diff --git a/packages/system/metallb/charts/metallb/Chart.lock b/packages/system/metallb/charts/metallb/Chart.lock index 79345580..22f2f5b5 100644 --- a/packages/system/metallb/charts/metallb/Chart.lock +++ b/packages/system/metallb/charts/metallb/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: crds repository: "" - version: 0.14.9 + version: 0.15.2 - name: frr-k8s repository: https://metallb.github.io/frr-k8s - version: 0.0.16 -digest: sha256:20d9a53af12c82d35168e7524ae337341b2c7cb43e2169545185f750a718466e -generated: "2024-12-17T15:39:32.082324414+01:00" + version: 0.0.20 +digest: sha256:fcba6d1c8e25efca7a64d2ea30079bfcf041c277605d5881d65d5b3d09a41483 +generated: "2025-06-04T12:37:51.709832109+02:00" diff --git a/packages/system/metallb/charts/metallb/Chart.yaml b/packages/system/metallb/charts/metallb/Chart.yaml index 680ac9ba..175370dc 100644 --- a/packages/system/metallb/charts/metallb/Chart.yaml +++ b/packages/system/metallb/charts/metallb/Chart.yaml @@ -1,14 +1,14 @@ apiVersion: v2 -appVersion: v0.14.9 +appVersion: v0.15.2 dependencies: - condition: crds.enabled name: crds repository: "" - version: 0.14.9 + version: 0.15.2 - condition: frrk8s.enabled name: frr-k8s repository: https://metallb.github.io/frr-k8s - version: 0.0.16 + version: 0.0.20 description: A network load-balancer implementation for Kubernetes using standard routing protocols home: https://metallb.universe.tf @@ -18,4 +18,4 @@ name: metallb sources: - https://github.com/metallb/metallb type: application -version: 0.14.9 +version: 0.15.2 diff --git a/packages/system/metallb/charts/metallb/README.md b/packages/system/metallb/charts/metallb/README.md index 43f51ef7..c4f12883 100644 --- a/packages/system/metallb/charts/metallb/README.md +++ b/packages/system/metallb/charts/metallb/README.md @@ -17,7 +17,7 @@ Kubernetes: `>= 1.19.0-0` | Repository | Name | Version | |------------|------|---------| | | crds | 0.0.0 | -| https://metallb.github.io/frr-k8s | frr-k8s | 0.0.16 | +| https://metallb.github.io/frr-k8s | frr-k8s | 0.0.20 | ## Values @@ -79,8 +79,10 @@ Kubernetes: `>= 1.19.0-0` | prometheus.podMonitor.relabelings | list | `[]` | | | prometheus.prometheusRule.additionalLabels | object | `{}` | | | prometheus.prometheusRule.addressPoolExhausted.enabled | bool | `true` | | +| prometheus.prometheusRule.addressPoolExhausted.excludePools | string | `""` | | | prometheus.prometheusRule.addressPoolExhausted.labels.severity | string | `"critical"` | | | prometheus.prometheusRule.addressPoolUsage.enabled | bool | `true` | | +| prometheus.prometheusRule.addressPoolUsage.excludePools | string | `""` | | | prometheus.prometheusRule.addressPoolUsage.thresholds[0].labels.severity | string | `"warning"` | | | prometheus.prometheusRule.addressPoolUsage.thresholds[0].percent | int | `75` | | | prometheus.prometheusRule.addressPoolUsage.thresholds[1].labels.severity | string | `"warning"` | | @@ -138,7 +140,7 @@ Kubernetes: `>= 1.19.0-0` | speaker.livenessProbe.successThreshold | int | `1` | | | speaker.livenessProbe.timeoutSeconds | int | `1` | | | speaker.logLevel | string | `"info"` | Speaker log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none` | -| speaker.memberlist.enabled | bool | `true` | | +| speaker.memberlist.enabled | bool | `true` | When enabled: false, the speaker pods must run on all nodes | | speaker.memberlist.mlBindAddrOverride | string | `""` | | | speaker.memberlist.mlBindPort | int | `7946` | | | speaker.memberlist.mlSecretKeyPath | string | `"/etc/ml_secret_key"` | | diff --git a/packages/system/metallb/charts/metallb/charts/crds/Chart.yaml b/packages/system/metallb/charts/metallb/charts/crds/Chart.yaml index e9fec846..e88450b1 100644 --- a/packages/system/metallb/charts/metallb/charts/crds/Chart.yaml +++ b/packages/system/metallb/charts/metallb/charts/crds/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: v0.14.9 +appVersion: v0.15.2 description: MetalLB CRDs home: https://metallb.universe.tf icon: https://metallb.universe.tf/images/logo/metallb-white.png @@ -7,4 +7,4 @@ name: crds sources: - https://github.com/metallb/metallb type: application -version: 0.14.9 +version: 0.15.2 diff --git a/packages/system/metallb/charts/metallb/charts/crds/templates/crds.yaml b/packages/system/metallb/charts/metallb/charts/crds/templates/crds.yaml index 8f241477..3821ae76 100644 --- a/packages/system/metallb/charts/metallb/charts/crds/templates/crds.yaml +++ b/packages/system/metallb/charts/metallb/charts/crds/templates/crds.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.17.2 name: bfdprofiles.metallb.io spec: group: metallb.io @@ -123,7 +123,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.17.2 name: bgpadvertisements.metallb.io spec: group: metallb.io @@ -329,14 +329,13 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.17.2 name: bgppeers.metallb.io spec: conversion: strategy: Webhook webhook: clientConfig: - caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGWlRDQ0EwMmdBd0lCQWdJVU5GRW1XcTM3MVpKdGkrMmlSQzk1WmpBV1MxZ3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3UWpFTE1Ba0dBMVVFQmhNQ1dGZ3hGVEFUQmdOVkJBY01ERVJsWm1GMWJIUWdRMmwwZVRFY01Cb0dBMVVFDQpDZ3dUUkdWbVlYVnNkQ0JEYjIxd1lXNTVJRXgwWkRBZUZ3MHlNakEzTVRrd09UTXlNek5hRncweU1qQTRNVGd3DQpPVE15TXpOYU1FSXhDekFKQmdOVkJBWVRBbGhZTVJVd0V3WURWUVFIREF4RVpXWmhkV3gwSUVOcGRIa3hIREFhDQpCZ05WQkFvTUUwUmxabUYxYkhRZ1EyOXRjR0Z1ZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDDQpEd0F3Z2dJS0FvSUNBUUNxVFpxMWZRcC9vYkdlenhES0o3OVB3Ny94azJwellualNzMlkzb1ZYSm5sRmM4YjVlDQpma2ZZQnY2bndscW1keW5PL2phWFBaQmRQSS82aFdOUDBkdVhadEtWU0NCUUpyZzEyOGNXb3F0MGNTN3pLb1VpDQpvcU1tQ0QvRXVBeFFNZjhRZDF2c1gvVllkZ0poVTZBRXJLZEpIaXpFOUJtUkNkTDBGMW1OVW55Rk82UnRtWFZUDQpidkxsTDVYeTc2R0FaQVBLOFB4aVlDa0NtbDdxN0VnTWNiOXlLWldCYmlxQ3VkTXE5TGJLNmdKNzF6YkZnSXV4DQo1L1pXK2JraTB2RlplWk9ZODUxb1psckFUNzJvMDI4NHNTWW9uN0pHZVZkY3NoUnh5R1VpSFpSTzdkaXZVTDVTDQpmM2JmSDFYbWY1ZDQzT0NWTWRuUUV2NWVaOG8zeWVLa3ZrbkZQUGVJMU9BbjdGbDlFRVNNR2dhOGFaSG1URSttDQpsLzlMSmdDYjBnQmtPT0M0WnV4bWh2aERKV1EzWnJCS3pMQlNUZXN0NWlLNVlwcXRWVVk2THRyRW9FelVTK1lsDQpwWndXY2VQWHlHeHM5ZURsR3lNVmQraW15Y3NTU1UvVno2Mmx6MnZCS21NTXBkYldDQWhud0RsRTVqU2dyMjRRDQp0eGNXLys2N3d5KzhuQlI3UXdqVTFITndVRjBzeERWdEwrZ1NHVERnSEVZSlhZelYvT05zMy94TkpoVFNPSkxNDQpoeXNVdyttaGdackdhbUdXcHVIVU1DUitvTWJzMTc1UkcrQjJnUFFHVytPTjJnUTRyOXN2b0ZBNHBBQm8xd1dLDQpRYjRhY3pmeVVscElBOVFoSmFsZEY3S3dPSHVlV3gwRUNrNXg0T2tvVDBvWVp0dzFiR0JjRGtaSmF3SURBUUFCDQpvMU13VVRBZEJnTlZIUTRFRmdRVW90UlNIUm9IWTEyRFZ4R0NCdEhpb1g2ZmVFQXdId1lEVlIwakJCZ3dGb0FVDQpvdFJTSFJvSFkxMkRWeEdDQnRIaW9YNmZlRUF3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCDQpBUXNGQUFPQ0FnRUFSbkpsWWRjMTFHd0VxWnh6RDF2R3BDR2pDN2VWTlQ3aVY1d3IybXlybHdPYi9aUWFEa0xYDQpvVStaOVVXT1VlSXJTdzUydDdmQUpvVVAwSm5iYkMveVIrU1lqUGhvUXNiVHduOTc2ZldBWTduM3FMOXhCd1Y0DQphek41OXNjeUp0dlhMeUtOL2N5ak1ReDRLajBIMFg0bWJ6bzVZNUtzWWtYVU0vOEFPdWZMcEd0S1NGVGgrSEFDDQpab1Q5YnZHS25adnNHd0tYZFF0Wnh0akhaUjVqK3U3ZGtQOTJBT051RFNabS8rWVV4b2tBK09JbzdSR3BwSHNXDQo1ZTdNY0FTVXRtb1FORXd6dVFoVkJaRWQ1OGtKYjUrV0VWbGNzanlXNnRTbzErZ25tTWNqR1BsMWgxR2hVbjV4DQpFY0lWRnBIWXM5YWo1NmpBSjk1MVQvZjhMaWxmTlVnanBLQ0c1bnl0SUt3emxhOHNtdGlPdm1UNEpYbXBwSkI2DQo4bmdHRVluVjUrUTYwWFJ2OEhSSGp1VG9CRHVhaERrVDA2R1JGODU1d09FR2V4bkZpMXZYWUxLVllWb1V2MXRKDQo4dVdUR1pwNllDSVJldlBqbzg5ZytWTlJSaVFYUThJd0dybXE5c0RoVTlqTjA0SjdVL1RvRDFpNHE3VnlsRUc5DQorV1VGNkNLaEdBeTJIaEhwVncyTGFoOS9lUzdZMUZ1YURrWmhPZG1laG1BOCtqdHNZamJadnR5Mm1SWlF0UUZzDQpUU1VUUjREbUR2bVVPRVRmeStpRHdzK2RkWXVNTnJGeVVYV2dkMnpBQU4ydVl1UHFGY2pRcFNPODFzVTJTU3R3DQoxVzAyeUtYOGJEYmZFdjBzbUh3UzliQnFlSGo5NEM1Mjg0YXpsdTBmaUdpTm1OUEM4ckJLRmhBPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== service: name: metallb-webhook-service namespace: {{ .Release.Namespace }} @@ -526,7 +525,15 @@ spec: rule: duration(self).getMilliseconds() % 1000 == 0 disableMP: default: false - description: To set if we want to disable MP BGP that will separate IPv4 and IPv6 route exchanges into distinct BGP sessions. + description: |- + To set if we want to disable MP BGP that will separate IPv4 and IPv6 route exchanges into distinct BGP sessions. + Deprecated: DisableMP is deprecated in favor of dualStackAddressFamily. + type: boolean + dualStackAddressFamily: + default: false + description: |- + To set if we want to enable the neighbor not only for the ipfamily related to its session, + but also the other one. This allows to advertise/receive IPv4 prefixes over IPv6 sessions and vice versa. type: boolean dynamicASN: description: |- @@ -555,6 +562,14 @@ spec: holdTime: description: Requested BGP hold time, per RFC4271. type: string + interface: + description: |- + Interface is the node interface over which the unnumbered BGP peering will + be established. No API validation takes place as that string value + represents an interface name on the host and if user provides an invalid + value, only the actual BGP session will not be established. + Address and Interface are mutually exclusive and one of them must be specified. + type: string keepaliveTime: description: Requested BGP keepalive time, per RFC4271. type: string @@ -649,7 +664,7 @@ spec: default: 179 description: Port to dial when establishing the session. maximum: 16384 - minimum: 0 + minimum: 1 type: integer routerID: description: BGP router ID to advertise to the peer @@ -664,7 +679,6 @@ spec: type: string required: - myASN - - peerAddress type: object status: description: BGPPeerStatus defines the observed state of Peer. @@ -679,7 +693,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.17.2 name: communities.metallb.io spec: group: metallb.io @@ -744,7 +758,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.17.2 name: ipaddresspools.metallb.io spec: group: metallb.io @@ -941,6 +955,28 @@ spec: type: object status: description: IPAddressPoolStatus defines the observed state of IPAddressPool. + properties: + assignedIPv4: + description: AssignedIPv4 is the number of assigned IPv4 addresses. + format: int64 + type: integer + assignedIPv6: + description: AssignedIPv6 is the number of assigned IPv6 addresses. + format: int64 + type: integer + availableIPv4: + description: AvailableIPv4 is the number of available IPv4 addresses. + format: int64 + type: integer + availableIPv6: + description: AvailableIPv6 is the number of available IPv6 addresses. + format: int64 + type: integer + required: + - assignedIPv4 + - assignedIPv6 + - availableIPv4 + - availableIPv6 type: object required: - spec @@ -954,7 +990,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.17.2 name: l2advertisements.metallb.io spec: group: metallb.io @@ -1134,7 +1170,92 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.17.2 + name: servicebgpstatuses.metallb.io +spec: + group: metallb.io + names: + kind: ServiceBGPStatus + listKind: ServiceBGPStatusList + plural: servicebgpstatuses + singular: servicebgpstatus + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.node + name: Node + type: string + - jsonPath: .status.serviceName + name: Service Name + type: string + - jsonPath: .status.serviceNamespace + name: Service Namespace + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: ServiceBGPStatus exposes the BGP peers a service is configured to be advertised to, per relevant node. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ServiceBGPStatusSpec defines the desired state of ServiceBGPStatus. + type: object + status: + description: MetalLBServiceBGPStatus defines the observed state of ServiceBGPStatus. + properties: + node: + description: Node indicates the node announcing the service. + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + peers: + description: |- + Peers indicate the BGP peers for which the service is configured to be advertised to. + The service being actually advertised to a given peer depends on the session state and is not indicated here. + items: + type: string + type: array + serviceName: + description: ServiceName indicates the service this status represents. + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + serviceNamespace: + description: ServiceNamespace indicates the namespace of the service. + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.2 name: servicel2statuses.metallb.io spec: group: metallb.io diff --git a/packages/system/metallb/charts/metallb/templates/prometheusrules.yaml b/packages/system/metallb/charts/metallb/templates/prometheusrules.yaml index 64e44c60..7cff7545 100644 --- a/packages/system/metallb/charts/metallb/templates/prometheusrules.yaml +++ b/packages/system/metallb/charts/metallb/templates/prometheusrules.yaml @@ -41,11 +41,12 @@ spec: {{- end }} {{- end }} {{- if .Values.prometheus.prometheusRule.addressPoolExhausted.enabled }} + {{ $exclude := .Values.prometheus.prometheusRule.addressPoolExhausted.excludePools }} - alert: MetalLBAddressPoolExhausted annotations: summary: {{`'Exhausted address pool on {{ $labels.pod }}'`}} description: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod }} has exhausted address pool {{ $labels.pool }} for > 1 minute'`}} - expr: metallb_allocator_addresses_in_use_total >= on(pool) metallb_allocator_addresses_total + expr: metallb_allocator_addresses_in_use_total{pool!~"{{ $exclude }}"} >= on(pool) metallb_allocator_addresses_total for: 1m {{- with .Values.prometheus.prometheusRule.addressPoolExhausted.labels }} labels: @@ -54,12 +55,13 @@ spec: {{- end }} {{- if .Values.prometheus.prometheusRule.addressPoolUsage.enabled }} + {{ $exclude := .Values.prometheus.prometheusRule.addressPoolUsage.excludePools }} {{- range .Values.prometheus.prometheusRule.addressPoolUsage.thresholds }} - alert: MetalLBAddressPoolUsage{{ .percent }}Percent annotations: summary: {{`'Exhausted address pool on {{ $labels.pod }}'`}} message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod }} has address pool {{ $labels.pool }} past `}}{{ .percent }}{{`% usage for > 1 minute'`}} - expr: ( metallb_allocator_addresses_in_use_total / on(pool) metallb_allocator_addresses_total ) * 100 > {{ .percent }} + expr: ( metallb_allocator_addresses_in_use_total{pool!~"{{ $exclude }}"} / on(pool) metallb_allocator_addresses_total ) * 100 > {{ .percent }} {{- with .labels }} labels: {{- toYaml . | nindent 8 }} diff --git a/packages/system/metallb/charts/metallb/templates/rbac.yaml b/packages/system/metallb/charts/metallb/templates/rbac.yaml index 10ffbd8a..11d2ae04 100644 --- a/packages/system/metallb/charts/metallb/templates/rbac.yaml +++ b/packages/system/metallb/charts/metallb/templates/rbac.yaml @@ -110,6 +110,9 @@ rules: - apiGroups: ["metallb.io"] resources: ["communities"] verbs: ["get", "list", "watch"] +- apiGroups: ["metallb.io"] + resources: ["servicebgpstatuses","servicebgpstatuses/status"] + verbs: ["*"] {{- end }} --- apiVersion: rbac.authorization.k8s.io/v1 @@ -138,6 +141,9 @@ rules: - apiGroups: ["metallb.io"] resources: ["ipaddresspools"] verbs: ["get", "list", "watch"] +- apiGroups: ["metallb.io"] + resources: ["ipaddresspools/status"] + verbs: ["update"] - apiGroups: ["metallb.io"] resources: ["bgppeers"] verbs: ["get", "list"] diff --git a/packages/system/metallb/charts/metallb/templates/speaker.yaml b/packages/system/metallb/charts/metallb/templates/speaker.yaml index e70743ce..8c3dbf28 100644 --- a/packages/system/metallb/charts/metallb/templates/speaker.yaml +++ b/packages/system/metallb/charts/metallb/templates/speaker.yaml @@ -8,6 +8,10 @@ {{- fail "frrk8s.enabled frrk8s.external are mutually exclusive!" }} {{- end }} +{{- if and (not .Values.speaker.memberlist.enabled) .Values.speaker.nodeSelector }} +{{- fail "nodeSelector must be empty when memberlist is disabled" }} +{{- end }} + {{- if .Values.speaker.frr.enabled }} # FRR expects to have these files owned by frr:frr on startup. @@ -61,8 +65,8 @@ data: # Check /etc/pam.d/frr if you intend to use "vtysh"! # vtysh_enable=yes - zebra_options=" -A 127.0.0.1 -s 90000000" - bgpd_options=" -A 127.0.0.1 -p 0" + zebra_options=" -A 127.0.0.1 -s 90000000 --limit-fds 100000" + bgpd_options=" -A 127.0.0.1 -p 0 --limit-fds 100000" ospfd_options=" -A 127.0.0.1" ospf6d_options=" -A ::1" ripd_options=" -A 127.0.0.1" @@ -75,8 +79,8 @@ data: babeld_options=" -A 127.0.0.1" sharpd_options=" -A 127.0.0.1" pbrd_options=" -A 127.0.0.1" - staticd_options="-A 127.0.0.1" - bfdd_options=" -A 127.0.0.1" + staticd_options="-A 127.0.0.1 --limit-fds 100000" + bfdd_options=" -A 127.0.0.1 --limit-fds 100000" fabricd_options="-A 127.0.0.1" vrrpd_options=" -A 127.0.0.1" diff --git a/packages/system/metallb/charts/metallb/values.yaml b/packages/system/metallb/charts/metallb/values.yaml index 50d26bca..fc6e0b23 100644 --- a/packages/system/metallb/charts/metallb/values.yaml +++ b/packages/system/metallb/charts/metallb/values.yaml @@ -166,6 +166,8 @@ prometheus: enabled: true labels: severity: critical + # Exclude the pools matching the regular expression from triggering the alert. + excludePools: "" addressPoolUsage: enabled: true @@ -179,6 +181,8 @@ prometheus: - percent: 95 labels: severity: critical + # Exclude the pools matching the regular expression from triggering the alert. + excludePools: "" # MetalLBBGPSessionDown bgpSessionDown: @@ -262,6 +266,7 @@ speaker: logLevel: info tolerateMaster: true memberlist: + # -- When enabled: false, the speaker pods must run on all nodes enabled: true mlBindPort: 7946 mlBindAddrOverride: "" diff --git a/packages/system/metallb/images/metallb/Dockerfile b/packages/system/metallb/images/metallb/Dockerfile index 477c3fc0..feaa3b4e 100644 --- a/packages/system/metallb/images/metallb/Dockerfile +++ b/packages/system/metallb/images/metallb/Dockerfile @@ -1,87 +1,7 @@ # syntax=docker/dockerfile:1.2 -FROM --platform=$BUILDPLATFORM docker.io/golang:1.22.7 AS builder - ARG VERSION -ARG GIT_COMMIT=dev -ARG GIT_BRANCH=dev -ARG TARGETARCH -ARG TARGETOS -ARG TARGETPLATFORM -WORKDIR /go/go.universe.tf/metallb +FROM quay.io/metallb/controller:${VERSION} as controller -RUN --mount=type=cache,target=/go/pkg/mod \ - curl -sSL https://github.com/metallb/metallb/archive/refs/tags/${VERSION}.tar.gz \ - | tar -xzvf- --strip=1 - -RUN curl -sSLO https://github.com/metallb/metallb/pull/2726.diff && \ - git apply 2726.diff - -RUN --mount=type=cache,target=/go/pkg/mod \ - --mount=type=cache,target=/root/.cache/go-build \ - go mod download -x - -RUN case ${TARGETPLATFORM} in \ - "linux/arm/v6") export VARIANT="6" ;; \ - "linux/arm/v7") export VARIANT="7" ;; \ - *) export VARIANT="" ;; \ - esac && \ - CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH GOARM=$VARIANT \ - go build -v -o /build/controller \ - -ldflags "-X 'go.universe.tf/metallb/internal/version.gitCommit=${GIT_COMMIT}' \ - -X 'go.universe.tf/metallb/internal/version.gitBranch=${GIT_BRANCH}'" \ - ./controller \ - && \ - CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH GOARM=$VARIANT \ - go build -v -o /build/frr-metrics \ - -ldflags "-X 'go.universe.tf/metallb/internal/version.gitCommit=${GIT_COMMIT}' \ - -X 'go.universe.tf/metallb/internal/version.gitBranch=${GIT_BRANCH}'" \ - frr-tools/metrics/exporter.go \ - && \ - CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH GOARM=$VARIANT \ - go build -v -o /build/cp-tool \ - -ldflags "-X 'go.universe.tf/metallb/internal/version.gitCommit=${GIT_COMMIT}' \ - -X 'go.universe.tf/metallb/internal/version.gitBranch=${GIT_BRANCH}'" \ - frr-tools/cp-tool/cp-tool.go \ - && \ - CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH GOARM=$VARIANT \ - go build -v -o /build/speaker \ - -ldflags "-X 'go.universe.tf/metallb/internal/version.gitCommit=${GIT_COMMIT}' \ - -X 'go.universe.tf/metallb/internal/version.gitBranch=${GIT_BRANCH}'" \ - ./speaker - -FROM gcr.io/distroless/static:latest as controller - -COPY --from=builder /build/controller /controller - -LABEL org.opencontainers.image.authors="metallb" \ - org.opencontainers.image.url="https://github.com/metallb/metallb" \ - org.opencontainers.image.documentation="https://metallb.universe.tf" \ - org.opencontainers.image.source="https://github.com/cozystack/cozystack" \ - org.opencontainers.image.vendor="metallb" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.description="Metallb Controller" \ - org.opencontainers.image.title="controller" \ - org.opencontainers.image.base.name="gcr.io/distroless/static:latest" - -ENTRYPOINT ["/controller"] - -FROM gcr.io/distroless/static:latest as speaker - -COPY --from=builder /build/cp-tool /cp-tool -COPY --from=builder /build/speaker /speaker -COPY --from=builder /build/frr-metrics /frr-metrics -COPY --from=builder /go/go.universe.tf/metallb/frr-tools/reloader/frr-reloader.sh /frr-reloader.sh - -LABEL org.opencontainers.image.authors="metallb" \ - org.opencontainers.image.url="https://github.com/metallb/metallb" \ - org.opencontainers.image.documentation="https://metallb.universe.tf" \ - org.opencontainers.image.source="https://github.com/cozystack/cozystack" \ - org.opencontainers.image.vendor="metallb" \ - org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.description="Metallb speaker" \ - org.opencontainers.image.title="speaker" \ - org.opencontainers.image.base.name="gcr.io/distroless/static:latest" - -ENTRYPOINT ["/speaker"] +FROM quay.io/metallb/speaker:${VERSION} as speaker