forked from hswaw/hscloud
cluster: start implementing metallb
parent
e3af1eb852
commit
1e565dc4a5
|
|
@ -4,6 +4,7 @@ local kube = import "../../kube/kube.libsonnet";
|
|||
local coredns = import "lib/coredns.libsonnet";
|
||||
local metrics = import "lib/metrics.libsonnet";
|
||||
local calico = import "lib/calico.libsonnet";
|
||||
local metallb = import "lib/metallb.libsonnet";
|
||||
|
||||
local Cluster(fqdn) = {
|
||||
local cluster = self,
|
||||
|
|
@ -48,6 +49,8 @@ local Cluster(fqdn) = {
|
|||
dns: coredns.Environment {},
|
||||
// Metrics Server
|
||||
metrics: metrics.Environment {},
|
||||
// Metal Load Balancer
|
||||
metallb: metallb.Environment {},
|
||||
};
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,110 @@
|
|||
# Deploy MetalLB
|
||||
|
||||
local kube = import "../../../kube/kube.libsonnet";
|
||||
|
||||
local bindServiceAccountClusterRole(sa, cr) = kube.ClusterRoleBinding(cr.metadata.name) {
|
||||
roleRef: {
|
||||
apiGroup: "rbac.authorization.k8s.io",
|
||||
kind: "ClusterRole",
|
||||
name: cr.metadata.name,
|
||||
},
|
||||
subjects: [
|
||||
{
|
||||
kind: "ServiceAccount",
|
||||
name: sa.metadata.name,
|
||||
namespace: sa.metadata.namespace,
|
||||
},
|
||||
],
|
||||
};
|
||||
|
||||
{
|
||||
Environment: {
|
||||
local env = self,
|
||||
local cfg = env.cfg,
|
||||
cfg:: {
|
||||
namespace: "metallb-system",
|
||||
namespaceCreate: true,
|
||||
},
|
||||
|
||||
ns: if cfg.namespaceCreate then kube.Namespace(cfg.namespace),
|
||||
|
||||
saController: kube.ServiceAccount("controller") {
|
||||
metadata+: {
|
||||
namespace: cfg.namespace,
|
||||
},
|
||||
},
|
||||
|
||||
saSpeaker: kube.ServiceAccount("speaker") {
|
||||
metadata+: {
|
||||
namespace: cfg.namespace,
|
||||
},
|
||||
},
|
||||
|
||||
crController: kube.ClusterRole("%s:controller" % cfg.namespace) {
|
||||
rules: [
|
||||
{
|
||||
apiGroups: [""],
|
||||
resources: ["services"],
|
||||
verbs: ["get", "list", "watch", "update"],
|
||||
},
|
||||
{
|
||||
apiGroups: [""],
|
||||
resources: ["services/status"],
|
||||
verbs: ["update"],
|
||||
},
|
||||
{
|
||||
apiGroups: [""],
|
||||
resources: ["events"],
|
||||
verbs: ["create", "patch"],
|
||||
},
|
||||
],
|
||||
},
|
||||
|
||||
crbController: bindServiceAccountClusterRole(env.saController, env.crController),
|
||||
|
||||
crSpeaker: kube.ClusterRole("%s:speaker" % cfg.namespace) {
|
||||
rules: [
|
||||
{
|
||||
apiGroups: [""],
|
||||
resources: ["services", "endpoints", "nodes"],
|
||||
verbs: ["get", "list", "watch"],
|
||||
},
|
||||
],
|
||||
},
|
||||
|
||||
crbSpeaker: bindServiceAccountClusterRole(env.saSpeaker, env.crSpeaker),
|
||||
|
||||
roleWatcher: kube.Role("config-watcher") {
|
||||
metadata+: {
|
||||
namespace: cfg.namespace,
|
||||
},
|
||||
rules: [
|
||||
{
|
||||
apiGroups: [""],
|
||||
resources: ["configmaps"],
|
||||
verbs: ["get", "list", "watch"],
|
||||
},
|
||||
{
|
||||
apiGroups: [""],
|
||||
resources: ["events"],
|
||||
verbs: ["create"],
|
||||
},
|
||||
],
|
||||
},
|
||||
|
||||
rbWatcher: kube.RoleBinding("config-watcher") {
|
||||
metadata+: {
|
||||
namespace: cfg.namespace,
|
||||
},
|
||||
subjects: [
|
||||
{ kind: "ServiceAccount", name: env.saController.metadata.name },
|
||||
{ kind: "ServiceAccount", name: env.saSpeaker.metadata.name },
|
||||
],
|
||||
roleRef: {
|
||||
apiGroup: "rbac.authorization.k8s.io",
|
||||
kind: "Role",
|
||||
name: env.roleWatcher.metadata.name,
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
Loading…
Reference in New Issue