From 6fd3e765b75c905d279b2b0b757517510de4547f Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Mon, 26 Aug 2024 10:26:28 +1000 Subject: [PATCH] add infra app metallb --- .../metallb-conf/env/k3s-cluster/config.json | 12 + .../env/k3s-cluster/kustomization.yaml | 8 + .../metallb-conf/env/k3s-cluster/values.yaml | 7 + infrastructures/metallb-conf/values.yaml | 1157 +++++++++++++++++ .../env/k3s-cluster/templates/metallb.yaml | 9 + 5 files changed, 1193 insertions(+) create mode 100644 infrastructures/metallb-conf/env/k3s-cluster/config.json create mode 100644 infrastructures/metallb-conf/env/k3s-cluster/kustomization.yaml create mode 100644 infrastructures/metallb-conf/env/k3s-cluster/values.yaml create mode 100644 infrastructures/metallb-conf/values.yaml create mode 100644 resources/namespaces/env/k3s-cluster/templates/metallb.yaml diff --git a/infrastructures/metallb-conf/env/k3s-cluster/config.json b/infrastructures/metallb-conf/env/k3s-cluster/config.json new file mode 100644 index 0000000..1083b3b --- /dev/null +++ b/infrastructures/metallb-conf/env/k3s-cluster/config.json @@ -0,0 +1,12 @@ +{ + "appName": "metallb", + "userGivenName": "metallb", + "namespace": "metallb", + "destNamespace": "metallb", + "destServer": "https://kubernetes.default.svc", + "srcPath": "infrastructures/metallb/env/k3s-cluster", + "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git", + "srcTargetRevision": "", + "labels": null, + "annotations": null +} \ No newline at end of file diff --git a/infrastructures/metallb-conf/env/k3s-cluster/kustomization.yaml b/infrastructures/metallb-conf/env/k3s-cluster/kustomization.yaml new file mode 100644 index 0000000..a75e522 --- /dev/null +++ b/infrastructures/metallb-conf/env/k3s-cluster/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +helmCharts: + - name: metallb + repo: oci://registry-1.docker.io/bitnamicharts + version: 6.3.10 + releaseName: metallb + valuesFile: values.yaml \ No newline at end of file diff --git a/infrastructures/metallb-conf/env/k3s-cluster/values.yaml b/infrastructures/metallb-conf/env/k3s-cluster/values.yaml new file mode 100644 index 0000000..728094a --- /dev/null +++ b/infrastructures/metallb-conf/env/k3s-cluster/values.yaml @@ -0,0 +1,7 @@ +namespaceOverride: "metallb" +controller: + podSecurityContext: + fsGroup: 1000 + containerSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 diff --git a/infrastructures/metallb-conf/values.yaml b/infrastructures/metallb-conf/values.yaml new file mode 100644 index 0000000..1090f64 --- /dev/null +++ b/infrastructures/metallb-conf/values.yaml @@ -0,0 +1,1157 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + ## Compatibility adaptations for Kubernetes platforms + ## + compatibility: + ## Compatibility adaptations for Openshift + ## + openshift: + ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) + ## + adaptSecurityContext: auto +## @section Common parameters + +## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) +## +kubeVersion: "" +## @param nameOverride String to partially override metallb.fullname include (will maintain the release name) +## +nameOverride: "" +## @param fullnameOverride String to fully override metallb.fullname template +## +fullnameOverride: "" +## @param commonLabels Add labels to all the deployed resources +## +commonLabels: {} +## @param commonAnnotations Add annotations to all the deployed resources +## +commonAnnotations: {} +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] +## Enable diagnostic mode in the deployment(s)/statefulset(s) +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers in the the deployment(s)/statefulset(s) + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers in the the deployment(s)/statefulset(s) + ## + args: + - infinity +## @param installCRDs Flag to install metallb CRDs +## +installCRDs: true +## @section MetalLB parameters + +## RBAC creation for controller and speaker +## +rbac: + ## @param rbac.create Specifies whether to install and use RBAC rules + ## + create: true +## PSP creation for controller and speaker +## +psp: + ## @param psp.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later + ## + create: false +## Network Policy configuration +## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ +## +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: true + ## @param networkPolicy.allowExternal The Policy model to apply + ## When set to false, only pods with the correct client label will have network access to the ports MetalLB is + ## listening on. When true, MetalLB will accept connections from any source (with the correct destination port). + ## + allowExternal: true + ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) + ## + kubeAPIServerPorts: [443, 6443, 8443] + ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraIngress: [] + ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} +## Prometheus Operator alertmanager alerts +## +## @param prometheusRule.enabled Prometheus Operator alertmanager alerts are created +## +prometheusRule: + enabled: false +## @section Controller parameters + +## MetalLB Controller deployment. +## ref: https://hub.docker.com/r/bitnami/metallb-controller/tags +## +controller: + ## @param controller.image.registry [default: REGISTRY_NAME] MetalLB Controller image registry + ## @param controller.image.repository [default: REPOSITORY_NAME/metallb-controller] MetalLB Controller image repository + ## @skip controller.image.tag MetalLB Controller image tag (immutable tags are recommended) + ## @param controller.image.digest MetalLB Controller image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param controller.image.pullPolicy MetalLB Controller image pull policy + ## @param controller.image.pullSecrets Specify docker-registry secret names as an array + ## + image: + registry: docker.io + repository: bitnami/metallb-controller + tag: 0.14.8-debian-12-r3 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param controller.updateStrategy.type MetalLB controller deployment strategy type. + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy + ## e.g: + ## updateStrategy: + ## type: RollingUpdate + ## rollingUpdate: + ## maxSurge: 25% + ## maxUnavailable: 25% + ## + updateStrategy: + type: RollingUpdate + ## @param controller.automountServiceAccountToken Mount Service Account token in pod + ## + automountServiceAccountToken: true + ## @param controller.hostAliases Deployment pod host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## If global .Values.rbac.create is disabled no rbac is created. + ## This value is then meaningless + ## Defines if the controller rbac should be created. + ## + rbac: + ## @param controller.rbac.create create specifies whether to install and use RBAC rules. + ## + create: true + ## If global .Values.psp.create is disabled no psp is created. + ## This value is then meaningless + ## Defines if the controller psp should be created. + ## + psp: + ## @param controller.psp.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later + ## + create: true + ## @param controller.priorityClassName MetalLB controller pods' priorityClassName + ## + priorityClassName: "" + ## @param controller.runtimeClassName Name of the runtime class to be used by MetalLB controller pod(s) + ## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ + ## + runtimeClassName: "" + ## @param controller.schedulerName Name of the k8s scheduler (other than default) + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param controller.terminationGracePeriodSeconds In seconds, time the given to the MetalLB controller pod needs to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + ## + terminationGracePeriodSeconds: 0 + ## @param controller.topologySpreadConstraints Topology Spread Constraints for pod assignment + ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## The value is evaluated as a template + ## + topologySpreadConstraints: [] + ## Controller container resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param controller.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if controller.resources is set (controller.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param controller.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## @param controller.nodeSelector Node labels for controller pod assignment + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + ## + nodeSelector: {} + ## @param controller.tolerations Tolerations for controller pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param controller.affinity Affinity for controller pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + ## @param controller.podAnnotations Controller Pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param controller.podLabels Controller Pod labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param controller.podAffinityPreset Controller Pod affinitypreset. Allowed values: soft, hard + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param controller.podAntiAffinityPreset Controller Pod anti affinitypreset. Allowed values: soft, hard + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## Allowed values: soft, hard + ## + nodeAffinityPreset: + ## @param controller.nodeAffinityPreset.type Controller Pod Node affinity preset. Allowed values: soft, hard + ## + type: "" + ## @param controller.nodeAffinityPreset.key Controller Pod Node affinity label key to match + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param controller.nodeAffinityPreset.values Controller Pod Node affinity label values to match + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## Configure Pods Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param controller.podSecurityContext.enabled Enabled MetalLB Controller pods' Security Context + ## @param controller.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param controller.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param controller.podSecurityContext.supplementalGroups Set filesystem extra groups + ## @param controller.podSecurityContext.fsGroup Set MetalLB Controller pod's Security Context fsGroup + ## + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param controller.containerSecurityContext.enabled Enabled MetalLB Controller containers' Security Context + ## @param controller.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param controller.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param controller.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup + ## @param controller.containerSecurityContext.runAsNonRoot Set MetalLB Controller container's Security Context runAsNonRoot + ## @param controller.containerSecurityContext.allowPrivilegeEscalation Enables privilege Escalation context for the pod. + ## @param controller.containerSecurityContext.readOnlyRootFilesystem Allows the pod to mount the RootFS as ReadOnly + ## @param controller.containerSecurityContext.capabilities.drop [array] Drop capabilities for the securityContext + ## @param controller.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile + ## + containerSecurityContext: + enabled: true + seLinuxOptions: null + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + seccompProfile: + type: "RuntimeDefault" + ## @param controller.command Override default container command (useful when using custom images) + ## + command: [] + ## @param controller.args Override default container args (useful when using custom images) + ## + args: [] + ## @param controller.lifecycleHooks for the MetalLB Controller container(s) to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param controller.extraEnvVars Extra environment variable to pass to the running container. + ## For example: + ## extraEnvVars: + ## - name: MY_ENV_VAR + ## value: env_var_value + ## + extraEnvVars: [] + ## @param controller.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for MetalLB controller nodes + ## + extraEnvVarsCM: "" + ## @param controller.extraEnvVarsSecret Name of existing Secret containing extra env vars for MetalLB controller nodes + ## + extraEnvVarsSecret: "" + ## @param controller.extraVolumes Optionally specify extra list of additional volumes for the MetalLB controller pod(s) + ## + extraVolumes: [] + ## @param controller.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the MetalLB controller container(s) + ## + extraVolumeMounts: [] + ## @param controller.sidecars Add additional sidecar containers to the MetalLB Controller pod(s) + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param controller.initContainers Add additional init containers to the MetalLB Controller pod(s) + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] + ## Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb + ## @param controller.pdb.create Enable/disable a Pod Disruption Budget creation + ## @param controller.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled + ## @param controller.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `controller.pdb.minAvailable` and `controller.pdb.maxUnavailable` are empty. + ## + pdb: + create: true + minAvailable: "" + maxUnavailable: "" + ## Pods Service Account + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## @param controller.serviceAccount.create Specifies whether a ServiceAccount should be created + ## @param controller.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. + ## @param controller.serviceAccount.automountServiceAccountToken Automount service account token for the server service account + ## @param controller.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`. + ## + serviceAccount: + create: true + name: "" + automountServiceAccountToken: false + annotations: {} + ## @param controller.revisionHistoryLimit Configure the revisionHistoryLimit of the Controller deployment + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#revision-history-limit + ## + revisionHistoryLimit: 3 + ## @param controller.containerPorts.metrics Configures the ports the MetalLB Controller listens on for metrics + ## + containerPorts: + metrics: 7472 + ## Liveness probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param controller.livenessProbe.enabled Enable livenessProbe + ## @param controller.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param controller.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param controller.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param controller.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param controller.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + ## Readiness probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param controller.readinessProbe.enabled Enable readinessProbe + ## @param controller.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param controller.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param controller.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param controller.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param controller.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + ## Startup probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param controller.startupProbe.enabled Enable startupProbe + ## @param controller.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param controller.startupProbe.periodSeconds Period seconds for startupProbe + ## @param controller.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param controller.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param controller.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + ## @param controller.customStartupProbe Custom liveness probe for the Web component + ## + customStartupProbe: {} + ## @param controller.customLivenessProbe Custom liveness probe for the Web component + ## + customLivenessProbe: {} + ## @param controller.customReadinessProbe Custom readiness probe for the Web component + ## + customReadinessProbe: {} + ## @param controller.logLevel Sets the controller log level. Does not work if the args are overridden + ## + logLevel: info + ## @param controller.tlsMinVersion Sets the minimum TLS version for the controller + ## e.g: + ## namespace: VersionTLS12 + ## + tlsMinVersion: "" + ## @param controller.tlsCipherSuites Comma separated list of TLS cipher suites for the controller + ## + tlsCipherSuites: "" + ## @param controller.webhookMode Controller webhook mode + ## Allowed values: enabled, disabled or only webhook if we want the controller to act as webhook endpoint only + ## + webhookMode: enabled + ## @param controller.extraArgs Add extra arguments to the default arguments for the controller + ## + extraArgs: [] + ## @section MetalLB controller Prometheus metrics export + ## + metrics: + ## @param controller.metrics.enabled Enable the export of Prometheus metrics + ## + enabled: false + ## Prometheus Exporter service parameters + ## + service: + ## @param controller.metrics.service.port Prometheus metrics service port + ## + port: 7472 + ## @param controller.metrics.service.annotations [object] Annotations for the Prometheus Exporter service service + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "7472" + prometheus.io/path: "/metrics" ## Prometheus Operator service monitors + ## + serviceMonitor: + ## @param controller.metrics.serviceMonitor.enabled Specify if a servicemonitor will be deployed for prometheus-operator + ## + enabled: false + ## @param controller.metrics.serviceMonitor.namespace Namespace which Prometheus is running in + ## e.g: + ## namespace: monitoring + ## + namespace: "" + ## @param controller.metrics.serviceMonitor.jobLabel Specify the jobLabel to use for the prometheus-operator + ## + jobLabel: "app.kubernetes.io/name" + ## @param controller.metrics.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used + ## + interval: "" + ## @param controller.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + scrapeTimeout: "" + ## @param controller.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics + ## + metricRelabelings: [] + ## @param controller.metrics.serviceMonitor.relabelings Specify general relabeling + ## + relabelings: [] + ## @param controller.metrics.serviceMonitor.selector ServiceMonitor selector labels + ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration + ## + ## selector: + ## prometheus: my-prometheus + ## + selector: {} + ## @param controller.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor + ## + labels: {} + ## @param controller.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels + ## + honorLabels: false +## @section Speaker parameters + +## MetalLB Speaker daemonset. +## ref: https://hub.docker.com/r/bitnami/metallb-speaker/tags +## +speaker: + ## @param speaker.enabled Whether to enable BGP speakers or not + ## ref: https://metallb.universe.tf/configuration/calico/#the-easy-way + ## Some CNI implementations (e.g. Calico) does not require speakers + ## + enabled: true + ## @param speaker.image.registry [default: REGISTRY_NAME] MetalLB Speaker image registry + ## @param speaker.image.repository [default: REPOSITORY_NAME/metallb-speaker] MetalLB Speaker image repository + ## @skip speaker.image.tag MetalLB Speaker image tag (immutable tags are recommended) + ## @param speaker.image.digest MetalLB Speaker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param speaker.image.pullPolicy MetalLB Speaker image pull policy + ## @param speaker.image.pullSecrets Specify docker-registry secret names as an array + ## + image: + registry: docker.io + repository: bitnami/metallb-speaker + tag: 0.14.8-debian-12-r3 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param speaker.updateStrategy.type Speaker daemonset strategy type + ## ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/ + ## + updateStrategy: + ## StrategyType + ## Can be set to RollingUpdate or OnDelete + ## + type: RollingUpdate + ## If global .Values.rbac.create is disabled no rbac is created. + ## This value is then meaningless + ## Defines if the speaker rbac should be created. + ## + rbac: + ## @param speaker.rbac.create create specifies whether to install and use RBAC rules. + ## + create: true + ## @param speaker.automountServiceAccountToken Mount Service Account token in pod + ## + automountServiceAccountToken: true + ## Network Policy configuration + ## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ + ## + networkPolicy: + ## @param speaker.networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: true + ## @param speaker.networkPolicy.allowExternal The Policy model to apply + ## When set to false, only pods with the correct client label will have network access to the ports MetalLB is + ## listening on. When true, MetalLB will accept connections from any source (with the correct destination port). + ## + allowExternal: true + ## @param speaker.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param speaker.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) + ## + kubeAPIServerPorts: [443, 6443, 8443] + ## @param speaker.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraIngress: [] + ## @param speaker.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param speaker.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param speaker.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} + ## @param speaker.hostAliases Deployment pod host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## If global .Values.psp.create is disabled no psp is created. + ## This value is then meaningless + ## Defines if the speaker psp should be created. + ## + psp: + ## @param speaker.psp.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later + ## + create: true + ## @param speaker.priorityClassName Speaker pods' priorityClassName + ## + priorityClassName: "" + ## @param speaker.runtimeClassName Name of the runtime class to be used by Speaker pod(s) + ## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ + ## + runtimeClassName: "" + ## @param speaker.terminationGracePeriodSeconds In seconds, time the given to the Speaker pod needs to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + ## + terminationGracePeriodSeconds: 2 + ## Speaker container resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param speaker.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if speaker.resources is set (speaker.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param speaker.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## @param speaker.nodeSelector Node labels for speaker pod assignment + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + ## + nodeSelector: {} + ## @param speaker.tolerations Tolerations for speaker pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param speaker.affinity Affinity for speaker pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + ## Node speaker.affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param speaker.nodeAffinityPreset.type Node affinity preset type. Ignored if `speaker.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param speaker.nodeAffinityPreset.key Node label key to match. Ignored if `speaker.affinity` is set + ## + key: "" + ## @param speaker.nodeAffinityPreset.values Node label values to match. Ignored if `speaker.affinity` is set + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param speaker.podAffinityPreset Pod affinity preset. Ignored if `speaker.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param speaker.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `speaker.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## @param speaker.podAnnotations Speaker Pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param speaker.podLabels Speaker Pod labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## Configure Pods Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param speaker.podSecurityContext.enabled Enabled Speaker pods' Security Context + ## @param speaker.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param speaker.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param speaker.podSecurityContext.supplementalGroups Set filesystem extra groups + ## @param speaker.podSecurityContext.fsGroup Set Speaker pod's Security Context fsGroup + ## + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 0 + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param speaker.containerSecurityContext.enabled Enabled Speaker containers' Security Context + ## @param speaker.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param speaker.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param speaker.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup + ## @param speaker.containerSecurityContext.allowPrivilegeEscalation Enables privilege Escalation context for the pod. + ## @param speaker.containerSecurityContext.readOnlyRootFilesystem Allows the pod to mount the RootFS as ReadOnly + ## @param speaker.containerSecurityContext.capabilities.drop [array] Drop capabilities for the securityContext. You need to comment out this block if you would like to use `tcpdump` for debugging purposes. + ## @param speaker.containerSecurityContext.capabilities.add [array] Add capabilities for the securityContext + ## @param speaker.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile + ## + containerSecurityContext: + enabled: true + seLinuxOptions: null + runAsUser: 0 + runAsGroup: 0 + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + # In order to use `tcpdump` you would need to comment out the `drop` block + drop: + - ALL + add: + - NET_ADMIN + - NET_RAW + - SYS_ADMIN + seccompProfile: + type: "RuntimeDefault" + ## @param speaker.command Override default container command (useful when using custom images) + ## + command: [] + ## @param speaker.args Override default container args (useful when using custom images) + ## + args: [] + ## @param speaker.lifecycleHooks for the Speaker container(s) to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param speaker.sidecars Add additional sidecar containers to the Speaker pod(s) + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param speaker.initContainers Add additional init containers to the Speaker pod(s) + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] + ## Pods Service Account + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## @param speaker.serviceAccount.create Specifies whether a ServiceAccount should be created + ## @param speaker.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. + ## @param speaker.serviceAccount.automountServiceAccountToken Automount service account token for the server service account + ## @param speaker.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`. + ## + serviceAccount: + create: true + name: "" + automountServiceAccountToken: false + annotations: {} + ## Defines a secret to use outside of the auto generate + ## @param speaker.secretName References a Secret name for the member secret outside of the helm chart + ## @param speaker.secretKey References a Secret key the member secret outside of the helm chart + ## @param speaker.secretValue Custom value for `speaker.secretKey` + ## Default: {{ randAlphaNum 256 | b64enc | quote }} + ## The auto generated secret has: + ## secretName: {{ "common.names.fullname" }}-memberlist + ## secretKey: secretkey + ## secretValue: random 256 character alphanumeric string + ## + secretName: "" + secretKey: "" + secretValue: "" + ## @param speaker.extraEnvVars Extra environment variable to pass to the running container. + ## For example: + ## extraEnvVars: + ## - name: MY_ENV_VAR + ## value: env_var_value + ## + extraEnvVars: [] + ## @param speaker.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Speaker nodes + ## + extraEnvVarsCM: "" + ## @param speaker.extraEnvVarsSecret Name of existing Secret containing extra env vars for Speaker nodes + ## + extraEnvVarsSecret: "" + ## @param speaker.extraVolumes Optionally specify extra list of additional volumes for the Speaker pod(s) + ## + extraVolumes: [] + ## @param speaker.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Speaker container(s) + ## + extraVolumeMounts: [] + ## @param speaker.containerPorts.metrics HTTP Metrics Endpoint + ## + containerPorts: + metrics: 7472 + ## Liveness probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param speaker.livenessProbe.enabled Enable livenessProbe + ## @param speaker.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param speaker.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param speaker.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param speaker.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param speaker.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + ## Readiness probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param speaker.readinessProbe.enabled Enable readinessProbe + ## @param speaker.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param speaker.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param speaker.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param speaker.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param speaker.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + ## Startup probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param speaker.startupProbe.enabled Enable startupProbe + ## @param speaker.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param speaker.startupProbe.periodSeconds Period seconds for startupProbe + ## @param speaker.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param speaker.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param speaker.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + ## @param speaker.customStartupProbe Custom liveness probe for the Web component + ## + customStartupProbe: {} + ## @param speaker.customLivenessProbe Custom liveness probe for the Web component + ## + customLivenessProbe: {} + ## @param speaker.customReadinessProbe Custom readiness probe for the Web component + ## + customReadinessProbe: {} + ## @param speaker.logLevel Sets the speaker log level. Does not work if the args are overridden + ## + logLevel: "info" + ## @section FRR Speaker + frr: + ## @param speaker.frr.enabled Whether to enable FRR mode + ## ref: https://metallb.universe.tf/concepts/bgp/#frr-mode + ## + enabled: false + image: + ## @param speaker.frr.image.registry [default: REGISTRY_NAME] MetalLB Speaker image registry + ## @param speaker.frr.image.repository [default: REPOSITORY_NAME/metallb-speaker] MetalLB Speaker image repository + ## @skip speaker.frr.image.tag MetalLB Speaker image tag (immutable tags are recommended) + ## @param speaker.frr.image.digest MetalLB Speaker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param speaker.frr.image.pullPolicy MetalLB Speaker image pull policy + ## @param speaker.frr.image.pullSecrets Specify docker-registry secret names as an array + ## + registry: docker.io + repository: bitnami/metallb-speaker + tag: 0.14.8-debian-12-r3 + digest: "" + pullPolicy: IfNotPresent + pullSecrets: [] + ## Speaker container resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param speaker.frr.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if speaker.resources is set (speaker.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "micro" + ## @param speaker.frr.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param speaker.frr.containerSecurityContext.enabled Enabled Speaker containers' Security Context + ## @param speaker.frr.containerSecurityContext.capabilities.add [array] Add capabilities for the securityContext + ## @param speaker.frr.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param speaker.frr.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup + containerSecurityContext: + enabled: true + runAsUser: 0 + runAsGroup: 0 + capabilities: + add: + - NET_ADMIN + - NET_RAW + - SYS_ADMIN + - NET_BIND_SERVICE + ## @param speaker.frr.containerPorts.metrics HTTP Metrics Endpoint + ## + containerPorts: + metrics: 7473 + ## @section FRR Speaker Prometheus metrics export + metrics: + ## Prometheus Exporter service parameters + ## + service: + ## @param speaker.frr.metrics.service.port Prometheus metrics service port + ## + port: 7473 + ## @param speaker.frr.metrics.service.annotations [object] Annotations for the Prometheus Exporter service service + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "7473" + prometheus.io/path: "/metrics" + ## Prometheus Operator service monitors + ## + serviceMonitor: + ## @param speaker.frr.metrics.serviceMonitor.enabled Enable support for Prometheus Operator + ## + enabled: false + ## @param speaker.frr.metrics.serviceMonitor.namespace Namespace which Prometheus is running in + ## e.g: + ## namespace: monitoring + ## + namespace: "" + ## @param speaker.frr.metrics.serviceMonitor.jobLabel Job label for scrape target + ## + jobLabel: "app.kubernetes.io/name" + ## @param speaker.frr.metrics.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used + ## + interval: "" + ## @param speaker.frr.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + scrapeTimeout: "" + ## @param speaker.frr.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics + ## + metricRelabelings: [] + ## @param speaker.frr.metrics.serviceMonitor.relabelings Specify general relabeling + ## + relabelings: [] + ## @param speaker.frr.metrics.serviceMonitor.selector ServiceMonitor selector labels + ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration + ## + ## selector: + ## prometheus: my-prometheus + ## + selector: {} + ## @param speaker.frr.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor + ## + labels: {} + ## @param speaker.frr.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels + ## + honorLabels: false + + ## Liveness probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param speaker.frr.livenessProbe.enabled Enable livenessProbe + ## @param speaker.frr.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param speaker.frr.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param speaker.frr.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param speaker.frr.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param speaker.frr.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + ## Readiness probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param speaker.frr.readinessProbe.enabled Enable readinessProbe + ## @param speaker.frr.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param speaker.frr.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param speaker.frr.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param speaker.frr.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param speaker.frr.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + ## Startup probe values + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param speaker.frr.startupProbe.enabled Enable startupProbe + ## @param speaker.frr.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param speaker.frr.startupProbe.periodSeconds Period seconds for startupProbe + ## @param speaker.frr.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param speaker.frr.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param speaker.frr.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + ## @param speaker.frr.customStartupProbe Custom liveness probe for the Web component + ## + customStartupProbe: {} + ## @param speaker.frr.customLivenessProbe Custom liveness probe for the Web component + ## + customLivenessProbe: {} + ## @param speaker.frr.customReadinessProbe Custom readiness probe for the Web component + ## + customReadinessProbe: {} + ## @section Speaker Prometheus metrics export + metrics: + ## @param speaker.metrics.enabled Enable the export of Prometheus metrics + ## + enabled: false + ## Prometheus Exporter service parameters + ## + service: + ## @param speaker.metrics.service.port Prometheus metrics service port + ## + port: 7472 + ## @param speaker.metrics.service.annotations [object] Annotations for the Prometheus Exporter service service + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "7472" + prometheus.io/path: "/metrics" + ## Prometheus Operator service monitors + ## + serviceMonitor: + ## @param speaker.metrics.serviceMonitor.enabled Enable support for Prometheus Operator + ## + enabled: false + ## @param speaker.metrics.serviceMonitor.namespace Namespace which Prometheus is running in + ## e.g: + ## namespace: monitoring + ## + namespace: "" + ## @param speaker.metrics.serviceMonitor.jobLabel Job label for scrape target + ## + jobLabel: "app.kubernetes.io/name" + ## @param speaker.metrics.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used + ## + interval: "" + ## @param speaker.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + scrapeTimeout: "" + ## @param speaker.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics + ## + metricRelabelings: [] + ## @param speaker.metrics.serviceMonitor.relabelings Specify general relabeling + ## + relabelings: [] + ## @param speaker.metrics.serviceMonitor.selector ServiceMonitor selector labels + ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration + ## + ## selector: + ## prometheus: my-prometheus + ## + selector: {} + ## @param speaker.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor + ## + labels: {} + ## @param speaker.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels + ## + honorLabels: false \ No newline at end of file diff --git a/resources/namespaces/env/k3s-cluster/templates/metallb.yaml b/resources/namespaces/env/k3s-cluster/templates/metallb.yaml new file mode 100644 index 0000000..917148c --- /dev/null +++ b/resources/namespaces/env/k3s-cluster/templates/metallb.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + argocd.argoproj.io/sync-options: Prune=false + creationTimestamp: null + name: metallb +spec: {} +status: {}