Add Shoot load balancer configuration and metallb as first provid…

…er (#46)
ironcore-dev · Oct 2, 2024 · 52f0a24 · 52f0a24
1 parent 048f1c4
commit 52f0a24
Show file tree

Hide file tree

Showing 37 changed files with 2,316 additions and 41 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -31,6 +31,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
 FROM gcr.io/distroless/static:nonroot AS gardener-extension-provider-metal
+LABEL source_repository="https://github.com/ironcore-dev/gardener-extension-provider-metal"
 WORKDIR /
 COPY charts /charts
 COPY --from=builder /workspace/gardener-extension-provider-metal /gardener-extension-provider-metal
@@ -39,6 +40,7 @@ USER 65532:65532
 ENTRYPOINT ["/gardener-extension-provider-metal"]
 
 FROM gcr.io/distroless/static:nonroot AS gardener-extension-admission-metal
+LABEL source_repository="https://github.com/ironcore-dev/gardener-extension-provider-metal"
 WORKDIR /
 COPY charts /charts
 COPY --from=builder /workspace/gardener-extension-admission-metal /gardener-extension-admission-metal

diff --git a/charts/internal/shoot-system-components/charts/metallb/Chart.yaml b/charts/internal/shoot-system-components/charts/metallb/Chart.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+description: Helm chart for metallb
+name: metallb
+version: 0.1.0
diff --git a/...rnal/shoot-system-components/charts/metallb/templates/clusterrole-metallb-controller.yaml b/...rnal/shoot-system-components/charts/metallb/templates/clusterrole-metallb-controller.yaml
@@ -0,0 +1,35 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: metallb:controller
+  labels:
+    app.kubernetes.io/name: metallb
+    app.kubernetes.io/instance: metallb
+rules:
+  - apiGroups: [""]
+    resources: ["services", "namespaces"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["list"]
+  - apiGroups: [""]
+    resources: ["services/status"]
+    verbs: ["update"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["create", "patch"]
+  - apiGroups: ["admissionregistration.k8s.io"]
+    resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"]
+    resourceNames: ["metallb-webhook-configuration"]
+    verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
+  - apiGroups: ["admissionregistration.k8s.io"]
+    resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"]
+    verbs: ["list", "watch"]
+  - apiGroups: ["apiextensions.k8s.io"]
+    resources: ["customresourcedefinitions"]
+    resourceNames: ["bfdprofiles.metallb.io","bgpadvertisements.metallb.io",
+                    "bgppeers.metallb.io","ipaddresspools.metallb.io","l2advertisements.metallb.io","communities.metallb.io"]
+    verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
+  - apiGroups: ["apiextensions.k8s.io"]
+    resources: ["customresourcedefinitions"]
+    verbs: ["list", "watch"]
diff --git a/...nternal/shoot-system-components/charts/metallb/templates/clusterrole-metallb-speaker.yaml b/...nternal/shoot-system-components/charts/metallb/templates/clusterrole-metallb-speaker.yaml
@@ -0,0 +1,20 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: metallb:speaker
+  labels:
+    app.kubernetes.io/name: metallb
+    app.kubernetes.io/instance: metallb
+rules:
+  - apiGroups: [""]
+    resources: ["services", "endpoints", "nodes", "namespaces"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["discovery.k8s.io"]
+    resources: ["endpointslices"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["create", "patch"]
+  - apiGroups: ["metallb.io"]
+    resources: ["servicel2statuses","servicel2statuses/status"]
+    verbs: ["*"]
diff --git a/...oot-system-components/charts/metallb/templates/clusterrolebinding-metallb-controller.yaml b/...oot-system-components/charts/metallb/templates/clusterrolebinding-metallb-controller.yaml
@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: metallb:controller
+  labels:
+    app.kubernetes.io/name: metallb
+    app.kubernetes.io/instance: metallb
+subjects:
+  - kind: ServiceAccount
+    name: metallb-controller
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: metallb:controller
diff --git a/.../shoot-system-components/charts/metallb/templates/clusterrolebinding-metallb-speaker.yaml b/.../shoot-system-components/charts/metallb/templates/clusterrolebinding-metallb-speaker.yaml
@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: metallb:speaker
+  labels:
+    app.kubernetes.io/name: metallb
+    app.kubernetes.io/instance: metallb
+subjects:
+  - kind: ServiceAccount
+    name: metallb-speaker
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: metallb:speaker
diff --git a/...nternal/shoot-system-components/charts/metallb/templates/configmap-metallb-excludel2.yaml b/...nternal/shoot-system-components/charts/metallb/templates/configmap-metallb-excludel2.yaml
@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: metallb-excludel2
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: metallb
+    app.kubernetes.io/instance: metallb
+data:
+  excludel2.yaml: |
+    announcedInterfacesToExclude:
+      - ^docker.*
+      - ^cbr.*
+      - ^dummy.*
+      - ^virbr.*
+      - ^lxcbr.*
+      - ^veth.*
+      - ^lo$
+      - ^cali.*
+      - ^tunl.*
+      - ^flannel.*
+      - ^kube-ipvs.*
+      - ^cni.*
+      - ^nodelocaldns.*