summaryrefslogtreecommitdiffstats
path: root/deployments/helm
diff options
context:
space:
mode:
Diffstat (limited to 'deployments/helm')
-rw-r--r--deployments/helm/servicemesh/metallb/.helmignore21
-rw-r--r--deployments/helm/servicemesh/metallb/Chart.yaml22
-rw-r--r--deployments/helm/servicemesh/metallb/README.md128
-rw-r--r--deployments/helm/servicemesh/metallb/templates/NOTES.txt29
-rw-r--r--deployments/helm/servicemesh/metallb/templates/_helpers.tpl80
-rw-r--r--deployments/helm/servicemesh/metallb/templates/config.yaml9
-rw-r--r--deployments/helm/servicemesh/metallb/templates/controller.yaml67
-rw-r--r--deployments/helm/servicemesh/metallb/templates/psp.yaml33
-rw-r--r--deployments/helm/servicemesh/metallb/templates/rbac.yaml117
-rw-r--r--deployments/helm/servicemesh/metallb/templates/service-accounts.yaml23
-rw-r--r--deployments/helm/servicemesh/metallb/templates/speaker.yaml80
-rw-r--r--deployments/helm/servicemesh/metallb/values.yaml96
12 files changed, 705 insertions, 0 deletions
diff --git a/deployments/helm/servicemesh/metallb/.helmignore b/deployments/helm/servicemesh/metallb/.helmignore
new file mode 100644
index 00000000..f0c13194
--- /dev/null
+++ b/deployments/helm/servicemesh/metallb/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/deployments/helm/servicemesh/metallb/Chart.yaml b/deployments/helm/servicemesh/metallb/Chart.yaml
new file mode 100644
index 00000000..5b627411
--- /dev/null
+++ b/deployments/helm/servicemesh/metallb/Chart.yaml
@@ -0,0 +1,22 @@
+#/*Copyright 2019 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+version: 0.10.0
+
+name: metallb
+appVersion: 0.8.1
+description: MetalLB is a load-balancer implementation for bare metal Kubernetes clusters
+keywords: ["load-balancer", "balancer", "lb", "bgp", "arp", "vrrp", "vip"]
+home: https://metallb.universe.tf
+icon: https://metallb.universe.tf/images/logo.png
diff --git a/deployments/helm/servicemesh/metallb/README.md b/deployments/helm/servicemesh/metallb/README.md
new file mode 100644
index 00000000..8cd4d45c
--- /dev/null
+++ b/deployments/helm/servicemesh/metallb/README.md
@@ -0,0 +1,128 @@
+/*
+ * Copyright 2019 Intel Corporation, Inc
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+NOTE - A configMap of available IPs is to be applied in order for services
+to get external IP address assigned. Please Update values.yaml with
+IP addresses before deploying
+
+Prerequisites
+-------------
+
+- Kubernetes 1.9+
+
+Installing the Chart
+--------------------
+
+The chart can be installed as follows:
+
+```console
+$ helm install --name metallb metallb
+```
+
+The command deploys MetalLB on the Kubernetes cluster. This chart does
+not provide a default configuration; MetalLB will not act on your
+Kubernetes Services until you provide
+one. The [configuration](#configuration) section lists various ways to
+provide this configuration.
+
+Uninstalling the Chart
+----------------------
+
+To uninstall/delete the `metallb` deployment:
+
+```console
+$ helm delete metallb
+```
+
+The command removes all the Kubernetes components associated with the
+chart, but will not remove the release metadata from `helm` — this will prevent
+you, for example, if you later try to create a release also named `metallb`). To
+fully delete the release and release history, simply [include the `--purge`
+flag][helm-usage]:
+
+```console
+$ helm delete --purge metallb
+```
+
+Configuration
+-------------
+
+See `values.yaml` for configuration notes. Specify each parameter
+using the `--set key=value[,key=value]` argument to `helm
+install`. For example,
+
+```console
+$ helm install --name metallb \
+ --set rbac.create=false \
+ stable/metallb
+```
+
+The above command disables the use of RBAC rules.
+
+Alternatively, a YAML file that specifies the values for the above
+parameters can be provided while installing the chart. For example,
+
+```console
+$ helm install --name metallb -f values.yaml metallb
+```
+
+By default, this chart does not install a configuration for MetalLB, and simply
+warns you that you must follow [the configuration instructions on MetalLB's
+website][metallb-config] to create an appropriate ConfigMap.
+
+**Please note:** By default, this chart expects a ConfigMap named
+'metallb-config' within the same namespace as the chart is
+deployed. _This is different than the MetalLB documentation_, which
+asks you to create a ConfigMap in the `metallb-system` namespace, with
+the name of 'config'.
+
+For simple setups that only use MetalLB's [ARP mode][metallb-arpndp-concepts],
+you can specify a single IP range using the `arpAddresses` parameter to have the
+chart install a working configuration for you:
+
+```console
+$ helm install --name metallb \
+ --set arpAddresses=192.168.16.240/30 \
+ stable/metallb
+```
+
+If you have a more complex configuration and want Helm to manage it for you, you
+can provide it in the `config` parameter. The configuration format is
+[documented on MetalLB's website][metallb-config].
+
+```console
+$ cat values.yaml
+configInline:
+ peers:
+ - peer-address: 10.0.0.1
+ peer-asn: 64512
+ my-asn: 64512
+ address-pools:
+ - name: default
+ protocol: bgp
+ addresses:
+ - 198.51.100.0/24
+
+$ helm install --name metallb -f values.yaml metallb
+```
+
+[helm-home]: https://helm.sh
+[helm-usage]: https://docs.helm.sh/using_helm/
+[k8s-home]: https://kubernetes.io
+[metallb-arpndp-concepts]: https://metallb.universe.tf/concepts/arp-ndp/
+[metallb-config]: https://metallb.universe.tf/configuration/
+[metallb-home]: https://metallb.universe.tf
diff --git a/deployments/helm/servicemesh/metallb/templates/NOTES.txt b/deployments/helm/servicemesh/metallb/templates/NOTES.txt
new file mode 100644
index 00000000..64df7a0d
--- /dev/null
+++ b/deployments/helm/servicemesh/metallb/templates/NOTES.txt
@@ -0,0 +1,29 @@
+
+#/*
+# * Copyright 2019 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+
+A config map is to applied with available IPs that MetalLB can use to
+Assign to service with type:LoadBalancer
+MetalLB is now running in the cluster.
+{{- if .Values.configInline }}
+LoadBalancer Services in your cluster are now available on the IPs you
+defined in MetalLB's configuration. To see IP assignments,
+try `kubectl get services`.
+{{- else }}
+WARNING: you specified a ConfigMap that isn't managed by
+Helm. LoadBalancer services will not function until you add that
+ConfigMap to your cluster yourself.
+{{- end }}
diff --git a/deployments/helm/servicemesh/metallb/templates/_helpers.tpl b/deployments/helm/servicemesh/metallb/templates/_helpers.tpl
new file mode 100644
index 00000000..5e59e6cd
--- /dev/null
+++ b/deployments/helm/servicemesh/metallb/templates/_helpers.tpl
@@ -0,0 +1,80 @@
+#/*
+# * Copyright 2019 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+
+
+Expand the name of the chart.
+*/}}
+{{- define "metallb.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "metallb.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "metallb.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create the name of the controller service account to use
+*/}}
+{{- define "metallb.controllerServiceAccountName" -}}
+{{- if .Values.serviceAccounts.controller.create -}}
+ {{ default (printf "%s-controller" (include "metallb.fullname" .)) .Values.serviceAccounts.controller.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccounts.controller.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the speaker service account to use
+*/}}
+{{- define "metallb.speakerServiceAccountName" -}}
+{{- if .Values.serviceAccounts.speaker.create -}}
+ {{ default (printf "%s-speaker" (include "metallb.fullname" .)) .Values.serviceAccounts.speaker.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccounts.speaker.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the settings ConfigMap to use.
+*/}}
+{{- define "metallb.configMapName" -}}
+{{- if .Values.config -}}
+ {{ include "metallb.fullname" . }}
+{{- else -}}
+ {{ .Values.existingConfigMap }}
+{{- end -}}
+{{- end -}}
diff --git a/deployments/helm/servicemesh/metallb/templates/config.yaml b/deployments/helm/servicemesh/metallb/templates/config.yaml
new file mode 100644
index 00000000..da27eb38
--- /dev/null
+++ b/deployments/helm/servicemesh/metallb/templates/config.yaml
@@ -0,0 +1,9 @@
+{{- if .Values.config }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "metallb.fullname" . }}
+data:
+ config: |
+{{ toYaml .Values.config | indent 4 }}
+{{- end }}
diff --git a/deployments/helm/servicemesh/metallb/templates/controller.yaml b/deployments/helm/servicemesh/metallb/templates/controller.yaml
new file mode 100644
index 00000000..f993ca32
--- /dev/null
+++ b/deployments/helm/servicemesh/metallb/templates/controller.yaml
@@ -0,0 +1,67 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ template "metallb.fullname" . }}-controller
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: {{ template "metallb.chart" . }}
+ app: {{ template "metallb.name" . }}
+ component: controller
+spec:
+ revisionHistoryLimit: 3
+ selector:
+ matchLabels:
+ app: {{ template "metallb.name" . }}
+ component: controller
+ release: {{ .Release.Name | quote }}
+ template:
+ metadata:
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: {{ template "metallb.chart" . }}
+ app: {{ template "metallb.name" . }}
+ component: controller
+{{- if .Values.prometheus.scrapeAnnotations }}
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: "7472"
+{{- end }}
+ spec:
+ serviceAccountName: {{ template "metallb.controllerServiceAccountName" . }}
+ terminationGracePeriodSeconds: 0
+ securityContext:
+ runAsNonRoot: true
+ runAsUser: 65534 # nobody
+ nodeSelector:
+ "beta.kubernetes.io/os": linux
+ {{- with .Values.controller.nodeSelector }}
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.controller.tolerations }}
+ tolerations:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.controller.affinity }}
+ affinity:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ containers:
+ - name: controller
+ image: {{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}
+ imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
+ args:
+ - --port=7472
+ - --config={{ template "metallb.configMapName" . }}
+ ports:
+ - name: monitoring
+ containerPort: 7472
+ resources:
+{{ toYaml .Values.controller.resources | indent 10 }}
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - all
+ readOnlyRootFilesystem: true
diff --git a/deployments/helm/servicemesh/metallb/templates/psp.yaml b/deployments/helm/servicemesh/metallb/templates/psp.yaml
new file mode 100644
index 00000000..891aeb60
--- /dev/null
+++ b/deployments/helm/servicemesh/metallb/templates/psp.yaml
@@ -0,0 +1,33 @@
+{{- if .Values.psp.create -}}
+
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ template "metallb.fullname" . }}-speaker
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: {{ template "metallb.chart" . }}
+ app: {{ template "metallb.name" . }}
+spec:
+ hostNetwork: true
+ hostPorts:
+ - min: 7472
+ max: 7472
+ privileged: true
+ allowPrivilegeEscalation: false
+ allowedCapabilities:
+ - 'NET_ADMIN'
+ - 'NET_RAW'
+ - 'SYS_ADMIN'
+ volumes:
+ - '*'
+ fsGroup:
+ rule: RunAsAny
+ runAsUser:
+ rule: RunAsAny
+ seLinux:
+ rule: RunAsAny
+ supplementalGroups:
+ rule: RunAsAny
+{{- end -}}
diff --git a/deployments/helm/servicemesh/metallb/templates/rbac.yaml b/deployments/helm/servicemesh/metallb/templates/rbac.yaml
new file mode 100644
index 00000000..658df7e6
--- /dev/null
+++ b/deployments/helm/servicemesh/metallb/templates/rbac.yaml
@@ -0,0 +1,117 @@
+{{- if .Values.rbac.create -}}
+
+# Roles
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "metallb.fullname" . }}:controller
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: {{ template "metallb.chart" . }}
+ app: {{ template "metallb.name" . }}
+rules:
+- apiGroups: [""]
+ resources: ["services"]
+ verbs: ["get", "list", "watch", "update"]
+- apiGroups: [""]
+ resources: ["services/status"]
+ verbs: ["update"]
+- apiGroups: [""]
+ resources: ["events"]
+ verbs: ["create", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "metallb.fullname" . }}:speaker
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: {{ template "metallb.chart" . }}
+ app: {{ template "metallb.name" . }}
+rules:
+- apiGroups: [""]
+ resources: ["services", "endpoints", "nodes"]
+ verbs: ["get", "list", "watch"]
+- apiGroups: [""]
+ resources: ["events"]
+ verbs: ["create", "patch"]
+{{- if .Values.psp.create }}
+- apiGroups: ["extensions"]
+ resources: ["podsecuritypolicies"]
+ resourceNames: [{{ printf "%s-speaker" (include "metallb.fullname" .) | quote}}]
+ verbs: ["use"]
+{{- end }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ template "metallb.fullname" . }}-config-watcher
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: {{ template "metallb.chart" . }}
+ app: {{ template "metallb.name" . }}
+rules:
+- apiGroups: [""]
+ resources: ["configmaps"]
+ verbs: ["get", "list", "watch"]
+---
+
+## Role bindings
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "metallb.fullname" . }}:controller
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: {{ template "metallb.chart" . }}
+ app: {{ template "metallb.name" . }}
+subjects:
+- kind: ServiceAccount
+ name: {{ template "metallb.controllerServiceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "metallb.fullname" . }}:controller
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "metallb.fullname" . }}:speaker
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: {{ template "metallb.chart" . }}
+ app: {{ template "metallb.name" . }}
+subjects:
+- kind: ServiceAccount
+ name: {{ template "metallb.speakerServiceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "metallb.fullname" . }}:speaker
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ template "metallb.fullname" . }}-config-watcher
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: {{ template "metallb.chart" . }}
+ app: {{ template "metallb.name" . }}
+subjects:
+- kind: ServiceAccount
+ name: {{ template "metallb.controllerServiceAccountName" . }}
+- kind: ServiceAccount
+ name: {{ template "metallb.speakerServiceAccountName" . }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ template "metallb.fullname" . }}-config-watcher
+{{- end -}}
diff --git a/deployments/helm/servicemesh/metallb/templates/service-accounts.yaml b/deployments/helm/servicemesh/metallb/templates/service-accounts.yaml
new file mode 100644
index 00000000..5b87a652
--- /dev/null
+++ b/deployments/helm/servicemesh/metallb/templates/service-accounts.yaml
@@ -0,0 +1,23 @@
+{{- if .Values.serviceAccounts.controller.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ template "metallb.controllerServiceAccountName" . }}
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: {{ template "metallb.chart" . }}
+ app: {{ template "metallb.name" . }}
+{{- end }}
+---
+{{- if .Values.serviceAccounts.speaker.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ template "metallb.speakerServiceAccountName" . }}
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: {{ template "metallb.chart" . }}
+ app: {{ template "metallb.name" . }}
+{{- end }}
diff --git a/deployments/helm/servicemesh/metallb/templates/speaker.yaml b/deployments/helm/servicemesh/metallb/templates/speaker.yaml
new file mode 100644
index 00000000..53e2c675
--- /dev/null
+++ b/deployments/helm/servicemesh/metallb/templates/speaker.yaml
@@ -0,0 +1,80 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: {{ template "metallb.fullname" . }}-speaker
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: {{ template "metallb.chart" . }}
+ app: {{ template "metallb.name" . }}
+ component: speaker
+spec:
+ selector:
+ matchLabels:
+ app: {{ template "metallb.name" . }}
+ component: speaker
+ release: {{ .Release.Name | quote }}
+ template:
+ metadata:
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: {{ template "metallb.chart" . }}
+ app: {{ template "metallb.name" . }}
+ component: speaker
+{{- if .Values.prometheus.scrapeAnnotations }}
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: "7472"
+{{- end }}
+ spec:
+ tolerations:
+ - key: node-role.kubernetes.io/master
+ effect: NoSchedule
+ serviceAccountName: {{ template "metallb.speakerServiceAccountName" . }}
+ terminationGracePeriodSeconds: 0
+ hostNetwork: true
+ containers:
+ - name: speaker
+ image: {{ .Values.speaker.image.repository }}:{{ .Values.speaker.image.tag }}
+ imagePullPolicy: {{ .Values.speaker.image.pullPolicy }}
+ args:
+ - --port=7472
+ - --config={{ template "metallb.configMapName" . }}
+ env:
+ - name: METALLB_NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: METALLB_HOST
+ valueFrom:
+ fieldRef:
+ fieldPath: status.hostIP
+ ports:
+ - name: monitoring
+ containerPort: 7472
+ resources:
+{{ toYaml .Values.speaker.resources | indent 10 }}
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ capabilities:
+ drop:
+ - ALL
+ add:
+ - NET_ADMIN
+ - NET_RAW
+ - SYS_ADMIN
+ nodeSelector:
+ "beta.kubernetes.io/os": linux
+ {{- with .Values.speaker.nodeSelector }}
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.speaker.tolerations }}
+ tolerations:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.speaker.affinity }}
+ affinity:
+{{ toYaml . | indent 8 }}
+ {{- end }}
diff --git a/deployments/helm/servicemesh/metallb/values.yaml b/deployments/helm/servicemesh/metallb/values.yaml
new file mode 100644
index 00000000..e03a0b76
--- /dev/null
+++ b/deployments/helm/servicemesh/metallb/values.yaml
@@ -0,0 +1,96 @@
+#/*Copyright 2019 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+
+# existingConfigMap specifies the name of an externally-defined
+# ConfigMap to use as the configuration. Helm will not manage the
+# contents of this ConfigMap, it is your responsibility to create it.
+existingConfigMap: metallb-config
+
+# configInline specifies MetalLB's configuration directly, in yaml
+# format. When configInline is used, Helm manages MetalLB's
+# configuration ConfigMap as part of the release, and
+# existingConfigMap is ignored.
+#
+# Refer to https://metallb.universe.tf/configuration/ for
+# available options.
+config:
+ address-pools:
+ - name: default
+ protocol: layer2
+ addresses:
+ - <IP Address/IP Address Pool>
+
+rbac:
+ # create specifies whether to install and use RBAC rules.
+ create: true
+
+psp:
+ # create specifies whether to install and use Pod Security Policies.
+ create: true
+
+prometheus:
+ # scrape annotations specifies whether to add Prometheus metric
+ # auto-collection annotations to pods. See
+ # https://github.com/prometheus/prometheus/blob/release-2.1/documentation/examples/prometheus-kubernetes.yml
+ # for a corresponding Prometheus configuration. Alternatively, you
+ # may want to use the Prometheus Operator
+ # (https://github.com/coreos/prometheus-operator) for more powerful
+ # monitoring configuration. If you use the Prometheus operator, this
+ # can be left at false.
+ scrapeAnnotations: false
+
+serviceAccounts:
+ controller:
+ # Specifies whether a ServiceAccount should be created
+ create: true
+ # The name of the ServiceAccount to use. If not set and create is
+ # true, a name is generated using the fullname template
+ name: ""
+ speaker:
+ # Specifies whether a ServiceAccount should be created
+ create: true
+ # The name of the ServiceAccount to use. If not set and create is
+ # true, a name is generated using the fullname template
+ name: ""
+
+# controller contains configuration specific to the MetalLB cluster
+# controller.
+controller:
+ image:
+ repository: metallb/controller
+ tag: v0.8.1
+ pullPolicy: IfNotPresent
+ resources: {}
+ # limits:
+ # cpu: 100m
+ # memory: 100Mi
+ nodeSelector: {}
+ tolerations: []
+ affinity: {}
+
+# speaker contains configuration specific to the MetalLB speaker
+# daemonset.
+speaker:
+ image:
+ repository: metallb/speaker
+ tag: v0.8.1
+ pullPolicy: IfNotPresent
+ resources: {}
+ # limits:
+ # cpu: 100m
+ # memory: 100Mi
+ nodeSelector: {}
+ tolerations: []
+ affinity: {}