unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
4e77fb7ee7
puppet-prod/modules/rke2/files/010_purelb.yaml
Ben Vincent 4e77fb7ee7 feat: manage rancher, purelb, cert-manager (#395) 
This change will install rancher, purelb and cert-manager, then
configure a dmz and common ip pool to be used by loadbalancers. The
nginx ingres controller is configured to use 198.18.200.0 (common) and
announce the ip from all nodes so that it becomes an anycast ip in ospf.

- manage the install of rancher, purelb and cert-manager
- add rancher ingress routes
- add nginx externalip/loadBalancer

Reviewed-on: #395
2025-09-14 20:59:39 +10:00

326 lines
8.9 KiB
YAML
Raw Blame History

# Source: purelb/templates/serviceaccount-allocator.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
helm.sh/chart: purelb-v0.13.0
app.kubernetes.io/name: purelb
app.kubernetes.io/instance: purelb
app.kubernetes.io/version: v0.13.0
app.kubernetes.io/managed-by: Helm
name: allocator
namespace: purelb
---
# Source: purelb/templates/serviceaccount-lbnodeagent.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
helm.sh/chart: purelb-v0.13.0
app.kubernetes.io/name: purelb
app.kubernetes.io/instance: purelb
app.kubernetes.io/version: v0.13.0
app.kubernetes.io/managed-by: Helm
name: lbnodeagent
namespace: purelb
---
# Source: purelb/templates/clusterrole-allocator.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
helm.sh/chart: purelb-v0.13.0
app.kubernetes.io/name: purelb
app.kubernetes.io/instance: purelb
app.kubernetes.io/version: v0.13.0
app.kubernetes.io/managed-by: Helm
name: purelb:allocator
rules:
- apiGroups: [purelb.io]
resources: [servicegroups, lbnodeagents]
verbs: [get, list, watch, update]
- apiGroups: ['']
resources: [services]
verbs: [get, list, watch, update]
- apiGroups: ['']
resources: [services/status]
verbs: [update]
- apiGroups: ['']
resources: [events]
verbs: [create, patch]
- apiGroups: ['']
resources: [namespaces]
verbs: [get, list]
- apiGroups: [policy]
resourceNames: [allocator]
resources: [podsecuritypolicies]
verbs: [use]
---
# Source: purelb/templates/clusterrole-lbnodeagent.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
helm.sh/chart: purelb-v0.13.0
app.kubernetes.io/name: purelb
app.kubernetes.io/instance: purelb
app.kubernetes.io/version: v0.13.0
app.kubernetes.io/managed-by: Helm
name: purelb:lbnodeagent
rules:
- apiGroups: [purelb.io]
resources: [servicegroups, lbnodeagents]
verbs: [get, list, watch, update]
- apiGroups: ['']
resources: [endpoints, nodes]
verbs: [get, list, watch]
- apiGroups: ['']
resources: [services]
verbs: [get, list, watch, update]
- apiGroups: ['']
resources: [events]
verbs: [create, patch]
- apiGroups: ['']
resources: [namespaces]
verbs: [get, list]
- apiGroups: [policy]
resourceNames: [lbnodeagent]
resources: [podsecuritypolicies]
verbs: [use]
---
# Source: purelb/templates/clusterrolebinding-allocator.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
helm.sh/chart: purelb-v0.13.0
app.kubernetes.io/name: purelb
app.kubernetes.io/instance: purelb
app.kubernetes.io/version: v0.13.0
app.kubernetes.io/managed-by: Helm
name: purelb:allocator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: purelb:allocator
subjects:
- kind: ServiceAccount
name: allocator
namespace: purelb
---
# Source: purelb/templates/clusterrolebinding-lbnodeagent.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
helm.sh/chart: purelb-v0.13.0
app.kubernetes.io/name: purelb
app.kubernetes.io/instance: purelb
app.kubernetes.io/version: v0.13.0
app.kubernetes.io/managed-by: Helm
name: purelb:lbnodeagent
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: purelb:lbnodeagent
subjects:
- kind: ServiceAccount
name: lbnodeagent
namespace: purelb
---
# Source: purelb/templates/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
helm.sh/chart: purelb-v0.13.0
app.kubernetes.io/name: purelb
app.kubernetes.io/instance: purelb
app.kubernetes.io/version: v0.13.0
app.kubernetes.io/managed-by: Helm
name: pod-lister
namespace: purelb
rules:
- apiGroups: ['']
resources: [pods]
verbs: [list]
---
# Source: purelb/templates/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
helm.sh/chart: purelb-v0.13.0
app.kubernetes.io/name: purelb
app.kubernetes.io/instance: purelb
app.kubernetes.io/version: v0.13.0
app.kubernetes.io/managed-by: Helm
name: pod-lister
namespace: purelb
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: pod-lister
subjects:
- kind: ServiceAccount
name: lbnodeagent
---
# Source: purelb/templates/daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
helm.sh/chart: purelb-v0.13.0
app.kubernetes.io/name: purelb
app.kubernetes.io/instance: purelb
app.kubernetes.io/version: v0.13.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: lbnodeagent
name: lbnodeagent
namespace: purelb
spec:
selector:
matchLabels:
app.kubernetes.io/name: purelb
app.kubernetes.io/instance: purelb
app.kubernetes.io/component: lbnodeagent
template:
metadata:
annotations:
prometheus.io/port: '7472'
prometheus.io/scrape: 'true'
labels:
helm.sh/chart: purelb-v0.13.0
app.kubernetes.io/name: purelb
app.kubernetes.io/instance: purelb
app.kubernetes.io/version: v0.13.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: lbnodeagent
spec:
containers:
- env:
- name: NETBOX_USER_TOKEN
valueFrom:
secretKeyRef:
name: netbox-client
key: user-token
optional: true
- name: DEFAULT_ANNOUNCER
value: PureLB
- name: PURELB_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: PURELB_HOST
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: PURELB_ML_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: PURELB_ML_LABELS
value: app.kubernetes.io/name=purelb,app.kubernetes.io/component=lbnodeagent
- name: ML_GROUP
value: 8sb7ikA5qHwQQqxc
image: registry.gitlab.com/purelb/purelb/lbnodeagent:v0.13.0
imagePullPolicy: Always
name: lbnodeagent
ports:
- containerPort: 7472
name: monitoring
resources:
securityContext:
capabilities:
add: [NET_ADMIN, NET_RAW]
drop: [ALL]
readOnlyRootFilesystem: false
runAsGroup: 0
runAsUser: 0
hostNetwork: true
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: lbnodeagent
terminationGracePeriodSeconds: 2
---
# Source: purelb/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
helm.sh/chart: purelb-v0.13.0
app.kubernetes.io/name: purelb
app.kubernetes.io/instance: purelb
app.kubernetes.io/version: v0.13.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: allocator
name: allocator
namespace: purelb
spec:
revisionHistoryLimit: 3
selector:
matchLabels:
app.kubernetes.io/name: purelb
app.kubernetes.io/instance: purelb
app.kubernetes.io/component: allocator
template:
metadata:
annotations:
prometheus.io/port: '7472'
prometheus.io/scrape: 'true'
labels:
helm.sh/chart: purelb-v0.13.0
app.kubernetes.io/name: purelb
app.kubernetes.io/instance: purelb
app.kubernetes.io/version: v0.13.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: allocator
spec:
containers:
- env:
- name: NETBOX_USER_TOKEN
valueFrom:
secretKeyRef:
name: netbox-client
key: user-token
optional: true
- name: DEFAULT_ANNOUNCER
value: PureLB
image: registry.gitlab.com/purelb/purelb/allocator:v0.13.0
imagePullPolicy: Always
name: allocator
ports:
- containerPort: 7472
name: monitoring
resources:
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: [all]
readOnlyRootFilesystem: true
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsNonRoot: true
runAsUser: 65534
serviceAccountName: allocator
terminationGracePeriodSeconds: 0
---
# Source: purelb/templates/lbnodeagent.yaml
apiVersion: purelb.io/v1
kind: LBNodeAgent
metadata:
name: default
namespace: purelb
labels:
helm.sh/chart: purelb-v0.13.0
app.kubernetes.io/name: purelb
app.kubernetes.io/instance: purelb
app.kubernetes.io/version: v0.13.0
app.kubernetes.io/managed-by: Helm
spec:
local:
localint: default
extlbint: kube-lb0
sendgarp: false
Reference in New Issue View Git Blame Copy Permalink