitor.honorLabels }}
{{- end }}
{{- if .Values.speaker.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.speaker.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.speaker.metrics.serviceMonitor.relabelings }}
relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.speaker.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }}
{{- end }}
{{- end -}}

474
bitnami/metallb/values.yaml
View File

@@ -16,6 +16,9 @@ global:
## @section Common parameters
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
##
kubeVersion: ""
## @param nameOverride String to partially override metallb.fullname include (will maintain the release name)
##
nameOverride: ""
@@ -32,6 +35,20 @@ commonAnnotations: {}
##
extraDeploy: []
## Enable diagnostic mode in the deployment(s)/statefulset(s)
##
diagnosticMode:
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
##
enabled: false
## @param diagnosticMode.command Command to override all containers in the the deployment(s)/statefulset(s)
##
command:
- sleep
## @param diagnosticMode.args Args to override all containers in the the deployment(s)/statefulset(s)
##
args:
- infinity
## @section MetalLB parameters
## To configure MetalLB, you must specify ONE of the following two
@@ -96,7 +113,7 @@ controller:
image:
registry: docker.io
repository: bitnami/metallb-controller
tag: 0.12.1-debian-10-r59
tag: 0.12.1-debian-10-r61
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -110,6 +127,17 @@ controller:
## - myRegistryKeySecretName
##
pullSecrets: []
## @param controller.updateStrategy.type Metallb controller deployment strategy type.
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
## e.g:
## updateStrategy:
## type: RollingUpdate
## rollingUpdate:
## maxSurge: 25%
## maxUnavailable: 25%
##
updateStrategy:
type: RollingUpdate
## @param controller.hostAliases Deployment pod host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
@@ -130,9 +158,22 @@ controller:
## @param controller.psp.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
##
create: true
## @param controller.priorityClassName Set pod priorityClassName
## @param controller.priorityClassName Metallb controller pods' priorityClassName
##
priorityClassName: ""
## @param controller.schedulerName Name of the k8s scheduler (other than default)
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param controller.terminationGracePeriodSeconds In seconds, time the given to the Metallb controller pod needs to terminate gracefully
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
##
terminationGracePeriodSeconds: 0
## @param controller.topologySpreadConstraints Topology Spread Constraints for pod assignment
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## The value is evaluated as a template
##
topologySpreadConstraints: []
## Controller container resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
@@ -201,44 +242,100 @@ controller:
## - e2e-az2
##
values: []
serviceAccount:
## @param controller.serviceAccount.create Specifies whether a ServiceAccount should be created
##
create: true
## @param controller.serviceAccount.name The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template
##
name: ""
## Pod securityContext
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param controller.securityContext.enabled Enable pods' security context
## @param controller.securityContext.runAsNonRoot MetalLB Controller must runs as nonRoot.
## @param controller.securityContext.runAsUser User ID for the pods.
## @param controller.securityContext.fsGroup Group ID for the pods.
## @param controller.securityContext.allowPrivilegeEscalation This defines if privilegeEscalation is allowed on that container
## @param controller.securityContext.readOnlyRootFilesystem This defines if the container can read the root fs on the host
## @param controller.securityContext.capabilities.drop [array] Drop capabilities for the securityContext
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param controller.podSecurityContext.enabled Enabled Metallb Controller pods' Security Context
## @param controller.podSecurityContext.fsGroup Set Metallb Controller pod's Security Context fsGroup
##
securityContext:
podSecurityContext:
enabled: true
runAsNonRoot: true
runAsUser: 1001
fsGroup: 1001
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param controller.containerSecurityContext.enabled Enabled Metallb Controller containers' Security Context
## @param controller.containerSecurityContext.runAsUser Set Metallb Controller containers' Security Context runAsUser
## @param controller.containerSecurityContext.runAsNonRoot Set Metallb Controller container's Security Context runAsNonRoot
## @param controller.containerSecurityContext.allowPrivilegeEscalation Enables privilege Escalation context for the pod.
## @param controller.containerSecurityContext.readOnlyRootFilesystem Allows the pod to mount the RootFS as ReadOnly
## @param controller.containerSecurityContext.capabilities.drop [array] Drop capabilities for the securityContext
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
## @param controller.command Override default container command (useful when using custom images)
##
command: []
## @param controller.args Override default container args (useful when using custom images)
##
args: []
## @param controller.lifecycleHooks for the Metallb Controller container(s) to automate configuration before or after startup
##
lifecycleHooks: {}
## @param controller.extraEnvVars Extra environment variable to pass to the running container.
## For example:
## extraEnvVars:
## - name: MY_ENV_VAR
## value: env_var_value
##
extraEnvVars: []
## @param controller.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Metallb controller nodes
##
extraEnvVarsCM: ""
## @param controller.extraEnvVarsSecret Name of existing Secret containing extra env vars for Metallb controller nodes
##
extraEnvVarsSecret: ""
## @param controller.extraVolumes Optionally specify extra list of additional volumes for the Metallb controller pod(s)
##
extraVolumes: []
## @param controller.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Metallb controller container(s)
##
extraVolumeMounts: []
## @param controller.sidecars Add additional sidecar containers to the Metallb Controller pod(s)
## e.g:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## @param controller.initContainers Add additional init containers to the Metallb Controller pod(s)
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
## e.g:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## command: ['sh', '-c', 'echo "hello world"']
##
initContainers: []
## Pods Service Account
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
## @param controller.serviceAccount.create Specifies whether a ServiceAccount should be created
## @param controller.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
## @param controller.serviceAccount.automountServiceAccountToken Automount service account token for the server service account
## @param controller.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
##
serviceAccount:
create: true
name: ""
automountServiceAccountToken: true
annotations: {}
## @param controller.revisionHistoryLimit Configure the revisionHistoryLimit of the Controller deployment
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#revision-history-limit
##
revisionHistoryLimit: 3
## @param controller.terminationGracePeriodSeconds Configure the grace time period for sig term
## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution
## @param controller.containerPorts.metrics Configures the ports the MetalLB Controller listens on for metrics
##
terminationGracePeriodSeconds: 0
## @param controller.containerPort.metrics Configures the ports the MetalLB Controller listens on for metrics
##
containerPort:
containerPorts:
metrics: 7472
## Liveness probe values
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
@@ -272,25 +369,89 @@ controller:
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
prometheus:
## Prometheus Operator service monitors
## Startup probe values
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
## @param controller.startupProbe.enabled Enable startupProbe
## @param controller.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param controller.startupProbe.periodSeconds Period seconds for startupProbe
## @param controller.startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param controller.startupProbe.failureThreshold Failure threshold for startupProbe
## @param controller.startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
## @param controller.customStartupProbe Custom liveness probe for the Web component
##
customStartupProbe: {}
## @param controller.customLivenessProbe Custom liveness probe for the Web component
##
customLivenessProbe: {}
## @param controller.customReadinessProbe Custom readiness probe for the Web component
##
customReadinessProbe: {}
## @section Metallb controller Prometheus metrics export
##
metrics:
## @param controller.metrics.enabled Enable the export of Prometheus metrics
##
enabled: false
## Prometheus Exporter service parameters
##
service:
## @param controller.metrics.service.port Prometheus metrics service port
##
port: 7472
## @param controller.metrics.service.annotations [object] Annotations for the Prometheus Exporter service service
##
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "7472"
prometheus.io/path: "/metrics" ## Prometheus Operator service monitors
##
serviceMonitor:
## @param controller.prometheus.serviceMonitor.enabled Specify if a servicemonitor will be deployed for prometheus-operator
## @param controller.metrics.serviceMonitor.enabled Specify if a servicemonitor will be deployed for prometheus-operator
##
enabled: false
## @param controller.prometheus.serviceMonitor.jobLabel Specify the jobLabel to use for the prometheus-operator
## @param controller.metrics.serviceMonitor.namespace Namespace which Prometheus is running in
## e.g:
## namespace: monitoring
##
namespace: ""
## @param controller.metrics.serviceMonitor.jobLabel Specify the jobLabel to use for the prometheus-operator
##
jobLabel: "app.kubernetes.io/name"
## @param controller.prometheus.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used
## @param controller.metrics.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used
##
interval: ""
## @param controller.prometheus.serviceMonitor.metricRelabelings Specify additional relabeling of metrics
## @param controller.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
##
scrapeTimeout: ""
## @param controller.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics
##
metricRelabelings: []
## @param controller.prometheus.serviceMonitor.relabelings Specify general relabeling
## @param controller.metrics.serviceMonitor.relabelings Specify general relabeling
##
relabelings: []
## @param controller.metrics.serviceMonitor.selector ServiceMonitor selector labels
## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
##
## selector:
## prometheus: my-prometheus
##
selector: {}
## @param controller.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
##
labels: {}
## @param controller.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
##
honorLabels: false
## @section Speaker parameters
@@ -307,7 +468,7 @@ speaker:
image:
registry: docker.io
repository: bitnami/metallb-speaker
tag: 0.12.1-debian-10-r59
tag: 0.12.1-debian-10-r62
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -321,6 +482,14 @@ speaker:
## - myRegistryKeySecretName
##
pullSecrets: []
## @param speaker.updateStrategy.type Speaker daemonset strategy type
## ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/
##
updateStrategy:
## StrategyType
## Can be set to RollingUpdate or OnDelete
##
type: RollingUpdate
## If global .Values.rbac.create is disabled no rbac is created.
## This value is then meaningless
## Defines if the speaker rbac should be created.
@@ -341,9 +510,13 @@ speaker:
## @param speaker.psp.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
##
create: true
## @param speaker.priorityClassName Set pod priorityClassName.
## @param speaker.priorityClassName Speaker pods' priorityClassName
##
priorityClassName: ""
## @param speaker.terminationGracePeriodSeconds In seconds, time the given to the Speaker pod needs to terminate gracefully
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
##
terminationGracePeriodSeconds: 2
## Speaker container resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
@@ -376,6 +549,31 @@ speaker:
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## Node speaker.affinity preset
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
##
nodeAffinityPreset:
## @param speaker.nodeAffinityPreset.type Node affinity preset type. Ignored if `speaker.affinity` is set. Allowed values: `soft` or `hard`
##
type: ""
## @param speaker.nodeAffinityPreset.key Node label key to match. Ignored if `speaker.affinity` is set
##
key: ""
## @param speaker.nodeAffinityPreset.values Node label values to match. Ignored if `speaker.affinity` is set
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param speaker.podAffinityPreset Pod affinity preset. Ignored if `speaker.affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param speaker.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `speaker.affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## @param speaker.podAnnotations Speaker Pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
@@ -384,24 +582,78 @@ speaker:
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
serviceAccount:
## @param speaker.serviceAccount.create Specifies whether a ServiceAccount should be created
##
create: true
## @param speaker.serviceAccount.name The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template
##
name: ""
## Daemonset configuration
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param speaker.podSecurityContext.enabled Enabled Speaker pods' Security Context
## @param speaker.podSecurityContext.fsGroup Set Speaker pod's Security Context fsGroup
##
daemonset:
## @param speaker.daemonset.terminationGracePeriodSeconds Configure the grace time period for sig term
## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution
##
terminationGracePeriodSeconds: 2
## @param speaker.daemonset.hostPorts.metrics HTTP Metrics Endpoint
##
hostPorts:
metrics: 7472
podSecurityContext:
enabled: true
fsGroup: 0
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param speaker.containerSecurityContext.enabled Enabled Speaker containers' Security Context
## @param speaker.containerSecurityContext.runAsUser Set Speaker containers' Security Context runAsUser
## @param speaker.containerSecurityContext.allowPrivilegeEscalation Enables privilege Escalation context for the pod.
## @param speaker.containerSecurityContext.readOnlyRootFilesystem Allows the pod to mount the RootFS as ReadOnly
## @param speaker.containerSecurityContext.capabilities.drop [array] Drop capabilities for the securityContext
## @param speaker.containerSecurityContext.capabilities.add [array] Add capabilities for the securityContext
##
containerSecurityContext:
enabled: true
runAsUser: 0
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
add:
- NET_ADMIN
- NET_RAW
- SYS_ADMIN
## @param speaker.command Override default container command (useful when using custom images)
##
command: []
## @param speaker.args Override default container args (useful when using custom images)
##
args: []
## @param speaker.lifecycleHooks for the Speaker container(s) to automate configuration before or after startup
##
lifecycleHooks: {}
## @param speaker.sidecars Add additional sidecar containers to the Speaker pod(s)
## e.g:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## @param speaker.initContainers Add additional init containers to the Speaker pod(s)
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
## e.g:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## command: ['sh', '-c', 'echo "hello world"']
##
initContainers: []
## Pods Service Account
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
## @param speaker.serviceAccount.create Specifies whether a ServiceAccount should be created
## @param speaker.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
## @param speaker.serviceAccount.automountServiceAccountToken Automount service account token for the server service account
## @param speaker.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
##
serviceAccount:
create: true
name: ""
automountServiceAccountToken: true
annotations: {}
## Defines a secret to use outside of the auto generate
## @param speaker.secretName References a Secret name for the member secret outside of the helm chart
## @param speaker.secretKey References a Secret key the member secret outside of the helm chart
@@ -415,30 +667,6 @@ speaker:
secretName: ""
secretKey: ""
secretValue: ""
## @param speaker.initContainers Extra initContainers to add to the daemonset
##
initContainers: []
## Pod securityContext
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param speaker.securityContext.enabled Enable pods' security context
## @param speaker.securityContext.runAsUser User ID for the pods.
## @param speaker.securityContext.allowPrivilegeEscalation Enables privilege Escalation context for the pod.
## @param speaker.securityContext.readOnlyRootFilesystem Allows the pod to mount the RootFS as ReadOnly
## @param speaker.securityContext.capabilities.drop [array] Drop capabilities for the securityContext
## @param speaker.securityContext.capabilities.add [array] Add capabilities for the securityContext
##
securityContext:
enabled: true
runAsUser: 0
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
add:
- NET_ADMIN
- NET_RAW
- SYS_ADMIN
## @param speaker.extraEnvVars Extra environment variable to pass to the running container.
## For example:
## extraEnvVars:
@@ -446,6 +674,22 @@ speaker:
## value: env_var_value
##
extraEnvVars: []
## @param speaker.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Speaker nodes
##
extraEnvVarsCM: ""
## @param speaker.extraEnvVarsSecret Name of existing Secret containing extra env vars for Speaker nodes
##
extraEnvVarsSecret: ""
## @param speaker.extraVolumes Optionally specify extra list of additional volumes for the Speaker pod(s)
##
extraVolumes: []
## @param speaker.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Speaker container(s)
##
extraVolumeMounts: []
## @param speaker.containerPorts.metrics HTTP Metrics Endpoint
##
containerPorts:
metrics: 7472
## Liveness probe values
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
## @param speaker.livenessProbe.enabled Enable livenessProbe
@@ -478,22 +722,86 @@ speaker:
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
prometheus:
## Startup probe values
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
## @param speaker.startupProbe.enabled Enable startupProbe
## @param speaker.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param speaker.startupProbe.periodSeconds Period seconds for startupProbe
## @param speaker.startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param speaker.startupProbe.failureThreshold Failure threshold for startupProbe
## @param speaker.startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
## @param speaker.customStartupProbe Custom liveness probe for the Web component
##
customStartupProbe: {}
## @param speaker.customLivenessProbe Custom liveness probe for the Web component
##
customLivenessProbe: {}
## @param speaker.customReadinessProbe Custom readiness probe for the Web component
##
customReadinessProbe: {}
## @section Speaker Prometheus metrics export
metrics:
## @param speaker.metrics.enabled Enable the export of Prometheus metrics
##
enabled: false
## Prometheus Exporter service parameters
##
service:
## @param speaker.metrics.service.port Prometheus metrics service port
##
port: 7472
## @param speaker.metrics.service.annotations [object] Annotations for the Prometheus Exporter service service
##
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "7472"
prometheus.io/path: "/metrics"
## Prometheus Operator service monitors
##
serviceMonitor:
## @param speaker.prometheus.serviceMonitor.enabled Enable support for Prometheus Operator
## @param speaker.metrics.serviceMonitor.enabled Enable support for Prometheus Operator
##
enabled: false
## @param speaker.prometheus.serviceMonitor.jobLabel Job label for scrape target
## @param speaker.metrics.serviceMonitor.namespace Namespace which Prometheus is running in
## e.g:
## namespace: monitoring
##
namespace: ""
## @param speaker.metrics.serviceMonitor.jobLabel Job label for scrape target
##
jobLabel: "app.kubernetes.io/name"
## @param speaker.prometheus.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used
## @param speaker.metrics.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used
##
interval: ""
## @param speaker.prometheus.serviceMonitor.metricRelabelings Specify additional relabeling of metrics
## @param speaker.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
##
scrapeTimeout: ""
## @param speaker.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics
##
metricRelabelings: []
## @param speaker.prometheus.serviceMonitor.relabelings Specify general relabeling
## @param speaker.metrics.serviceMonitor.relabelings Specify general relabeling
##
relabelings: []
## @param speaker.metrics.serviceMonitor.selector ServiceMonitor selector labels
## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
##
## selector:
## prometheus: my-prometheus
##
selector: {}
## @param speaker.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
##
labels: {}
## @param speaker.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
##
honorLabels: false