catalog/operators/metallb/10.0.3/ix_values.yaml

348 lines
9.5 KiB
YAML

image:
repository: tccr.io/truecharts/metallb-controller
tag: v0.13.11@sha256:562e7116d62d98ddbc21229d32f17e6180dd953cfb8b57f827e9407602ba1273
pullPolicy:
speakerImage:
repository: tccr.io/truecharts/metallb-speaker
tag: v0.13.11@sha256:5bc5480ef0cb65335cef44cd646f44bf0cd4ecb6fc21c306a5499aede2c4fea0
pullPolicy:
workload:
main:
strategy: RollingUpdate
labels:
app.kubernetes.io/component: controller
podSpec:
labels:
app.kubernetes.io/component: controller
containers:
main:
args:
- --port=7472
- --log-level=all
- --cert-service-name={{ include "tc.v1.common.lib.chart.names.fullname" $ }}
- --webhook-mode=enabled
probes:
liveness:
port: controllermon
path: /metrics
readiness:
port: controllermon
path: /metrics
startup:
port: controllermon
type: tcp
env:
METALLB_ML_SECRET_NAME: "memberlist"
METALLB_DEPLOYMENT: '{{ include "tc.v1.common.lib.chart.names.fullname" $ }}'
METALLB_NAMESPACE: "{{$.Release.Namespace}}"
speaker:
enabled: true
type: DaemonSet
strategy: RollingUpdate
labels:
app.kubernetes.io/component: controller
podSpec:
labels:
app.kubernetes.io/component: controller
shareProcessNamespace: true
hostNetwork: true
containers:
speaker:
enabled: true
primary: true
imageSelector: speakerImage
args:
- --port=7473
- --log-level=all
probes:
liveness:
port: speakermon
path: /metrics
readiness:
port: speakermon
path: /metrics
startup:
port: speakermon
type: tcp
env:
METALLB_NODE_NAME:
fieldRef:
fieldPath: spec.nodeName
METALLB_HOST:
fieldRef:
fieldPath: status.hostIP
METALLB_ML_BIND_ADDR:
fieldRef:
fieldPath: status.podIP
METALLB_ML_LABELS: "release={{ $.Release.Name }},app.kubernetes.io/component=speaker"
METALLB_ML_BIND_PORT: "{{ $.Values.service.memberlist.ports.memberlisttcp.port }}"
METALLB_ML_SECRET_KEY_PATH: "/etc/ml_secret_key"
METALLB_NAMESPACE: "{{$.Release.Namespace}}"
securityContext:
runAsUser: 0
capabilities:
add:
- NET_RAW
podOptions:
automountServiceAccountToken: true
service:
main:
ports:
main:
port: 443
targetPort: 9443
memberlist:
enabled: true
targetSelector: speaker
ports:
memberlisttcp:
enabled: true
protocol: tcp
port: 7946
memberlistudp:
enabled: true
protocol: udp
port: 7946
speakermon:
enabled: true
targetSelector: speaker
clusterIP: None
ports:
speakermon:
enabled: true
port: 7473
controllermon:
enabled: true
clusterIP: None
ports:
controllermon:
enabled: true
port: 7472
operator:
register: true
configmap:
metallb-excludel2:
enabled: true
data:
excludel2.yaml: |
announcedInterfacesToExclude:
- docker.*
- cbr.*
- dummy.*
- virbr.*
- lxcbr.*
- veth.*
- lo
- ^cali.*
- ^tunl.*
- flannel.*
- kube-ipvs.*
- cni.*
- ^nodelocaldns.*
persistence:
webhook-server-cert:
enabled: true
type: secret
objectName: webhook-server-cert
expandObjectName: false
defaultMode: "0420"
readOnly: true
targetSelector:
main:
main:
mountPath: "/tmp/k8s-webhook-server/serving-certs"
metallb-excludel2:
enabled: "{{ if $.Values.speaker.excludeInterfaces.enabled }}true{{ else }}false{{ end }}"
type: configmap
objectName: metallb-excludel2
defaultMode: "0256"
readOnly: true
targetSelector:
speaker:
speaker:
mountPath: "/etc/metallb"
memberlist:
enabled: true
type: secret
objectName: memberlist
expandObjectName: false
defaultMode: "0420"
targetSelector:
speaker:
speaker:
mountPath: "/etc/ml_secret_key"
portal:
open:
enabled: false
# -- Whether Role Based Access Control objects like roles and rolebindings should be created
rbac:
main:
enabled: true
primary: true
clusterWide: true
allServiceAccounts: true
rules:
- apiGroups: [""]
resources: ["services", "endpoints", "nodes", "namespaces"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["list"]
- apiGroups: [""]
resources: ["services/status"]
verbs: ["update"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "patch"]
- apiGroups: ["admissionregistration.k8s.io"]
resources:
["validatingwebhookconfigurations", "mutatingwebhookconfigurations"]
resourceNames: ["metallb-webhook-configuration"]
verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
- apiGroups: ["admissionregistration.k8s.io"]
resources:
["validatingwebhookconfigurations", "mutatingwebhookconfigurations"]
verbs: ["list", "watch"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
resourceNames:
[
"addresspools.metallb.io",
"bfdprofiles.metallb.io",
"bgpadvertisements.metallb.io",
"bgppeers.metallb.io",
"ipaddresspools.metallb.io",
"l2advertisements.metallb.io",
"communities.metallb.io",
]
verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["list", "watch"]
- apiGroups: ["discovery.k8s.io"]
resources: ["endpointslices"]
verbs: ["get", "list", "watch"]
controller:
enabled: true
primary: false
clusterWide: false
serviceAccounts:
- main
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["create", "get", "list", "watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["list"]
- apiGroups: ["apps"]
resources: ["deployments"]
verbs: ["get"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
- apiGroups: ["metallb.io"]
resources: ["addresspools"]
verbs: ["get", "list", "watch"]
- apiGroups: ["metallb.io"]
resources: ["ipaddresspools"]
verbs: ["get", "list", "watch"]
- apiGroups: ["metallb.io"]
resources: ["bgppeers"]
verbs: ["get", "list"]
- apiGroups: ["metallb.io"]
resources: ["bgpadvertisements"]
verbs: ["get", "list"]
- apiGroups: ["metallb.io"]
resources: ["l2advertisements"]
verbs: ["get", "list"]
- apiGroups: ["metallb.io"]
resources: ["communities"]
verbs: ["get", "list", "watch"]
- apiGroups: ["metallb.io"]
resources: ["bfdprofiles"]
verbs: ["get", "list", "watch"]
pod-lister:
enabled: true
primary: false
clusterWide: false
serviceAccounts:
- speaker
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["list"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get", "list", "watch"]
- apiGroups: ["metallb.io"]
resources: ["addresspools"]
verbs: ["get", "list", "watch"]
- apiGroups: ["metallb.io"]
resources: ["bfdprofiles"]
verbs: ["get", "list", "watch"]
- apiGroups: ["metallb.io"]
resources: ["bgppeers"]
verbs: ["get", "list", "watch"]
- apiGroups: ["metallb.io"]
resources: ["l2advertisements"]
verbs: ["get", "list", "watch"]
- apiGroups: ["metallb.io"]
resources: ["bgpadvertisements"]
verbs: ["get", "list", "watch"]
- apiGroups: ["metallb.io"]
resources: ["ipaddresspools"]
verbs: ["get", "list", "watch"]
- apiGroups: ["metallb.io"]
resources: ["communities"]
verbs: ["get", "list", "watch"]
# -- The service account the pods will use to interact with the Kubernetes API
serviceAccount:
main:
enabled: true
primary: true
targetSelector:
- main
speaker:
enabled: true
primary: false
targetSelector:
- speaker
# controller contains configuration specific to the MetalLB cluster
# controller.
controller:
enabled: true
# -- Controller log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none`
logLevel: info
# command: /controller
# webhookMode: enabled
# speaker contains configuration specific to the MetalLB speaker
# daemonset.
speaker:
enabled: true
# command: /speaker
# -- Speaker log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none`
logLevel: info
tolerateMaster: true
excludeInterfaces:
enabled: true
validationFailurePolicy: Fail
manifestManager:
enabled: false