istio.io/istio@v0.0.0-20240520182934-d79c90f27776/common/scripts/metallb-native.yaml (about) 1 # Downloaded from https://github.com/metallb/metallb/raw/v0.13.12/config/manifests/metallb-native.yaml 2 # With quay.io hub replaced with gcr.io/istio-testing 3 # And probes tuned to startup faster 4 apiVersion: v1 5 kind: Namespace 6 metadata: 7 labels: 8 pod-security.kubernetes.io/audit: privileged 9 pod-security.kubernetes.io/enforce: privileged 10 pod-security.kubernetes.io/warn: privileged 11 name: metallb-system 12 --- 13 apiVersion: apiextensions.k8s.io/v1 14 kind: CustomResourceDefinition 15 metadata: 16 annotations: 17 controller-gen.kubebuilder.io/version: v0.11.1 18 creationTimestamp: null 19 name: bfdprofiles.metallb.io 20 spec: 21 group: metallb.io 22 names: 23 kind: BFDProfile 24 listKind: BFDProfileList 25 plural: bfdprofiles 26 singular: bfdprofile 27 scope: Namespaced 28 versions: 29 - additionalPrinterColumns: 30 - jsonPath: .spec.passiveMode 31 name: Passive Mode 32 type: boolean 33 - jsonPath: .spec.transmitInterval 34 name: Transmit Interval 35 type: integer 36 - jsonPath: .spec.receiveInterval 37 name: Receive Interval 38 type: integer 39 - jsonPath: .spec.detectMultiplier 40 name: Multiplier 41 type: integer 42 name: v1beta1 43 schema: 44 openAPIV3Schema: 45 description: BFDProfile represents the settings of the bfd session that can 46 be optionally associated with a BGP session. 47 properties: 48 apiVersion: 49 description: 'APIVersion defines the versioned schema of this representation 50 of an object. Servers should convert recognized schemas to the latest 51 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 52 type: string 53 kind: 54 description: 'Kind is a string value representing the REST resource this 55 object represents. Servers may infer this from the endpoint the client 56 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 57 type: string 58 metadata: 59 type: object 60 spec: 61 description: BFDProfileSpec defines the desired state of BFDProfile. 62 properties: 63 detectMultiplier: 64 description: Configures the detection multiplier to determine packet 65 loss. The remote transmission interval will be multiplied by this 66 value to determine the connection loss detection timer. 67 format: int32 68 maximum: 255 69 minimum: 2 70 type: integer 71 echoInterval: 72 description: Configures the minimal echo receive transmission interval 73 that this system is capable of handling in milliseconds. Defaults 74 to 50ms 75 format: int32 76 maximum: 60000 77 minimum: 10 78 type: integer 79 echoMode: 80 description: Enables or disables the echo transmission mode. This 81 mode is disabled by default, and not supported on multi hops setups. 82 type: boolean 83 minimumTtl: 84 description: 'For multi hop sessions only: configure the minimum expected 85 TTL for an incoming BFD control packet.' 86 format: int32 87 maximum: 254 88 minimum: 1 89 type: integer 90 passiveMode: 91 description: 'Mark session as passive: a passive session will not 92 attempt to start the connection and will wait for control packets 93 from peer before it begins replying.' 94 type: boolean 95 receiveInterval: 96 description: The minimum interval that this system is capable of receiving 97 control packets in milliseconds. Defaults to 300ms. 98 format: int32 99 maximum: 60000 100 minimum: 10 101 type: integer 102 transmitInterval: 103 description: The minimum transmission interval (less jitter) that 104 this system wants to use to send BFD control packets in milliseconds. 105 Defaults to 300ms 106 format: int32 107 maximum: 60000 108 minimum: 10 109 type: integer 110 type: object 111 status: 112 description: BFDProfileStatus defines the observed state of BFDProfile. 113 type: object 114 type: object 115 served: true 116 storage: true 117 subresources: 118 status: {} 119 --- 120 apiVersion: apiextensions.k8s.io/v1 121 kind: CustomResourceDefinition 122 metadata: 123 annotations: 124 controller-gen.kubebuilder.io/version: v0.11.1 125 creationTimestamp: null 126 name: bgpadvertisements.metallb.io 127 spec: 128 group: metallb.io 129 names: 130 kind: BGPAdvertisement 131 listKind: BGPAdvertisementList 132 plural: bgpadvertisements 133 singular: bgpadvertisement 134 scope: Namespaced 135 versions: 136 - additionalPrinterColumns: 137 - jsonPath: .spec.ipAddressPools 138 name: IPAddressPools 139 type: string 140 - jsonPath: .spec.ipAddressPoolSelectors 141 name: IPAddressPool Selectors 142 type: string 143 - jsonPath: .spec.peers 144 name: Peers 145 type: string 146 - jsonPath: .spec.nodeSelectors 147 name: Node Selectors 148 priority: 10 149 type: string 150 name: v1beta1 151 schema: 152 openAPIV3Schema: 153 description: BGPAdvertisement allows to advertise the IPs coming from the 154 selected IPAddressPools via BGP, setting the parameters of the BGP Advertisement. 155 properties: 156 apiVersion: 157 description: 'APIVersion defines the versioned schema of this representation 158 of an object. Servers should convert recognized schemas to the latest 159 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 160 type: string 161 kind: 162 description: 'Kind is a string value representing the REST resource this 163 object represents. Servers may infer this from the endpoint the client 164 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 165 type: string 166 metadata: 167 type: object 168 spec: 169 description: BGPAdvertisementSpec defines the desired state of BGPAdvertisement. 170 properties: 171 aggregationLength: 172 default: 32 173 description: The aggregation-length advertisement option lets you 174 “roll up” the /32s into a larger prefix. Defaults to 32. Works for 175 IPv4 addresses. 176 format: int32 177 minimum: 1 178 type: integer 179 aggregationLengthV6: 180 default: 128 181 description: The aggregation-length advertisement option lets you 182 “roll up” the /128s into a larger prefix. Defaults to 128. Works 183 for IPv6 addresses. 184 format: int32 185 type: integer 186 communities: 187 description: The BGP communities to be associated with the announcement. 188 Each item can be a standard community of the form 1234:1234, a large 189 community of the form large:1234:1234:1234 or the name of an alias 190 defined in the Community CRD. 191 items: 192 type: string 193 type: array 194 ipAddressPoolSelectors: 195 description: A selector for the IPAddressPools which would get advertised 196 via this advertisement. If no IPAddressPool is selected by this 197 or by the list, the advertisement is applied to all the IPAddressPools. 198 items: 199 description: A label selector is a label query over a set of resources. 200 The result of matchLabels and matchExpressions are ANDed. An empty 201 label selector matches all objects. A null label selector matches 202 no objects. 203 properties: 204 matchExpressions: 205 description: matchExpressions is a list of label selector requirements. 206 The requirements are ANDed. 207 items: 208 description: A label selector requirement is a selector that 209 contains values, a key, and an operator that relates the 210 key and values. 211 properties: 212 key: 213 description: key is the label key that the selector applies 214 to. 215 type: string 216 operator: 217 description: operator represents a key's relationship 218 to a set of values. Valid operators are In, NotIn, Exists 219 and DoesNotExist. 220 type: string 221 values: 222 description: values is an array of string values. If the 223 operator is In or NotIn, the values array must be non-empty. 224 If the operator is Exists or DoesNotExist, the values 225 array must be empty. This array is replaced during a 226 strategic merge patch. 227 items: 228 type: string 229 type: array 230 required: 231 - key 232 - operator 233 type: object 234 type: array 235 matchLabels: 236 additionalProperties: 237 type: string 238 description: matchLabels is a map of {key,value} pairs. A single 239 {key,value} in the matchLabels map is equivalent to an element 240 of matchExpressions, whose key field is "key", the operator 241 is "In", and the values array contains only "value". The requirements 242 are ANDed. 243 type: object 244 type: object 245 x-kubernetes-map-type: atomic 246 type: array 247 ipAddressPools: 248 description: The list of IPAddressPools to advertise via this advertisement, 249 selected by name. 250 items: 251 type: string 252 type: array 253 localPref: 254 description: The BGP LOCAL_PREF attribute which is used by BGP best 255 path algorithm, Path with higher localpref is preferred over one 256 with lower localpref. 257 format: int32 258 type: integer 259 nodeSelectors: 260 description: NodeSelectors allows to limit the nodes to announce as 261 next hops for the LoadBalancer IP. When empty, all the nodes having are 262 announced as next hops. 263 items: 264 description: A label selector is a label query over a set of resources. 265 The result of matchLabels and matchExpressions are ANDed. An empty 266 label selector matches all objects. A null label selector matches 267 no objects. 268 properties: 269 matchExpressions: 270 description: matchExpressions is a list of label selector requirements. 271 The requirements are ANDed. 272 items: 273 description: A label selector requirement is a selector that 274 contains values, a key, and an operator that relates the 275 key and values. 276 properties: 277 key: 278 description: key is the label key that the selector applies 279 to. 280 type: string 281 operator: 282 description: operator represents a key's relationship 283 to a set of values. Valid operators are In, NotIn, Exists 284 and DoesNotExist. 285 type: string 286 values: 287 description: values is an array of string values. If the 288 operator is In or NotIn, the values array must be non-empty. 289 If the operator is Exists or DoesNotExist, the values 290 array must be empty. This array is replaced during a 291 strategic merge patch. 292 items: 293 type: string 294 type: array 295 required: 296 - key 297 - operator 298 type: object 299 type: array 300 matchLabels: 301 additionalProperties: 302 type: string 303 description: matchLabels is a map of {key,value} pairs. A single 304 {key,value} in the matchLabels map is equivalent to an element 305 of matchExpressions, whose key field is "key", the operator 306 is "In", and the values array contains only "value". The requirements 307 are ANDed. 308 type: object 309 type: object 310 x-kubernetes-map-type: atomic 311 type: array 312 peers: 313 description: Peers limits the bgppeer to advertise the ips of the 314 selected pools to. When empty, the loadbalancer IP is announced 315 to all the BGPPeers configured. 316 items: 317 type: string 318 type: array 319 type: object 320 status: 321 description: BGPAdvertisementStatus defines the observed state of BGPAdvertisement. 322 type: object 323 type: object 324 served: true 325 storage: true 326 subresources: 327 status: {} 328 --- 329 apiVersion: apiextensions.k8s.io/v1 330 kind: CustomResourceDefinition 331 metadata: 332 annotations: 333 controller-gen.kubebuilder.io/version: v0.11.1 334 creationTimestamp: null 335 name: bgppeers.metallb.io 336 spec: 337 conversion: 338 strategy: Webhook 339 webhook: 340 clientConfig: 341 caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGWlRDQ0EwMmdBd0lCQWdJVU5GRW1XcTM3MVpKdGkrMmlSQzk1WmpBV1MxZ3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3UWpFTE1Ba0dBMVVFQmhNQ1dGZ3hGVEFUQmdOVkJBY01ERVJsWm1GMWJIUWdRMmwwZVRFY01Cb0dBMVVFDQpDZ3dUUkdWbVlYVnNkQ0JEYjIxd1lXNTVJRXgwWkRBZUZ3MHlNakEzTVRrd09UTXlNek5hRncweU1qQTRNVGd3DQpPVE15TXpOYU1FSXhDekFKQmdOVkJBWVRBbGhZTVJVd0V3WURWUVFIREF4RVpXWmhkV3gwSUVOcGRIa3hIREFhDQpCZ05WQkFvTUUwUmxabUYxYkhRZ1EyOXRjR0Z1ZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDDQpEd0F3Z2dJS0FvSUNBUUNxVFpxMWZRcC9vYkdlenhES0o3OVB3Ny94azJwellualNzMlkzb1ZYSm5sRmM4YjVlDQpma2ZZQnY2bndscW1keW5PL2phWFBaQmRQSS82aFdOUDBkdVhadEtWU0NCUUpyZzEyOGNXb3F0MGNTN3pLb1VpDQpvcU1tQ0QvRXVBeFFNZjhRZDF2c1gvVllkZ0poVTZBRXJLZEpIaXpFOUJtUkNkTDBGMW1OVW55Rk82UnRtWFZUDQpidkxsTDVYeTc2R0FaQVBLOFB4aVlDa0NtbDdxN0VnTWNiOXlLWldCYmlxQ3VkTXE5TGJLNmdKNzF6YkZnSXV4DQo1L1pXK2JraTB2RlplWk9ZODUxb1psckFUNzJvMDI4NHNTWW9uN0pHZVZkY3NoUnh5R1VpSFpSTzdkaXZVTDVTDQpmM2JmSDFYbWY1ZDQzT0NWTWRuUUV2NWVaOG8zeWVLa3ZrbkZQUGVJMU9BbjdGbDlFRVNNR2dhOGFaSG1URSttDQpsLzlMSmdDYjBnQmtPT0M0WnV4bWh2aERKV1EzWnJCS3pMQlNUZXN0NWlLNVlwcXRWVVk2THRyRW9FelVTK1lsDQpwWndXY2VQWHlHeHM5ZURsR3lNVmQraW15Y3NTU1UvVno2Mmx6MnZCS21NTXBkYldDQWhud0RsRTVqU2dyMjRRDQp0eGNXLys2N3d5KzhuQlI3UXdqVTFITndVRjBzeERWdEwrZ1NHVERnSEVZSlhZelYvT05zMy94TkpoVFNPSkxNDQpoeXNVdyttaGdackdhbUdXcHVIVU1DUitvTWJzMTc1UkcrQjJnUFFHVytPTjJnUTRyOXN2b0ZBNHBBQm8xd1dLDQpRYjRhY3pmeVVscElBOVFoSmFsZEY3S3dPSHVlV3gwRUNrNXg0T2tvVDBvWVp0dzFiR0JjRGtaSmF3SURBUUFCDQpvMU13VVRBZEJnTlZIUTRFRmdRVW90UlNIUm9IWTEyRFZ4R0NCdEhpb1g2ZmVFQXdId1lEVlIwakJCZ3dGb0FVDQpvdFJTSFJvSFkxMkRWeEdDQnRIaW9YNmZlRUF3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCDQpBUXNGQUFPQ0FnRUFSbkpsWWRjMTFHd0VxWnh6RDF2R3BDR2pDN2VWTlQ3aVY1d3IybXlybHdPYi9aUWFEa0xYDQpvVStaOVVXT1VlSXJTdzUydDdmQUpvVVAwSm5iYkMveVIrU1lqUGhvUXNiVHduOTc2ZldBWTduM3FMOXhCd1Y0DQphek41OXNjeUp0dlhMeUtOL2N5ak1ReDRLajBIMFg0bWJ6bzVZNUtzWWtYVU0vOEFPdWZMcEd0S1NGVGgrSEFDDQpab1Q5YnZHS25adnNHd0tYZFF0Wnh0akhaUjVqK3U3ZGtQOTJBT051RFNabS8rWVV4b2tBK09JbzdSR3BwSHNXDQo1ZTdNY0FTVXRtb1FORXd6dVFoVkJaRWQ1OGtKYjUrV0VWbGNzanlXNnRTbzErZ25tTWNqR1BsMWgxR2hVbjV4DQpFY0lWRnBIWXM5YWo1NmpBSjk1MVQvZjhMaWxmTlVnanBLQ0c1bnl0SUt3emxhOHNtdGlPdm1UNEpYbXBwSkI2DQo4bmdHRVluVjUrUTYwWFJ2OEhSSGp1VG9CRHVhaERrVDA2R1JGODU1d09FR2V4bkZpMXZYWUxLVllWb1V2MXRKDQo4dVdUR1pwNllDSVJldlBqbzg5ZytWTlJSaVFYUThJd0dybXE5c0RoVTlqTjA0SjdVL1RvRDFpNHE3VnlsRUc5DQorV1VGNkNLaEdBeTJIaEhwVncyTGFoOS9lUzdZMUZ1YURrWmhPZG1laG1BOCtqdHNZamJadnR5Mm1SWlF0UUZzDQpUU1VUUjREbUR2bVVPRVRmeStpRHdzK2RkWXVNTnJGeVVYV2dkMnpBQU4ydVl1UHFGY2pRcFNPODFzVTJTU3R3DQoxVzAyeUtYOGJEYmZFdjBzbUh3UzliQnFlSGo5NEM1Mjg0YXpsdTBmaUdpTm1OUEM4ckJLRmhBPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== 342 service: 343 name: webhook-service 344 namespace: metallb-system 345 path: /convert 346 conversionReviewVersions: 347 - v1beta1 348 - v1beta2 349 group: metallb.io 350 names: 351 kind: BGPPeer 352 listKind: BGPPeerList 353 plural: bgppeers 354 singular: bgppeer 355 scope: Namespaced 356 versions: 357 - additionalPrinterColumns: 358 - jsonPath: .spec.peerAddress 359 name: Address 360 type: string 361 - jsonPath: .spec.peerASN 362 name: ASN 363 type: string 364 - jsonPath: .spec.bfdProfile 365 name: BFD Profile 366 type: string 367 - jsonPath: .spec.ebgpMultiHop 368 name: Multi Hops 369 type: string 370 name: v1beta1 371 schema: 372 openAPIV3Schema: 373 description: BGPPeer is the Schema for the peers API. 374 properties: 375 apiVersion: 376 description: 'APIVersion defines the versioned schema of this representation 377 of an object. Servers should convert recognized schemas to the latest 378 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 379 type: string 380 kind: 381 description: 'Kind is a string value representing the REST resource this 382 object represents. Servers may infer this from the endpoint the client 383 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 384 type: string 385 metadata: 386 type: object 387 spec: 388 description: BGPPeerSpec defines the desired state of Peer. 389 properties: 390 bfdProfile: 391 type: string 392 ebgpMultiHop: 393 description: EBGP peer is multi-hops away 394 type: boolean 395 holdTime: 396 description: Requested BGP hold time, per RFC4271. 397 type: string 398 keepaliveTime: 399 description: Requested BGP keepalive time, per RFC4271. 400 type: string 401 myASN: 402 description: AS number to use for the local end of the session. 403 format: int32 404 maximum: 4294967295 405 minimum: 0 406 type: integer 407 nodeSelectors: 408 description: Only connect to this peer on nodes that match one of 409 these selectors. 410 items: 411 properties: 412 matchExpressions: 413 items: 414 properties: 415 key: 416 type: string 417 operator: 418 type: string 419 values: 420 items: 421 type: string 422 minItems: 1 423 type: array 424 required: 425 - key 426 - operator 427 - values 428 type: object 429 type: array 430 matchLabels: 431 additionalProperties: 432 type: string 433 type: object 434 type: object 435 type: array 436 password: 437 description: Authentication password for routers enforcing TCP MD5 438 authenticated sessions 439 type: string 440 peerASN: 441 description: AS number to expect from the remote end of the session. 442 format: int32 443 maximum: 4294967295 444 minimum: 0 445 type: integer 446 peerAddress: 447 description: Address to dial when establishing the session. 448 type: string 449 peerPort: 450 description: Port to dial when establishing the session. 451 maximum: 16384 452 minimum: 0 453 type: integer 454 routerID: 455 description: BGP router ID to advertise to the peer 456 type: string 457 sourceAddress: 458 description: Source address to use when establishing the session. 459 type: string 460 required: 461 - myASN 462 - peerASN 463 - peerAddress 464 type: object 465 status: 466 description: BGPPeerStatus defines the observed state of Peer. 467 type: object 468 type: object 469 served: true 470 storage: false 471 subresources: 472 status: {} 473 - additionalPrinterColumns: 474 - jsonPath: .spec.peerAddress 475 name: Address 476 type: string 477 - jsonPath: .spec.peerASN 478 name: ASN 479 type: string 480 - jsonPath: .spec.bfdProfile 481 name: BFD Profile 482 type: string 483 - jsonPath: .spec.ebgpMultiHop 484 name: Multi Hops 485 type: string 486 name: v1beta2 487 schema: 488 openAPIV3Schema: 489 description: BGPPeer is the Schema for the peers API. 490 properties: 491 apiVersion: 492 description: 'APIVersion defines the versioned schema of this representation 493 of an object. Servers should convert recognized schemas to the latest 494 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 495 type: string 496 kind: 497 description: 'Kind is a string value representing the REST resource this 498 object represents. Servers may infer this from the endpoint the client 499 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 500 type: string 501 metadata: 502 type: object 503 spec: 504 description: BGPPeerSpec defines the desired state of Peer. 505 properties: 506 bfdProfile: 507 description: The name of the BFD Profile to be used for the BFD session 508 associated to the BGP session. If not set, the BFD session won't 509 be set up. 510 type: string 511 ebgpMultiHop: 512 description: To set if the BGPPeer is multi-hops away. Needed for 513 FRR mode only. 514 type: boolean 515 holdTime: 516 description: Requested BGP hold time, per RFC4271. 517 type: string 518 keepaliveTime: 519 description: Requested BGP keepalive time, per RFC4271. 520 type: string 521 myASN: 522 description: AS number to use for the local end of the session. 523 format: int32 524 maximum: 4294967295 525 minimum: 0 526 type: integer 527 nodeSelectors: 528 description: Only connect to this peer on nodes that match one of 529 these selectors. 530 items: 531 description: A label selector is a label query over a set of resources. 532 The result of matchLabels and matchExpressions are ANDed. An empty 533 label selector matches all objects. A null label selector matches 534 no objects. 535 properties: 536 matchExpressions: 537 description: matchExpressions is a list of label selector requirements. 538 The requirements are ANDed. 539 items: 540 description: A label selector requirement is a selector that 541 contains values, a key, and an operator that relates the 542 key and values. 543 properties: 544 key: 545 description: key is the label key that the selector applies 546 to. 547 type: string 548 operator: 549 description: operator represents a key's relationship 550 to a set of values. Valid operators are In, NotIn, Exists 551 and DoesNotExist. 552 type: string 553 values: 554 description: values is an array of string values. If the 555 operator is In or NotIn, the values array must be non-empty. 556 If the operator is Exists or DoesNotExist, the values 557 array must be empty. This array is replaced during a 558 strategic merge patch. 559 items: 560 type: string 561 type: array 562 required: 563 - key 564 - operator 565 type: object 566 type: array 567 matchLabels: 568 additionalProperties: 569 type: string 570 description: matchLabels is a map of {key,value} pairs. A single 571 {key,value} in the matchLabels map is equivalent to an element 572 of matchExpressions, whose key field is "key", the operator 573 is "In", and the values array contains only "value". The requirements 574 are ANDed. 575 type: object 576 type: object 577 x-kubernetes-map-type: atomic 578 type: array 579 password: 580 description: Authentication password for routers enforcing TCP MD5 581 authenticated sessions 582 type: string 583 passwordSecret: 584 description: passwordSecret is name of the authentication secret for 585 BGP Peer. the secret must be of type "kubernetes.io/basic-auth", 586 and created in the same namespace as the MetalLB deployment. The 587 password is stored in the secret as the key "password". 588 properties: 589 name: 590 description: name is unique within a namespace to reference a 591 secret resource. 592 type: string 593 namespace: 594 description: namespace defines the space within which the secret 595 name must be unique. 596 type: string 597 type: object 598 x-kubernetes-map-type: atomic 599 peerASN: 600 description: AS number to expect from the remote end of the session. 601 format: int32 602 maximum: 4294967295 603 minimum: 0 604 type: integer 605 peerAddress: 606 description: Address to dial when establishing the session. 607 type: string 608 peerPort: 609 default: 179 610 description: Port to dial when establishing the session. 611 maximum: 16384 612 minimum: 0 613 type: integer 614 routerID: 615 description: BGP router ID to advertise to the peer 616 type: string 617 sourceAddress: 618 description: Source address to use when establishing the session. 619 type: string 620 vrf: 621 description: To set if we want to peer with the BGPPeer using an interface 622 belonging to a host vrf 623 type: string 624 required: 625 - myASN 626 - peerASN 627 - peerAddress 628 type: object 629 status: 630 description: BGPPeerStatus defines the observed state of Peer. 631 type: object 632 type: object 633 served: true 634 storage: true 635 subresources: 636 status: {} 637 --- 638 apiVersion: apiextensions.k8s.io/v1 639 kind: CustomResourceDefinition 640 metadata: 641 annotations: 642 controller-gen.kubebuilder.io/version: v0.11.1 643 creationTimestamp: null 644 name: communities.metallb.io 645 spec: 646 group: metallb.io 647 names: 648 kind: Community 649 listKind: CommunityList 650 plural: communities 651 singular: community 652 scope: Namespaced 653 versions: 654 - name: v1beta1 655 schema: 656 openAPIV3Schema: 657 description: Community is a collection of aliases for communities. Users can 658 define named aliases to be used in the BGPPeer CRD. 659 properties: 660 apiVersion: 661 description: 'APIVersion defines the versioned schema of this representation 662 of an object. Servers should convert recognized schemas to the latest 663 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 664 type: string 665 kind: 666 description: 'Kind is a string value representing the REST resource this 667 object represents. Servers may infer this from the endpoint the client 668 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 669 type: string 670 metadata: 671 type: object 672 spec: 673 description: CommunitySpec defines the desired state of Community. 674 properties: 675 communities: 676 items: 677 properties: 678 name: 679 description: The name of the alias for the community. 680 type: string 681 value: 682 description: The BGP community value corresponding to the given 683 name. Can be a standard community of the form 1234:1234 or 684 a large community of the form large:1234:1234:1234. 685 type: string 686 type: object 687 type: array 688 type: object 689 status: 690 description: CommunityStatus defines the observed state of Community. 691 type: object 692 type: object 693 served: true 694 storage: true 695 subresources: 696 status: {} 697 --- 698 apiVersion: apiextensions.k8s.io/v1 699 kind: CustomResourceDefinition 700 metadata: 701 annotations: 702 controller-gen.kubebuilder.io/version: v0.11.1 703 creationTimestamp: null 704 name: ipaddresspools.metallb.io 705 spec: 706 group: metallb.io 707 names: 708 kind: IPAddressPool 709 listKind: IPAddressPoolList 710 plural: ipaddresspools 711 singular: ipaddresspool 712 scope: Namespaced 713 versions: 714 - additionalPrinterColumns: 715 - jsonPath: .spec.autoAssign 716 name: Auto Assign 717 type: boolean 718 - jsonPath: .spec.avoidBuggyIPs 719 name: Avoid Buggy IPs 720 type: boolean 721 - jsonPath: .spec.addresses 722 name: Addresses 723 type: string 724 name: v1beta1 725 schema: 726 openAPIV3Schema: 727 description: IPAddressPool represents a pool of IP addresses that can be allocated 728 to LoadBalancer services. 729 properties: 730 apiVersion: 731 description: 'APIVersion defines the versioned schema of this representation 732 of an object. Servers should convert recognized schemas to the latest 733 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 734 type: string 735 kind: 736 description: 'Kind is a string value representing the REST resource this 737 object represents. Servers may infer this from the endpoint the client 738 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 739 type: string 740 metadata: 741 type: object 742 spec: 743 description: IPAddressPoolSpec defines the desired state of IPAddressPool. 744 properties: 745 addresses: 746 description: A list of IP address ranges over which MetalLB has authority. 747 You can list multiple ranges in a single pool, they will all share 748 the same settings. Each range can be either a CIDR prefix, or an 749 explicit start-end range of IPs. 750 items: 751 type: string 752 type: array 753 autoAssign: 754 default: true 755 description: AutoAssign flag used to prevent MetallB from automatic 756 allocation for a pool. 757 type: boolean 758 avoidBuggyIPs: 759 default: false 760 description: AvoidBuggyIPs prevents addresses ending with .0 and .255 761 to be used by a pool. 762 type: boolean 763 serviceAllocation: 764 description: AllocateTo makes ip pool allocation to specific namespace 765 and/or service. The controller will use the pool with lowest value 766 of priority in case of multiple matches. A pool with no priority 767 set will be used only if the pools with priority can't be used. 768 If multiple matching IPAddressPools are available it will check 769 for the availability of IPs sorting the matching IPAddressPools 770 by priority, starting from the highest to the lowest. If multiple 771 IPAddressPools have the same priority, choice will be random. 772 properties: 773 namespaceSelectors: 774 description: NamespaceSelectors list of label selectors to select 775 namespace(s) for ip pool, an alternative to using namespace 776 list. 777 items: 778 description: A label selector is a label query over a set of 779 resources. The result of matchLabels and matchExpressions 780 are ANDed. An empty label selector matches all objects. A 781 null label selector matches no objects. 782 properties: 783 matchExpressions: 784 description: matchExpressions is a list of label selector 785 requirements. The requirements are ANDed. 786 items: 787 description: A label selector requirement is a selector 788 that contains values, a key, and an operator that relates 789 the key and values. 790 properties: 791 key: 792 description: key is the label key that the selector 793 applies to. 794 type: string 795 operator: 796 description: operator represents a key's relationship 797 to a set of values. Valid operators are In, NotIn, 798 Exists and DoesNotExist. 799 type: string 800 values: 801 description: values is an array of string values. 802 If the operator is In or NotIn, the values array 803 must be non-empty. If the operator is Exists or 804 DoesNotExist, the values array must be empty. This 805 array is replaced during a strategic merge patch. 806 items: 807 type: string 808 type: array 809 required: 810 - key 811 - operator 812 type: object 813 type: array 814 matchLabels: 815 additionalProperties: 816 type: string 817 description: matchLabels is a map of {key,value} pairs. 818 A single {key,value} in the matchLabels map is equivalent 819 to an element of matchExpressions, whose key field is 820 "key", the operator is "In", and the values array contains 821 only "value". The requirements are ANDed. 822 type: object 823 type: object 824 x-kubernetes-map-type: atomic 825 type: array 826 namespaces: 827 description: Namespaces list of namespace(s) on which ip pool 828 can be attached. 829 items: 830 type: string 831 type: array 832 priority: 833 description: Priority priority given for ip pool while ip allocation 834 on a service. 835 type: integer 836 serviceSelectors: 837 description: ServiceSelectors list of label selector to select 838 service(s) for which ip pool can be used for ip allocation. 839 items: 840 description: A label selector is a label query over a set of 841 resources. The result of matchLabels and matchExpressions 842 are ANDed. An empty label selector matches all objects. A 843 null label selector matches no objects. 844 properties: 845 matchExpressions: 846 description: matchExpressions is a list of label selector 847 requirements. The requirements are ANDed. 848 items: 849 description: A label selector requirement is a selector 850 that contains values, a key, and an operator that relates 851 the key and values. 852 properties: 853 key: 854 description: key is the label key that the selector 855 applies to. 856 type: string 857 operator: 858 description: operator represents a key's relationship 859 to a set of values. Valid operators are In, NotIn, 860 Exists and DoesNotExist. 861 type: string 862 values: 863 description: values is an array of string values. 864 If the operator is In or NotIn, the values array 865 must be non-empty. If the operator is Exists or 866 DoesNotExist, the values array must be empty. This 867 array is replaced during a strategic merge patch. 868 items: 869 type: string 870 type: array 871 required: 872 - key 873 - operator 874 type: object 875 type: array 876 matchLabels: 877 additionalProperties: 878 type: string 879 description: matchLabels is a map of {key,value} pairs. 880 A single {key,value} in the matchLabels map is equivalent 881 to an element of matchExpressions, whose key field is 882 "key", the operator is "In", and the values array contains 883 only "value". The requirements are ANDed. 884 type: object 885 type: object 886 x-kubernetes-map-type: atomic 887 type: array 888 type: object 889 required: 890 - addresses 891 type: object 892 status: 893 description: IPAddressPoolStatus defines the observed state of IPAddressPool. 894 type: object 895 required: 896 - spec 897 type: object 898 served: true 899 storage: true 900 subresources: 901 status: {} 902 --- 903 apiVersion: apiextensions.k8s.io/v1 904 kind: CustomResourceDefinition 905 metadata: 906 annotations: 907 controller-gen.kubebuilder.io/version: v0.11.1 908 creationTimestamp: null 909 name: l2advertisements.metallb.io 910 spec: 911 group: metallb.io 912 names: 913 kind: L2Advertisement 914 listKind: L2AdvertisementList 915 plural: l2advertisements 916 singular: l2advertisement 917 scope: Namespaced 918 versions: 919 - additionalPrinterColumns: 920 - jsonPath: .spec.ipAddressPools 921 name: IPAddressPools 922 type: string 923 - jsonPath: .spec.ipAddressPoolSelectors 924 name: IPAddressPool Selectors 925 type: string 926 - jsonPath: .spec.interfaces 927 name: Interfaces 928 type: string 929 - jsonPath: .spec.nodeSelectors 930 name: Node Selectors 931 priority: 10 932 type: string 933 name: v1beta1 934 schema: 935 openAPIV3Schema: 936 description: L2Advertisement allows to advertise the LoadBalancer IPs provided 937 by the selected pools via L2. 938 properties: 939 apiVersion: 940 description: 'APIVersion defines the versioned schema of this representation 941 of an object. Servers should convert recognized schemas to the latest 942 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 943 type: string 944 kind: 945 description: 'Kind is a string value representing the REST resource this 946 object represents. Servers may infer this from the endpoint the client 947 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 948 type: string 949 metadata: 950 type: object 951 spec: 952 description: L2AdvertisementSpec defines the desired state of L2Advertisement. 953 properties: 954 interfaces: 955 description: A list of interfaces to announce from. The LB IP will 956 be announced only from these interfaces. If the field is not set, 957 we advertise from all the interfaces on the host. 958 items: 959 type: string 960 type: array 961 ipAddressPoolSelectors: 962 description: A selector for the IPAddressPools which would get advertised 963 via this advertisement. If no IPAddressPool is selected by this 964 or by the list, the advertisement is applied to all the IPAddressPools. 965 items: 966 description: A label selector is a label query over a set of resources. 967 The result of matchLabels and matchExpressions are ANDed. An empty 968 label selector matches all objects. A null label selector matches 969 no objects. 970 properties: 971 matchExpressions: 972 description: matchExpressions is a list of label selector requirements. 973 The requirements are ANDed. 974 items: 975 description: A label selector requirement is a selector that 976 contains values, a key, and an operator that relates the 977 key and values. 978 properties: 979 key: 980 description: key is the label key that the selector applies 981 to. 982 type: string 983 operator: 984 description: operator represents a key's relationship 985 to a set of values. Valid operators are In, NotIn, Exists 986 and DoesNotExist. 987 type: string 988 values: 989 description: values is an array of string values. If the 990 operator is In or NotIn, the values array must be non-empty. 991 If the operator is Exists or DoesNotExist, the values 992 array must be empty. This array is replaced during a 993 strategic merge patch. 994 items: 995 type: string 996 type: array 997 required: 998 - key 999 - operator 1000 type: object 1001 type: array 1002 matchLabels: 1003 additionalProperties: 1004 type: string 1005 description: matchLabels is a map of {key,value} pairs. A single 1006 {key,value} in the matchLabels map is equivalent to an element 1007 of matchExpressions, whose key field is "key", the operator 1008 is "In", and the values array contains only "value". The requirements 1009 are ANDed. 1010 type: object 1011 type: object 1012 x-kubernetes-map-type: atomic 1013 type: array 1014 ipAddressPools: 1015 description: The list of IPAddressPools to advertise via this advertisement, 1016 selected by name. 1017 items: 1018 type: string 1019 type: array 1020 nodeSelectors: 1021 description: NodeSelectors allows to limit the nodes to announce as 1022 next hops for the LoadBalancer IP. When empty, all the nodes having are 1023 announced as next hops. 1024 items: 1025 description: A label selector is a label query over a set of resources. 1026 The result of matchLabels and matchExpressions are ANDed. An empty 1027 label selector matches all objects. A null label selector matches 1028 no objects. 1029 properties: 1030 matchExpressions: 1031 description: matchExpressions is a list of label selector requirements. 1032 The requirements are ANDed. 1033 items: 1034 description: A label selector requirement is a selector that 1035 contains values, a key, and an operator that relates the 1036 key and values. 1037 properties: 1038 key: 1039 description: key is the label key that the selector applies 1040 to. 1041 type: string 1042 operator: 1043 description: operator represents a key's relationship 1044 to a set of values. Valid operators are In, NotIn, Exists 1045 and DoesNotExist. 1046 type: string 1047 values: 1048 description: values is an array of string values. If the 1049 operator is In or NotIn, the values array must be non-empty. 1050 If the operator is Exists or DoesNotExist, the values 1051 array must be empty. This array is replaced during a 1052 strategic merge patch. 1053 items: 1054 type: string 1055 type: array 1056 required: 1057 - key 1058 - operator 1059 type: object 1060 type: array 1061 matchLabels: 1062 additionalProperties: 1063 type: string 1064 description: matchLabels is a map of {key,value} pairs. A single 1065 {key,value} in the matchLabels map is equivalent to an element 1066 of matchExpressions, whose key field is "key", the operator 1067 is "In", and the values array contains only "value". The requirements 1068 are ANDed. 1069 type: object 1070 type: object 1071 x-kubernetes-map-type: atomic 1072 type: array 1073 type: object 1074 status: 1075 description: L2AdvertisementStatus defines the observed state of L2Advertisement. 1076 type: object 1077 type: object 1078 served: true 1079 storage: true 1080 subresources: 1081 status: {} 1082 --- 1083 apiVersion: v1 1084 kind: ServiceAccount 1085 metadata: 1086 labels: 1087 app: metallb 1088 name: controller 1089 namespace: metallb-system 1090 --- 1091 apiVersion: v1 1092 kind: ServiceAccount 1093 metadata: 1094 labels: 1095 app: metallb 1096 name: speaker 1097 namespace: metallb-system 1098 --- 1099 apiVersion: rbac.authorization.k8s.io/v1 1100 kind: Role 1101 metadata: 1102 labels: 1103 app: metallb 1104 name: controller 1105 namespace: metallb-system 1106 rules: 1107 - apiGroups: 1108 - "" 1109 resources: 1110 - secrets 1111 verbs: 1112 - create 1113 - delete 1114 - get 1115 - list 1116 - patch 1117 - update 1118 - watch 1119 - apiGroups: 1120 - "" 1121 resourceNames: 1122 - memberlist 1123 resources: 1124 - secrets 1125 verbs: 1126 - list 1127 - apiGroups: 1128 - apps 1129 resourceNames: 1130 - controller 1131 resources: 1132 - deployments 1133 verbs: 1134 - get 1135 - apiGroups: 1136 - metallb.io 1137 resources: 1138 - bgppeers 1139 verbs: 1140 - get 1141 - list 1142 - apiGroups: 1143 - metallb.io 1144 resources: 1145 - addresspools 1146 verbs: 1147 - get 1148 - list 1149 - watch 1150 - apiGroups: 1151 - metallb.io 1152 resources: 1153 - bfdprofiles 1154 verbs: 1155 - get 1156 - list 1157 - watch 1158 - apiGroups: 1159 - metallb.io 1160 resources: 1161 - ipaddresspools 1162 verbs: 1163 - get 1164 - list 1165 - watch 1166 - apiGroups: 1167 - metallb.io 1168 resources: 1169 - bgpadvertisements 1170 verbs: 1171 - get 1172 - list 1173 - watch 1174 - apiGroups: 1175 - metallb.io 1176 resources: 1177 - l2advertisements 1178 verbs: 1179 - get 1180 - list 1181 - watch 1182 - apiGroups: 1183 - metallb.io 1184 resources: 1185 - communities 1186 verbs: 1187 - get 1188 - list 1189 - watch 1190 --- 1191 apiVersion: rbac.authorization.k8s.io/v1 1192 kind: Role 1193 metadata: 1194 labels: 1195 app: metallb 1196 name: pod-lister 1197 namespace: metallb-system 1198 rules: 1199 - apiGroups: 1200 - "" 1201 resources: 1202 - pods 1203 verbs: 1204 - list 1205 - apiGroups: 1206 - "" 1207 resources: 1208 - secrets 1209 verbs: 1210 - get 1211 - list 1212 - watch 1213 - apiGroups: 1214 - "" 1215 resources: 1216 - configmaps 1217 verbs: 1218 - get 1219 - list 1220 - watch 1221 - apiGroups: 1222 - metallb.io 1223 resources: 1224 - addresspools 1225 verbs: 1226 - get 1227 - list 1228 - watch 1229 - apiGroups: 1230 - metallb.io 1231 resources: 1232 - bfdprofiles 1233 verbs: 1234 - get 1235 - list 1236 - watch 1237 - apiGroups: 1238 - metallb.io 1239 resources: 1240 - bgppeers 1241 verbs: 1242 - get 1243 - list 1244 - watch 1245 - apiGroups: 1246 - metallb.io 1247 resources: 1248 - l2advertisements 1249 verbs: 1250 - get 1251 - list 1252 - watch 1253 - apiGroups: 1254 - metallb.io 1255 resources: 1256 - bgpadvertisements 1257 verbs: 1258 - get 1259 - list 1260 - watch 1261 - apiGroups: 1262 - metallb.io 1263 resources: 1264 - ipaddresspools 1265 verbs: 1266 - get 1267 - list 1268 - watch 1269 - apiGroups: 1270 - metallb.io 1271 resources: 1272 - communities 1273 verbs: 1274 - get 1275 - list 1276 - watch 1277 --- 1278 apiVersion: rbac.authorization.k8s.io/v1 1279 kind: ClusterRole 1280 metadata: 1281 labels: 1282 app: metallb 1283 name: metallb-system:controller 1284 rules: 1285 - apiGroups: 1286 - "" 1287 resources: 1288 - services 1289 - namespaces 1290 verbs: 1291 - get 1292 - list 1293 - watch 1294 - apiGroups: 1295 - "" 1296 resources: 1297 - nodes 1298 verbs: 1299 - list 1300 - apiGroups: 1301 - "" 1302 resources: 1303 - services/status 1304 verbs: 1305 - update 1306 - apiGroups: 1307 - "" 1308 resources: 1309 - events 1310 verbs: 1311 - create 1312 - patch 1313 - apiGroups: 1314 - policy 1315 resourceNames: 1316 - controller 1317 resources: 1318 - podsecuritypolicies 1319 verbs: 1320 - use 1321 - apiGroups: 1322 - admissionregistration.k8s.io 1323 resourceNames: 1324 - metallb-webhook-configuration 1325 resources: 1326 - validatingwebhookconfigurations 1327 - mutatingwebhookconfigurations 1328 verbs: 1329 - create 1330 - delete 1331 - get 1332 - list 1333 - patch 1334 - update 1335 - watch 1336 - apiGroups: 1337 - admissionregistration.k8s.io 1338 resources: 1339 - validatingwebhookconfigurations 1340 - mutatingwebhookconfigurations 1341 verbs: 1342 - list 1343 - watch 1344 - apiGroups: 1345 - apiextensions.k8s.io 1346 resourceNames: 1347 - addresspools.metallb.io 1348 - bfdprofiles.metallb.io 1349 - bgpadvertisements.metallb.io 1350 - bgppeers.metallb.io 1351 - ipaddresspools.metallb.io 1352 - l2advertisements.metallb.io 1353 - communities.metallb.io 1354 resources: 1355 - customresourcedefinitions 1356 verbs: 1357 - create 1358 - delete 1359 - get 1360 - list 1361 - patch 1362 - update 1363 - watch 1364 - apiGroups: 1365 - apiextensions.k8s.io 1366 resources: 1367 - customresourcedefinitions 1368 verbs: 1369 - list 1370 - watch 1371 --- 1372 apiVersion: rbac.authorization.k8s.io/v1 1373 kind: ClusterRole 1374 metadata: 1375 labels: 1376 app: metallb 1377 name: metallb-system:speaker 1378 rules: 1379 - apiGroups: 1380 - "" 1381 resources: 1382 - services 1383 - endpoints 1384 - nodes 1385 - namespaces 1386 verbs: 1387 - get 1388 - list 1389 - watch 1390 - apiGroups: 1391 - discovery.k8s.io 1392 resources: 1393 - endpointslices 1394 verbs: 1395 - get 1396 - list 1397 - watch 1398 - apiGroups: 1399 - "" 1400 resources: 1401 - events 1402 verbs: 1403 - create 1404 - patch 1405 - apiGroups: 1406 - policy 1407 resourceNames: 1408 - speaker 1409 resources: 1410 - podsecuritypolicies 1411 verbs: 1412 - use 1413 --- 1414 apiVersion: rbac.authorization.k8s.io/v1 1415 kind: RoleBinding 1416 metadata: 1417 labels: 1418 app: metallb 1419 name: controller 1420 namespace: metallb-system 1421 roleRef: 1422 apiGroup: rbac.authorization.k8s.io 1423 kind: Role 1424 name: controller 1425 subjects: 1426 - kind: ServiceAccount 1427 name: controller 1428 namespace: metallb-system 1429 --- 1430 apiVersion: rbac.authorization.k8s.io/v1 1431 kind: RoleBinding 1432 metadata: 1433 labels: 1434 app: metallb 1435 name: pod-lister 1436 namespace: metallb-system 1437 roleRef: 1438 apiGroup: rbac.authorization.k8s.io 1439 kind: Role 1440 name: pod-lister 1441 subjects: 1442 - kind: ServiceAccount 1443 name: speaker 1444 namespace: metallb-system 1445 --- 1446 apiVersion: rbac.authorization.k8s.io/v1 1447 kind: ClusterRoleBinding 1448 metadata: 1449 labels: 1450 app: metallb 1451 name: metallb-system:controller 1452 roleRef: 1453 apiGroup: rbac.authorization.k8s.io 1454 kind: ClusterRole 1455 name: metallb-system:controller 1456 subjects: 1457 - kind: ServiceAccount 1458 name: controller 1459 namespace: metallb-system 1460 --- 1461 apiVersion: rbac.authorization.k8s.io/v1 1462 kind: ClusterRoleBinding 1463 metadata: 1464 labels: 1465 app: metallb 1466 name: metallb-system:speaker 1467 roleRef: 1468 apiGroup: rbac.authorization.k8s.io 1469 kind: ClusterRole 1470 name: metallb-system:speaker 1471 subjects: 1472 - kind: ServiceAccount 1473 name: speaker 1474 namespace: metallb-system 1475 --- 1476 apiVersion: v1 1477 data: 1478 excludel2.yaml: | 1479 announcedInterfacesToExclude: ["^docker.*", "^cbr.*", "^dummy.*", "^virbr.*", "^lxcbr.*", "^veth.*", "^lo$", "^cali.*", "^tunl.*", "^flannel.*", "^kube-ipvs.*", "^cni.*", "^nodelocaldns.*"] 1480 kind: ConfigMap 1481 metadata: 1482 name: metallb-excludel2 1483 namespace: metallb-system 1484 --- 1485 apiVersion: v1 1486 kind: Secret 1487 metadata: 1488 name: webhook-server-cert 1489 namespace: metallb-system 1490 --- 1491 apiVersion: v1 1492 kind: Service 1493 metadata: 1494 name: webhook-service 1495 namespace: metallb-system 1496 spec: 1497 ports: 1498 - port: 443 1499 targetPort: 9443 1500 selector: 1501 component: controller 1502 --- 1503 apiVersion: apps/v1 1504 kind: Deployment 1505 metadata: 1506 labels: 1507 app: metallb 1508 component: controller 1509 name: controller 1510 namespace: metallb-system 1511 spec: 1512 revisionHistoryLimit: 3 1513 selector: 1514 matchLabels: 1515 app: metallb 1516 component: controller 1517 template: 1518 metadata: 1519 annotations: 1520 prometheus.io/port: "7472" 1521 prometheus.io/scrape: "true" 1522 labels: 1523 app: metallb 1524 component: controller 1525 spec: 1526 containers: 1527 - args: 1528 - --port=7472 1529 - --log-level=info 1530 - --tls-min-version=VersionTLS12 1531 env: 1532 - name: METALLB_ML_SECRET_NAME 1533 value: memberlist 1534 - name: METALLB_DEPLOYMENT 1535 value: controller 1536 image: gcr.io/istio-testing/metallb/controller:v0.14.3 1537 livenessProbe: 1538 failureThreshold: 3 1539 httpGet: 1540 path: /metrics 1541 port: monitoring 1542 initialDelaySeconds: 10 1543 periodSeconds: 10 1544 successThreshold: 1 1545 timeoutSeconds: 1 1546 name: controller 1547 ports: 1548 - containerPort: 7472 1549 name: monitoring 1550 - containerPort: 9443 1551 name: webhook-server 1552 protocol: TCP 1553 readinessProbe: 1554 failureThreshold: 3 1555 httpGet: 1556 path: /metrics 1557 port: monitoring 1558 initialDelaySeconds: 0 1559 periodSeconds: 10 1560 successThreshold: 1 1561 timeoutSeconds: 1 1562 startupProbe: 1563 httpGet: 1564 path: /metrics 1565 port: monitoring 1566 initialDelaySeconds: 1 1567 periodSeconds: 1 1568 successThreshold: 1 1569 timeoutSeconds: 1 1570 securityContext: 1571 allowPrivilegeEscalation: false 1572 capabilities: 1573 drop: 1574 - all 1575 readOnlyRootFilesystem: true 1576 volumeMounts: 1577 - mountPath: /tmp/k8s-webhook-server/serving-certs 1578 name: cert 1579 readOnly: true 1580 nodeSelector: 1581 kubernetes.io/os: linux 1582 securityContext: 1583 fsGroup: 65534 1584 runAsNonRoot: true 1585 runAsUser: 65534 1586 serviceAccountName: controller 1587 terminationGracePeriodSeconds: 0 1588 volumes: 1589 - name: cert 1590 secret: 1591 defaultMode: 420 1592 secretName: webhook-server-cert 1593 --- 1594 apiVersion: apps/v1 1595 kind: DaemonSet 1596 metadata: 1597 labels: 1598 app: metallb 1599 component: speaker 1600 name: speaker 1601 namespace: metallb-system 1602 spec: 1603 selector: 1604 matchLabels: 1605 app: metallb 1606 component: speaker 1607 template: 1608 metadata: 1609 annotations: 1610 prometheus.io/port: "7472" 1611 prometheus.io/scrape: "true" 1612 labels: 1613 app: metallb 1614 component: speaker 1615 spec: 1616 containers: 1617 - args: 1618 - --port=7472 1619 - --log-level=info 1620 env: 1621 - name: METALLB_NODE_NAME 1622 valueFrom: 1623 fieldRef: 1624 fieldPath: spec.nodeName 1625 - name: METALLB_HOST 1626 valueFrom: 1627 fieldRef: 1628 fieldPath: status.hostIP 1629 - name: METALLB_ML_BIND_ADDR 1630 valueFrom: 1631 fieldRef: 1632 fieldPath: status.podIP 1633 - name: METALLB_ML_LABELS 1634 value: app=metallb,component=speaker 1635 - name: METALLB_ML_SECRET_KEY_PATH 1636 value: /etc/ml_secret_key 1637 image: gcr.io/istio-testing/metallb/speaker:v0.14.3 1638 livenessProbe: 1639 failureThreshold: 3 1640 httpGet: 1641 path: /metrics 1642 port: monitoring 1643 initialDelaySeconds: 10 1644 periodSeconds: 10 1645 successThreshold: 1 1646 timeoutSeconds: 1 1647 name: speaker 1648 ports: 1649 - containerPort: 7472 1650 name: monitoring 1651 - containerPort: 7946 1652 name: memberlist-tcp 1653 - containerPort: 7946 1654 name: memberlist-udp 1655 protocol: UDP 1656 readinessProbe: 1657 failureThreshold: 3 1658 httpGet: 1659 path: /metrics 1660 port: monitoring 1661 initialDelaySeconds: 0 1662 periodSeconds: 10 1663 successThreshold: 1 1664 timeoutSeconds: 1 1665 startupProbe: 1666 failureThreshold: 3 1667 httpGet: 1668 path: /metrics 1669 port: monitoring 1670 initialDelaySeconds: 1 1671 periodSeconds: 1 1672 successThreshold: 1 1673 timeoutSeconds: 1 1674 securityContext: 1675 allowPrivilegeEscalation: false 1676 capabilities: 1677 add: 1678 - NET_RAW 1679 drop: 1680 - ALL 1681 readOnlyRootFilesystem: true 1682 volumeMounts: 1683 - mountPath: /etc/ml_secret_key 1684 name: memberlist 1685 readOnly: true 1686 - mountPath: /etc/metallb 1687 name: metallb-excludel2 1688 readOnly: true 1689 hostNetwork: true 1690 nodeSelector: 1691 kubernetes.io/os: linux 1692 serviceAccountName: speaker 1693 terminationGracePeriodSeconds: 2 1694 tolerations: 1695 - effect: NoSchedule 1696 key: node-role.kubernetes.io/master 1697 operator: Exists 1698 - effect: NoSchedule 1699 key: node-role.kubernetes.io/control-plane 1700 operator: Exists 1701 volumes: 1702 - name: memberlist 1703 secret: 1704 defaultMode: 420 1705 secretName: memberlist 1706 - configMap: 1707 defaultMode: 256 1708 name: metallb-excludel2 1709 name: metallb-excludel2 1710 --- 1711 apiVersion: admissionregistration.k8s.io/v1 1712 kind: ValidatingWebhookConfiguration 1713 metadata: 1714 creationTimestamp: null 1715 name: metallb-webhook-configuration 1716 webhooks: 1717 - admissionReviewVersions: 1718 - v1 1719 clientConfig: 1720 service: 1721 name: webhook-service 1722 namespace: metallb-system 1723 path: /validate-metallb-io-v1beta2-bgppeer 1724 failurePolicy: Fail 1725 name: bgppeersvalidationwebhook.metallb.io 1726 rules: 1727 - apiGroups: 1728 - metallb.io 1729 apiVersions: 1730 - v1beta2 1731 operations: 1732 - CREATE 1733 - UPDATE 1734 resources: 1735 - bgppeers 1736 sideEffects: None 1737 - admissionReviewVersions: 1738 - v1 1739 clientConfig: 1740 service: 1741 name: webhook-service 1742 namespace: metallb-system 1743 path: /validate-metallb-io-v1beta1-bfdprofile 1744 failurePolicy: Fail 1745 name: bfdprofilevalidationwebhook.metallb.io 1746 rules: 1747 - apiGroups: 1748 - metallb.io 1749 apiVersions: 1750 - v1beta1 1751 operations: 1752 - CREATE 1753 - DELETE 1754 resources: 1755 - bfdprofiles 1756 sideEffects: None 1757 - admissionReviewVersions: 1758 - v1 1759 clientConfig: 1760 service: 1761 name: webhook-service 1762 namespace: metallb-system 1763 path: /validate-metallb-io-v1beta1-bgpadvertisement 1764 failurePolicy: Fail 1765 name: bgpadvertisementvalidationwebhook.metallb.io 1766 rules: 1767 - apiGroups: 1768 - metallb.io 1769 apiVersions: 1770 - v1beta1 1771 operations: 1772 - CREATE 1773 - UPDATE 1774 resources: 1775 - bgpadvertisements 1776 sideEffects: None 1777 - admissionReviewVersions: 1778 - v1 1779 clientConfig: 1780 service: 1781 name: webhook-service 1782 namespace: metallb-system 1783 path: /validate-metallb-io-v1beta1-community 1784 failurePolicy: Fail 1785 name: communityvalidationwebhook.metallb.io 1786 rules: 1787 - apiGroups: 1788 - metallb.io 1789 apiVersions: 1790 - v1beta1 1791 operations: 1792 - CREATE 1793 - UPDATE 1794 resources: 1795 - communities 1796 sideEffects: None 1797 - admissionReviewVersions: 1798 - v1 1799 clientConfig: 1800 service: 1801 name: webhook-service 1802 namespace: metallb-system 1803 path: /validate-metallb-io-v1beta1-ipaddresspool 1804 failurePolicy: Fail 1805 name: ipaddresspoolvalidationwebhook.metallb.io 1806 rules: 1807 - apiGroups: 1808 - metallb.io 1809 apiVersions: 1810 - v1beta1 1811 operations: 1812 - CREATE 1813 - UPDATE 1814 resources: 1815 - ipaddresspools 1816 sideEffects: None 1817 - admissionReviewVersions: 1818 - v1 1819 clientConfig: 1820 service: 1821 name: webhook-service 1822 namespace: metallb-system 1823 path: /validate-metallb-io-v1beta1-l2advertisement 1824 failurePolicy: Fail 1825 name: l2advertisementvalidationwebhook.metallb.io 1826 rules: 1827 - apiGroups: 1828 - metallb.io 1829 apiVersions: 1830 - v1beta1 1831 operations: 1832 - CREATE 1833 - UPDATE 1834 resources: 1835 - l2advertisements 1836 sideEffects: None