argo manage metallb

2024-01-15 19:03:49 +01:00
parent a3aa8888e9
commit 606aded35f
9 changed files with 45 additions and 300 deletions
--- a/README.md
+++ b/README.md
@@ -4,8 +4,7 @@
 ### Initial setup
 #### Requirements:
- A running k3s instance run:
+- A running k3s instance
 - `metalLB` deployed
 - `sealedsecrets` deployed
 #### Installing argo and the app-of-apps
--- a/infrastructure/metallb-system/config.values.yaml
+++ b/infrastructure/metallb-system/config.values.yaml
@@ -1,2 +0,0 @@
 name: metallb
 chart: metallb/metallb
--- a/infrastructure/metallb-system/configmap.yaml
+++ b/infrastructure/metallb-system/configmap.yaml
@@ -1,15 +0,0 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: config
 spec:
  secretTemplates:
  - name: secret-1
    labels:
      label1: value1
    annotations:
      key1: value1
    stringData:
      data-name0: data-value0
    data:
      data-name1: ZGF0YS12YWx1ZTE=
--- a/infrastructure/metallb-system/kustomization.yaml
+++ b/infrastructure/metallb-system/kustomization.yaml
@@ -0,0 +1,15 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources: 
  - namespace.yaml
  - ipaddresspool.yaml
 namespace: metallb-system
 helmCharts:
  - name: metallb
    repo: https://metallb.github.io/metallb
    version: 0.13.9
    releaseName: metallb
    valuesFile: values.yaml
--- a/infrastructure/metallb-system/namespace.yaml
+++ b/infrastructure/metallb-system/namespace.yaml
@@ -0,0 +1,4 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: placeholder
--- a/infrastructure/metallb-system/values.yaml
+++ b/infrastructure/metallb-system/values.yaml
@@ -1,100 +1,16 @@
 # Default values for metallb.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 loadBalancerClass: ""
 # existingConfigMap: "config"
 rbac:
  # create specifies whether to install and use RBAC rules.
  create: true
 prometheus:
  # scrape annotations specifies whether to add Prometheus metric
  # auto-collection annotations to pods. See
  # https://github.com/prometheus/prometheus/blob/release-2.1/documentation/examples/prometheus-kubernetes.yml
  # for a corresponding Prometheus configuration. Alternatively, you
  # may want to use the Prometheus Operator
  # (https://github.com/coreos/prometheus-operator) for more powerful
  # monitoring configuration. If you use the Prometheus operator, this
  # can be left at false.
  scrapeAnnotations: false
  # port both controller and speaker will listen on for metrics
  metricsPort: 7472
  # if set, enables rbac proxy on the controller and speaker to expose
  # the metrics via tls.
  # secureMetricsPort: 9120
  # the name of the secret to be mounted in the speaker pod
  # to expose the metrics securely. If not present, a self signed
  # certificate to be used.
  speakerMetricsTLSSecret: ""
  # the name of the secret to be mounted in the controller pod
  # to expose the metrics securely. If not present, a self signed
  # certificate to be used.
  controllerMetricsTLSSecret: ""
  # prometheus doens't have the permission to scrape all namespaces so we give it permission to scrape metallb's one
  rbacPrometheus: true
  # the service account used by prometheus
  # required when " .Values.prometheus.rbacPrometheus == true " and " .Values.prometheus.podMonitor.enabled=true or prometheus.serviceMonitor.enabled=true "
  serviceAccount: ""
  # the namespace where prometheus is deployed
  # required when " .Values.prometheus.rbacPrometheus == true " and " .Values.prometheus.podMonitor.enabled=true or prometheus.serviceMonitor.enabled=true "
  namespace: ""
  # the image to be used for the kuberbacproxy container
  rbacProxy:
    repository: gcr.io/kubebuilder/kube-rbac-proxy
    tag: v0.12.0
    pullPolicy:
  # Prometheus Operator PodMonitors
  podMonitor:
    # enable support for Prometheus Operator
    enabled: false
    # optional additionnal labels for podMonitors
    additionalLabels: {}
    # optional annotations for podMonitors
    annotations: {}
    # Job label for scrape target
    jobLabel: "app.kubernetes.io/name"
    # Scrape interval. If not set, the Prometheus default scrape interval is used.
    interval:
    #   metric relabel configs to apply to samples before ingestion.
    metricRelabelings: []
    # - action: keep
    #   regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
    #   sourceLabels: [__name__]
    #   relabel configs to apply to samples before ingestion.
    relabelings: []
    # - sourceLabels: [__meta_kubernetes_pod_node_name]
    #   separator: ;
    #   regex: ^(.*)$
    #   target_label: nodename
    #   replacement: $1
    #   action: replace
  # Prometheus Operator ServiceMonitors. To be used as an alternative
  # to podMonitor, supports secure metrics.
  serviceMonitor:
    # enable support for Prometheus Operator
-    enabled: false
+    enabled: true
    speaker:
      # optional additional labels for the speaker serviceMonitor
@@ -119,73 +35,6 @@ prometheus:
    # Job label for scrape target
    jobLabel: "app.kubernetes.io/name"
    # Scrape interval. If not set, the Prometheus default scrape interval is used.
    interval:
    #   metric relabel configs to apply to samples before ingestion.
    metricRelabelings: []
    # - action: keep
    #   regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
    #   sourceLabels: [__name__]
    #   relabel configs to apply to samples before ingestion.
    relabelings: []
    # - sourceLabels: [__meta_kubernetes_pod_node_name]
    #   separator: ;
    #   regex: ^(.*)$
    #   target_label: nodename
    #   replacement: $1
    #   action: replace
  # Prometheus Operator alertmanager alerts
  prometheusRule:
    # enable alertmanager alerts
    enabled: false
    # optional additionnal labels for prometheusRules
    additionalLabels: {}
    # optional annotations for prometheusRules
    annotations: {}
    # MetalLBStaleConfig
    staleConfig:
      enabled: true
      labels:
        severity: warning
    # MetalLBConfigNotLoaded
    configNotLoaded:
      enabled: true
      labels:
        severity: warning
    # MetalLBAddressPoolExhausted
    addressPoolExhausted:
      enabled: true
      labels:
        severity: alert
    addressPoolUsage:
      enabled: true
      thresholds:
        - percent: 75
          labels:
            severity: warning
        - percent: 85
          labels:
            severity: warning
        - percent: 95
          labels:
            severity: alert
    # MetalLBBGPSessionDown
    bgpSessionDown:
      enabled: true
      labels:
        severity: alert
    extraAlerts: []
 # controller contains configuration specific to the MetalLB cluster
 # controller.
@@ -193,59 +42,7 @@ controller:
  enabled: true
  # -- Controller log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none`
  logLevel: info
-  # command: /controller
+
  # webhookMode: enabled
  image:
    repository: quay.io/metallb/controller
    tag:
    pullPolicy:
  ## @param controller.updateStrategy.type Metallb controller deployment strategy type.
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
  ## e.g:
  ## strategy:
  ##  type: RollingUpdate
  ##  rollingUpdate:
  ##    maxSurge: 25%
  ##    maxUnavailable: 25%
  ##
  strategy:
    type: RollingUpdate
  serviceAccount:
    # Specifies whether a ServiceAccount should be created
    create: true
    # The name of the ServiceAccount to use. If not set and create is
    # true, a name is generated using the fullname template
    name: ""
    annotations: {}
  securityContext:
    runAsNonRoot: true
    # nobody
    runAsUser: 65534
    fsGroup: 65534
  resources: {}
    # limits:
      # cpu: 100m
      # memory: 100Mi
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
  runtimeClassName: ""
  affinity: {}
  podAnnotations: {}
  livenessProbe:
    enabled: true
    failureThreshold: 3
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
  readinessProbe:
    enabled: true
    failureThreshold: 3
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
 # speaker contains configuration specific to the MetalLB speaker
 # daemonset.
@@ -254,83 +51,7 @@ speaker:
  # command: /speaker
  # -- Speaker log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none`
  logLevel: info
  tolerateMaster: true
  memberlist:
    enabled: true
    mlBindPort: 7946
    mlSecretKeyPath: "/etc/ml_secret_key"
  image:
    repository: quay.io/metallb/speaker
    tag:
    pullPolicy:
  ## @param speaker.updateStrategy.type Speaker daemonset strategy type
  ## ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/
  ##
  updateStrategy:
    ## StrategyType
    ## Can be set to RollingUpdate or OnDelete
    ##
    type: RollingUpdate
  serviceAccount:
    # Specifies whether a ServiceAccount should be created
    create: true
    # The name of the ServiceAccount to use. If not set and create is
    # true, a name is generated using the fullname template
    name: ""
    annotations: {}
  ## Defines a secret name for the controller to generate a memberlist encryption secret
  ## By default secretName: {{ "metallb.fullname" }}-memberlist
  ##
  # secretName:
  resources: {}
    # limits:
      # cpu: 100m
      # memory: 100Mi
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
  affinity: {}
  ## Selects which runtime class will be used by the pod.
  runtimeClassName: ""
  podAnnotations: {}
  livenessProbe:
    enabled: true
    failureThreshold: 3
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
  readinessProbe:
    enabled: true
    failureThreshold: 3
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
  startupProbe:
    enabled: true
    failureThreshold: 30
    periodSeconds: 5
  # frr contains configuration specific to the MetalLB FRR container,
  # for speaker running alongside FRR.
  frr:
    enabled: false
    image:
      repository: quay.io/frrouting/frr
      tag: 7.5.1
      pullPolicy:
    metricsPort: 7473
    resources: {}
    # if set, enables a rbac proxy sidecar container on the speaker to
    # expose the frr metrics via tls.
    # secureMetricsPort: 9121
  reloader:
    resources: {}
  frrMetrics:
    resources: {}
 crds:
  enabled: true
--- a/kluster-deployments/kustomization.yaml
+++ b/kluster-deployments/kustomization.yaml
@@ -16,6 +16,7 @@ resources:
  - pg-ha/
  - gitea/
  - renovate/
  - metallb-system/
  - traefik/
  - external-dns/
--- a/kluster-deployments/metallb-system/application.yaml
+++ b/kluster-deployments/metallb-system/application.yaml
@@ -0,0 +1,18 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: metallb-application
  namespace: argocd
 spec:
  project: infrastructure
  source:
    repoURL: git@github.com:moll-re/bootstrap-k3s-infra.git
    targetRevision: main
    path: infrastructure/metallb-system
  destination:
    server: https://kubernetes.default.svc
    namespace: metallb-system
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
--- a/kluster-deployments/metallb-system/kustomization.yaml
+++ b/kluster-deployments/metallb-system/kustomization.yaml
@@ -0,0 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - application.yaml