From 554cdf8081a92a49c8e817be7d078f65c6b0bb4d Mon Sep 17 00:00:00 2001 From: Celestino Rey Date: Wed, 16 Nov 2022 20:18:49 +0100 Subject: [PATCH] Nuevo metalLB --- Metallb/LEEME.md | 2 + Metallb/announceips.yaml | 9 + Metallb/configmap-lb.yaml | 12 -- Metallb/creaNginx.sh | 2 + Metallb/ipaddresspool.yaml | 8 + Metallb/metallb.yaml | 394 ------------------------------------- Metallb/namespace.yaml | 6 - 7 files changed, 21 insertions(+), 412 deletions(-) create mode 100644 Metallb/LEEME.md create mode 100644 Metallb/announceips.yaml delete mode 100644 Metallb/configmap-lb.yaml create mode 100644 Metallb/creaNginx.sh create mode 100644 Metallb/ipaddresspool.yaml delete mode 100644 Metallb/metallb.yaml delete mode 100644 Metallb/namespace.yaml diff --git a/Metallb/LEEME.md b/Metallb/LEEME.md new file mode 100644 index 00000000..c5b1fb87 --- /dev/null +++ b/Metallb/LEEME.md @@ -0,0 +1,2 @@ +# Instrucciones +https://www.youtube.com/watch?v=LMOYOtzpoXg&t=0s diff --git a/Metallb/announceips.yaml b/Metallb/announceips.yaml new file mode 100644 index 00000000..9932db6a --- /dev/null +++ b/Metallb/announceips.yaml @@ -0,0 +1,9 @@ +apiVersion: metallb.io/v1beta1 +kind: L2Advertisement +metadata: + name: example + namespace: metallb-system +spec: + ipAddressPools: + - first-pool + diff --git a/Metallb/configmap-lb.yaml b/Metallb/configmap-lb.yaml deleted file mode 100644 index 546ee4b0..00000000 --- a/Metallb/configmap-lb.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: metallb-syste - name: config -data: - config: | - address-pools: - - name: address-pool-1 - protocol: layer2 - addresses: - - 192.168.100.201-192.168.100.254 diff --git a/Metallb/creaNginx.sh b/Metallb/creaNginx.sh new file mode 100644 index 00000000..bad277a8 --- /dev/null +++ b/Metallb/creaNginx.sh @@ -0,0 +1,2 @@ +kubectl create deploy nginx --image nginx +kubectl expose deploy nginx --port 80 --type LoadBalancer diff --git a/Metallb/ipaddresspool.yaml b/Metallb/ipaddresspool.yaml new file mode 100644 index 00000000..5d66934a --- /dev/null +++ b/Metallb/ipaddresspool.yaml @@ -0,0 +1,8 @@ +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: first-pool + namespace: metallb-system +spec: + addresses: + - 192.168.1.200-192.168.1.240 diff --git a/Metallb/metallb.yaml b/Metallb/metallb.yaml deleted file mode 100644 index 2cdc4bd4..00000000 --- a/Metallb/metallb.yaml +++ /dev/null @@ -1,394 +0,0 @@ -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - labels: - app: metallb - name: controller - namespace: metallb-system -spec: - allowPrivilegeEscalation: false - allowedCapabilities: [] - allowedHostPaths: [] - defaultAddCapabilities: [] - defaultAllowPrivilegeEscalation: false - fsGroup: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - hostIPC: false - hostNetwork: false - hostPID: false - privileged: false - readOnlyRootFilesystem: true - requiredDropCapabilities: - - ALL - runAsUser: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - seLinux: - rule: RunAsAny - supplementalGroups: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - volumes: - - configMap - - secret - - emptyDir ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - labels: - app: metallb - name: speaker - namespace: metallb-system -spec: - allowPrivilegeEscalation: false - allowedCapabilities: - - NET_ADMIN - - NET_RAW - - SYS_ADMIN - allowedHostPaths: [] - defaultAddCapabilities: [] - defaultAllowPrivilegeEscalation: false - fsGroup: - rule: RunAsAny - hostIPC: false - hostNetwork: true - hostPID: false - hostPorts: - - max: 7472 - min: 7472 - privileged: true - readOnlyRootFilesystem: true - requiredDropCapabilities: - - ALL - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - configMap - - secret - - emptyDir ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: metallb - name: controller - namespace: metallb-system ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: metallb - name: speaker - namespace: metallb-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: metallb - name: metallb-system:controller -rules: -- apiGroups: - - '' - resources: - - services - verbs: - - get - - list - - watch - - update -- apiGroups: - - '' - resources: - - services/status - verbs: - - update -- apiGroups: - - '' - resources: - - events - verbs: - - create - - patch -- apiGroups: - - policy - resourceNames: - - controller - resources: - - podsecuritypolicies - verbs: - - use ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: metallb - name: metallb-system:speaker -rules: -- apiGroups: - - '' - resources: - - services - - endpoints - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - '' - resources: - - events - verbs: - - create - - patch -- apiGroups: - - policy - resourceNames: - - speaker - resources: - - podsecuritypolicies - verbs: - - use ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: metallb - name: config-watcher - namespace: metallb-system -rules: -- apiGroups: - - '' - resources: - - configmaps - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: metallb - name: pod-lister - namespace: metallb-system -rules: -- apiGroups: - - '' - resources: - - pods - verbs: - - list ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app: metallb - name: metallb-system:controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: metallb-system:controller -subjects: -- kind: ServiceAccount - name: controller - namespace: metallb-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app: metallb - name: metallb-system:speaker -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: metallb-system:speaker -subjects: -- kind: ServiceAccount - name: speaker - namespace: metallb-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app: metallb - name: config-watcher - namespace: metallb-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: config-watcher -subjects: -- kind: ServiceAccount - name: controller -- kind: ServiceAccount - name: speaker ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app: metallb - name: pod-lister - namespace: metallb-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: pod-lister -subjects: -- kind: ServiceAccount - name: speaker ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - labels: - app: metallb - component: speaker - name: speaker - namespace: metallb-system -spec: - selector: - matchLabels: - app: metallb - component: speaker - template: - metadata: - annotations: - prometheus.io/port: '7472' - prometheus.io/scrape: 'true' - labels: - app: metallb - component: speaker - spec: - containers: - - args: - - --port=7472 - - --config=config - env: - - name: METALLB_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: METALLB_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: METALLB_ML_BIND_ADDR - valueFrom: - fieldRef: - fieldPath: status.podIP - # needed when another software is also using memberlist / port 7946 - #- name: METALLB_ML_BIND_PORT - # value: "7946" - - name: METALLB_ML_LABELS - value: "app=metallb,component=speaker" - - name: METALLB_ML_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: METALLB_ML_SECRET_KEY - valueFrom: - secretKeyRef: - name: memberlist - key: secretkey - image: metallb/speaker:v0.9.6 - imagePullPolicy: Always - name: speaker - ports: - - containerPort: 7472 - name: monitoring - resources: - limits: - cpu: 100m - memory: 100Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - - SYS_ADMIN - drop: - - ALL - readOnlyRootFilesystem: true - hostNetwork: true - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: speaker - terminationGracePeriodSeconds: 2 - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: metallb - component: controller - name: controller - namespace: metallb-system -spec: - revisionHistoryLimit: 3 - selector: - matchLabels: - app: metallb - component: controller - template: - metadata: - annotations: - prometheus.io/port: '7472' - prometheus.io/scrape: 'true' - labels: - app: metallb - component: controller - spec: - containers: - - args: - - --port=7472 - - --config=config - image: metallb/controller:v0.9.6 - imagePullPolicy: Always - name: controller - ports: - - containerPort: 7472 - name: monitoring - resources: - limits: - cpu: 100m - memory: 100Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - all - readOnlyRootFilesystem: true - nodeSelector: - kubernetes.io/os: linux - securityContext: - runAsNonRoot: true - runAsUser: 65534 - serviceAccountName: controller - terminationGracePeriodSeconds: 0 diff --git a/Metallb/namespace.yaml b/Metallb/namespace.yaml deleted file mode 100644 index 003269b5..00000000 --- a/Metallb/namespace.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: metallb-system - labels: - app: metallb