195 lines
7.5 KiB
YAML
195 lines
7.5 KiB
YAML
|
{{- if .Values.controller.enabled }}
|
||
|
apiVersion: apps/v1
|
||
|
kind: Deployment
|
||
|
metadata:
|
||
|
name: {{ template "metallb.fullname" . }}-controller
|
||
|
namespace: {{ .Release.Namespace | quote }}
|
||
|
labels:
|
||
|
{{- include "metallb.labels" . | nindent 4 }}
|
||
|
app.kubernetes.io/component: controller
|
||
|
{{- range $key, $value := .Values.controller.labels }}
|
||
|
{{ $key }}: {{ $value | quote }}
|
||
|
{{- end }}
|
||
|
spec:
|
||
|
{{- if .Values.controller.strategy }}
|
||
|
strategy: {{- toYaml .Values.controller.strategy | nindent 4 }}
|
||
|
{{- end }}
|
||
|
selector:
|
||
|
matchLabels:
|
||
|
{{- include "metallb.selectorLabels" . | nindent 6 }}
|
||
|
app.kubernetes.io/component: controller
|
||
|
template:
|
||
|
metadata:
|
||
|
{{- if or .Values.prometheus.scrapeAnnotations .Values.controller.podAnnotations }}
|
||
|
annotations:
|
||
|
{{- if .Values.prometheus.scrapeAnnotations }}
|
||
|
prometheus.io/scrape: "true"
|
||
|
prometheus.io/port: "{{ .Values.prometheus.metricsPort }}"
|
||
|
{{- end }}
|
||
|
{{- with .Values.controller.podAnnotations }}
|
||
|
{{- toYaml . | nindent 8 }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
labels:
|
||
|
{{- include "metallb.selectorLabels" . | nindent 8 }}
|
||
|
app.kubernetes.io/component: controller
|
||
|
{{- range $key, $value := .Values.controller.labels }}
|
||
|
{{ $key }}: {{ $value | quote }}
|
||
|
{{- end }}
|
||
|
spec:
|
||
|
{{- with .Values.controller.runtimeClassName }}
|
||
|
runtimeClassName: {{ . | quote }}
|
||
|
{{- end }}
|
||
|
{{- with .Values.imagePullSecrets }}
|
||
|
imagePullSecrets:
|
||
|
{{- toYaml . | nindent 8 }}
|
||
|
{{- end }}
|
||
|
serviceAccountName: {{ template "metallb.controller.serviceAccountName" . }}
|
||
|
terminationGracePeriodSeconds: 0
|
||
|
{{- if .Values.controller.securityContext }}
|
||
|
securityContext:
|
||
|
{{ toYaml .Values.controller.securityContext | indent 8 }}
|
||
|
{{- end }}
|
||
|
containers:
|
||
|
- name: controller
|
||
|
image: {{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag | default .Chart.AppVersion }}
|
||
|
{{- if .Values.controller.image.pullPolicy }}
|
||
|
imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
|
||
|
{{- end }}
|
||
|
{{- if .Values.controller.command }}
|
||
|
command:
|
||
|
- {{ .Values.controller.command }}
|
||
|
{{- end }}
|
||
|
args:
|
||
|
- --port={{ .Values.prometheus.metricsPort }}
|
||
|
{{- with .Values.controller.logLevel }}
|
||
|
- --log-level={{ . }}
|
||
|
{{- end }}
|
||
|
{{- if .Values.loadBalancerClass }}
|
||
|
- --lb-class={{ .Values.loadBalancerClass }}
|
||
|
{{- end }}
|
||
|
{{- if .Values.controller.webhookMode }}
|
||
|
- --webhook-mode={{ .Values.controller.webhookMode }}
|
||
|
{{- end }}
|
||
|
{{- if .Values.controller.tlsMinVersion }}
|
||
|
- --tls-min-version={{ .Values.controller.tlsMinVersion }}
|
||
|
{{- end }}
|
||
|
{{- if .Values.controller.tlsCipherSuites }}
|
||
|
- --tls-cipher-suites={{ .Values.controller.tlsCipherSuites }}
|
||
|
{{- end }}
|
||
|
env:
|
||
|
{{- if and .Values.speaker.enabled .Values.speaker.memberlist.enabled }}
|
||
|
- name: METALLB_ML_SECRET_NAME
|
||
|
value: {{ include "metallb.secretName" . }}
|
||
|
- name: METALLB_DEPLOYMENT
|
||
|
value: {{ template "metallb.fullname" . }}-controller
|
||
|
{{- end }}
|
||
|
{{- if .Values.speaker.frr.enabled }}
|
||
|
- name: METALLB_BGP_TYPE
|
||
|
value: frr
|
||
|
{{- end }}
|
||
|
{{- if or .Values.frrk8s.enabled .Values.frrk8s.external }}
|
||
|
- name: METALLB_BGP_TYPE
|
||
|
value: frr-k8s
|
||
|
{{- end }}
|
||
|
ports:
|
||
|
- name: monitoring
|
||
|
containerPort: {{ .Values.prometheus.metricsPort }}
|
||
|
- containerPort: 9443
|
||
|
name: webhook-server
|
||
|
protocol: TCP
|
||
|
volumeMounts:
|
||
|
- mountPath: /tmp/k8s-webhook-server/serving-certs
|
||
|
name: cert
|
||
|
readOnly: true
|
||
|
{{- if .Values.controller.livenessProbe.enabled }}
|
||
|
livenessProbe:
|
||
|
httpGet:
|
||
|
path: /metrics
|
||
|
port: monitoring
|
||
|
initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }}
|
||
|
periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }}
|
||
|
timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }}
|
||
|
successThreshold: {{ .Values.controller.livenessProbe.successThreshold }}
|
||
|
failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }}
|
||
|
{{- end }}
|
||
|
{{- if .Values.controller.readinessProbe.enabled }}
|
||
|
readinessProbe:
|
||
|
httpGet:
|
||
|
path: /metrics
|
||
|
port: monitoring
|
||
|
initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
|
||
|
periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
|
||
|
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
|
||
|
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
|
||
|
failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
|
||
|
{{- end }}
|
||
|
{{- with .Values.controller.resources }}
|
||
|
resources:
|
||
|
{{- toYaml . | nindent 10 }}
|
||
|
{{- end }}
|
||
|
securityContext:
|
||
|
allowPrivilegeEscalation: false
|
||
|
readOnlyRootFilesystem: true
|
||
|
capabilities:
|
||
|
drop:
|
||
|
- ALL
|
||
|
{{- if .Values.prometheus.secureMetricsPort }}
|
||
|
- name: kube-rbac-proxy
|
||
|
image: {{ .Values.prometheus.rbacProxy.repository }}:{{ .Values.prometheus.rbacProxy.tag }}
|
||
|
imagePullPolicy: {{ .Values.prometheus.rbacProxy.pullPolicy }}
|
||
|
args:
|
||
|
- --logtostderr
|
||
|
- --secure-listen-address=:{{ .Values.prometheus.secureMetricsPort }}
|
||
|
- --upstream=http://127.0.0.1:{{ .Values.prometheus.metricsPort }}/
|
||
|
- --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
|
||
|
{{- if .Values.prometheus.controllerMetricsTLSSecret }}
|
||
|
- --tls-private-key-file=/etc/metrics/tls.key
|
||
|
- --tls-cert-file=/etc/metrics/tls.crt
|
||
|
{{- end }}
|
||
|
ports:
|
||
|
- containerPort: {{ .Values.prometheus.secureMetricsPort }}
|
||
|
name: metricshttps
|
||
|
resources:
|
||
|
requests:
|
||
|
cpu: 10m
|
||
|
memory: 20Mi
|
||
|
terminationMessagePolicy: FallbackToLogsOnError
|
||
|
{{- if .Values.prometheus.controllerMetricsTLSSecret }}
|
||
|
volumeMounts:
|
||
|
- name: metrics-certs
|
||
|
mountPath: /etc/metrics
|
||
|
readOnly: true
|
||
|
{{- end }}
|
||
|
{{ end }}
|
||
|
{{- if .Values.controller.extraContainers }}
|
||
|
{{- toYaml .Values.controller.extraContainers | nindent 6 }}
|
||
|
{{- end }}
|
||
|
nodeSelector:
|
||
|
"kubernetes.io/os": linux
|
||
|
{{- with .Values.controller.nodeSelector }}
|
||
|
{{- toYaml . | nindent 8 }}
|
||
|
{{- end }}
|
||
|
{{- with .Values.controller.affinity }}
|
||
|
affinity:
|
||
|
{{- toYaml . | nindent 8 }}
|
||
|
{{- end }}
|
||
|
{{- with .Values.controller.tolerations }}
|
||
|
tolerations:
|
||
|
{{- toYaml . | nindent 6 }}
|
||
|
{{- end }}
|
||
|
{{- with .Values.controller.priorityClassName }}
|
||
|
priorityClassName: {{ . | quote }}
|
||
|
{{- end }}
|
||
|
volumes:
|
||
|
- name: cert
|
||
|
secret:
|
||
|
defaultMode: 420
|
||
|
secretName: metallb-webhook-cert
|
||
|
{{- if .Values.prometheus.controllerMetricsTLSSecret }}
|
||
|
- name: metrics-certs
|
||
|
secret:
|
||
|
secretName: {{ .Values.prometheus.controllerMetricsTLSSecret }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|