manifests:fixed and organized

loxilb-io · Oct 20, 2023 · e566e55 · e566e55
1 parent 4c49176
commit e566e55
Show file tree

Hide file tree

Showing 10 changed files with 155 additions and 4 deletions.
diff --git a/manifest/kube-loxilb-cidrv6.yaml → manifest/ext-cluster/kube-loxilb-cidrv6.yaml b/manifest/kube-loxilb-cidrv6.yaml → manifest/ext-cluster/kube-loxilb-cidrv6.yaml
diff --git a/manifest/kube-loxilb-secondaryIPs.yaml → ...ext-cluster/kube-loxilb-secondaryIPs.yaml b/manifest/kube-loxilb-secondaryIPs.yaml → ...ext-cluster/kube-loxilb-secondaryIPs.yaml
diff --git a/manifest/kube-loxilb.yaml → manifest/ext-cluster/kube-loxilb.yaml b/manifest/kube-loxilb.yaml → manifest/ext-cluster/kube-loxilb.yaml
diff --git a/manifest/in-cluster/kube-loxilb.yaml b/manifest/in-cluster/kube-loxilb.yaml
@@ -0,0 +1,134 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kube-loxilb
+  namespace: kube-system
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: kube-loxilb
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - get
+      - watch
+      - list
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+      - watch
+      - list
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - endpoints
+      - services
+      - services/status
+    verbs:
+      - get
+      - watch
+      - list
+      - patch
+      - update
+  - apiGroups:
+      - discovery.k8s.io
+    resources:
+      - endpointslices
+    verbs:
+      - get
+      - watch
+      - list
+  - apiGroups:
+      - authentication.k8s.io
+    resources:
+      - tokenreviews
+    verbs:
+      - create
+  - apiGroups:
+      - authorization.k8s.io
+    resources:
+      - subjectaccessreviews
+    verbs:
+      - create
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: kube-loxilb
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kube-loxilb
+subjects:
+  - kind: ServiceAccount
+    name: kube-loxilb
+    namespace: kube-system
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kube-loxilb
+  namespace: kube-system
+  labels:
+    app: kube-loxilb-app
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: kube-loxilb-app
+  template:
+    metadata:
+      labels:
+        app: kube-loxilb-app
+    spec:
+      hostNetwork: true
+      dnsPolicy: ClusterFirstWithHostNet
+      tolerations:
+        - effect: NoSchedule
+          operator: Exists
+        # Mark the pod as a critical add-on for rescheduling.
+        - key: CriticalAddonsOnly
+          operator: Exists
+        - effect: NoExecute
+          operator: Exists
+      priorityClassName: system-node-critical
+      serviceAccountName: kube-loxilb
+      terminationGracePeriodSeconds: 0
+      containers:
+      - name: kube-loxilb
+        image: ghcr.io/loxilb-io/kube-loxilb:latest
+        imagePullPolicy: Always
+        command:
+        - /bin/kube-loxilb
+        args:
+        #- --loxiURL=http://192.168.80.10:11111
+        - --externalCIDR=123.123.123.1/24
+        #- --externalSecondaryCIDRs=124.124.124.1/24,125.125.125.1/24
+        - --setBGP=64512
+        - --listenBGPPort=1791
+        - --setRoles=0.0.0.0
+        #- --monitor
+        #- --extBGPPeers=50.50.50.1:65101,51.51.51.1:65102
+        #- --setLBMode=1
+        #- --config=/opt/loxilb/agent/kube-loxilb.conf
+        resources:
+          requests:
+            cpu: "100m"
+            memory: "50Mi"
+          limits:
+            cpu: "100m"
+            memory: "50Mi"
+        securityContext:
+          privileged: true
+          capabilities:
+            add: ["NET_ADMIN", "NET_RAW"]
diff --git a/manifest/loxilb-peer.yml → manifest/in-cluster/loxilb-peer.yml b/manifest/loxilb-peer.yml → manifest/in-cluster/loxilb-peer.yml
@@ -30,7 +30,8 @@ spec:
         command: [ "/root/loxilb-io/loxilb/loxilb", "--peer" ]
         ports:
         - containerPort: 11111
-        - containerPort: 179
+        - containerPort: 1791
+        - containerPort: 50051
         securityContext:
           privileged: true
           capabilities:
@@ -52,7 +53,12 @@ spec:
     targetPort: 11111
     protocol: TCP
   - name: loxilb-peer-bgp
-    port: 179
-    targetPort: 179
+    port: 1791
+    targetPort: 1791
     protocol: TCP
+  - name: loxilb-peer-gobgp
+    port: 50051
+    targetPort: 50051
+    protocol: TCP
+
 
diff --git a/manifest/loxilb.yaml → manifest/in-cluster/loxilb.yaml b/manifest/loxilb.yaml → manifest/in-cluster/loxilb.yaml
@@ -32,9 +32,12 @@ spec:
       containers:
       - name: loxilb-app
         image: "ghcr.io/loxilb-io/loxilb:latest"
-        command: [ "/root/loxilb-io/loxilb/loxilb" ]
+        imagePullPolicy: Always
+        command: [ "/root/loxilb-io/loxilb/loxilb", "--bgp", "--egr-hooks", "--blacklist=cni[0-9a-z]|veth.|flannel.|cali.|tunl.|vxlan[.]calico|" ]
         ports:
         - containerPort: 11111
+        - containerPort: 179
+        - containerPort: 50051
         securityContext:
           privileged: true
           capabilities:
@@ -55,3 +58,11 @@ spec:
     port: 11111
     targetPort: 11111
     protocol: TCP
+  - name: loxilb-app-bgp
+    port: 179
+    targetPort: 179
+    protocol: TCP
+  - name: loxilb-app-gobgp
+    port: 50051
+    targetPort: 50051
+    protocol: TCP
diff --git a/manifest/iperf.yaml → manifest/workloads/iperf.yaml b/manifest/iperf.yaml → manifest/workloads/iperf.yaml
diff --git a/manifest/nginx-liveness.yaml → manifest/workloads/nginx-liveness.yaml b/manifest/nginx-liveness.yaml → manifest/workloads/nginx-liveness.yaml
diff --git a/manifest/sctp.yaml → manifest/workloads/sctp.yaml b/manifest/sctp.yaml → manifest/workloads/sctp.yaml
diff --git a/manifest/udp-echo-svc-lb.yml → manifest/workloads/udp-echo-svc-lb.yml b/manifest/udp-echo-svc-lb.yml → manifest/workloads/udp-echo-svc-lb.yml