Merge "Adjust virtlet-ds"
diff --git a/README.rst b/README.rst
index da82ccb..c9dc10a 100644
--- a/README.rst
+++ b/README.rst
@@ -476,6 +476,22 @@
apiserver:
secure_port: 8081
+Kubernetes with MetalLB
+-----------------------
+
+On Master:
+
+.. code-block:: yaml
+
+ kubernetes:
+ common:
+ addons:
+ metallb:
+ enabled: true
+ addresses:
+ - 172.16.10.150-172.16.10.180
+ - 172.16.10.192/26
+
Kubernetes with Flannel
-----------------------
diff --git a/kubernetes/files/kube-addons/metallb/metallb.yaml b/kubernetes/files/kube-addons/metallb/metallb.yaml
new file mode 100644
index 0000000..e64afdb
--- /dev/null
+++ b/kubernetes/files/kube-addons/metallb/metallb.yaml
@@ -0,0 +1,280 @@
+{%- from "kubernetes/map.jinja" import common with context -%}
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: metallb-system
+ labels:
+ app: metallb
+ addonmanager.kubernetes.io/mode: Reconcile
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ namespace: metallb-system
+ name: controller
+ labels:
+ app: metallb
+ addonmanager.kubernetes.io/mode: Reconcile
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ namespace: metallb-system
+ name: speaker
+ labels:
+ app: metallb
+ addonmanager.kubernetes.io/mode: Reconcile
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: metallb-system:controller
+ labels:
+ app: metallb
+ addonmanager.kubernetes.io/mode: Reconcile
+rules:
+- apiGroups: [""]
+ resources: ["services"]
+ verbs: ["get", "list", "watch", "update"]
+- apiGroups: [""]
+ resources: ["services/status"]
+ verbs: ["update"]
+- apiGroups: [""]
+ resources: ["events"]
+ verbs: ["create", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: metallb-system:speaker
+ labels:
+ app: metallb
+ addonmanager.kubernetes.io/mode: Reconcile
+rules:
+- apiGroups: [""]
+ resources: ["services", "endpoints", "nodes"]
+ verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ namespace: metallb-system
+ name: leader-election
+ labels:
+ app: metallb
+ addonmanager.kubernetes.io/mode: Reconcile
+rules:
+- apiGroups: [""]
+ resources: ["endpoints"]
+ resourceNames: ["metallb-speaker"]
+ verbs: ["get", "update"]
+- apiGroups: [""]
+ resources: ["endpoints"]
+ verbs: ["create"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ namespace: metallb-system
+ name: config-watcher
+ labels:
+ app: metallb
+ addonmanager.kubernetes.io/mode: Reconcile
+rules:
+- apiGroups: [""]
+ resources: ["configmaps"]
+ verbs: ["get", "list", "watch"]
+- apiGroups: [""]
+ resources: ["events"]
+ verbs: ["create"]
+---
+
+## Role bindings
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: metallb-system:controller
+ labels:
+ app: metallb
+ addonmanager.kubernetes.io/mode: Reconcile
+subjects:
+- kind: ServiceAccount
+ name: controller
+ namespace: metallb-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: metallb-system:controller
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: metallb-system:speaker
+ labels:
+ app: metallb
+ addonmanager.kubernetes.io/mode: Reconcile
+subjects:
+- kind: ServiceAccount
+ name: speaker
+ namespace: metallb-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: metallb-system:speaker
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ namespace: metallb-system
+ name: config-watcher
+ labels:
+ app: metallb
+ addonmanager.kubernetes.io/mode: Reconcile
+subjects:
+- kind: ServiceAccount
+ name: controller
+- kind: ServiceAccount
+ name: speaker
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: config-watcher
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ namespace: metallb-system
+ name: leader-election
+ labels:
+ app: metallb
+ addonmanager.kubernetes.io/mode: Reconcile
+subjects:
+- kind: ServiceAccount
+ name: speaker
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: leader-election
+---
+apiVersion: apps/v1beta2
+kind: DaemonSet
+metadata:
+ namespace: metallb-system
+ name: speaker
+ labels:
+ app: metallb
+ component: speaker
+ addonmanager.kubernetes.io/mode: Reconcile
+spec:
+ selector:
+ matchLabels:
+ app: metallb
+ component: speaker
+ template:
+ metadata:
+ labels:
+ app: metallb
+ component: speaker
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: "7472"
+ spec:
+ serviceAccountName: speaker
+ terminationGracePeriodSeconds: 0
+ hostNetwork: true
+ containers:
+ - name: speaker
+ image: {{ common.addons.get('metallb', {}).get('speaker_image', 'metallb/speaker:v0.6.2') }}
+ imagePullPolicy: IfNotPresent
+ args:
+ - --port=7472
+ - --config=config
+ env:
+ - name: METALLB_NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ ports:
+ - name: monitoring
+ containerPort: 7472
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ capabilities:
+ drop:
+ - all
+ add:
+ - net_raw
+
+---
+apiVersion: apps/v1beta2
+kind: Deployment
+metadata:
+ namespace: metallb-system
+ name: controller
+ labels:
+ app: metallb
+ component: controller
+ addonmanager.kubernetes.io/mode: Reconcile
+spec:
+ revisionHistoryLimit: 3
+ selector:
+ matchLabels:
+ app: metallb
+ component: controller
+ template:
+ metadata:
+ labels:
+ app: metallb
+ component: controller
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: "7472"
+ spec:
+ serviceAccountName: controller
+ terminationGracePeriodSeconds: 0
+ securityContext:
+ runAsNonRoot: true
+ runAsUser: 65534 # nobody
+ containers:
+ - name: controller
+ image: {{ common.addons.get('metallb', {}).get('controller_image', 'metallb/controller:v0.6.2') }}
+ imagePullPolicy: IfNotPresent
+ args:
+ - --port=7472
+ - --config=config
+ ports:
+ - name: monitoring
+ containerPort: 7472
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - all
+ readOnlyRootFilesystem: true
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: metallb-system
+ name: config
+ labels:
+ addonmanager.kubernetes.io/mode: Reconcile
+data:
+ config: |
+ address-pools:
+ - name: metallb-ip-space
+ protocol: layer2
+ addresses:
+ {%- for address in common.addons.get('metallb', {}).get('addresses', []) %}
+ - {{ address }}
+ {%- endfor %}
diff --git a/kubernetes/master/kube-addons.sls b/kubernetes/master/kube-addons.sls
index bdd1c90..e25979e 100644
--- a/kubernetes/master/kube-addons.sls
+++ b/kubernetes/master/kube-addons.sls
@@ -9,6 +9,16 @@
- group: root
- mode: 0755
+{%- if common.addons.get('metallb', {}).get('enabled', False) %}
+/etc/kubernetes/addons/metallb/metallb.yaml:
+ file.managed:
+ - source: salt://kubernetes/files/kube-addons/metallb/metallb.yaml
+ - template: jinja
+ - group: root
+ - dir_mode: 755
+ - makedirs: True
+{% endif %}
+
{%- if master.network.get('flannel', {}).get('enabled', False) %}
/etc/kubernetes/addons/flannel/flannel.yml:
file.managed: