2024-10-21 15:17:49 +02:00
# Default values for metallb.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
imagePullSecrets : [ ]
nameOverride : ""
fullnameOverride : ""
# MetalLB supports LoadBalancerClass, which allows multiple load balancer implementations to co-exist.
# In order to set the loadbalancer class MetalLB should be listening for, the --lb-class=<CLASS_NAME>
# parameter must be provided to both the speaker and the controller.
loadBalancerClass : ""
# To configure MetalLB, you must specify ONE of the following two
# options.
rbac :
# create specifies whether to install and use RBAC rules.
create : true
prometheus :
# scrape annotations specifies whether to add Prometheus metric
# auto-collection annotations to pods. See
# https://github.com/prometheus/prometheus/blob/release-2.1/documentation/examples/prometheus-kubernetes.yml
# for a corresponding Prometheus configuration. Alternatively, you
# may want to use the Prometheus Operator
# (https://github.com/coreos/prometheus-operator) for more powerful
# monitoring configuration. If you use the Prometheus operator, this
# can be left at false.
scrapeAnnotations : false
# port both controller and speaker will listen on for metrics
metricsPort : 7472
# if set, enables rbac proxy on the controller and speaker to expose
# the metrics via tls.
# secureMetricsPort: 9120
# the name of the secret to be mounted in the speaker pod
# to expose the metrics securely. If not present, a self signed
# certificate to be used.
speakerMetricsTLSSecret : ""
# the name of the secret to be mounted in the controller pod
# to expose the metrics securely. If not present, a self signed
# certificate to be used.
controllerMetricsTLSSecret : ""
# prometheus doens't have the permission to scrape all namespaces so we give it permission to scrape metallb's one
rbacPrometheus : true
# the service account used by prometheus
# required when " .Values.prometheus.rbacPrometheus == true " and " .Values.prometheus.podMonitor.enabled=true or prometheus.serviceMonitor.enabled=true "
serviceAccount : ""
# the namespace where prometheus is deployed
# required when " .Values.prometheus.rbacPrometheus == true " and " .Values.prometheus.podMonitor.enabled=true or prometheus.serviceMonitor.enabled=true "
namespace : ""
# the image to be used for the kuberbacproxy container
rbacProxy :
repository : "%%IMG_REPO%%/%%IMG_PREFIX%%kube-rbac-proxy"
2024-11-12 19:09:47 +01:00
tag : "0.18.1"
2024-10-21 15:17:49 +02:00
pullPolicy : IfNotPresent
# Prometheus Operator PodMonitors
podMonitor :
# enable support for Prometheus Operator
enabled : false
# optional additionnal labels for podMonitors
additionalLabels : {}
# optional annotations for podMonitors
annotations : {}
# Job label for scrape target
jobLabel : "app.kubernetes.io/name"
# Scrape interval. If not set, the Prometheus default scrape interval is used.
interval :
# metric relabel configs to apply to samples before ingestion.
metricRelabelings : [ ]
# - action: keep
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
# sourceLabels: [__name__]
# relabel configs to apply to samples before ingestion.
relabelings : [ ]
# - sourceLabels: [__meta_kubernetes_pod_node_name]
# separator: ;
# regex: ^(.*)$
# target_label: nodename
# replacement: $1
# action: replace
# Prometheus Operator ServiceMonitors. To be used as an alternative
# to podMonitor, supports secure metrics.
serviceMonitor :
# enable support for Prometheus Operator
enabled : false
speaker :
# optional additional labels for the speaker serviceMonitor
additionalLabels : {}
# optional additional annotations for the speaker serviceMonitor
annotations : {}
# optional tls configuration for the speaker serviceMonitor, in case
# secure metrics are enabled.
tlsConfig :
insecureSkipVerify : true
controller :
# optional additional labels for the controller serviceMonitor
additionalLabels : {}
# optional additional annotations for the controller serviceMonitor
annotations : {}
# optional tls configuration for the controller serviceMonitor, in case
# secure metrics are enabled.
tlsConfig :
insecureSkipVerify : true
# Job label for scrape target
jobLabel : "app.kubernetes.io/name"
# Scrape interval. If not set, the Prometheus default scrape interval is used.
interval :
# metric relabel configs to apply to samples before ingestion.
metricRelabelings : [ ]
# - action: keep
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
# sourceLabels: [__name__]
# relabel configs to apply to samples before ingestion.
relabelings : [ ]
# - sourceLabels: [__meta_kubernetes_pod_node_name]
# separator: ;
# regex: ^(.*)$
# target_label: nodename
# replacement: $1
# action: replace
# Prometheus Operator alertmanager alerts
prometheusRule :
# enable alertmanager alerts
enabled : false
# optional additionnal labels for prometheusRules
additionalLabels : {}
# optional annotations for prometheusRules
annotations : {}
# MetalLBStaleConfig
staleConfig :
enabled : true
labels :
severity : warning
# MetalLBConfigNotLoaded
configNotLoaded :
enabled : true
labels :
severity : warning
# MetalLBAddressPoolExhausted
addressPoolExhausted :
enabled : true
labels :
severity : alert
addressPoolUsage :
enabled : true
thresholds :
- percent : 75
labels :
severity : warning
- percent : 85
labels :
severity : warning
- percent : 95
labels :
severity : alert
# MetalLBBGPSessionDown
bgpSessionDown :
enabled : true
labels :
severity : alert
extraAlerts : [ ]
# controller contains configuration specific to the MetalLB cluster
# controller.
controller :
enabled : true
# -- Controller log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none`
logLevel : info
# command: /controller
# webhookMode: enabled
image :
repository : "%%IMG_REPO%%/%%IMG_PREFIX%%metallb-controller"
tag : "v0.14.8"
pullPolicy : IfNotPresent
## @param controller.updateStrategy.type Metallb controller deployment strategy type.
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
## e.g:
## strategy:
## type: RollingUpdate
## rollingUpdate:
## maxSurge: 25%
## maxUnavailable: 25%
##
strategy :
type : RollingUpdate
serviceAccount :
# Specifies whether a ServiceAccount should be created
create : true
# The name of the ServiceAccount to use. If not set and create is
# true, a name is generated using the fullname template
name : ""
annotations : {}
securityContext :
runAsNonRoot : true
# nobody
runAsUser : 65534
fsGroup : 65534
allowPrivilegeEscalation : false
capabilities :
drop :
- ALL
seccompProfile :
type : RuntimeDefault
resources : {}
# limits:
# cpu: 100m
# memory: 100Mi
nodeSelector : {}
tolerations : [ ]
priorityClassName : ""
runtimeClassName : ""
affinity : {}
podAnnotations : {}
labels : {}
livenessProbe :
enabled : true
failureThreshold : 3
initialDelaySeconds : 10
periodSeconds : 10
successThreshold : 1
timeoutSeconds : 1
readinessProbe :
enabled : true
failureThreshold : 3
initialDelaySeconds : 10
periodSeconds : 10
successThreshold : 1
timeoutSeconds : 1
tlsMinVersion : "VersionTLS12"
tlsCipherSuites : ""
extraContainers : [ ]
# speaker contains configuration specific to the MetalLB speaker
# daemonset.
speaker :
enabled : true
# command: /speaker
# -- Speaker log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none`
logLevel : info
tolerateMaster : true
memberlist :
enabled : true
mlBindPort : 7946
mlBindAddrOverride : ""
mlSecretKeyPath : "/etc/ml_secret_key"
excludeInterfaces :
enabled : true
# ignore the exclude-from-external-loadbalancer label
ignoreExcludeLB : false
image :
repository : "%%IMG_REPO%%/%%IMG_PREFIX%%metallb-speaker"
tag : "v0.14.8"
pullPolicy : IfNotPresent
## @param speaker.updateStrategy.type Speaker daemonset strategy type
## ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/
##
updateStrategy :
## StrategyType
## Can be set to RollingUpdate or OnDelete
##
type : RollingUpdate
serviceAccount :
# Specifies whether a ServiceAccount should be created
create : true
# The name of the ServiceAccount to use. If not set and create is
# true, a name is generated using the fullname template
name : ""
annotations : {}
securityContext :
allowPrivilegeEscalation : false
capabilities :
drop :
- ALL
seccompProfile :
type : RuntimeDefault
## Defines a secret name for the controller to generate a memberlist encryption secret
## By default secretName: {{ "metallb.fullname" }}-memberlist
##
# secretName:
resources : {}
# limits:
# cpu: 100m
# memory: 100Mi
nodeSelector : {}
tolerations : [ ]
priorityClassName : ""
affinity : {}
## Selects which runtime class will be used by the pod.
runtimeClassName : ""
podAnnotations : {}
labels : {}
livenessProbe :
enabled : true
failureThreshold : 3
initialDelaySeconds : 10
periodSeconds : 10
successThreshold : 1
timeoutSeconds : 1
readinessProbe :
enabled : true
failureThreshold : 3
initialDelaySeconds : 10
periodSeconds : 10
successThreshold : 1
timeoutSeconds : 1
startupProbe :
enabled : true
failureThreshold : 30
periodSeconds : 5
# frr contains configuration specific to the MetalLB FRR container,
# for speaker running alongside FRR.
frr :
enabled : false
image :
repository : "%%IMG_REPO%%/%%IMG_PREFIX%%frr"
tag : "8.4"
pullPolicy : IfNotPresent
metricsPort : 7473
resources : {}
# if set, enables a rbac proxy sidecar container on the speaker to
# expose the frr metrics via tls.
# secureMetricsPort: 9121
reloader :
resources : {}
frrMetrics :
resources : {}
extraContainers : [ ]
crds :
enabled : true
validationFailurePolicy : Fail
# frrk8s contains the configuration related to using an frrk8s instance
# (github.com/metallb/frr-k8s) as the backend for the BGP implementation.
# This allows configuring additional frr parameters in combination to those
# applied by MetalLB.
frrk8s :
# if set, enables frrk8s as a backend. This is mutually exclusive to frr
# mode.
enabled : false
external : false
namespace : ""
