mirror of
https://github.com/outbackdingo/cozystack.git
synced 2026-01-30 18:19:02 +00:00
Compare commits
8 Commits
v0.30.4
...
release-0.
| Author | SHA1 | Date | |
|---|---|---|---|
|
bf04ebad33 | ||
|
|
7eae8cc0df | ||
|
|
4bbae53cda | ||
|
|
1f6f00892d | ||
|
|
bd793dd57e | ||
|
|
b56ac2a4ab | ||
|
|
69c3bff41d | ||
|
|
34991d2cdb |
1
Makefile
1
Makefile
@@ -20,6 +20,7 @@ build: build-deps
|
||||
make -C packages/system/kubeovn image
|
||||
make -C packages/system/kubeovn-webhook image
|
||||
make -C packages/system/dashboard image
|
||||
make -C packages/system/metallb image
|
||||
make -C packages/system/kamaji image
|
||||
make -C packages/system/bucket image
|
||||
make -C packages/core/testing image
|
||||
|
||||
@@ -39,6 +39,15 @@ func (r *WorkloadReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
|
||||
}
|
||||
|
||||
t := getMonitoredObject(w)
|
||||
|
||||
if t == nil {
|
||||
err = r.Delete(ctx, w)
|
||||
if err != nil {
|
||||
logger.Error(err, "failed to delete workload")
|
||||
}
|
||||
return ctrl.Result{}, err
|
||||
}
|
||||
|
||||
err = r.Get(ctx, types.NamespacedName{Name: t.GetName(), Namespace: t.GetNamespace()}, t)
|
||||
|
||||
// found object, nothing to do
|
||||
@@ -68,20 +77,23 @@ func (r *WorkloadReconciler) SetupWithManager(mgr ctrl.Manager) error {
|
||||
}
|
||||
|
||||
func getMonitoredObject(w *cozyv1alpha1.Workload) client.Object {
|
||||
if strings.HasPrefix(w.Name, "pvc-") {
|
||||
switch {
|
||||
case strings.HasPrefix(w.Name, "pvc-"):
|
||||
obj := &corev1.PersistentVolumeClaim{}
|
||||
obj.Name = strings.TrimPrefix(w.Name, "pvc-")
|
||||
obj.Namespace = w.Namespace
|
||||
return obj
|
||||
}
|
||||
if strings.HasPrefix(w.Name, "svc-") {
|
||||
case strings.HasPrefix(w.Name, "svc-"):
|
||||
obj := &corev1.Service{}
|
||||
obj.Name = strings.TrimPrefix(w.Name, "svc-")
|
||||
obj.Namespace = w.Namespace
|
||||
return obj
|
||||
case strings.HasPrefix(w.Name, "pod-"):
|
||||
obj := &corev1.Pod{}
|
||||
obj.Name = strings.TrimPrefix(w.Name, "pod-")
|
||||
obj.Namespace = w.Namespace
|
||||
return obj
|
||||
}
|
||||
obj := &corev1.Pod{}
|
||||
obj.Name = w.Name
|
||||
obj.Namespace = w.Namespace
|
||||
var obj client.Object
|
||||
return obj
|
||||
}
|
||||
|
||||
26
internal/controller/workload_controller_test.go
Normal file
26
internal/controller/workload_controller_test.go
Normal file
@@ -0,0 +1,26 @@
|
||||
package controller
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
cozyv1alpha1 "github.com/cozystack/cozystack/api/v1alpha1"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
)
|
||||
|
||||
func TestUnprefixedMonitoredObjectReturnsNil(t *testing.T) {
|
||||
w := &cozyv1alpha1.Workload{}
|
||||
w.Name = "unprefixed-name"
|
||||
obj := getMonitoredObject(w)
|
||||
if obj != nil {
|
||||
t.Errorf(`getMonitoredObject(&Workload{Name: "%s"}) == %v, want nil`, w.Name, obj)
|
||||
}
|
||||
}
|
||||
|
||||
func TestPodMonitoredObject(t *testing.T) {
|
||||
w := &cozyv1alpha1.Workload{}
|
||||
w.Name = "pod-mypod"
|
||||
obj := getMonitoredObject(w)
|
||||
if pod, ok := obj.(*corev1.Pod); !ok || pod.Name != "mypod" {
|
||||
t.Errorf(`getMonitoredObject(&Workload{Name: "%s"}) == %v, want &Pod{Name: "mypod"}`, w.Name, obj)
|
||||
}
|
||||
}
|
||||
@@ -198,15 +198,12 @@ func (r *WorkloadMonitorReconciler) reconcilePodForMonitor(
|
||||
) error {
|
||||
logger := log.FromContext(ctx)
|
||||
|
||||
// Combine both init containers and normal containers to sum resources properly
|
||||
combinedContainers := append(pod.Spec.InitContainers, pod.Spec.Containers...)
|
||||
|
||||
// totalResources will store the sum of all container resource limits
|
||||
// totalResources will store the sum of all container resource requests
|
||||
totalResources := make(map[string]resource.Quantity)
|
||||
|
||||
// Iterate over all containers to aggregate their Limits
|
||||
for _, container := range combinedContainers {
|
||||
for name, qty := range container.Resources.Limits {
|
||||
// Iterate over all containers to aggregate their requests
|
||||
for _, container := range pod.Spec.Containers {
|
||||
for name, qty := range container.Resources.Requests {
|
||||
if existing, exists := totalResources[name.String()]; exists {
|
||||
existing.Add(qty)
|
||||
totalResources[name.String()] = existing
|
||||
@@ -235,7 +232,7 @@ func (r *WorkloadMonitorReconciler) reconcilePodForMonitor(
|
||||
|
||||
workload := &cozyv1alpha1.Workload{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: pod.Name,
|
||||
Name: fmt.Sprintf("pod-%s", pod.Name),
|
||||
Namespace: pod.Namespace,
|
||||
},
|
||||
}
|
||||
|
||||
3
packages/apps/bucket/README.md
Normal file
3
packages/apps/bucket/README.md
Normal file
@@ -0,0 +1,3 @@
|
||||
# S3 bucket
|
||||
|
||||
## Parameters
|
||||
5
packages/apps/bucket/values.schema.json
Normal file
5
packages/apps/bucket/values.schema.json
Normal file
@@ -0,0 +1,5 @@
|
||||
{
|
||||
"title": "Chart Values",
|
||||
"type": "object",
|
||||
"properties": {}
|
||||
}
|
||||
1
packages/apps/bucket/values.yaml
Normal file
1
packages/apps/bucket/values.yaml
Normal file
@@ -0,0 +1 @@
|
||||
{}
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/cozystack/cozystack/nginx-cache:0.4.0@sha256:4da14241052d2c4bd29d1766c4a569446f808a19538ef7f6acc05a981913df8e
|
||||
ghcr.io/cozystack/cozystack/nginx-cache:0.4.0@sha256:2e72835a1dcf222038fb5cb343d59f7e60b5c1adf1bf93ca123a8a660e27bcbc
|
||||
|
||||
@@ -27,20 +27,44 @@ How to access to deployed cluster:
|
||||
kubectl get secret -n <namespace> kubernetes-<clusterName>-admin-kubeconfig -o go-template='{{ printf "%s\n" (index .data "super-admin.conf" | base64decode) }}' > test
|
||||
```
|
||||
|
||||
# Series
|
||||
## Parameters
|
||||
|
||||
<!-- source: https://github.com/kubevirt/common-instancetypes/blob/main/README.md -->
|
||||
### Common parameters
|
||||
|
||||
. | U | O | CX | M | RT
|
||||
----------------------------|-----|-----|------|-----|------
|
||||
*Has GPUs* | | | | |
|
||||
*Hugepages* | | | ✓ | ✓ | ✓
|
||||
*Overcommitted Memory* | | ✓ | | |
|
||||
*Dedicated CPU* | | | ✓ | | ✓
|
||||
*Burstable CPU performance* | ✓ | ✓ | | ✓ |
|
||||
*Isolated emulator threads* | | | ✓ | | ✓
|
||||
*vNUMA* | | | ✓ | | ✓
|
||||
*vCPU-To-Memory Ratio* | 1:4 | 1:4 | 1:2 | 1:8 | 1:4
|
||||
| Name | Description | Value |
|
||||
| ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | ------------ |
|
||||
| `host` | The hostname used to access the Kubernetes cluster externally (defaults to using the cluster name as a subdomain for the tenant host). | `""` |
|
||||
| `controlPlane.replicas` | Number of replicas for Kubernetes contorl-plane components | `2` |
|
||||
| `storageClass` | StorageClass used to store user data | `replicated` |
|
||||
| `nodeGroups` | nodeGroups configuration | `{}` |
|
||||
|
||||
### Cluster Addons
|
||||
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
|
||||
| `addons.certManager.enabled` | Enables the cert-manager | `false` |
|
||||
| `addons.certManager.valuesOverride` | Custom values to override | `{}` |
|
||||
| `addons.ingressNginx.enabled` | Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role) | `false` |
|
||||
| `addons.ingressNginx.valuesOverride` | Custom values to override | `{}` |
|
||||
| `addons.ingressNginx.hosts` | List of domain names that should be passed through to the cluster by upper cluster | `[]` |
|
||||
| `addons.fluxcd.enabled` | Enables Flux CD | `false` |
|
||||
| `addons.fluxcd.valuesOverride` | Custom values to override | `{}` |
|
||||
| `addons.monitoringAgents.enabled` | Enables MonitoringAgents (fluentbit, vmagents for sending logs and metrics to storage) if tenant monitoring enabled, send to tenant storage, else to root storage | `false` |
|
||||
| `addons.monitoringAgents.valuesOverride` | Custom values to override | `{}` |
|
||||
| `addons.verticalPodAutoscaler.valuesOverride` | Custom values to override | `{}` |
|
||||
|
||||
### Kamaji control plane
|
||||
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
|
||||
| `kamajiControlPlane.apiServer.resources` | Resources | `{}` |
|
||||
| `kamajiControlPlane.apiServer.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `small` |
|
||||
| `kamajiControlPlane.controllerManager.resources` | Resources | `{}` |
|
||||
| `kamajiControlPlane.controllerManager.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `micro` |
|
||||
| `kamajiControlPlane.scheduler.resources` | Resources | `{}` |
|
||||
| `kamajiControlPlane.scheduler.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `micro` |
|
||||
| `kamajiControlPlane.addons.konnectivity.server.resources` | Resources | `{}` |
|
||||
| `kamajiControlPlane.addons.konnectivity.server.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `micro` |
|
||||
|
||||
|
||||
## U Series
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.18.1@sha256:795d8e1ef4b2b0df2aa1e09d96cd13476ebb545b4bf4b5779b7547a70ef64cf9
|
||||
ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.18.1@sha256:af456f75b9bda2ca23e114dcf7f3ba6d4da6a4cf83105c92c9ab2b1ac3615f63
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.18.1@sha256:5717919c75e609902c6d67138311a2a8fd07be822e2173f3802b67cf5f3486e9
|
||||
ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.18.1@sha256:5f59b1987bdbd1b7271c4d46552bb0780d60cabfef02c29abb962b06f1386f35
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/cozystack/cozystack/ubuntu-container-disk:v1.30.1@sha256:6359b7877f04c6ac6641c0ebcc2a1d03cabfe1718464cd43f82e97724ad6aad8
|
||||
ghcr.io/cozystack/cozystack/ubuntu-container-disk:v1.30.1@sha256:fb5e09edf7b3fa5849b0c0f3f4ff5657a41fcbd97444704254deafd6b36f0992
|
||||
|
||||
@@ -90,8 +90,93 @@
|
||||
"default": {}
|
||||
}
|
||||
}
|
||||
},
|
||||
"verticalPodAutoscaler": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"valuesOverride": {
|
||||
"type": "object",
|
||||
"description": "Custom values to override",
|
||||
"default": {}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"kamajiControlPlane": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"apiServer": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"resources": {
|
||||
"type": "object",
|
||||
"description": "Resources",
|
||||
"default": {}
|
||||
},
|
||||
"resourcesPreset": {
|
||||
"type": "string",
|
||||
"description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
|
||||
"default": "small"
|
||||
}
|
||||
}
|
||||
},
|
||||
"controllerManager": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"resources": {
|
||||
"type": "object",
|
||||
"description": "Resources",
|
||||
"default": {}
|
||||
},
|
||||
"resourcesPreset": {
|
||||
"type": "string",
|
||||
"description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
|
||||
"default": "micro"
|
||||
}
|
||||
}
|
||||
},
|
||||
"scheduler": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"resources": {
|
||||
"type": "object",
|
||||
"description": "Resources",
|
||||
"default": {}
|
||||
},
|
||||
"resourcesPreset": {
|
||||
"type": "string",
|
||||
"description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
|
||||
"default": "micro"
|
||||
}
|
||||
}
|
||||
},
|
||||
"addons": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"konnectivity": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"server": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"resources": {
|
||||
"type": "object",
|
||||
"description": "Resources",
|
||||
"default": {}
|
||||
},
|
||||
"resourcesPreset": {
|
||||
"type": "string",
|
||||
"description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
|
||||
"default": "micro"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,2 +1,2 @@
|
||||
cozystack:
|
||||
image: ghcr.io/cozystack/cozystack/installer:v0.30.4@sha256:d474e9c3f90dadb24f2fc325acfa42648053e2b21949c91169769795b8b8217c
|
||||
image: ghcr.io/cozystack/cozystack/installer:v0.30.6@sha256:d16944b050f044b4bd95d396b9a2c07933d40a8285dc286a6b989b57a58a3999
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
e2e:
|
||||
image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.30.4@sha256:1f35a80c22b4ae3909216892e44f7ba50b00bd135b64081ffe5296eb936a5ca3
|
||||
image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.30.6@sha256:3e6fe802702a59f495f75415863a8a3b075971e4e6a62dbb0bfd41300e357485
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/cozystack/cozystack/matchbox:v0.30.4@sha256:8eb6da7d616bd4f91fbe6a1bf3a4cb5448976c1ade2e1ecca9bf6a2bd1772851
|
||||
ghcr.io/cozystack/cozystack/matchbox:v0.30.6@sha256:5cfcc7501be3088657a77796e3871e896953d0a8b825c301fb56dfa93e93586c
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/cozystack/cozystack/grafana:1.9.2@sha256:24382d445bf7a39ed988ef4dc7a0d9f084db891fcb5f42fd2e64622710b9457e
|
||||
ghcr.io/cozystack/cozystack/grafana:1.9.2@sha256:fb48d37f1a9386e0023df9ac067ec2e03953b7b8c9d6abf2d12716e084f846a4
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:a47d2743d01bff0ce60aa745fdff54f9b7184dff8679b11ab4ecd08ac663012b
|
||||
ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:30fd3277ef61566688a87b34d2d3f401abb205a6fb2547bdd99a7dcf1a3a2e7e
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
cozystackAPI:
|
||||
image: ghcr.io/cozystack/cozystack/cozystack-api:v0.30.4@sha256:299b50de88aa945ab90ee41eeb1a0ac7ba20d858adacd1ef125af7d676ce440f
|
||||
image: ghcr.io/cozystack/cozystack/cozystack-api:v0.30.6@sha256:fc321690bb822498dc7c62818a9cd40d344b3646bbc007a46bbfb06d1c6d0bd7
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
cozystackController:
|
||||
image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.30.4@sha256:a39395a6ce995d91bee8817c4032b8e073e0387f8b1e0de9d78909cb64189f80
|
||||
image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.30.6@sha256:5128ef094e55e082ab514f4026876a78b8903612aa1722acf3fe3c132481d4bb
|
||||
debug: false
|
||||
disableTelemetry: false
|
||||
cozystackVersion: "v0.30.4"
|
||||
cozystackVersion: "v0.30.6"
|
||||
|
||||
@@ -76,7 +76,7 @@ data:
|
||||
"kubeappsNamespace": {{ .Release.Namespace | quote }},
|
||||
"helmGlobalNamespace": {{ include "kubeapps.helmGlobalPackagingNamespace" . | quote }},
|
||||
"carvelGlobalNamespace": {{ .Values.kubeappsapis.pluginConfig.kappController.packages.v1alpha1.globalPackagingNamespace | quote }},
|
||||
"appVersion": "v0.30.4",
|
||||
"appVersion": "v0.30.6",
|
||||
"authProxyEnabled": {{ .Values.authProxy.enabled }},
|
||||
"oauthLoginURI": {{ .Values.authProxy.oauthLoginURI | quote }},
|
||||
"oauthLogoutURI": {{ .Values.authProxy.oauthLogoutURI | quote }},
|
||||
|
||||
@@ -18,14 +18,14 @@ kubeapps:
|
||||
image:
|
||||
registry: ghcr.io/cozystack/cozystack
|
||||
repository: dashboard
|
||||
tag: v0.30.4
|
||||
tag: v0.30.6
|
||||
digest: "sha256:a83fe4654f547469cfa469a02bda1273c54bca103a41eb007fdb2e18a7a91e93"
|
||||
kubeappsapis:
|
||||
image:
|
||||
registry: ghcr.io/cozystack/cozystack
|
||||
repository: kubeapps-apis
|
||||
tag: v0.30.4
|
||||
digest: "sha256:a5ff1d3fdd69c78184554bd07e7675662201d7b27387717b4a70432a81db6301"
|
||||
tag: v0.30.6
|
||||
digest: "sha256:cbb14a3becd0ca847a87fa17211a3348d4f0ff499738a47e1f86c85ce1b72f71"
|
||||
pluginConfig:
|
||||
flux:
|
||||
packages:
|
||||
|
||||
@@ -3,7 +3,7 @@ kamaji:
|
||||
deploy: false
|
||||
image:
|
||||
pullPolicy: IfNotPresent
|
||||
tag: v0.30.4@sha256:aeb2d728818fd63a0ea2e64a79dcd6a8b01f0b8b0bab03e6e0fe3b9522edc0a3
|
||||
tag: v0.30.6@sha256:3bc9ae6d996fa041b4c5cd951ac99d3bb45884bff87462144ccf3db1c0425a36
|
||||
repository: ghcr.io/cozystack/cozystack/kamaji
|
||||
resources:
|
||||
limits:
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
portSecurity: true
|
||||
routes: ""
|
||||
image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.30.4@sha256:ec3e3b63ebefe5d11ad2b4a576c7b4cd0bbe6ab27ce2732e25e06c40692e8459
|
||||
image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.30.6@sha256:b183c02ca2236f15eadcb0b728696022269de7c9bbf9e594f0b4e38d4f3b163f
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
KUBEOVN_TAG = v1.13.8
|
||||
KUBEOVN_TAG=$(shell awk '$$1 == "version:" {print $$2}' charts/kube-ovn/Chart.yaml)
|
||||
|
||||
export NAME=kubeovn
|
||||
export NAMESPACE=cozy-$(NAME)
|
||||
|
||||
@@ -15,12 +15,12 @@ type: application
|
||||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||
version: v1.13.8
|
||||
version: v1.13.11
|
||||
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application. Versions are not expected to
|
||||
# follow Semantic Versioning. They should reflect the version the application is using.
|
||||
# It is recommended to use it with quotes.
|
||||
appVersion: "1.13.8"
|
||||
appVersion: "1.13.11"
|
||||
|
||||
kubeVersion: ">= 1.23.0-0"
|
||||
|
||||
@@ -83,6 +83,9 @@ spec:
|
||||
- --node-switch={{ .Values.networking.NODE_SUBNET }}
|
||||
- --node-switch-cidr={{ index $cozyConfig.data "ipv4-join-cidr" }}
|
||||
- --service-cluster-ip-range={{ index $cozyConfig.data "ipv4-svc-cidr" }}
|
||||
{{- if .Values.global.logVerbosity }}
|
||||
- --v={{ .Values.global.logVerbosity }}
|
||||
{{- end }}
|
||||
- --network-type={{- .Values.networking.NETWORK_TYPE }}
|
||||
- --default-provider-name={{ .Values.networking.vlan.PROVIDER_NAME }}
|
||||
- --default-interface-name={{- .Values.networking.vlan.VLAN_INTERFACE_NAME }}
|
||||
|
||||
@@ -35,11 +35,7 @@ spec:
|
||||
command:
|
||||
- sh
|
||||
- -xec
|
||||
- {{ if not .Values.DISABLE_MODULES_MANAGEMENT -}}
|
||||
iptables -V
|
||||
{{- else -}}
|
||||
echo "nothing to do"
|
||||
{{- end }}
|
||||
- iptables -V
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: true
|
||||
capabilities:
|
||||
@@ -93,6 +89,9 @@ spec:
|
||||
- --node-switch={{ .Values.networking.NODE_SUBNET }}
|
||||
- --encap-checksum=true
|
||||
- --service-cluster-ip-range={{ index $cozyConfig.data "ipv4-svc-cidr" }}
|
||||
{{- if .Values.global.logVerbosity }}
|
||||
- --v={{ .Values.global.logVerbosity }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.networking.NETWORK_TYPE "vlan" }}
|
||||
- --iface=
|
||||
{{- else}}
|
||||
@@ -125,9 +124,6 @@ spec:
|
||||
- NET_RAW
|
||||
- SYS_ADMIN
|
||||
- SYS_PTRACE
|
||||
{{- if not .Values.DISABLE_MODULES_MANAGEMENT }}
|
||||
- SYS_MODULE
|
||||
{{- end }}
|
||||
- SYS_NICE
|
||||
env:
|
||||
- name: ENABLE_SSL
|
||||
|
||||
@@ -49,8 +49,9 @@ spec:
|
||||
- -xec
|
||||
- |
|
||||
chown -R nobody: /var/run/ovn /var/log/ovn /etc/openvswitch /var/run/openvswitch /var/log/openvswitch
|
||||
{{- if not .Values.DISABLE_MODULES_MANAGEMENT }}
|
||||
iptables -V
|
||||
{{- if not .Values.DISABLE_MODULES_MANAGEMENT }}
|
||||
/usr/share/openvswitch/scripts/ovs-ctl load-kmod
|
||||
{{- else }}
|
||||
ln -sf /bin/true /usr/local/sbin/modprobe
|
||||
ln -sf /bin/true /usr/local/sbin/modinfo
|
||||
@@ -64,6 +65,9 @@ spec:
|
||||
privileged: true
|
||||
runAsUser: 0
|
||||
volumeMounts:
|
||||
- mountPath: /lib/modules
|
||||
name: host-modules
|
||||
readOnly: true
|
||||
- mountPath: /usr/local/sbin
|
||||
name: usr-local-sbin
|
||||
- mountPath: /var/log/ovn
|
||||
@@ -96,9 +100,7 @@ spec:
|
||||
add:
|
||||
- NET_ADMIN
|
||||
- NET_BIND_SERVICE
|
||||
{{- if not .Values.DISABLE_MODULES_MANAGEMENT }}
|
||||
- SYS_MODULE
|
||||
{{- end }}
|
||||
- NET_RAW
|
||||
- SYS_NICE
|
||||
- SYS_ADMIN
|
||||
env:
|
||||
|
||||
@@ -10,7 +10,7 @@ global:
|
||||
repository: kube-ovn
|
||||
dpdkRepository: kube-ovn-dpdk
|
||||
vpcRepository: vpc-nat-gateway
|
||||
tag: v1.13.8
|
||||
tag: v1.13.11
|
||||
support_arm: true
|
||||
thirdparty: true
|
||||
|
||||
|
||||
@@ -1,54 +1,2 @@
|
||||
# syntax = docker/dockerfile:experimental
|
||||
ARG VERSION=v1.13.8
|
||||
ARG BASE_TAG=$VERSION
|
||||
|
||||
FROM golang:1.23-bookworm as builder
|
||||
|
||||
ARG TAG=v1.13.8
|
||||
RUN git clone --branch ${TAG} --depth 1 https://github.com/kubeovn/kube-ovn /source
|
||||
|
||||
WORKDIR /source
|
||||
|
||||
COPY patches /patches
|
||||
RUN git apply /patches/*.diff
|
||||
RUN make build-go
|
||||
|
||||
WORKDIR /source/dist/images
|
||||
|
||||
# imported from https://github.com/kubeovn/kube-ovn/blob/master/dist/images/Dockerfile
|
||||
FROM kubeovn/kube-ovn-base:$BASE_TAG AS setcap
|
||||
|
||||
COPY --from=builder /source/dist/images/*.sh /kube-ovn/
|
||||
COPY --from=builder /source/dist/images/kubectl-ko /kube-ovn/kubectl-ko
|
||||
COPY --from=builder /source/dist/images/01-kube-ovn.conflist /kube-ovn/01-kube-ovn.conflist
|
||||
|
||||
COPY --from=builder /source/dist/images/kube-ovn /kube-ovn/kube-ovn
|
||||
COPY --from=builder /source/dist/images/kube-ovn-cmd /kube-ovn/kube-ovn-cmd
|
||||
COPY --from=builder /source/dist/images/kube-ovn-daemon /kube-ovn/kube-ovn-daemon
|
||||
COPY --from=builder /source/dist/images/kube-ovn-controller /kube-ovn/kube-ovn-controller
|
||||
RUN ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-monitor && \
|
||||
ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-speaker && \
|
||||
ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-webhook && \
|
||||
ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-leader-checker && \
|
||||
ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-ic-controller && \
|
||||
ln -s /kube-ovn/kube-ovn-controller /kube-ovn/kube-ovn-pinger && \
|
||||
setcap CAP_NET_BIND_SERVICE+eip /kube-ovn/kube-ovn-cmd && \
|
||||
setcap CAP_NET_RAW,CAP_NET_BIND_SERVICE+eip /kube-ovn/kube-ovn-controller && \
|
||||
setcap CAP_NET_ADMIN,CAP_NET_RAW,CAP_NET_BIND_SERVICE,CAP_SYS_ADMIN+eip /kube-ovn/kube-ovn-daemon
|
||||
|
||||
FROM kubeovn/kube-ovn-base:$BASE_TAG
|
||||
|
||||
COPY --chmod=0644 --from=builder /source/dist/images/logrotate/* /etc/logrotate.d/
|
||||
COPY --from=builder /source/dist/images/grace_stop_ovn_controller /usr/share/ovn/scripts/grace_stop_ovn_controller
|
||||
|
||||
COPY --from=setcap /kube-ovn /kube-ovn
|
||||
RUN /kube-ovn/iptables-wrapper-installer.sh --no-sanity-check
|
||||
|
||||
WORKDIR /kube-ovn
|
||||
|
||||
# Fix https://github.com/kubeovn/kube-ovn/issues/4526
|
||||
RUN setcap CAP_NET_ADMIN,CAP_NET_BIND_SERVICE,CAP_SYS_ADMIN+eip /usr/lib/openvswitch-switch/ovs-vswitchd \
|
||||
&& setcap CAP_NET_ADMIN,CAP_NET_BIND_SERVICE,CAP_SYS_ADMIN+eip /usr/sbin/xtables-legacy-multi \
|
||||
&& setcap CAP_NET_ADMIN,CAP_NET_BIND_SERVICE,CAP_SYS_ADMIN+eip /usr/sbin/xtables-nft-multi \
|
||||
&& setcap CAP_NET_ADMIN,CAP_NET_RAW,CAP_NET_BIND_SERVICE,CAP_SYS_ADMIN+eip /usr/sbin/ipset \
|
||||
&& setcap CAP_NET_ADMIN,CAP_NET_RAW,CAP_SYS_ADMIN+eip /usr/bin/ip
|
||||
ARG VERSION=v1.13.11
|
||||
FROM kubeovn/kube-ovn:${VERSION}
|
||||
|
||||
@@ -3,7 +3,7 @@ diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml b/
|
||||
index d9a9a67..b2e12dd 100644
|
||||
--- a/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml
|
||||
+++ b/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml
|
||||
@@ -51,18 +51,12 @@ spec:
|
||||
@@ -51,18 +51,15 @@ spec:
|
||||
- bash
|
||||
- /kube-ovn/start-cniserver.sh
|
||||
args:
|
||||
@@ -21,6 +21,9 @@ index d9a9a67..b2e12dd 100644
|
||||
- {{ .Values.ipv6.SVC_CIDR }}
|
||||
- {{- end }}
|
||||
+ - --service-cluster-ip-range={{ index $cozyConfig.data "ipv4-svc-cidr" }}
|
||||
+ {{- if .Values.global.logVerbosity }}
|
||||
+ - --v={{ .Values.global.logVerbosity }}
|
||||
+ {{- end }}
|
||||
{{- if eq .Values.networking.NETWORK_TYPE "vlan" }}
|
||||
- --iface=
|
||||
{{- else}}
|
||||
@@ -28,7 +31,7 @@ diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy
|
||||
index 0e69494..756eb7c 100644
|
||||
--- a/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml
|
||||
+++ b/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml
|
||||
@@ -52,46 +52,19 @@ spec:
|
||||
@@ -52,46 +52,22 @@ spec:
|
||||
image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
args:
|
||||
@@ -77,6 +80,9 @@ index 0e69494..756eb7c 100644
|
||||
- {{- end }}
|
||||
+ - --node-switch-cidr={{ index $cozyConfig.data "ipv4-join-cidr" }}
|
||||
+ - --service-cluster-ip-range={{ index $cozyConfig.data "ipv4-svc-cidr" }}
|
||||
+ {{- if .Values.global.logVerbosity }}
|
||||
+ - --v={{ .Values.global.logVerbosity }}
|
||||
+ {{- end }}
|
||||
- --network-type={{- .Values.networking.NETWORK_TYPE }}
|
||||
- --default-provider-name={{ .Values.networking.vlan.PROVIDER_NAME }}
|
||||
- --default-interface-name={{- .Values.networking.vlan.VLAN_INTERFACE_NAME }}
|
||||
|
||||
@@ -22,4 +22,4 @@ global:
|
||||
images:
|
||||
kubeovn:
|
||||
repository: kubeovn
|
||||
tag: v1.13.8@sha256:385329464045cdf5e01364e9f2293edc71065a0910576a8e26ea9ac7097aae71
|
||||
tag: v1.13.11@sha256:bbae091631c3ac6dbdd346c19187322211a9afe397566f601393a2cb338b5aeb
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
export NAME=metallb
|
||||
export NAMESPACE=cozy-$(NAME)
|
||||
|
||||
include ../../../scripts/common-envs.mk
|
||||
include ../../../scripts/package.mk
|
||||
|
||||
update:
|
||||
@@ -9,3 +10,25 @@ update:
|
||||
helm repo update metallb
|
||||
helm pull metallb/metallb --untar --untardir charts
|
||||
rm -rf charts/metallb/charts/frr-k8s
|
||||
|
||||
image-controller image-speaker:
|
||||
$(eval TARGET := $(subst image-,,$@))
|
||||
$(eval VERSION := $(shell yq '.appVersion' charts/metallb/Chart.yaml))
|
||||
docker buildx build images/metallb \
|
||||
--provenance false \
|
||||
--target $(TARGET) \
|
||||
--build-arg VERSION=$(VERSION) \
|
||||
--tag $(REGISTRY)/metallb-$(TARGET):$(VERSION) \
|
||||
--cache-from type=registry,ref=$(REGISTRY)/metallb-$(TARGET):latest \
|
||||
--cache-to type=inline \
|
||||
--metadata-file images/$(TARGET).json \
|
||||
--push=$(PUSH) \
|
||||
--label "org.opencontainers.image.source=https://github.com/cozystack/cozystack"
|
||||
--load=1
|
||||
REPOSITORY="$(REGISTRY)/metallb-$(TARGET)" \
|
||||
yq -i '.metallb.$(TARGET).image.repository = strenv(REPOSITORY)' values.yaml
|
||||
TAG=$(VERSION)@$$(yq e '."containerimage.digest"' images/$(TARGET).json -o json -r) \
|
||||
yq -i '.metallb.$(TARGET).image.tag = strenv(TAG)' values.yaml
|
||||
rm -f images/$(TARGET).json
|
||||
|
||||
image: image-controller image-speaker
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
dependencies:
|
||||
- name: crds
|
||||
repository: ""
|
||||
version: 0.14.8
|
||||
version: 0.14.9
|
||||
- name: frr-k8s
|
||||
repository: https://metallb.github.io/frr-k8s
|
||||
version: 0.0.14
|
||||
digest: sha256:8dff488902a5b504a491bbd1a9ab0983a877ff214e163ed74106c73c939a9aa3
|
||||
generated: "2024-07-23T15:22:40.589621+03:00"
|
||||
version: 0.0.16
|
||||
digest: sha256:20d9a53af12c82d35168e7524ae337341b2c7cb43e2169545185f750a718466e
|
||||
generated: "2024-12-17T15:39:32.082324414+01:00"
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
apiVersion: v2
|
||||
appVersion: v0.14.8
|
||||
appVersion: v0.14.9
|
||||
dependencies:
|
||||
- condition: crds.enabled
|
||||
name: crds
|
||||
repository: ""
|
||||
version: 0.14.8
|
||||
version: 0.14.9
|
||||
- condition: frrk8s.enabled
|
||||
name: frr-k8s
|
||||
repository: https://metallb.github.io/frr-k8s
|
||||
version: 0.0.14
|
||||
version: 0.0.16
|
||||
description: A network load-balancer implementation for Kubernetes using standard
|
||||
routing protocols
|
||||
home: https://metallb.universe.tf
|
||||
@@ -18,4 +18,4 @@ name: metallb
|
||||
sources:
|
||||
- https://github.com/metallb/metallb
|
||||
type: application
|
||||
version: 0.14.8
|
||||
version: 0.14.9
|
||||
|
||||
@@ -17,7 +17,7 @@ Kubernetes: `>= 1.19.0-0`
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| | crds | 0.0.0 |
|
||||
| https://metallb.github.io/frr-k8s | frr-k8s | 0.0.14 |
|
||||
| https://metallb.github.io/frr-k8s | frr-k8s | 0.0.16 |
|
||||
|
||||
## Values
|
||||
|
||||
@@ -79,17 +79,17 @@ Kubernetes: `>= 1.19.0-0`
|
||||
| prometheus.podMonitor.relabelings | list | `[]` | |
|
||||
| prometheus.prometheusRule.additionalLabels | object | `{}` | |
|
||||
| prometheus.prometheusRule.addressPoolExhausted.enabled | bool | `true` | |
|
||||
| prometheus.prometheusRule.addressPoolExhausted.labels.severity | string | `"alert"` | |
|
||||
| prometheus.prometheusRule.addressPoolExhausted.labels.severity | string | `"critical"` | |
|
||||
| prometheus.prometheusRule.addressPoolUsage.enabled | bool | `true` | |
|
||||
| prometheus.prometheusRule.addressPoolUsage.thresholds[0].labels.severity | string | `"warning"` | |
|
||||
| prometheus.prometheusRule.addressPoolUsage.thresholds[0].percent | int | `75` | |
|
||||
| prometheus.prometheusRule.addressPoolUsage.thresholds[1].labels.severity | string | `"warning"` | |
|
||||
| prometheus.prometheusRule.addressPoolUsage.thresholds[1].percent | int | `85` | |
|
||||
| prometheus.prometheusRule.addressPoolUsage.thresholds[2].labels.severity | string | `"alert"` | |
|
||||
| prometheus.prometheusRule.addressPoolUsage.thresholds[2].labels.severity | string | `"critical"` | |
|
||||
| prometheus.prometheusRule.addressPoolUsage.thresholds[2].percent | int | `95` | |
|
||||
| prometheus.prometheusRule.annotations | object | `{}` | |
|
||||
| prometheus.prometheusRule.bgpSessionDown.enabled | bool | `true` | |
|
||||
| prometheus.prometheusRule.bgpSessionDown.labels.severity | string | `"alert"` | |
|
||||
| prometheus.prometheusRule.bgpSessionDown.labels.severity | string | `"critical"` | |
|
||||
| prometheus.prometheusRule.configNotLoaded.enabled | bool | `true` | |
|
||||
| prometheus.prometheusRule.configNotLoaded.labels.severity | string | `"warning"` | |
|
||||
| prometheus.prometheusRule.enabled | bool | `false` | |
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
apiVersion: v2
|
||||
appVersion: v0.14.8
|
||||
appVersion: v0.14.9
|
||||
description: MetalLB CRDs
|
||||
home: https://metallb.universe.tf
|
||||
icon: https://metallb.universe.tf/images/logo/metallb-white.png
|
||||
@@ -7,4 +7,4 @@ name: crds
|
||||
sources:
|
||||
- https://github.com/metallb/metallb
|
||||
type: application
|
||||
version: 0.14.8
|
||||
version: 0.14.9
|
||||
|
||||
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.14.0
|
||||
controller-gen.kubebuilder.io/version: v0.16.3
|
||||
name: bfdprofiles.metallb.io
|
||||
spec:
|
||||
group: metallb.io
|
||||
@@ -123,7 +123,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.14.0
|
||||
controller-gen.kubebuilder.io/version: v0.16.3
|
||||
name: bgpadvertisements.metallb.io
|
||||
spec:
|
||||
group: metallb.io
|
||||
@@ -329,7 +329,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.14.0
|
||||
controller-gen.kubebuilder.io/version: v0.16.3
|
||||
name: bgppeers.metallb.io
|
||||
spec:
|
||||
conversion:
|
||||
@@ -365,6 +365,8 @@ spec:
|
||||
- jsonPath: .spec.ebgpMultiHop
|
||||
name: Multi Hops
|
||||
type: string
|
||||
deprecated: true
|
||||
deprecationWarning: v1beta1 is deprecated, please use v1beta2
|
||||
name: v1beta1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
@@ -526,15 +528,26 @@ spec:
|
||||
default: false
|
||||
description: To set if we want to disable MP BGP that will separate IPv4 and IPv6 route exchanges into distinct BGP sessions.
|
||||
type: boolean
|
||||
dynamicASN:
|
||||
description: |-
|
||||
DynamicASN detects the AS number to use for the remote end of the session
|
||||
without explicitly setting it via the ASN field. Limited to:
|
||||
internal - if the neighbor's ASN is different than MyASN connection is denied.
|
||||
external - if the neighbor's ASN is the same as MyASN the connection is denied.
|
||||
ASN and DynamicASN are mutually exclusive and one of them must be specified.
|
||||
enum:
|
||||
- internal
|
||||
- external
|
||||
type: string
|
||||
ebgpMultiHop:
|
||||
description: To set if the BGPPeer is multi-hops away. Needed for FRR mode only.
|
||||
type: boolean
|
||||
enableGracefulRestart:
|
||||
description: |-
|
||||
EnableGracefulRestart allows BGP peer to continue to forward data packets along
|
||||
known routes while the routing protocol information is being restored.
|
||||
This field is immutable because it requires restart of the BGP session
|
||||
Supported for FRR mode only.
|
||||
EnableGracefulRestart allows BGP peer to continue to forward data packets
|
||||
along known routes while the routing protocol information is being
|
||||
restored. This field is immutable because it requires restart of the BGP
|
||||
session. Supported for FRR mode only.
|
||||
type: boolean
|
||||
x-kubernetes-validations:
|
||||
- message: EnableGracefulRestart cannot be changed after creation
|
||||
@@ -622,7 +635,9 @@ spec:
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
peerASN:
|
||||
description: AS number to expect from the remote end of the session.
|
||||
description: |-
|
||||
AS number to expect from the remote end of the session.
|
||||
ASN and DynamicASN are mutually exclusive and one of them must be specified.
|
||||
format: int32
|
||||
maximum: 4294967295
|
||||
minimum: 0
|
||||
@@ -649,7 +664,6 @@ spec:
|
||||
type: string
|
||||
required:
|
||||
- myASN
|
||||
- peerASN
|
||||
- peerAddress
|
||||
type: object
|
||||
status:
|
||||
@@ -665,7 +679,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.14.0
|
||||
controller-gen.kubebuilder.io/version: v0.16.3
|
||||
name: communities.metallb.io
|
||||
spec:
|
||||
group: metallb.io
|
||||
@@ -730,7 +744,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.14.0
|
||||
controller-gen.kubebuilder.io/version: v0.16.3
|
||||
name: ipaddresspools.metallb.io
|
||||
spec:
|
||||
group: metallb.io
|
||||
@@ -940,7 +954,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.14.0
|
||||
controller-gen.kubebuilder.io/version: v0.16.3
|
||||
name: l2advertisements.metallb.io
|
||||
spec:
|
||||
group: metallb.io
|
||||
@@ -1120,7 +1134,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.14.0
|
||||
controller-gen.kubebuilder.io/version: v0.16.3
|
||||
name: servicel2statuses.metallb.io
|
||||
spec:
|
||||
group: metallb.io
|
||||
|
||||
@@ -84,7 +84,7 @@ spec:
|
||||
- name: METALLB_DEPLOYMENT
|
||||
value: {{ template "metallb.fullname" . }}-controller
|
||||
{{- end }}
|
||||
{{- if .Values.speaker.frr.enabled }}
|
||||
{{- if and .Values.speaker.enabled .Values.speaker.frr.enabled }}
|
||||
- name: METALLB_BGP_TYPE
|
||||
value: frr
|
||||
{{- end }}
|
||||
|
||||
@@ -36,6 +36,7 @@ spec:
|
||||
relabelings:
|
||||
{{- toYaml .Values.prometheus.podMonitor.relabelings | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.speaker.enabled }}
|
||||
---
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: PodMonitor
|
||||
@@ -74,6 +75,7 @@ spec:
|
||||
relabelings:
|
||||
{{- toYaml .Values.prometheus.podMonitor.relabelings | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
---
|
||||
{{- if .Values.prometheus.rbacPrometheus }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
|
||||
@@ -19,8 +19,8 @@ spec:
|
||||
{{- if .Values.prometheus.prometheusRule.staleConfig.enabled }}
|
||||
- alert: MetalLBStaleConfig
|
||||
annotations:
|
||||
message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod
|
||||
}} has a stale config for > 1 minute'`}}
|
||||
summary: {{`'Stale config on {{ $labels.pod }}'`}}
|
||||
description: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod }} has a stale config for > 1 minute'`}}
|
||||
expr: metallb_k8s_client_config_stale_bool{job=~"{{ template "metallb.fullname" . }}.*"} == 1
|
||||
for: 1m
|
||||
{{- with .Values.prometheus.prometheusRule.staleConfig.labels }}
|
||||
@@ -31,8 +31,8 @@ spec:
|
||||
{{- if .Values.prometheus.prometheusRule.configNotLoaded.enabled }}
|
||||
- alert: MetalLBConfigNotLoaded
|
||||
annotations:
|
||||
message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod
|
||||
}} has not loaded for > 1 minute'`}}
|
||||
summary: {{`'Config on {{ $labels.pod }} has not been loaded'`}}
|
||||
description: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod }} has not loaded for > 1 minute'`}}
|
||||
expr: metallb_k8s_client_config_loaded_bool{job=~"{{ template "metallb.fullname" . }}.*"} == 0
|
||||
for: 1m
|
||||
{{- with .Values.prometheus.prometheusRule.configNotLoaded.labels }}
|
||||
@@ -43,8 +43,8 @@ spec:
|
||||
{{- if .Values.prometheus.prometheusRule.addressPoolExhausted.enabled }}
|
||||
- alert: MetalLBAddressPoolExhausted
|
||||
annotations:
|
||||
message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod
|
||||
}} has exhausted address pool {{ $labels.pool }} for > 1 minute'`}}
|
||||
summary: {{`'Exhausted address pool on {{ $labels.pod }}'`}}
|
||||
description: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod }} has exhausted address pool {{ $labels.pool }} for > 1 minute'`}}
|
||||
expr: metallb_allocator_addresses_in_use_total >= on(pool) metallb_allocator_addresses_total
|
||||
for: 1m
|
||||
{{- with .Values.prometheus.prometheusRule.addressPoolExhausted.labels }}
|
||||
@@ -57,8 +57,8 @@ spec:
|
||||
{{- range .Values.prometheus.prometheusRule.addressPoolUsage.thresholds }}
|
||||
- alert: MetalLBAddressPoolUsage{{ .percent }}Percent
|
||||
annotations:
|
||||
message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod
|
||||
}} has address pool {{ $labels.pool }} past `}}{{ .percent }}{{`% usage for > 1 minute'`}}
|
||||
summary: {{`'Exhausted address pool on {{ $labels.pod }}'`}}
|
||||
message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod }} has address pool {{ $labels.pool }} past `}}{{ .percent }}{{`% usage for > 1 minute'`}}
|
||||
expr: ( metallb_allocator_addresses_in_use_total / on(pool) metallb_allocator_addresses_total ) * 100 > {{ .percent }}
|
||||
{{- with .labels }}
|
||||
labels:
|
||||
@@ -69,8 +69,8 @@ spec:
|
||||
{{- if .Values.prometheus.prometheusRule.bgpSessionDown.enabled }}
|
||||
- alert: MetalLBBGPSessionDown
|
||||
annotations:
|
||||
message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod
|
||||
}} has BGP session {{ $labels.peer }} down for > 1 minute'`}}
|
||||
summary: {{`'BGP session down on {{ $labels.pod }}'`}}
|
||||
message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod }} has BGP session {{ $labels.peer }} down for > 1 minute'`}}
|
||||
expr: metallb_bgp_session_up{job=~"{{ template "metallb.fullname" . }}.*"} == 0
|
||||
for: 1m
|
||||
{{- with .Values.prometheus.prometheusRule.bgpSessionDown.labels }}
|
||||
|
||||
@@ -19,11 +19,11 @@ rules:
|
||||
resources: ["events"]
|
||||
verbs: ["create", "patch"]
|
||||
- apiGroups: ["admissionregistration.k8s.io"]
|
||||
resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"]
|
||||
resources: ["validatingwebhookconfigurations"]
|
||||
resourceNames: ["metallb-webhook-configuration"]
|
||||
verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
|
||||
- apiGroups: ["admissionregistration.k8s.io"]
|
||||
resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"]
|
||||
resources: ["validatingwebhookconfigurations"]
|
||||
verbs: ["list", "watch"]
|
||||
- apiGroups: ["apiextensions.k8s.io"]
|
||||
resources: ["customresourcedefinitions"]
|
||||
@@ -41,6 +41,7 @@ rules:
|
||||
resources: ["subjectaccessreviews"]
|
||||
verbs: ["create"]
|
||||
{{- end }}
|
||||
{{- if .Values.speaker.enabled }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
@@ -72,7 +73,7 @@ rules:
|
||||
{{- if or .Values.frrk8s.enabled .Values.frrk8s.external }}
|
||||
- apiGroups: ["frrk8s.metallb.io"]
|
||||
resources: ["frrconfigurations"]
|
||||
verbs: ["get", "list", "watch","create","update"]
|
||||
verbs: ["get", "list", "watch","create","update","delete"]
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
@@ -109,6 +110,7 @@ rules:
|
||||
- apiGroups: ["metallb.io"]
|
||||
resources: ["communities"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
@@ -117,7 +119,7 @@ metadata:
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "metallb.labels" . | nindent 4 }}
|
||||
rules:
|
||||
{{- if .Values.speaker.memberlist.enabled }}
|
||||
{{- if and .Values.speaker.enabled .Values.speaker.memberlist.enabled }}
|
||||
- apiGroups: [""]
|
||||
resources: ["secrets"]
|
||||
verbs: ["create", "get", "list", "watch"]
|
||||
@@ -166,6 +168,7 @@ roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ template "metallb.fullname" . }}:controller
|
||||
{{- if .Values.speaker.enabled }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
@@ -195,6 +198,7 @@ roleRef:
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "metallb.speaker.serviceAccountName" . }}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
|
||||
@@ -13,7 +13,7 @@ metadata:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.speaker.serviceAccount.create }}
|
||||
{{- if and .Values.speaker.enabled .Values.speaker.serviceAccount.create }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
|
||||
@@ -1,4 +1,9 @@
|
||||
{{- if and .Values.prometheus.serviceMonitor.enabled .Values.prometheus.podMonitor.enabled }}
|
||||
{{- fail "prometheus.serviceMonitor.enabled and prometheus.podMonitor.enabled cannot both be set" }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.prometheus.serviceMonitor.enabled }}
|
||||
{{- if .Values.speaker.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
@@ -89,6 +94,7 @@ spec:
|
||||
{{- end }}
|
||||
sessionAffinity: None
|
||||
type: ClusterIP
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
@@ -97,7 +103,6 @@ metadata:
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels:
|
||||
{{- include "metallb.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: speaker
|
||||
{{- if .Values.prometheus.serviceMonitor.controller.additionalLabels }}
|
||||
{{ toYaml .Values.prometheus.serviceMonitor.controller.additionalLabels | indent 4 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -42,7 +42,7 @@ prometheus:
|
||||
# certificate to be used.
|
||||
controllerMetricsTLSSecret: ""
|
||||
|
||||
# prometheus doens't have the permission to scrape all namespaces so we give it permission to scrape metallb's one
|
||||
# prometheus doesn't have the permission to scrape all namespaces so we give it permission to scrape metallb's one
|
||||
rbacPrometheus: true
|
||||
|
||||
# the service account used by prometheus
|
||||
@@ -64,7 +64,7 @@ prometheus:
|
||||
# enable support for Prometheus Operator
|
||||
enabled: false
|
||||
|
||||
# optional additionnal labels for podMonitors
|
||||
# optional additional labels for podMonitors
|
||||
additionalLabels: {}
|
||||
|
||||
# optional annotations for podMonitors
|
||||
@@ -143,7 +143,7 @@ prometheus:
|
||||
# enable alertmanager alerts
|
||||
enabled: false
|
||||
|
||||
# optional additionnal labels for prometheusRules
|
||||
# optional additional labels for prometheusRules
|
||||
additionalLabels: {}
|
||||
|
||||
# optional annotations for prometheusRules
|
||||
@@ -165,7 +165,7 @@ prometheus:
|
||||
addressPoolExhausted:
|
||||
enabled: true
|
||||
labels:
|
||||
severity: alert
|
||||
severity: critical
|
||||
|
||||
addressPoolUsage:
|
||||
enabled: true
|
||||
@@ -178,13 +178,13 @@ prometheus:
|
||||
severity: warning
|
||||
- percent: 95
|
||||
labels:
|
||||
severity: alert
|
||||
severity: critical
|
||||
|
||||
# MetalLBBGPSessionDown
|
||||
bgpSessionDown:
|
||||
enabled: true
|
||||
labels:
|
||||
severity: alert
|
||||
severity: critical
|
||||
|
||||
extraAlerts: []
|
||||
|
||||
|
||||
87
packages/system/metallb/images/metallb/Dockerfile
Normal file
87
packages/system/metallb/images/metallb/Dockerfile
Normal file
@@ -0,0 +1,87 @@
|
||||
# syntax=docker/dockerfile:1.2
|
||||
|
||||
FROM --platform=$BUILDPLATFORM docker.io/golang:1.22.7 AS builder
|
||||
|
||||
ARG VERSION
|
||||
ARG GIT_COMMIT=dev
|
||||
ARG GIT_BRANCH=dev
|
||||
ARG TARGETARCH
|
||||
ARG TARGETOS
|
||||
ARG TARGETPLATFORM
|
||||
|
||||
WORKDIR /go/go.universe.tf/metallb
|
||||
|
||||
RUN --mount=type=cache,target=/go/pkg/mod \
|
||||
curl -sSL https://github.com/metallb/metallb/archive/refs/tags/${VERSION}.tar.gz \
|
||||
| tar -xzvf- --strip=1
|
||||
|
||||
RUN curl -sSLO https://github.com/metallb/metallb/pull/2726.diff && \
|
||||
git apply 2726.diff
|
||||
|
||||
RUN --mount=type=cache,target=/go/pkg/mod \
|
||||
--mount=type=cache,target=/root/.cache/go-build \
|
||||
go mod download -x
|
||||
|
||||
RUN case ${TARGETPLATFORM} in \
|
||||
"linux/arm/v6") export VARIANT="6" ;; \
|
||||
"linux/arm/v7") export VARIANT="7" ;; \
|
||||
*) export VARIANT="" ;; \
|
||||
esac && \
|
||||
CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH GOARM=$VARIANT \
|
||||
go build -v -o /build/controller \
|
||||
-ldflags "-X 'go.universe.tf/metallb/internal/version.gitCommit=${GIT_COMMIT}' \
|
||||
-X 'go.universe.tf/metallb/internal/version.gitBranch=${GIT_BRANCH}'" \
|
||||
./controller \
|
||||
&& \
|
||||
CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH GOARM=$VARIANT \
|
||||
go build -v -o /build/frr-metrics \
|
||||
-ldflags "-X 'go.universe.tf/metallb/internal/version.gitCommit=${GIT_COMMIT}' \
|
||||
-X 'go.universe.tf/metallb/internal/version.gitBranch=${GIT_BRANCH}'" \
|
||||
frr-tools/metrics/exporter.go \
|
||||
&& \
|
||||
CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH GOARM=$VARIANT \
|
||||
go build -v -o /build/cp-tool \
|
||||
-ldflags "-X 'go.universe.tf/metallb/internal/version.gitCommit=${GIT_COMMIT}' \
|
||||
-X 'go.universe.tf/metallb/internal/version.gitBranch=${GIT_BRANCH}'" \
|
||||
frr-tools/cp-tool/cp-tool.go \
|
||||
&& \
|
||||
CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH GOARM=$VARIANT \
|
||||
go build -v -o /build/speaker \
|
||||
-ldflags "-X 'go.universe.tf/metallb/internal/version.gitCommit=${GIT_COMMIT}' \
|
||||
-X 'go.universe.tf/metallb/internal/version.gitBranch=${GIT_BRANCH}'" \
|
||||
./speaker
|
||||
|
||||
FROM gcr.io/distroless/static:latest as controller
|
||||
|
||||
COPY --from=builder /build/controller /controller
|
||||
|
||||
LABEL org.opencontainers.image.authors="metallb" \
|
||||
org.opencontainers.image.url="https://github.com/metallb/metallb" \
|
||||
org.opencontainers.image.documentation="https://metallb.universe.tf" \
|
||||
org.opencontainers.image.source="https://github.com/cozystack/cozystack" \
|
||||
org.opencontainers.image.vendor="metallb" \
|
||||
org.opencontainers.image.licenses="Apache-2.0" \
|
||||
org.opencontainers.image.description="Metallb Controller" \
|
||||
org.opencontainers.image.title="controller" \
|
||||
org.opencontainers.image.base.name="gcr.io/distroless/static:latest"
|
||||
|
||||
ENTRYPOINT ["/controller"]
|
||||
|
||||
FROM gcr.io/distroless/static:latest as speaker
|
||||
|
||||
COPY --from=builder /build/cp-tool /cp-tool
|
||||
COPY --from=builder /build/speaker /speaker
|
||||
COPY --from=builder /build/frr-metrics /frr-metrics
|
||||
COPY --from=builder /go/go.universe.tf/metallb/frr-tools/reloader/frr-reloader.sh /frr-reloader.sh
|
||||
|
||||
LABEL org.opencontainers.image.authors="metallb" \
|
||||
org.opencontainers.image.url="https://github.com/metallb/metallb" \
|
||||
org.opencontainers.image.documentation="https://metallb.universe.tf" \
|
||||
org.opencontainers.image.source="https://github.com/cozystack/cozystack" \
|
||||
org.opencontainers.image.vendor="metallb" \
|
||||
org.opencontainers.image.licenses="Apache-2.0" \
|
||||
org.opencontainers.image.description="Metallb speaker" \
|
||||
org.opencontainers.image.title="speaker" \
|
||||
org.opencontainers.image.base.name="gcr.io/distroless/static:latest"
|
||||
|
||||
ENTRYPOINT ["/speaker"]
|
||||
@@ -1,6 +1,11 @@
|
||||
metallb:
|
||||
crds:
|
||||
enabled: true
|
||||
|
||||
#speaker:
|
||||
# tolerateMaster: false
|
||||
controller:
|
||||
image:
|
||||
repository: ghcr.io/cozystack/cozystack/metallb-controller
|
||||
tag: v0.14.9@sha256:9ae0502f353360bdfe1785871789fc4124f528ab2f94a6ead20479d9d322a423
|
||||
speaker:
|
||||
image:
|
||||
repository: ghcr.io/cozystack/cozystack/metallb-speaker
|
||||
tag: v0.14.9@sha256:64ce9f2c8d351df5054a4a92cce1728589e6570dc0749043311cddd0356871c2
|
||||
|
||||
Reference in New Issue
Block a user