summaryrefslogtreecommitdiffstats
path: root/deployments/helm/servicemesh/metallb/templates
diff options
context:
space:
mode:
Diffstat (limited to 'deployments/helm/servicemesh/metallb/templates')
-rw-r--r--deployments/helm/servicemesh/metallb/templates/NOTES.txt29
-rw-r--r--deployments/helm/servicemesh/metallb/templates/_helpers.tpl80
-rw-r--r--deployments/helm/servicemesh/metallb/templates/config.yaml9
-rw-r--r--deployments/helm/servicemesh/metallb/templates/controller.yaml67
-rw-r--r--deployments/helm/servicemesh/metallb/templates/psp.yaml33
-rw-r--r--deployments/helm/servicemesh/metallb/templates/rbac.yaml117
-rw-r--r--deployments/helm/servicemesh/metallb/templates/service-accounts.yaml23
-rw-r--r--deployments/helm/servicemesh/metallb/templates/speaker.yaml80
8 files changed, 438 insertions, 0 deletions
diff --git a/deployments/helm/servicemesh/metallb/templates/NOTES.txt b/deployments/helm/servicemesh/metallb/templates/NOTES.txt
new file mode 100644
index 00000000..64df7a0d
--- /dev/null
+++ b/deployments/helm/servicemesh/metallb/templates/NOTES.txt
@@ -0,0 +1,29 @@
+
+#/*
+# * Copyright 2019 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+
+A config map is to applied with available IPs that MetalLB can use to
+Assign to service with type:LoadBalancer
+MetalLB is now running in the cluster.
+{{- if .Values.configInline }}
+LoadBalancer Services in your cluster are now available on the IPs you
+defined in MetalLB's configuration. To see IP assignments,
+try `kubectl get services`.
+{{- else }}
+WARNING: you specified a ConfigMap that isn't managed by
+Helm. LoadBalancer services will not function until you add that
+ConfigMap to your cluster yourself.
+{{- end }}
diff --git a/deployments/helm/servicemesh/metallb/templates/_helpers.tpl b/deployments/helm/servicemesh/metallb/templates/_helpers.tpl
new file mode 100644
index 00000000..5e59e6cd
--- /dev/null
+++ b/deployments/helm/servicemesh/metallb/templates/_helpers.tpl
@@ -0,0 +1,80 @@
+#/*
+# * Copyright 2019 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+
+
+Expand the name of the chart.
+*/}}
+{{- define "metallb.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "metallb.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "metallb.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create the name of the controller service account to use
+*/}}
+{{- define "metallb.controllerServiceAccountName" -}}
+{{- if .Values.serviceAccounts.controller.create -}}
+ {{ default (printf "%s-controller" (include "metallb.fullname" .)) .Values.serviceAccounts.controller.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccounts.controller.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the speaker service account to use
+*/}}
+{{- define "metallb.speakerServiceAccountName" -}}
+{{- if .Values.serviceAccounts.speaker.create -}}
+ {{ default (printf "%s-speaker" (include "metallb.fullname" .)) .Values.serviceAccounts.speaker.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccounts.speaker.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the settings ConfigMap to use.
+*/}}
+{{- define "metallb.configMapName" -}}
+{{- if .Values.config -}}
+ {{ include "metallb.fullname" . }}
+{{- else -}}
+ {{ .Values.existingConfigMap }}
+{{- end -}}
+{{- end -}}
diff --git a/deployments/helm/servicemesh/metallb/templates/config.yaml b/deployments/helm/servicemesh/metallb/templates/config.yaml
new file mode 100644
index 00000000..da27eb38
--- /dev/null
+++ b/deployments/helm/servicemesh/metallb/templates/config.yaml
@@ -0,0 +1,9 @@
+{{- if .Values.config }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "metallb.fullname" . }}
+data:
+ config: |
+{{ toYaml .Values.config | indent 4 }}
+{{- end }}
diff --git a/deployments/helm/servicemesh/metallb/templates/controller.yaml b/deployments/helm/servicemesh/metallb/templates/controller.yaml
new file mode 100644
index 00000000..f993ca32
--- /dev/null
+++ b/deployments/helm/servicemesh/metallb/templates/controller.yaml
@@ -0,0 +1,67 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ template "metallb.fullname" . }}-controller
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: {{ template "metallb.chart" . }}
+ app: {{ template "metallb.name" . }}
+ component: controller
+spec:
+ revisionHistoryLimit: 3
+ selector:
+ matchLabels:
+ app: {{ template "metallb.name" . }}
+ component: controller
+ release: {{ .Release.Name | quote }}
+ template:
+ metadata:
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: {{ template "metallb.chart" . }}
+ app: {{ template "metallb.name" . }}
+ component: controller
+{{- if .Values.prometheus.scrapeAnnotations }}
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: "7472"
+{{- end }}
+ spec:
+ serviceAccountName: {{ template "metallb.controllerServiceAccountName" . }}
+ terminationGracePeriodSeconds: 0
+ securityContext:
+ runAsNonRoot: true
+ runAsUser: 65534 # nobody
+ nodeSelector:
+ "beta.kubernetes.io/os": linux
+ {{- with .Values.controller.nodeSelector }}
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.controller.tolerations }}
+ tolerations:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.controller.affinity }}
+ affinity:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ containers:
+ - name: controller
+ image: {{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}
+ imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
+ args:
+ - --port=7472
+ - --config={{ template "metallb.configMapName" . }}
+ ports:
+ - name: monitoring
+ containerPort: 7472
+ resources:
+{{ toYaml .Values.controller.resources | indent 10 }}
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - all
+ readOnlyRootFilesystem: true
diff --git a/deployments/helm/servicemesh/metallb/templates/psp.yaml b/deployments/helm/servicemesh/metallb/templates/psp.yaml
new file mode 100644
index 00000000..891aeb60
--- /dev/null
+++ b/deployments/helm/servicemesh/metallb/templates/psp.yaml
@@ -0,0 +1,33 @@
+{{- if .Values.psp.create -}}
+
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ template "metallb.fullname" . }}-speaker
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: {{ template "metallb.chart" . }}
+ app: {{ template "metallb.name" . }}
+spec:
+ hostNetwork: true
+ hostPorts:
+ - min: 7472
+ max: 7472
+ privileged: true
+ allowPrivilegeEscalation: false
+ allowedCapabilities:
+ - 'NET_ADMIN'
+ - 'NET_RAW'
+ - 'SYS_ADMIN'
+ volumes:
+ - '*'
+ fsGroup:
+ rule: RunAsAny
+ runAsUser:
+ rule: RunAsAny
+ seLinux:
+ rule: RunAsAny
+ supplementalGroups:
+ rule: RunAsAny
+{{- end -}}
diff --git a/deployments/helm/servicemesh/metallb/templates/rbac.yaml b/deployments/helm/servicemesh/metallb/templates/rbac.yaml
new file mode 100644
index 00000000..658df7e6
--- /dev/null
+++ b/deployments/helm/servicemesh/metallb/templates/rbac.yaml
@@ -0,0 +1,117 @@
+{{- if .Values.rbac.create -}}
+
+# Roles
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "metallb.fullname" . }}:controller
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: {{ template "metallb.chart" . }}
+ app: {{ template "metallb.name" . }}
+rules:
+- apiGroups: [""]
+ resources: ["services"]
+ verbs: ["get", "list", "watch", "update"]
+- apiGroups: [""]
+ resources: ["services/status"]
+ verbs: ["update"]
+- apiGroups: [""]
+ resources: ["events"]
+ verbs: ["create", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "metallb.fullname" . }}:speaker
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: {{ template "metallb.chart" . }}
+ app: {{ template "metallb.name" . }}
+rules:
+- apiGroups: [""]
+ resources: ["services", "endpoints", "nodes"]
+ verbs: ["get", "list", "watch"]
+- apiGroups: [""]
+ resources: ["events"]
+ verbs: ["create", "patch"]
+{{- if .Values.psp.create }}
+- apiGroups: ["extensions"]
+ resources: ["podsecuritypolicies"]
+ resourceNames: [{{ printf "%s-speaker" (include "metallb.fullname" .) | quote}}]
+ verbs: ["use"]
+{{- end }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ template "metallb.fullname" . }}-config-watcher
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: {{ template "metallb.chart" . }}
+ app: {{ template "metallb.name" . }}
+rules:
+- apiGroups: [""]
+ resources: ["configmaps"]
+ verbs: ["get", "list", "watch"]
+---
+
+## Role bindings
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "metallb.fullname" . }}:controller
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: {{ template "metallb.chart" . }}
+ app: {{ template "metallb.name" . }}
+subjects:
+- kind: ServiceAccount
+ name: {{ template "metallb.controllerServiceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "metallb.fullname" . }}:controller
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "metallb.fullname" . }}:speaker
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: {{ template "metallb.chart" . }}
+ app: {{ template "metallb.name" . }}
+subjects:
+- kind: ServiceAccount
+ name: {{ template "metallb.speakerServiceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "metallb.fullname" . }}:speaker
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ template "metallb.fullname" . }}-config-watcher
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: {{ template "metallb.chart" . }}
+ app: {{ template "metallb.name" . }}
+subjects:
+- kind: ServiceAccount
+ name: {{ template "metallb.controllerServiceAccountName" . }}
+- kind: ServiceAccount
+ name: {{ template "metallb.speakerServiceAccountName" . }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ template "metallb.fullname" . }}-config-watcher
+{{- end -}}
diff --git a/deployments/helm/servicemesh/metallb/templates/service-accounts.yaml b/deployments/helm/servicemesh/metallb/templates/service-accounts.yaml
new file mode 100644
index 00000000..5b87a652
--- /dev/null
+++ b/deployments/helm/servicemesh/metallb/templates/service-accounts.yaml
@@ -0,0 +1,23 @@
+{{- if .Values.serviceAccounts.controller.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ template "metallb.controllerServiceAccountName" . }}
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: {{ template "metallb.chart" . }}
+ app: {{ template "metallb.name" . }}
+{{- end }}
+---
+{{- if .Values.serviceAccounts.speaker.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ template "metallb.speakerServiceAccountName" . }}
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: {{ template "metallb.chart" . }}
+ app: {{ template "metallb.name" . }}
+{{- end }}
diff --git a/deployments/helm/servicemesh/metallb/templates/speaker.yaml b/deployments/helm/servicemesh/metallb/templates/speaker.yaml
new file mode 100644
index 00000000..53e2c675
--- /dev/null
+++ b/deployments/helm/servicemesh/metallb/templates/speaker.yaml
@@ -0,0 +1,80 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: {{ template "metallb.fullname" . }}-speaker
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: {{ template "metallb.chart" . }}
+ app: {{ template "metallb.name" . }}
+ component: speaker
+spec:
+ selector:
+ matchLabels:
+ app: {{ template "metallb.name" . }}
+ component: speaker
+ release: {{ .Release.Name | quote }}
+ template:
+ metadata:
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: {{ template "metallb.chart" . }}
+ app: {{ template "metallb.name" . }}
+ component: speaker
+{{- if .Values.prometheus.scrapeAnnotations }}
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: "7472"
+{{- end }}
+ spec:
+ tolerations:
+ - key: node-role.kubernetes.io/master
+ effect: NoSchedule
+ serviceAccountName: {{ template "metallb.speakerServiceAccountName" . }}
+ terminationGracePeriodSeconds: 0
+ hostNetwork: true
+ containers:
+ - name: speaker
+ image: {{ .Values.speaker.image.repository }}:{{ .Values.speaker.image.tag }}
+ imagePullPolicy: {{ .Values.speaker.image.pullPolicy }}
+ args:
+ - --port=7472
+ - --config={{ template "metallb.configMapName" . }}
+ env:
+ - name: METALLB_NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: METALLB_HOST
+ valueFrom:
+ fieldRef:
+ fieldPath: status.hostIP
+ ports:
+ - name: monitoring
+ containerPort: 7472
+ resources:
+{{ toYaml .Values.speaker.resources | indent 10 }}
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ capabilities:
+ drop:
+ - ALL
+ add:
+ - NET_ADMIN
+ - NET_RAW
+ - SYS_ADMIN
+ nodeSelector:
+ "beta.kubernetes.io/os": linux
+ {{- with .Values.speaker.nodeSelector }}
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.speaker.tolerations }}
+ tolerations:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.speaker.affinity }}
+ affinity:
+{{ toYaml . | indent 8 }}
+ {{- end }}