--- # Source: metallb/templates/service-accounts.yaml apiVersion: v1 kind: ServiceAccount metadata: name: metallb-controller namespace: "metallb-system" labels: helm.sh/chart: metallb-0.15.3 app.kubernetes.io/name: metallb app.kubernetes.io/instance: metallb app.kubernetes.io/version: "v0.15.3" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller --- # Source: metallb/templates/service-accounts.yaml apiVersion: v1 kind: ServiceAccount metadata: name: metallb-speaker namespace: "metallb-system" labels: helm.sh/chart: metallb-0.15.3 app.kubernetes.io/name: metallb app.kubernetes.io/instance: metallb app.kubernetes.io/version: "v0.15.3" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: speaker --- # Source: metallb/templates/webhooks.yaml apiVersion: v1 kind: Secret metadata: name: metallb-webhook-cert namespace: "metallb-system" labels: helm.sh/chart: metallb-0.15.3 app.kubernetes.io/name: metallb app.kubernetes.io/instance: metallb app.kubernetes.io/version: "v0.15.3" app.kubernetes.io/managed-by: Helm --- # Source: metallb/templates/exclude-l2-config.yaml apiVersion: v1 kind: ConfigMap metadata: name: metallb-excludel2 namespace: "metallb-system" labels: helm.sh/chart: metallb-0.15.3 app.kubernetes.io/name: metallb app.kubernetes.io/instance: metallb app.kubernetes.io/version: "v0.15.3" app.kubernetes.io/managed-by: Helm data: excludel2.yaml: | announcedInterfacesToExclude: - ^docker.* - ^cbr.* - ^dummy.* - ^virbr.* - ^lxcbr.* - ^veth.* - ^lo$ - ^cali.* - ^tunl.* - ^flannel.* - ^kube-ipvs.* - ^cni.* - ^nodelocaldns.* - ^lxc.* --- # Source: metallb/templates/speaker.yaml # FRR expects to have these files owned by frr:frr on startup. # Having them in a ConfigMap allows us to modify behaviors: for example enabling more daemons on startup. apiVersion: v1 kind: ConfigMap metadata: name: metallb-frr-startup namespace: "metallb-system" labels: helm.sh/chart: metallb-0.15.3 app.kubernetes.io/name: metallb app.kubernetes.io/instance: metallb app.kubernetes.io/version: "v0.15.3" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: speaker data: daemons: | # This file tells the frr package which daemons to start. # # Sample configurations for these daemons can be found in # /usr/share/doc/frr/examples/. # # ATTENTION: # # When activating a daemon for the first time, a config file, even if it is # empty, has to be present *and* be owned by the user and group "frr", else # the daemon will not be started by /etc/init.d/frr. The permissions should # be u=rw,g=r,o=. # When using "vtysh" such a config file is also needed. It should be owned by # group "frrvty" and set to ug=rw,o= though. Check /etc/pam.d/frr, too. # # The watchfrr and zebra daemons are always started. # bgpd=yes ospfd=no ospf6d=no ripd=no ripngd=no isisd=no pimd=no ldpd=no nhrpd=no eigrpd=no babeld=no sharpd=no pbrd=no bfdd=yes fabricd=no vrrpd=no # # If this option is set the /etc/init.d/frr script automatically loads # the config via "vtysh -b" when the servers are started. # Check /etc/pam.d/frr if you intend to use "vtysh"! # vtysh_enable=yes zebra_options=" -A 127.0.0.1 -s 90000000 --limit-fds 100000" bgpd_options=" -A 127.0.0.1 -p 0 --limit-fds 100000" ospfd_options=" -A 127.0.0.1" ospf6d_options=" -A ::1" ripd_options=" -A 127.0.0.1" ripngd_options=" -A ::1" isisd_options=" -A 127.0.0.1" pimd_options=" -A 127.0.0.1" ldpd_options=" -A 127.0.0.1" nhrpd_options=" -A 127.0.0.1" eigrpd_options=" -A 127.0.0.1" babeld_options=" -A 127.0.0.1" sharpd_options=" -A 127.0.0.1" pbrd_options=" -A 127.0.0.1" staticd_options="-A 127.0.0.1 --limit-fds 100000" bfdd_options=" -A 127.0.0.1 --limit-fds 100000" fabricd_options="-A 127.0.0.1" vrrpd_options=" -A 127.0.0.1" # configuration profile # #frr_profile="traditional" #frr_profile="datacenter" # # This is the maximum number of FD's that will be available. # Upon startup this is read by the control files and ulimit # is called. Uncomment and use a reasonable value for your # setup if you are expecting a large number of peers in # say BGP. #MAX_FDS=1024 # The list of daemons to watch is automatically generated by the init script. #watchfrr_options="" # for debugging purposes, you can specify a "wrap" command to start instead # of starting the daemon directly, e.g. to use valgrind on ospfd: # ospfd_wrap="/usr/bin/valgrind" # or you can use "all_wrap" for all daemons, e.g. to use perf record: # all_wrap="/usr/bin/perf record --call-graph -" # the normal daemon command is added to this at the end. vtysh.conf: |+ service integrated-vtysh-config frr.conf: |+ ! This file gets overriden the first time the speaker renders a config. ! So anything configured here is only temporary. frr version 8.0 frr defaults traditional hostname Router line vty log file /etc/frr/frr.log informational --- # Source: metallb/charts/crds/templates/crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.19.0 name: bfdprofiles.metallb.io spec: group: metallb.io names: kind: BFDProfile listKind: BFDProfileList plural: bfdprofiles singular: bfdprofile scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .spec.passiveMode name: Passive Mode type: boolean - jsonPath: .spec.transmitInterval name: Transmit Interval type: integer - jsonPath: .spec.receiveInterval name: Receive Interval type: integer - jsonPath: .spec.detectMultiplier name: Multiplier type: integer name: v1beta1 schema: openAPIV3Schema: description: |- BFDProfile represents the settings of the bfd session that can be optionally associated with a BGP session. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: BFDProfileSpec defines the desired state of BFDProfile. properties: detectMultiplier: description: |- Configures the detection multiplier to determine packet loss. The remote transmission interval will be multiplied by this value to determine the connection loss detection timer. format: int32 maximum: 255 minimum: 2 type: integer echoInterval: description: |- Configures the minimal echo receive transmission interval that this system is capable of handling in milliseconds. Defaults to 50ms format: int32 maximum: 60000 minimum: 10 type: integer echoMode: description: |- Enables or disables the echo transmission mode. This mode is disabled by default, and not supported on multi hops setups. type: boolean minimumTtl: description: |- For multi hop sessions only: configure the minimum expected TTL for an incoming BFD control packet. format: int32 maximum: 254 minimum: 1 type: integer passiveMode: description: |- Mark session as passive: a passive session will not attempt to start the connection and will wait for control packets from peer before it begins replying. type: boolean receiveInterval: description: |- The minimum interval that this system is capable of receiving control packets in milliseconds. Defaults to 300ms. format: int32 maximum: 60000 minimum: 10 type: integer transmitInterval: description: |- The minimum transmission interval (less jitter) that this system wants to use to send BFD control packets in milliseconds. Defaults to 300ms format: int32 maximum: 60000 minimum: 10 type: integer type: object status: description: BFDProfileStatus defines the observed state of BFDProfile. type: object type: object served: true storage: true subresources: status: {} --- # Source: metallb/charts/crds/templates/crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.19.0 name: bgpadvertisements.metallb.io spec: group: metallb.io names: kind: BGPAdvertisement listKind: BGPAdvertisementList plural: bgpadvertisements singular: bgpadvertisement scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .spec.ipAddressPools name: IPAddressPools type: string - jsonPath: .spec.ipAddressPoolSelectors name: IPAddressPool Selectors type: string - jsonPath: .spec.peers name: Peers type: string - jsonPath: .spec.nodeSelectors name: Node Selectors priority: 10 type: string name: v1beta1 schema: openAPIV3Schema: description: |- BGPAdvertisement allows to advertise the IPs coming from the selected IPAddressPools via BGP, setting the parameters of the BGP Advertisement. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: BGPAdvertisementSpec defines the desired state of BGPAdvertisement. properties: aggregationLength: default: 32 description: The aggregation-length advertisement option lets you “roll up” the /32s into a larger prefix. Defaults to 32. Works for IPv4 addresses. format: int32 minimum: 1 type: integer aggregationLengthV6: default: 128 description: The aggregation-length advertisement option lets you “roll up” the /128s into a larger prefix. Defaults to 128. Works for IPv6 addresses. format: int32 type: integer communities: description: |- The BGP communities to be associated with the announcement. Each item can be a standard community of the form 1234:1234, a large community of the form large:1234:1234:1234 or the name of an alias defined in the Community CRD. items: type: string type: array ipAddressPoolSelectors: description: |- A selector for the IPAddressPools which would get advertised via this advertisement. If no IPAddressPool is selected by this or by the list, the advertisement is applied to all the IPAddressPools. items: description: |- A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic type: array ipAddressPools: description: The list of IPAddressPools to advertise via this advertisement, selected by name. items: type: string type: array localPref: description: |- The BGP LOCAL_PREF attribute which is used by BGP best path algorithm, Path with higher localpref is preferred over one with lower localpref. format: int32 type: integer nodeSelectors: description: NodeSelectors allows to limit the nodes to announce as next hops for the LoadBalancer IP. When empty, all the nodes having are announced as next hops. items: description: |- A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic type: array peers: description: |- Peers limits the bgppeer to advertise the ips of the selected pools to. When empty, the loadbalancer IP is announced to all the BGPPeers configured. items: type: string type: array type: object status: description: BGPAdvertisementStatus defines the observed state of BGPAdvertisement. type: object type: object served: true storage: true subresources: status: {} --- # Source: metallb/charts/crds/templates/crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.19.0 name: bgppeers.metallb.io spec: conversion: strategy: Webhook webhook: clientConfig: service: name: metallb-webhook-service namespace: metallb-system path: /convert conversionReviewVersions: - v1beta1 - v1beta2 group: metallb.io names: kind: BGPPeer listKind: BGPPeerList plural: bgppeers singular: bgppeer scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .spec.peerAddress name: Address type: string - jsonPath: .spec.peerASN name: ASN type: string - jsonPath: .spec.bfdProfile name: BFD Profile type: string - jsonPath: .spec.ebgpMultiHop name: Multi Hops type: string deprecated: true deprecationWarning: v1beta1 is deprecated, please use v1beta2 name: v1beta1 schema: openAPIV3Schema: description: BGPPeer is the Schema for the peers API. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: BGPPeerSpec defines the desired state of Peer. properties: bfdProfile: type: string ebgpMultiHop: description: EBGP peer is multi-hops away type: boolean holdTime: description: Requested BGP hold time, per RFC4271. type: string keepaliveTime: description: Requested BGP keepalive time, per RFC4271. type: string myASN: description: AS number to use for the local end of the session. format: int32 maximum: 4294967295 minimum: 0 type: integer nodeSelectors: description: |- Only connect to this peer on nodes that match one of these selectors. items: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string minItems: 1 type: array required: - key - operator - values type: object type: array matchLabels: additionalProperties: type: string type: object type: object type: array password: description: Authentication password for routers enforcing TCP MD5 authenticated sessions type: string peerASN: description: AS number to expect from the remote end of the session. format: int32 maximum: 4294967295 minimum: 0 type: integer peerAddress: description: Address to dial when establishing the session. type: string peerPort: description: Port to dial when establishing the session. maximum: 16384 minimum: 0 type: integer routerID: description: BGP router ID to advertise to the peer type: string sourceAddress: description: Source address to use when establishing the session. type: string required: - myASN - peerASN - peerAddress type: object status: description: BGPPeerStatus defines the observed state of Peer. type: object type: object served: true storage: false subresources: status: {} - additionalPrinterColumns: - jsonPath: .spec.peerAddress name: Address type: string - jsonPath: .spec.peerASN name: ASN type: string - jsonPath: .spec.bfdProfile name: BFD Profile type: string - jsonPath: .spec.ebgpMultiHop name: Multi Hops type: string name: v1beta2 schema: openAPIV3Schema: description: BGPPeer is the Schema for the peers API. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: BGPPeerSpec defines the desired state of Peer. properties: bfdProfile: description: The name of the BFD Profile to be used for the BFD session associated to the BGP session. If not set, the BFD session won't be set up. type: string connectTime: description: Requested BGP connect time, controls how long BGP waits between connection attempts to a neighbor. type: string x-kubernetes-validations: - message: connect time should be between 1 seconds to 65535 rule: duration(self).getSeconds() >= 1 && duration(self).getSeconds() <= 65535 - message: connect time should contain a whole number of seconds rule: duration(self).getMilliseconds() % 1000 == 0 disableMP: default: false description: |- To set if we want to disable MP BGP that will separate IPv4 and IPv6 route exchanges into distinct BGP sessions. Deprecated: DisableMP is deprecated in favor of dualStackAddressFamily. type: boolean dualStackAddressFamily: default: false description: |- To set if we want to enable the neighbor not only for the ipfamily related to its session, but also the other one. This allows to advertise/receive IPv4 prefixes over IPv6 sessions and vice versa. type: boolean dynamicASN: description: |- DynamicASN detects the AS number to use for the remote end of the session without explicitly setting it via the ASN field. Limited to: internal - if the neighbor's ASN is different than MyASN connection is denied. external - if the neighbor's ASN is the same as MyASN the connection is denied. ASN and DynamicASN are mutually exclusive and one of them must be specified. enum: - internal - external type: string ebgpMultiHop: description: To set if the BGPPeer is multi-hops away. Needed for FRR mode only. type: boolean enableGracefulRestart: description: |- EnableGracefulRestart allows BGP peer to continue to forward data packets along known routes while the routing protocol information is being restored. This field is immutable because it requires restart of the BGP session. Supported for FRR mode only. type: boolean x-kubernetes-validations: - message: EnableGracefulRestart cannot be changed after creation rule: self == oldSelf holdTime: description: Requested BGP hold time, per RFC4271. type: string interface: description: |- Interface is the node interface over which the unnumbered BGP peering will be established. No API validation takes place as that string value represents an interface name on the host and if user provides an invalid value, only the actual BGP session will not be established. Address and Interface are mutually exclusive and one of them must be specified. type: string keepaliveTime: description: Requested BGP keepalive time, per RFC4271. type: string myASN: description: AS number to use for the local end of the session. format: int32 maximum: 4294967295 minimum: 0 type: integer nodeSelectors: description: |- Only connect to this peer on nodes that match one of these selectors. items: description: |- A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic type: array password: description: Authentication password for routers enforcing TCP MD5 authenticated sessions type: string passwordSecret: description: |- passwordSecret is name of the authentication secret for BGP Peer. the secret must be of type "kubernetes.io/basic-auth", and created in the same namespace as the MetalLB deployment. The password is stored in the secret as the key "password". properties: name: description: name is unique within a namespace to reference a secret resource. type: string namespace: description: namespace defines the space within which the secret name must be unique. type: string type: object x-kubernetes-map-type: atomic peerASN: description: |- AS number to expect from the remote end of the session. ASN and DynamicASN are mutually exclusive and one of them must be specified. format: int32 maximum: 4294967295 minimum: 0 type: integer peerAddress: description: Address to dial when establishing the session. type: string peerPort: default: 179 description: Port to dial when establishing the session. maximum: 16384 minimum: 1 type: integer routerID: description: BGP router ID to advertise to the peer type: string sourceAddress: description: Source address to use when establishing the session. type: string vrf: description: |- To set if we want to peer with the BGPPeer using an interface belonging to a host vrf type: string required: - myASN type: object status: description: BGPPeerStatus defines the observed state of Peer. type: object type: object served: true storage: true subresources: status: {} --- # Source: metallb/charts/crds/templates/crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.19.0 name: communities.metallb.io spec: group: metallb.io names: kind: Community listKind: CommunityList plural: communities singular: community scope: Namespaced versions: - name: v1beta1 schema: openAPIV3Schema: description: |- Community is a collection of aliases for communities. Users can define named aliases to be used in the BGPPeer CRD. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: CommunitySpec defines the desired state of Community. properties: communities: items: properties: name: description: The name of the alias for the community. type: string value: description: |- The BGP community value corresponding to the given name. Can be a standard community of the form 1234:1234 or a large community of the form large:1234:1234:1234. type: string type: object type: array type: object status: description: CommunityStatus defines the observed state of Community. type: object type: object served: true storage: true subresources: status: {} --- # Source: metallb/charts/crds/templates/crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.19.0 name: configurationstates.metallb.io spec: group: metallb.io names: kind: ConfigurationState listKind: ConfigurationStateList plural: configurationstates singular: configurationstate scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .status.result name: Result type: string - jsonPath: .status.errorSummary name: ErrorSummary type: string - jsonPath: .metadata.creationTimestamp name: Age type: date name: v1beta1 schema: openAPIV3Schema: description: |- ConfigurationState is a status-only CRD that reports configuration validation results from MetalLB components. Labels: - metallb.io/component-type: "controller" or "speaker" - metallb.io/node-name: node name (only for speaker) properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object status: description: ConfigurationStateStatus defines the observed state of ConfigurationState. properties: conditions: description: Conditions contains the status conditions from the reconcilers running in this component. items: description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: |- observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: |- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array x-kubernetes-list-map-keys: - type x-kubernetes-list-type: map errorSummary: description: |- ErrorSummary contains the aggregated error messages from reconciliation failures. This field is empty when Result is "Valid". type: string result: description: Result indicates the configuration validation result. enum: - Valid - Invalid - Unknown type: string type: object type: object served: true storage: true subresources: status: {} --- # Source: metallb/charts/crds/templates/crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.19.0 name: ipaddresspools.metallb.io spec: group: metallb.io names: kind: IPAddressPool listKind: IPAddressPoolList plural: ipaddresspools singular: ipaddresspool scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .spec.autoAssign name: Auto Assign type: boolean - jsonPath: .spec.avoidBuggyIPs name: Avoid Buggy IPs type: boolean - jsonPath: .spec.addresses name: Addresses type: string name: v1beta1 schema: openAPIV3Schema: description: |- IPAddressPool represents a pool of IP addresses that can be allocated to LoadBalancer services. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: IPAddressPoolSpec defines the desired state of IPAddressPool. properties: addresses: description: |- A list of IP address ranges over which MetalLB has authority. You can list multiple ranges in a single pool, they will all share the same settings. Each range can be either a CIDR prefix, or an explicit start-end range of IPs. items: type: string type: array autoAssign: default: true description: |- AutoAssign flag used to prevent MetallB from automatic allocation for a pool. type: boolean avoidBuggyIPs: default: false description: |- AvoidBuggyIPs prevents addresses ending with .0 and .255 to be used by a pool. type: boolean serviceAllocation: description: |- AllocateTo makes ip pool allocation to specific namespace and/or service. The controller will use the pool with lowest value of priority in case of multiple matches. A pool with no priority set will be used only if the pools with priority can't be used. If multiple matching IPAddressPools are available it will check for the availability of IPs sorting the matching IPAddressPools by priority, starting from the highest to the lowest. If multiple IPAddressPools have the same priority, choice will be random. properties: namespaceSelectors: description: |- NamespaceSelectors list of label selectors to select namespace(s) for ip pool, an alternative to using namespace list. items: description: |- A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic type: array namespaces: description: Namespaces list of namespace(s) on which ip pool can be attached. items: type: string type: array priority: description: Priority priority given for ip pool while ip allocation on a service. type: integer serviceSelectors: description: |- ServiceSelectors list of label selector to select service(s) for which ip pool can be used for ip allocation. items: description: |- A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic type: array type: object required: - addresses type: object status: description: IPAddressPoolStatus defines the observed state of IPAddressPool. properties: assignedIPv4: description: AssignedIPv4 is the number of assigned IPv4 addresses. format: int64 type: integer assignedIPv6: description: AssignedIPv6 is the number of assigned IPv6 addresses. format: int64 type: integer availableIPv4: description: AvailableIPv4 is the number of available IPv4 addresses. format: int64 type: integer availableIPv6: description: AvailableIPv6 is the number of available IPv6 addresses. format: int64 type: integer required: - assignedIPv4 - assignedIPv6 - availableIPv4 - availableIPv6 type: object required: - spec type: object served: true storage: true subresources: status: {} --- # Source: metallb/charts/crds/templates/crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.19.0 name: l2advertisements.metallb.io spec: group: metallb.io names: kind: L2Advertisement listKind: L2AdvertisementList plural: l2advertisements singular: l2advertisement scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .spec.ipAddressPools name: IPAddressPools type: string - jsonPath: .spec.ipAddressPoolSelectors name: IPAddressPool Selectors type: string - jsonPath: .spec.interfaces name: Interfaces type: string - jsonPath: .spec.nodeSelectors name: Node Selectors priority: 10 type: string name: v1beta1 schema: openAPIV3Schema: description: |- L2Advertisement allows to advertise the LoadBalancer IPs provided by the selected pools via L2. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: L2AdvertisementSpec defines the desired state of L2Advertisement. properties: interfaces: description: |- A list of interfaces to announce from. The LB IP will be announced only from these interfaces. If the field is not set, we advertise from all the interfaces on the host. items: type: string type: array ipAddressPoolSelectors: description: |- A selector for the IPAddressPools which would get advertised via this advertisement. If no IPAddressPool is selected by this or by the list, the advertisement is applied to all the IPAddressPools. items: description: |- A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic type: array ipAddressPools: description: The list of IPAddressPools to advertise via this advertisement, selected by name. items: type: string type: array nodeSelectors: description: NodeSelectors allows to limit the nodes to announce as next hops for the LoadBalancer IP. When empty, all the nodes having are announced as next hops. items: description: |- A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic type: array type: object status: description: L2AdvertisementStatus defines the observed state of L2Advertisement. type: object type: object served: true storage: true subresources: status: {} --- # Source: metallb/charts/crds/templates/crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.19.0 name: servicebgpstatuses.metallb.io spec: group: metallb.io names: kind: ServiceBGPStatus listKind: ServiceBGPStatusList plural: servicebgpstatuses singular: servicebgpstatus scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .status.node name: Node type: string - jsonPath: .status.serviceName name: Service Name type: string - jsonPath: .status.serviceNamespace name: Service Namespace type: string name: v1beta1 schema: openAPIV3Schema: description: ServiceBGPStatus exposes the BGP peers a service is configured to be advertised to, per relevant node. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: ServiceBGPStatusSpec defines the desired state of ServiceBGPStatus. type: object status: description: MetalLBServiceBGPStatus defines the observed state of ServiceBGPStatus. properties: node: description: Node indicates the node announcing the service. type: string x-kubernetes-validations: - message: Value is immutable rule: self == oldSelf peers: description: |- Peers indicate the BGP peers for which the service is configured to be advertised to. The service being actually advertised to a given peer depends on the session state and is not indicated here. items: type: string type: array serviceName: description: ServiceName indicates the service this status represents. type: string x-kubernetes-validations: - message: Value is immutable rule: self == oldSelf serviceNamespace: description: ServiceNamespace indicates the namespace of the service. type: string x-kubernetes-validations: - message: Value is immutable rule: self == oldSelf type: object type: object served: true storage: true subresources: status: {} --- # Source: metallb/charts/crds/templates/crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.19.0 name: servicel2statuses.metallb.io spec: group: metallb.io names: kind: ServiceL2Status listKind: ServiceL2StatusList plural: servicel2statuses singular: servicel2status scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .status.node name: Allocated Node type: string - jsonPath: .status.serviceName name: Service Name type: string - jsonPath: .status.serviceNamespace name: Service Namespace type: string name: v1beta1 schema: openAPIV3Schema: description: ServiceL2Status reveals the actual traffic status of loadbalancer services in layer2 mode. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: ServiceL2StatusSpec defines the desired state of ServiceL2Status. type: object status: description: MetalLBServiceL2Status defines the observed state of ServiceL2Status. properties: interfaces: description: Interfaces indicates the interfaces that receive the directed traffic items: description: InterfaceInfo defines interface info of layer2 announcement. properties: name: description: Name the name of network interface card type: string type: object type: array node: description: Node indicates the node that receives the directed traffic type: string x-kubernetes-validations: - message: Value is immutable rule: self == oldSelf serviceName: description: ServiceName indicates the service this status represents type: string x-kubernetes-validations: - message: Value is immutable rule: self == oldSelf serviceNamespace: description: ServiceNamespace indicates the namespace of the service type: string x-kubernetes-validations: - message: Value is immutable rule: self == oldSelf type: object type: object served: true storage: true subresources: status: {} --- # Source: metallb/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: metallb:controller labels: helm.sh/chart: metallb-0.15.3 app.kubernetes.io/name: metallb app.kubernetes.io/instance: metallb app.kubernetes.io/version: "v0.15.3" app.kubernetes.io/managed-by: Helm rules: - apiGroups: [""] resources: ["services", "namespaces"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["nodes"] verbs: ["list"] - apiGroups: [""] resources: ["services/status"] verbs: ["update"] - apiGroups: [""] resources: ["events"] verbs: ["create", "patch"] - apiGroups: ["admissionregistration.k8s.io"] resources: ["validatingwebhookconfigurations"] resourceNames: ["metallb-webhook-configuration"] verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] - apiGroups: ["admissionregistration.k8s.io"] resources: ["validatingwebhookconfigurations"] verbs: ["list", "watch"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] resourceNames: ["bfdprofiles.metallb.io","bgpadvertisements.metallb.io", "bgppeers.metallb.io","ipaddresspools.metallb.io","l2advertisements.metallb.io","communities.metallb.io","configurationstates.metallb.io"] verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["list", "watch"] - apiGroups: ["metallb.io"] resources: ["configurationstates"] verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] - apiGroups: ["metallb.io"] resources: ["configurationstates/status"] verbs: ["get", "patch", "update"] --- # Source: metallb/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: metallb:speaker labels: helm.sh/chart: metallb-0.15.3 app.kubernetes.io/name: metallb app.kubernetes.io/instance: metallb app.kubernetes.io/version: "v0.15.3" app.kubernetes.io/managed-by: Helm rules: - apiGroups: [""] resources: ["services", "endpoints", "nodes", "namespaces"] verbs: ["get", "list", "watch"] - apiGroups: ["discovery.k8s.io"] resources: ["endpointslices"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"] verbs: ["create", "patch"] - apiGroups: ["metallb.io"] resources: ["servicel2statuses","servicel2statuses/status","configurationstates","configurationstates/status"] verbs: ["*"] --- # Source: metallb/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: metallb:controller labels: helm.sh/chart: metallb-0.15.3 app.kubernetes.io/name: metallb app.kubernetes.io/instance: metallb app.kubernetes.io/version: "v0.15.3" app.kubernetes.io/managed-by: Helm subjects: - kind: ServiceAccount name: metallb-controller namespace: metallb-system roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: metallb:controller --- # Source: metallb/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: metallb:speaker labels: helm.sh/chart: metallb-0.15.3 app.kubernetes.io/name: metallb app.kubernetes.io/instance: metallb app.kubernetes.io/version: "v0.15.3" app.kubernetes.io/managed-by: Helm subjects: - kind: ServiceAccount name: metallb-speaker namespace: metallb-system roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: metallb:speaker --- # Source: metallb/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: metallb-pod-lister namespace: "metallb-system" labels: helm.sh/chart: metallb-0.15.3 app.kubernetes.io/name: metallb app.kubernetes.io/instance: metallb app.kubernetes.io/version: "v0.15.3" app.kubernetes.io/managed-by: Helm rules: - apiGroups: [""] resources: ["pods"] verbs: ["list", "get"] - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["configmaps"] verbs: ["get", "list", "watch"] - apiGroups: ["metallb.io"] resources: ["bfdprofiles"] verbs: ["get", "list", "watch"] - apiGroups: ["metallb.io"] resources: ["bgppeers"] verbs: ["get", "list", "watch"] - apiGroups: ["metallb.io"] resources: ["l2advertisements"] verbs: ["get", "list", "watch"] - apiGroups: ["metallb.io"] resources: ["bgpadvertisements"] verbs: ["get", "list", "watch"] - apiGroups: ["metallb.io"] resources: ["ipaddresspools"] verbs: ["get", "list", "watch"] - apiGroups: ["metallb.io"] resources: ["communities"] verbs: ["get", "list", "watch"] - apiGroups: ["metallb.io"] resources: ["servicebgpstatuses","servicebgpstatuses/status"] verbs: ["*"] --- # Source: metallb/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: metallb-controller namespace: "metallb-system" labels: helm.sh/chart: metallb-0.15.3 app.kubernetes.io/name: metallb app.kubernetes.io/instance: metallb app.kubernetes.io/version: "v0.15.3" app.kubernetes.io/managed-by: Helm rules: - apiGroups: [""] resources: ["secrets"] verbs: ["create", "get", "list", "watch"] - apiGroups: [""] resources: ["secrets"] resourceNames: ["metallb-memberlist"] verbs: ["list"] - apiGroups: ["apps"] resources: ["deployments"] resourceNames: ["metallb-controller"] verbs: ["get"] - apiGroups: [""] resources: ["secrets"] verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] - apiGroups: ["metallb.io"] resources: ["ipaddresspools"] verbs: ["get", "list", "watch"] - apiGroups: ["metallb.io"] resources: ["ipaddresspools/status"] verbs: ["update"] - apiGroups: ["metallb.io"] resources: ["bgppeers"] verbs: ["get", "list"] - apiGroups: ["metallb.io"] resources: ["bgpadvertisements"] verbs: ["get", "list"] - apiGroups: ["metallb.io"] resources: ["l2advertisements"] verbs: ["get", "list"] - apiGroups: ["metallb.io"] resources: ["communities"] verbs: ["get", "list","watch"] - apiGroups: ["metallb.io"] resources: ["bfdprofiles"] verbs: ["get", "list","watch"] --- # Source: metallb/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: metallb-pod-lister namespace: "metallb-system" labels: helm.sh/chart: metallb-0.15.3 app.kubernetes.io/name: metallb app.kubernetes.io/instance: metallb app.kubernetes.io/version: "v0.15.3" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: metallb-pod-lister subjects: - kind: ServiceAccount name: metallb-speaker --- # Source: metallb/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: metallb-controller namespace: "metallb-system" labels: helm.sh/chart: metallb-0.15.3 app.kubernetes.io/name: metallb app.kubernetes.io/instance: metallb app.kubernetes.io/version: "v0.15.3" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: metallb-controller subjects: - kind: ServiceAccount name: metallb-controller --- # Source: metallb/templates/webhooks.yaml apiVersion: v1 kind: Service metadata: name: metallb-webhook-service namespace: "metallb-system" labels: helm.sh/chart: metallb-0.15.3 app.kubernetes.io/name: metallb app.kubernetes.io/instance: metallb app.kubernetes.io/version: "v0.15.3" app.kubernetes.io/managed-by: Helm spec: ports: - port: 443 targetPort: 9443 selector: app.kubernetes.io/name: metallb app.kubernetes.io/instance: metallb app.kubernetes.io/component: controller --- # Source: metallb/templates/speaker.yaml apiVersion: apps/v1 kind: DaemonSet metadata: name: metallb-speaker namespace: "metallb-system" labels: helm.sh/chart: metallb-0.15.3 app.kubernetes.io/name: metallb app.kubernetes.io/instance: metallb app.kubernetes.io/version: "v0.15.3" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: speaker spec: updateStrategy: type: RollingUpdate selector: matchLabels: app.kubernetes.io/name: metallb app.kubernetes.io/instance: metallb app.kubernetes.io/component: speaker template: metadata: labels: app.kubernetes.io/name: metallb app.kubernetes.io/instance: metallb app.kubernetes.io/component: speaker spec: serviceAccountName: metallb-speaker terminationGracePeriodSeconds: 0 hostNetwork: true volumes: - name: memberlist secret: secretName: metallb-memberlist defaultMode: 420 - name: metallb-excludel2 configMap: defaultMode: 256 name: metallb-excludel2 - name: frr-sockets emptyDir: {} - name: frr-startup configMap: name: metallb-frr-startup - name: frr-conf emptyDir: {} - name: reloader emptyDir: {} - name: metrics emptyDir: {} - name: frr-tmp emptyDir: {} - name: frr-lib emptyDir: {} - name: frr-log emptyDir: {} initContainers: # Copies the initial config files with the right permissions to the shared volume. - name: cp-frr-files image: quay.io/frrouting/frr:10.4.1 securityContext: runAsUser: 100 runAsGroup: 101 command: ["/bin/sh", "-c", "cp -rLf /tmp/frr/* /etc/frr/"] volumeMounts: - name: frr-startup mountPath: /tmp/frr - name: frr-conf mountPath: /etc/frr # Copies the reloader to the shared volume between the speaker and reloader. - name: cp-reloader image: quay.io/metallb/speaker:v0.15.3 command: ["/cp-tool","/frr-reloader.sh","/etc/frr_reloader/frr-reloader.sh"] volumeMounts: - name: reloader mountPath: /etc/frr_reloader # Copies the metrics exporter - name: cp-metrics image: quay.io/metallb/speaker:v0.15.3 command: ["/cp-tool","/frr-metrics","/etc/frr_metrics/frr-metrics"] volumeMounts: - name: metrics mountPath: /etc/frr_metrics shareProcessNamespace: true containers: - name: speaker image: quay.io/metallb/speaker:v0.15.3 args: - --port=7472 - --log-level=info env: - name: METALLB_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: METALLB_HOST valueFrom: fieldRef: fieldPath: status.hostIP - name: METALLB_ML_BIND_ADDR valueFrom: fieldRef: fieldPath: status.podIP - name: METALLB_ML_LABELS value: "app.kubernetes.io/name=metallb,app.kubernetes.io/component=speaker" - name: METALLB_ML_BIND_PORT value: "7946" - name: METALLB_ML_SECRET_KEY_PATH value: "/etc/ml_secret_key" - name: FRR_CONFIG_FILE value: /etc/frr_reloader/frr.conf - name: FRR_RELOADER_PID_FILE value: /etc/frr_reloader/reloader.pid - name: METALLB_BGP_TYPE value: frr - name: METALLB_POD_NAME valueFrom: fieldRef: fieldPath: metadata.name ports: - name: monitoring containerPort: 7472 - name: memberlist-tcp containerPort: 7946 protocol: TCP - name: memberlist-udp containerPort: 7946 protocol: UDP livenessProbe: httpGet: path: /metrics port: monitoring initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 1 successThreshold: 1 failureThreshold: 3 readinessProbe: httpGet: path: /metrics port: monitoring initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 1 successThreshold: 1 failureThreshold: 3 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: - ALL add: - NET_RAW volumeMounts: - name: memberlist mountPath: /etc/ml_secret_key - name: reloader mountPath: /etc/frr_reloader - name: metallb-excludel2 mountPath: /etc/metallb - name: frr securityContext: readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: add: - NET_ADMIN - NET_RAW - SYS_ADMIN - NET_BIND_SERVICE image: quay.io/frrouting/frr:10.4.1 env: - name: TINI_SUBREAPER value: "true" volumeMounts: - name: frr-sockets mountPath: /var/run/frr - name: frr-conf mountPath: /etc/frr - name: frr-tmp mountPath: /var/tmp/frr - name: frr-lib mountPath: /var/lib/frr # The command is FRR's default entrypoint & waiting for the log file to appear and tailing it. # If the log file isn't created in 60 seconds the tail fails and the container is restarted. # This workaround is needed to have the frr logs as part of kubectl logs -c frr < speaker_pod_name >. command: - /bin/sh - -c - | /sbin/tini -- /usr/lib/frr/docker-start & attempts=0 until [[ -f /etc/frr/frr.log || $attempts -eq 60 ]]; do sleep 1 attempts=$(( $attempts + 1 )) done tail -f /etc/frr/frr.log livenessProbe: httpGet: path: livez port: 7473 initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 1 successThreshold: 1 failureThreshold: 3 startupProbe: httpGet: path: /livez port: 7473 failureThreshold: 30 periodSeconds: 5 - name: reloader image: quay.io/frrouting/frr:10.4.1 securityContext: readOnlyRootFilesystem: true allowPrivilegeEscalation: false command: ["/etc/frr_reloader/frr-reloader.sh"] volumeMounts: - name: frr-sockets mountPath: /var/run/frr - name: frr-conf mountPath: /etc/frr - name: reloader mountPath: /etc/frr_reloader - name: frr-log mountPath: /var/log/frr - name: frr-metrics image: quay.io/frrouting/frr:10.4.1 securityContext: readOnlyRootFilesystem: true allowPrivilegeEscalation: false command: ["/etc/frr_metrics/frr-metrics"] args: - --metrics-port=7473 env: - name: VTYSH_HISTFILE value: /dev/null ports: - containerPort: 7473 name: frrmetrics volumeMounts: - name: frr-sockets mountPath: /var/run/frr - name: frr-conf mountPath: /etc/frr - name: metrics mountPath: /etc/frr_metrics nodeSelector: "kubernetes.io/os": linux tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule operator: Exists - key: node-role.kubernetes.io/control-plane effect: NoSchedule operator: Exists --- # Source: metallb/templates/controller.yaml apiVersion: apps/v1 kind: Deployment metadata: name: metallb-controller namespace: "metallb-system" labels: helm.sh/chart: metallb-0.15.3 app.kubernetes.io/name: metallb app.kubernetes.io/instance: metallb app.kubernetes.io/version: "v0.15.3" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller spec: strategy: type: RollingUpdate selector: matchLabels: app.kubernetes.io/name: metallb app.kubernetes.io/instance: metallb app.kubernetes.io/component: controller template: metadata: labels: app.kubernetes.io/name: metallb app.kubernetes.io/instance: metallb app.kubernetes.io/component: controller spec: serviceAccountName: metallb-controller terminationGracePeriodSeconds: 0 securityContext: fsGroup: 65534 runAsNonRoot: true runAsUser: 65534 containers: - name: controller image: quay.io/metallb/controller:v0.15.3 args: - --port=7472 - --log-level=info - --webhook-mode=enabled - --tls-min-version=VersionTLS12 env: - name: METALLB_ML_SECRET_NAME value: metallb-memberlist - name: METALLB_DEPLOYMENT value: metallb-controller - name: METALLB_BGP_TYPE value: frr ports: - name: monitoring containerPort: 7472 - containerPort: 9443 name: webhook-server protocol: TCP volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true livenessProbe: httpGet: path: /metrics port: monitoring initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 1 successThreshold: 1 failureThreshold: 3 readinessProbe: httpGet: path: /metrics port: monitoring initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 1 successThreshold: 1 failureThreshold: 3 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: - ALL nodeSelector: "kubernetes.io/os": linux volumes: - name: cert secret: defaultMode: 420 secretName: metallb-webhook-cert --- # Source: metallb/templates/webhooks.yaml apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: metallb-webhook-configuration labels: helm.sh/chart: metallb-0.15.3 app.kubernetes.io/name: metallb app.kubernetes.io/instance: metallb app.kubernetes.io/version: "v0.15.3" app.kubernetes.io/managed-by: Helm webhooks: - admissionReviewVersions: - v1 clientConfig: service: name: metallb-webhook-service namespace: metallb-system path: /validate-metallb-io-v1beta2-bgppeer failurePolicy: Fail name: bgppeervalidationwebhook.metallb.io rules: - apiGroups: - metallb.io apiVersions: - v1beta2 operations: - CREATE - UPDATE resources: - bgppeers sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: metallb-webhook-service namespace: metallb-system path: /validate-metallb-io-v1beta1-ipaddresspool failurePolicy: Fail name: ipaddresspoolvalidationwebhook.metallb.io rules: - apiGroups: - metallb.io apiVersions: - v1beta1 operations: - CREATE - UPDATE resources: - ipaddresspools sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: metallb-webhook-service namespace: metallb-system path: /validate-metallb-io-v1beta1-bgpadvertisement failurePolicy: Fail name: bgpadvertisementvalidationwebhook.metallb.io rules: - apiGroups: - metallb.io apiVersions: - v1beta1 operations: - CREATE - UPDATE resources: - bgpadvertisements sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: metallb-webhook-service namespace: metallb-system path: /validate-metallb-io-v1beta1-community failurePolicy: Fail name: communityvalidationwebhook.metallb.io rules: - apiGroups: - metallb.io apiVersions: - v1beta1 operations: - CREATE - UPDATE resources: - communities sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: metallb-webhook-service namespace: metallb-system path: /validate-metallb-io-v1beta1-bfdprofile failurePolicy: Fail name: bfdprofilevalidationwebhook.metallb.io rules: - apiGroups: - metallb.io apiVersions: - v1beta1 operations: - CREATE - DELETE resources: - bfdprofiles sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: metallb-webhook-service namespace: metallb-system path: /validate-metallb-io-v1beta1-l2advertisement failurePolicy: Fail name: l2advertisementvalidationwebhook.metallb.io rules: - apiGroups: - metallb.io apiVersions: - v1beta1 operations: - CREATE - UPDATE resources: - l2advertisements sideEffects: None