diff --git a/manifest/kube-loxilb-cidrv6.yaml b/manifest/ext-cluster/kube-loxilb-cidrv6.yaml similarity index 100% rename from manifest/kube-loxilb-cidrv6.yaml rename to manifest/ext-cluster/kube-loxilb-cidrv6.yaml diff --git a/manifest/kube-loxilb-secondaryIPs.yaml b/manifest/ext-cluster/kube-loxilb-secondaryIPs.yaml similarity index 100% rename from manifest/kube-loxilb-secondaryIPs.yaml rename to manifest/ext-cluster/kube-loxilb-secondaryIPs.yaml diff --git a/manifest/kube-loxilb.yaml b/manifest/ext-cluster/kube-loxilb.yaml similarity index 100% rename from manifest/kube-loxilb.yaml rename to manifest/ext-cluster/kube-loxilb.yaml diff --git a/manifest/in-cluster/kube-loxilb.yaml b/manifest/in-cluster/kube-loxilb.yaml new file mode 100644 index 0000000..9c90905 --- /dev/null +++ b/manifest/in-cluster/kube-loxilb.yaml @@ -0,0 +1,134 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kube-loxilb + namespace: kube-system +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: kube-loxilb +rules: + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - watch + - list + - patch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - watch + - list + - patch + - apiGroups: + - "" + resources: + - endpoints + - services + - services/status + verbs: + - get + - watch + - list + - patch + - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - watch + - list + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: kube-loxilb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kube-loxilb +subjects: + - kind: ServiceAccount + name: kube-loxilb + namespace: kube-system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kube-loxilb + namespace: kube-system + labels: + app: kube-loxilb-app +spec: + replicas: 1 + selector: + matchLabels: + app: kube-loxilb-app + template: + metadata: + labels: + app: kube-loxilb-app + spec: + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + tolerations: + - effect: NoSchedule + operator: Exists + # Mark the pod as a critical add-on for rescheduling. + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + operator: Exists + priorityClassName: system-node-critical + serviceAccountName: kube-loxilb + terminationGracePeriodSeconds: 0 + containers: + - name: kube-loxilb + image: ghcr.io/loxilb-io/kube-loxilb:latest + imagePullPolicy: Always + command: + - /bin/kube-loxilb + args: + #- --loxiURL=http://192.168.80.10:11111 + - --externalCIDR=123.123.123.1/24 + #- --externalSecondaryCIDRs=124.124.124.1/24,125.125.125.1/24 + - --setBGP=64512 + - --listenBGPPort=1791 + - --setRoles=0.0.0.0 + #- --monitor + #- --extBGPPeers=50.50.50.1:65101,51.51.51.1:65102 + #- --setLBMode=1 + #- --config=/opt/loxilb/agent/kube-loxilb.conf + resources: + requests: + cpu: "100m" + memory: "50Mi" + limits: + cpu: "100m" + memory: "50Mi" + securityContext: + privileged: true + capabilities: + add: ["NET_ADMIN", "NET_RAW"] diff --git a/manifest/loxilb-peer.yml b/manifest/in-cluster/loxilb-peer.yml similarity index 87% rename from manifest/loxilb-peer.yml rename to manifest/in-cluster/loxilb-peer.yml index 6717f7b..5b35cd2 100644 --- a/manifest/loxilb-peer.yml +++ b/manifest/in-cluster/loxilb-peer.yml @@ -30,7 +30,8 @@ spec: command: [ "/root/loxilb-io/loxilb/loxilb", "--peer" ] ports: - containerPort: 11111 - - containerPort: 179 + - containerPort: 1791 + - containerPort: 50051 securityContext: privileged: true capabilities: @@ -52,7 +53,12 @@ spec: targetPort: 11111 protocol: TCP - name: loxilb-peer-bgp - port: 179 - targetPort: 179 + port: 1791 + targetPort: 1791 protocol: TCP + - name: loxilb-peer-gobgp + port: 50051 + targetPort: 50051 + protocol: TCP + diff --git a/manifest/loxilb.yaml b/manifest/in-cluster/loxilb.yaml similarity index 76% rename from manifest/loxilb.yaml rename to manifest/in-cluster/loxilb.yaml index 4c6587b..1009972 100644 --- a/manifest/loxilb.yaml +++ b/manifest/in-cluster/loxilb.yaml @@ -32,9 +32,12 @@ spec: containers: - name: loxilb-app image: "ghcr.io/loxilb-io/loxilb:latest" - command: [ "/root/loxilb-io/loxilb/loxilb" ] + imagePullPolicy: Always + command: [ "/root/loxilb-io/loxilb/loxilb", "--bgp", "--egr-hooks", "--blacklist=cni[0-9a-z]|veth.|flannel.|cali.|tunl.|vxlan[.]calico|" ] ports: - containerPort: 11111 + - containerPort: 179 + - containerPort: 50051 securityContext: privileged: true capabilities: @@ -55,3 +58,11 @@ spec: port: 11111 targetPort: 11111 protocol: TCP + - name: loxilb-app-bgp + port: 179 + targetPort: 179 + protocol: TCP + - name: loxilb-app-gobgp + port: 50051 + targetPort: 50051 + protocol: TCP diff --git a/manifest/iperf.yaml b/manifest/workloads/iperf.yaml similarity index 100% rename from manifest/iperf.yaml rename to manifest/workloads/iperf.yaml diff --git a/manifest/nginx-liveness.yaml b/manifest/workloads/nginx-liveness.yaml similarity index 100% rename from manifest/nginx-liveness.yaml rename to manifest/workloads/nginx-liveness.yaml diff --git a/manifest/sctp.yaml b/manifest/workloads/sctp.yaml similarity index 100% rename from manifest/sctp.yaml rename to manifest/workloads/sctp.yaml diff --git a/manifest/udp-echo-svc-lb.yml b/manifest/workloads/udp-echo-svc-lb.yml similarity index 100% rename from manifest/udp-echo-svc-lb.yml rename to manifest/workloads/udp-echo-svc-lb.yml