From 606aded35f54f21b598870e48d5f4c70c97be250 Mon Sep 17 00:00:00 2001 From: Remy Moll Date: Mon, 15 Jan 2024 19:03:49 +0100 Subject: [PATCH] argo manage metallb --- README.md | 3 +- .../metallb-system/config.values.yaml | 2 - infrastructure/metallb-system/configmap.yaml | 15 - .../metallb-system/kustomization.yaml | 15 + infrastructure/metallb-system/namespace.yaml | 4 + infrastructure/metallb-system/values.yaml | 283 +----------------- kluster-deployments/kustomization.yaml | 1 + .../metallb-system/application.yaml | 18 ++ .../metallb-system/kustomization.yaml | 4 + 9 files changed, 45 insertions(+), 300 deletions(-) delete mode 100644 infrastructure/metallb-system/config.values.yaml delete mode 100644 infrastructure/metallb-system/configmap.yaml create mode 100644 infrastructure/metallb-system/kustomization.yaml create mode 100644 infrastructure/metallb-system/namespace.yaml create mode 100644 kluster-deployments/metallb-system/application.yaml create mode 100644 kluster-deployments/metallb-system/kustomization.yaml diff --git a/README.md b/README.md index 3b4059a..a90680e 100644 --- a/README.md +++ b/README.md @@ -4,8 +4,7 @@ ### Initial setup #### Requirements: -- A running k3s instance run: -- `metalLB` deployed +- A running k3s instance - `sealedsecrets` deployed #### Installing argo and the app-of-apps diff --git a/infrastructure/metallb-system/config.values.yaml b/infrastructure/metallb-system/config.values.yaml deleted file mode 100644 index fcd16bc..0000000 --- a/infrastructure/metallb-system/config.values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -name: metallb -chart: metallb/metallb \ No newline at end of file diff --git a/infrastructure/metallb-system/configmap.yaml b/infrastructure/metallb-system/configmap.yaml deleted file mode 100644 index c6f22b0..0000000 --- a/infrastructure/metallb-system/configmap.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: config -spec: - secretTemplates: - - name: secret-1 - labels: - label1: value1 - annotations: - key1: value1 - stringData: - data-name0: data-value0 - data: - data-name1: ZGF0YS12YWx1ZTE= \ No newline at end of file diff --git a/infrastructure/metallb-system/kustomization.yaml b/infrastructure/metallb-system/kustomization.yaml new file mode 100644 index 0000000..fe680e3 --- /dev/null +++ b/infrastructure/metallb-system/kustomization.yaml @@ -0,0 +1,15 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - namespace.yaml + - ipaddresspool.yaml + +namespace: metallb-system + + +helmCharts: + - name: metallb + repo: https://metallb.github.io/metallb + version: 0.13.9 + releaseName: metallb + valuesFile: values.yaml diff --git a/infrastructure/metallb-system/namespace.yaml b/infrastructure/metallb-system/namespace.yaml new file mode 100644 index 0000000..3900a62 --- /dev/null +++ b/infrastructure/metallb-system/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: placeholder \ No newline at end of file diff --git a/infrastructure/metallb-system/values.yaml b/infrastructure/metallb-system/values.yaml index 2110e28..242bb2b 100644 --- a/infrastructure/metallb-system/values.yaml +++ b/infrastructure/metallb-system/values.yaml @@ -1,100 +1,16 @@ -# Default values for metallb. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" -loadBalancerClass: "" - -# existingConfigMap: "config" rbac: # create specifies whether to install and use RBAC rules. create: true prometheus: - # scrape annotations specifies whether to add Prometheus metric - # auto-collection annotations to pods. See - # https://github.com/prometheus/prometheus/blob/release-2.1/documentation/examples/prometheus-kubernetes.yml - # for a corresponding Prometheus configuration. Alternatively, you - # may want to use the Prometheus Operator - # (https://github.com/coreos/prometheus-operator) for more powerful - # monitoring configuration. If you use the Prometheus operator, this - # can be left at false. - scrapeAnnotations: false - # port both controller and speaker will listen on for metrics - metricsPort: 7472 - - # if set, enables rbac proxy on the controller and speaker to expose - # the metrics via tls. - # secureMetricsPort: 9120 - - # the name of the secret to be mounted in the speaker pod - # to expose the metrics securely. If not present, a self signed - # certificate to be used. - speakerMetricsTLSSecret: "" - - # the name of the secret to be mounted in the controller pod - # to expose the metrics securely. If not present, a self signed - # certificate to be used. - controllerMetricsTLSSecret: "" - - # prometheus doens't have the permission to scrape all namespaces so we give it permission to scrape metallb's one - rbacPrometheus: true - - # the service account used by prometheus - # required when " .Values.prometheus.rbacPrometheus == true " and " .Values.prometheus.podMonitor.enabled=true or prometheus.serviceMonitor.enabled=true " - serviceAccount: "" - - # the namespace where prometheus is deployed - # required when " .Values.prometheus.rbacPrometheus == true " and " .Values.prometheus.podMonitor.enabled=true or prometheus.serviceMonitor.enabled=true " - namespace: "" - - # the image to be used for the kuberbacproxy container - rbacProxy: - repository: gcr.io/kubebuilder/kube-rbac-proxy - tag: v0.12.0 - pullPolicy: - - # Prometheus Operator PodMonitors - podMonitor: - # enable support for Prometheus Operator - enabled: false - - # optional additionnal labels for podMonitors - additionalLabels: {} - - # optional annotations for podMonitors - annotations: {} - - # Job label for scrape target - jobLabel: "app.kubernetes.io/name" - - # Scrape interval. If not set, the Prometheus default scrape interval is used. - interval: - - # metric relabel configs to apply to samples before ingestion. - metricRelabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] - - # relabel configs to apply to samples before ingestion. - relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # target_label: nodename - # replacement: $1 - # action: replace # Prometheus Operator ServiceMonitors. To be used as an alternative # to podMonitor, supports secure metrics. serviceMonitor: # enable support for Prometheus Operator - enabled: false + enabled: true speaker: # optional additional labels for the speaker serviceMonitor @@ -119,73 +35,6 @@ prometheus: # Job label for scrape target jobLabel: "app.kubernetes.io/name" - # Scrape interval. If not set, the Prometheus default scrape interval is used. - interval: - - # metric relabel configs to apply to samples before ingestion. - metricRelabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] - - # relabel configs to apply to samples before ingestion. - relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # target_label: nodename - # replacement: $1 - # action: replace - - # Prometheus Operator alertmanager alerts - prometheusRule: - # enable alertmanager alerts - enabled: false - - # optional additionnal labels for prometheusRules - additionalLabels: {} - - # optional annotations for prometheusRules - annotations: {} - - # MetalLBStaleConfig - staleConfig: - enabled: true - labels: - severity: warning - - # MetalLBConfigNotLoaded - configNotLoaded: - enabled: true - labels: - severity: warning - - # MetalLBAddressPoolExhausted - addressPoolExhausted: - enabled: true - labels: - severity: alert - - addressPoolUsage: - enabled: true - thresholds: - - percent: 75 - labels: - severity: warning - - percent: 85 - labels: - severity: warning - - percent: 95 - labels: - severity: alert - - # MetalLBBGPSessionDown - bgpSessionDown: - enabled: true - labels: - severity: alert - - extraAlerts: [] # controller contains configuration specific to the MetalLB cluster # controller. @@ -193,59 +42,7 @@ controller: enabled: true # -- Controller log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none` logLevel: info - # command: /controller - # webhookMode: enabled - image: - repository: quay.io/metallb/controller - tag: - pullPolicy: - ## @param controller.updateStrategy.type Metallb controller deployment strategy type. - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy - ## e.g: - ## strategy: - ## type: RollingUpdate - ## rollingUpdate: - ## maxSurge: 25% - ## maxUnavailable: 25% - ## - strategy: - type: RollingUpdate - serviceAccount: - # Specifies whether a ServiceAccount should be created - create: true - # The name of the ServiceAccount to use. If not set and create is - # true, a name is generated using the fullname template - name: "" - annotations: {} - securityContext: - runAsNonRoot: true - # nobody - runAsUser: 65534 - fsGroup: 65534 - resources: {} - # limits: - # cpu: 100m - # memory: 100Mi - nodeSelector: {} - tolerations: [] - priorityClassName: "" - runtimeClassName: "" - affinity: {} - podAnnotations: {} - livenessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 + # speaker contains configuration specific to the MetalLB speaker # daemonset. @@ -254,83 +51,7 @@ speaker: # command: /speaker # -- Speaker log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none` logLevel: info - tolerateMaster: true - memberlist: - enabled: true - mlBindPort: 7946 - mlSecretKeyPath: "/etc/ml_secret_key" - image: - repository: quay.io/metallb/speaker - tag: - pullPolicy: - ## @param speaker.updateStrategy.type Speaker daemonset strategy type - ## ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/ - ## - updateStrategy: - ## StrategyType - ## Can be set to RollingUpdate or OnDelete - ## - type: RollingUpdate - serviceAccount: - # Specifies whether a ServiceAccount should be created - create: true - # The name of the ServiceAccount to use. If not set and create is - # true, a name is generated using the fullname template - name: "" - annotations: {} - ## Defines a secret name for the controller to generate a memberlist encryption secret - ## By default secretName: {{ "metallb.fullname" }}-memberlist - ## - # secretName: - resources: {} - # limits: - # cpu: 100m - # memory: 100Mi - nodeSelector: {} - tolerations: [] - priorityClassName: "" - affinity: {} - ## Selects which runtime class will be used by the pod. - runtimeClassName: "" - podAnnotations: {} - livenessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - startupProbe: - enabled: true - failureThreshold: 30 - periodSeconds: 5 - # frr contains configuration specific to the MetalLB FRR container, - # for speaker running alongside FRR. - frr: - enabled: false - image: - repository: quay.io/frrouting/frr - tag: 7.5.1 - pullPolicy: - metricsPort: 7473 - resources: {} - # if set, enables a rbac proxy sidecar container on the speaker to - # expose the frr metrics via tls. - # secureMetricsPort: 9121 - - reloader: - resources: {} - - frrMetrics: - resources: {} crds: enabled: true diff --git a/kluster-deployments/kustomization.yaml b/kluster-deployments/kustomization.yaml index f6659f4..85fc6c8 100644 --- a/kluster-deployments/kustomization.yaml +++ b/kluster-deployments/kustomization.yaml @@ -16,6 +16,7 @@ resources: - pg-ha/ - gitea/ - renovate/ + - metallb-system/ - traefik/ - external-dns/ diff --git a/kluster-deployments/metallb-system/application.yaml b/kluster-deployments/metallb-system/application.yaml new file mode 100644 index 0000000..2dc679b --- /dev/null +++ b/kluster-deployments/metallb-system/application.yaml @@ -0,0 +1,18 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: metallb-application + namespace: argocd +spec: + project: infrastructure + source: + repoURL: git@github.com:moll-re/bootstrap-k3s-infra.git + targetRevision: main + path: infrastructure/metallb-system + destination: + server: https://kubernetes.default.svc + namespace: metallb-system + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/kluster-deployments/metallb-system/kustomization.yaml b/kluster-deployments/metallb-system/kustomization.yaml new file mode 100644 index 0000000..0b082ba --- /dev/null +++ b/kluster-deployments/metallb-system/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- application.yaml \ No newline at end of file