Skip to content

Commit

Permalink
Merge pull request #20 from projectsyn/official-chart
Browse files Browse the repository at this point in the history 
Switch to official helm chart
  • Loading branch information
@rxbn
rxbn authored Apr 8, 2022
2 parents 8fc0877 + 43ea7af commit ff8f027
Show file tree
Hide file tree
Showing 10 changed files with 168 additions and 70 deletions.
2 changes: 1 addition & 1 deletion class/defaults.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,4 @@ parameters:
secretname: metallb-memberlist
configmap_name: metallb
charts:
metallb: 1.1.0
metallb: 0.12.1
4 changes: 2 additions & 2 deletions class/metallb.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ parameters:
dependencies:
- type: helm
output_path: dependencies/metallb/helmcharts/metallb
source: https://charts.bitnami.com/bitnami
source: https://metallb.github.io/metallb
version: ${metallb:charts:metallb}
chart_name: metallb
compile:
Expand All @@ -26,4 +26,4 @@ parameters:
existingConfigMap: ${metallb:configmap_name}
helm_params:
name: ${metallb:name}
namespace: '${metallb:namespace}'
namespace: "${metallb:namespace}"
15 changes: 15 additions & 0 deletions docs/modules/ROOT/pages/how-tos/upgrade-1.x-to-2.x.adoc
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
= Upgrade from 1.x to 2.x

This guide describes the steps to perform an upgrade of the component from version 1.x to 2.x.

== Introduction

Beginning with version 2.0.0, this component is no longer based on the Bitnami Helm chart, but on the official Helm chart for MetalLB.

The upgrade can be done in-place.

You should notice that the Docker image changes from docker.io to quay.io.

We're doing this because we want to be als close to upstream as possible.

Please also keep in mind that we upgraded the version of MetalLB from v0.9.5 to v0.12.1. You can find the full changelog https://metallb.universe.tf/release-notes/[here].
7 changes: 3 additions & 4 deletions docs/modules/ROOT/pages/index.adoc
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
= MetalLB: A Commodore component to manage MetalLB

{doctitle} is a Commodore component for Managing MetalLB.
The component is based on the https://hub.kubeapps.com/charts/bitnami/metallb[Helm Chart] of Bitnami.
The Bitnami Helm Chart is https://github.com/metallb/metallb/issues/653[suggested] to become a template for the official Helm Chart of the project.
{doctitle} is a Commodore component for managing MetalLB.
The component is based on the official https://artifacthub.io/packages/helm/metallb/metallb[Helm Chart].

[CAUTION]
====
Expand All @@ -16,7 +15,7 @@ See the xref:references/parameters.adoc[parameters] reference for further detail

A memberlist key must be generated and stored inside the secret key management.

A pregenerated key ensures that the manifests can be applied multiple times without the secret key changing.
A pre-generated key ensures that the manifests can be applied multiple times without the secret key changing.
Otherwise, elevated fail-over rates may occur during manifest application, as the speakers can not communicate during the rollout, due to differing keys.

```
Expand Down
14 changes: 14 additions & 0 deletions jsonnetfile.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
{
"version": 1,
"dependencies": [
{
"source": {
"git": {
"remote": "https://github.com/bitnami-labs/kube-libsonnet"
}
},
"version": "v1.19.0"
}
],
"legacyImports": true
}
27 changes: 15 additions & 12 deletions ...lmchart/metallb/templates/deployment.yaml → ...lmchart/metallb/templates/controller.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,10 @@ metadata:
app.kubernetes.io/instance: metallb
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: metallb
helm.sh/chart: metallb-1.1.0
app.kubernetes.io/version: v0.12.1
helm.sh/chart: metallb-0.12.1
name: metallb-controller
spec:
revisionHistoryLimit: 3
selector:
matchLabels:
app.kubernetes.io/component: controller
Expand All @@ -20,34 +20,37 @@ spec:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: metallb
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: metallb
helm.sh/chart: metallb-1.1.0
spec:
containers:
- args:
- --port=7472
- --config=metallb
image: docker.io/bitnami/metallb-controller:0.9.5-debian-10-r32
imagePullPolicy: IfNotPresent
- --log-level=info
env:
- name: METALLB_ML_SECRET_NAME
value: metallb-memberlist
- name: METALLB_DEPLOYMENT
value: metallb-controller
image: quay.io/metallb/controller:v0.12.1
livenessProbe:
failureThreshold: 3
httpGet:
path: /metrics
port: metrics
port: monitoring
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: metallb-controller
name: controller
ports:
- containerPort: 7472
name: metrics
name: monitoring
readinessProbe:
failureThreshold: 3
httpGet:
path: /metrics
port: metrics
port: monitoring
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
Expand All @@ -61,8 +64,8 @@ spec:
nodeSelector:
kubernetes.io/os: linux
securityContext:
fsGroup: 1001
fsGroup: 65534
runAsNonRoot: true
runAsUser: 1001
runAsUser: 65534
serviceAccountName: metallb-controller
terminationGracePeriodSeconds: 0
28 changes: 12 additions & 16 deletions tests/golden/defaults/metallb/metallb/10_metallb_helmchart/metallb/templates/psp.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,8 @@ metadata:
app.kubernetes.io/instance: metallb
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: metallb
helm.sh/chart: metallb-1.1.0
app.kubernetes.io/version: v0.12.1
helm.sh/chart: metallb-0.12.1
name: metallb-controller
spec:
allowPrivilegeEscalation: false
Expand All @@ -15,8 +16,8 @@ spec:
defaultAllowPrivilegeEscalation: false
fsGroup:
ranges:
- max: 1001
min: 1001
- max: 65535
min: 1
rule: MustRunAs
hostIPC: false
hostNetwork: false
Expand All @@ -26,16 +27,13 @@ spec:
requiredDropCapabilities:
- ALL
runAsUser:
ranges:
- max: 1001
min: 1001
rule: MustRunAs
rule: MustRunAsNonRoot
seLinux:
rule: RunAsAny
supplementalGroups:
ranges:
- max: 1001
min: 1001
- max: 65535
min: 1
rule: MustRunAs
volumes:
- configMap
Expand All @@ -49,19 +47,15 @@ metadata:
app.kubernetes.io/instance: metallb
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: metallb
helm.sh/chart: metallb-1.1.0
app.kubernetes.io/version: v0.12.1
helm.sh/chart: metallb-0.12.1
name: metallb-speaker
spec:
allowPrivilegeEscalation: false
allowedCapabilities:
- NET_ADMIN
- NET_RAW
- SYS_ADMIN
allowedHostPaths: []
defaultAddCapabilities:
- NET_ADMIN
- NET_RAW
- SYS_ADMIN
defaultAddCapabilities: []
defaultAllowPrivilegeEscalation: false
fsGroup:
rule: RunAsAny
Expand All @@ -71,6 +65,8 @@ spec:
hostPorts:
- max: 7472
min: 7472
- max: 7946
min: 7946
privileged: true
readOnlyRootFilesystem: true
requiredDropCapabilities:
Expand Down
97 changes: 82 additions & 15 deletions tests/golden/defaults/metallb/metallb/10_metallb_helmchart/metallb/templates/rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,9 @@ metadata:
app.kubernetes.io/instance: metallb
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: metallb
helm.sh/chart: metallb-1.1.0
name: metallb-controller
app.kubernetes.io/version: v0.12.1
helm.sh/chart: metallb-0.12.1
name: metallb:controller
rules:
- apiGroups:
- ''
Expand All @@ -16,7 +17,6 @@ rules:
- get
- list
- watch
- update
- apiGroups:
- ''
resources:
Expand Down Expand Up @@ -46,8 +46,9 @@ metadata:
app.kubernetes.io/instance: metallb
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: metallb
helm.sh/chart: metallb-1.1.0
name: metallb-speaker
app.kubernetes.io/version: v0.12.1
helm.sh/chart: metallb-0.12.1
name: metallb:speaker
rules:
- apiGroups:
- ''
Expand All @@ -59,6 +60,14 @@ rules:
- get
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
Expand All @@ -82,12 +91,13 @@ metadata:
app.kubernetes.io/instance: metallb
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: metallb
helm.sh/chart: metallb-1.1.0
name: metallb-controller
app.kubernetes.io/version: v0.12.1
helm.sh/chart: metallb-0.12.1
name: metallb:controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: metallb-controller
name: metallb:controller
subjects:
- kind: ServiceAccount
name: metallb-controller
Expand All @@ -100,12 +110,13 @@ metadata:
app.kubernetes.io/instance: metallb
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: metallb
helm.sh/chart: metallb-1.1.0
name: metallb-speaker
app.kubernetes.io/version: v0.12.1
helm.sh/chart: metallb-0.12.1
name: metallb:speaker
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: metallb-speaker
name: metallb:speaker
subjects:
- kind: ServiceAccount
name: metallb-speaker
Expand All @@ -118,7 +129,8 @@ metadata:
app.kubernetes.io/instance: metallb
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: metallb
helm.sh/chart: metallb-1.1.0
app.kubernetes.io/version: v0.12.1
helm.sh/chart: metallb-0.12.1
name: metallb-config-watcher
rules:
- apiGroups:
Expand All @@ -137,7 +149,8 @@ metadata:
app.kubernetes.io/instance: metallb
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: metallb
helm.sh/chart: metallb-1.1.0
app.kubernetes.io/version: v0.12.1
helm.sh/chart: metallb-0.12.1
name: metallb-pod-lister
rules:
- apiGroups:
Expand All @@ -148,13 +161,48 @@ rules:
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/instance: metallb
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: metallb
app.kubernetes.io/version: v0.12.1
helm.sh/chart: metallb-0.12.1
name: metallb-controller
rules:
- apiGroups:
- ''
resources:
- secrets
verbs:
- create
- apiGroups:
- ''
resourceNames:
- metallb-memberlist
resources:
- secrets
verbs:
- list
- apiGroups:
- apps
resourceNames:
- metallb-controller
resources:
- deployments
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/instance: metallb
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: metallb
helm.sh/chart: metallb-1.1.0
app.kubernetes.io/version: v0.12.1
helm.sh/chart: metallb-0.12.1
name: metallb-config-watcher
roleRef:
apiGroup: rbac.authorization.k8s.io
Expand All @@ -173,7 +221,8 @@ metadata:
app.kubernetes.io/instance: metallb
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: metallb
helm.sh/chart: metallb-1.1.0
app.kubernetes.io/version: v0.12.1
helm.sh/chart: metallb-0.12.1
name: metallb-pod-lister
roleRef:
apiGroup: rbac.authorization.k8s.io
Expand All @@ -182,3 +231,21 @@ roleRef:
subjects:
- kind: ServiceAccount
name: metallb-speaker
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/instance: metallb
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: metallb
app.kubernetes.io/version: v0.12.1
helm.sh/chart: metallb-0.12.1
name: metallb-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: metallb-controller
subjects:
- kind: ServiceAccount
name: metallb-controller
Loading

0 comments on commit ff8f027

Please sign in to comment.