diff --git a/README.md b/README.md index 3a404e5..9b84fad 100644 --- a/README.md +++ b/README.md @@ -28,6 +28,7 @@ systemctl enable --now podman.socket systemctl disable firewalld && systemctl stop firewalld hostnamectl set-hostname lab0 +echo ip_tables > /etc/modules-load.d/ip_tables.conf curl https://raw.githubusercontent.com/karmab/kcli/main/install.sh | sudo bash kcli create pool -p /var/lib/libvirt/images default diff --git a/opt/coredns/Corefile b/config/coredns/Corefile similarity index 68% rename from opt/coredns/Corefile rename to config/coredns/Corefile index 07826ec..1d2540e 100644 --- a/opt/coredns/Corefile +++ b/config/coredns/Corefile @@ -4,12 +4,6 @@ prefer_udp } } -hub.telco.vlab { - file /etc/coredns/zones/hub.telco.vlab.db - log - errors -} - 5gc.telco.vlab { file /etc/coredns/zones/5gc.telco.vlab.db diff --git a/opt/coredns/zones/5gc.telco.vlab.db b/config/coredns/zones/5gc.telco.vlab.db similarity index 100% rename from opt/coredns/zones/5gc.telco.vlab.db rename to config/coredns/zones/5gc.telco.vlab.db diff --git a/opt/dhcpv4/dnsmasq.conf b/config/dhcpv4/dnsmasq.conf similarity index 100% rename from opt/dhcpv4/dnsmasq.conf rename to config/dhcpv4/dnsmasq.conf diff --git a/opt/dhcpv4/hosts.hostsfile b/config/dhcpv4/hosts.hostsfile similarity index 100% rename from opt/dhcpv4/hosts.hostsfile rename to config/dhcpv4/hosts.hostsfile diff --git a/opt/dhcpv6/dnsmasq.conf b/config/dhcpv6/dnsmasq.conf similarity index 100% rename from opt/dhcpv6/dnsmasq.conf rename to config/dhcpv6/dnsmasq.conf diff --git a/opt/dhcpv6/hosts.hostsfile b/config/dhcpv6/hosts.hostsfile similarity index 100% rename from opt/dhcpv6/hosts.hostsfile rename to config/dhcpv6/hosts.hostsfile diff --git a/opt/frr-one/daemons b/config/frr-one/daemons similarity index 100% rename from opt/frr-one/daemons rename to config/frr-one/daemons diff --git a/opt/frr-one/frr.conf b/config/frr-one/frr.conf similarity index 100% rename from opt/frr-one/frr.conf rename to config/frr-one/frr.conf diff --git a/opt/frr-one/vtysh.conf b/config/frr-one/vtysh.conf similarity index 100% rename from opt/frr-one/vtysh.conf rename to config/frr-one/vtysh.conf diff --git a/opt/frr-two/bfdd.conf b/config/frr-two/bfdd.conf similarity index 100% rename from opt/frr-two/bfdd.conf rename to config/frr-two/bfdd.conf diff --git a/opt/frr-two/bgpd.conf b/config/frr-two/bgpd.conf similarity index 100% rename from opt/frr-two/bgpd.conf rename to config/frr-two/bgpd.conf diff --git a/opt/frr-two/daemons b/config/frr-two/daemons similarity index 100% rename from opt/frr-two/daemons rename to config/frr-two/daemons diff --git a/opt/frr-two/frr.conf b/config/frr-two/frr.conf similarity index 100% rename from opt/frr-two/frr.conf rename to config/frr-two/frr.conf diff --git a/opt/frr-two/staticd.conf b/config/frr-two/staticd.conf similarity index 100% rename from opt/frr-two/staticd.conf rename to config/frr-two/staticd.conf diff --git a/opt/frr-two/vtysh.conf b/config/frr-two/vtysh.conf similarity index 100% rename from opt/frr-two/vtysh.conf rename to config/frr-two/vtysh.conf diff --git a/opt/frr-two/zebra.conf b/config/frr-two/zebra.conf similarity index 100% rename from opt/frr-two/zebra.conf rename to config/frr-two/zebra.conf diff --git a/opt/frr-zero/daemons b/config/frr-zero/daemons similarity index 100% rename from opt/frr-zero/daemons rename to config/frr-zero/daemons diff --git a/opt/frr-zero/frr.conf b/config/frr-zero/frr.conf similarity index 100% rename from opt/frr-zero/frr.conf rename to config/frr-zero/frr.conf diff --git a/opt/frr-zero/vtysh.conf b/config/frr-zero/vtysh.conf similarity index 100% rename from opt/frr-zero/vtysh.conf rename to config/frr-zero/vtysh.conf diff --git a/opt/proxy/squid.conf b/config/proxy/squid.conf similarity index 100% rename from opt/proxy/squid.conf rename to config/proxy/squid.conf diff --git a/opt/sushy/emulator.conf b/config/sushy/emulator.conf similarity index 100% rename from opt/sushy/emulator.conf rename to config/sushy/emulator.conf diff --git a/opt/sushy/sushy.cert b/config/sushy/sushy.cert similarity index 100% rename from opt/sushy/sushy.cert rename to config/sushy/sushy.cert diff --git a/opt/sushy/sushy.key b/config/sushy/sushy.key similarity index 100% rename from opt/sushy/sushy.key rename to config/sushy/sushy.key diff --git a/graceful/blue-peering.yaml b/graceful/blue-peering.yaml deleted file mode 100644 index c2a0051..0000000 --- a/graceful/blue-peering.yaml +++ /dev/null @@ -1,37 +0,0 @@ ---- -apiVersion: metallb.io/v1beta2 -kind: BGPPeer -metadata: - name: blue - namespace: metallb-system -spec: - peerAddress: 10.10.10.1 - peerASN: 65001 - myASN: 7003 - holdTime: 60s - gracefulRestart: true - nodeSelectors: - - matchLabels: - metallb-speaker: "" ---- -apiVersion: metallb.io/v1beta1 -kind: BGPAdvertisement -metadata: - name: blue - namespace: metallb-system -spec: - ipAddressPools: - - blue - peers: - - blue ---- -apiVersion: metallb.io/v1beta1 -kind: IPAddressPool -metadata: - name: blue - namespace: metallb-system -spec: - autoAssign: false - addresses: - - 4.4.4.1/32 - - 4.4.4.2/32 diff --git a/graceful/blue-pod-one.yaml b/graceful/blue-pod-one.yaml deleted file mode 100644 index 87b91a6..0000000 --- a/graceful/blue-pod-one.yaml +++ /dev/null @@ -1,103 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: blue -spec: - replicas: 1 - selector: - matchLabels: - app: blue - template: - metadata: - labels: - app: blue - spec: - containers: - - name: agnhost - image: quay.io/karampok/snife:latest - imagePullPolicy: Always - securityContext: - privileged: true - - name: server - image: registry.k8s.io/e2e-test-images/agnhost:2.40 - command: - - /agnhost - - netexec - - --http-port=8080 - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - ports: - - name: http - containerPort: 8080 - - command: ["bash", "-c"] - args: ["iperf3 -s -p 60000"] - image: quay.io/karampok/snife:latest - imagePullPolicy: Always - name: iperf3 - ports: - - name: iperf3 - containerPort: 60000 ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - metallb.universe.tf/address-pool: blue - metallb.universe.tf/allow-shared-ip: "key-to-share" - name: blue-svc-http -spec: - type: LoadBalancer - externalTrafficPolicy: Local - allocateLoadBalancerNodePorts: false - ports: - - name: http - port: 5555 - protocol: TCP - targetPort: 8080 - selector: - app: blue ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - metallb.universe.tf/address-pool: blue - metallb.universe.tf/allow-shared-ip: "key-to-share" - name: blue-svc-iperf-tcp -spec: - type: LoadBalancer - externalTrafficPolicy: Local - allocateLoadBalancerNodePorts: false - ports: - - name: tcp - port: 60000 - protocol: TCP - targetPort: 60000 - selector: - app: blue ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - metallb.universe.tf/address-pool: blue - metallb.universe.tf/allow-shared-ip: "key-to-share" - name: blue-svc-iperf-udp -spec: - type: LoadBalancer - externalTrafficPolicy: Local - allocateLoadBalancerNodePorts: false - ports: - - name: udp - port: 60000 - protocol: UDP - targetPort: 60000 - selector: - app: blue - -# alias urlencode="python3 -c \"import sys, urllib.parse; print(urllib.parse.quote(''.join(sys.stdin.readlines())))\"" -# curl -s http://6.6.6.1/shell?cmd="$(echo "env|grep -i node" | urlencode)"|jq -r '.output' diff --git a/graceful/green-peering.yaml b/graceful/green-peering.yaml deleted file mode 100644 index 6417f34..0000000 --- a/graceful/green-peering.yaml +++ /dev/null @@ -1,36 +0,0 @@ ---- -apiVersion: metallb.io/v1beta2 -kind: BGPPeer -metadata: - name: green - namespace: metallb-system -spec: - peerAddress: 11.11.11.1 - peerASN: 8011 - myASN: 7003 - holdTime: 60s - nodeSelectors: - - matchLabels: - metallb-speaker: "" ---- -apiVersion: metallb.io/v1beta1 -kind: BGPAdvertisement -metadata: - name: green - namespace: metallb-system -spec: - ipAddressPools: - - green - peers: - - green ---- -apiVersion: metallb.io/v1beta1 -kind: IPAddressPool -metadata: - name: green - namespace: metallb-system -spec: - autoAssign: false - addresses: - - 5.5.5.1/32 - - 5.5.5.2/32 diff --git a/graceful/green-pod-one.yaml b/graceful/green-pod-one.yaml deleted file mode 100644 index 384a39c..0000000 --- a/graceful/green-pod-one.yaml +++ /dev/null @@ -1,105 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: green -spec: - replicas: 1 - selector: - matchLabels: - app: green - template: - metadata: - labels: - app: green - spec: - containers: - - name: agnhost - image: quay.io/karampok/snife:latest - imagePullPolicy: Always - securityContext: - privileged: true - - name: server - image: registry.k8s.io/e2e-test-images/agnhost:2.40 - command: - - /agnhost - - netexec - - --http-port=8080 - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - ports: - - name: http - containerPort: 8080 - - command: ["bash", "-c"] - args: ["iperf3 -s -p 60000"] - image: quay.io/karampok/snife:latest - imagePullPolicy: Always - name: iperf3 - ports: - - name: iperf3 - containerPort: 60000 ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - metallb.universe.tf/address-pool: green - metallb.universe.tf/allow-shared-ip: "key-to-share" - name: green-svc-http -spec: - type: LoadBalancer - externalTrafficPolicy: Local - allocateLoadBalancerNodePorts: false - ports: - - name: http - port: 5555 - protocol: TCP - targetPort: 8080 - selector: - app: green ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - metallb.universe.tf/address-pool: green - metallb.universe.tf/allow-shared-ip: "key-to-share" - name: green-svc-iperf-tcp -spec: - type: LoadBalancer - externalTrafficPolicy: Local - allocateLoadBalancerNodePorts: false - ports: - - name: tcp - port: 60000 - protocol: TCP - targetPort: 60000 - selector: - app: green ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - metallb.universe.tf/address-pool: green - metallb.universe.tf/allow-shared-ip: "key-to-share" - name: green-svc-iperf-udp -spec: - type: LoadBalancer - externalTrafficPolicy: Local - allocateLoadBalancerNodePorts: false - ports: - - name: udp - port: 60000 - protocol: UDP - targetPort: 60000 - selector: - app: green - -# show bgp vrf green ipv4 summary -# from green -# alias urlencode="python3 -c \"import sys, urllib.parse; print(urllib.parse.quote(''.join(sys.stdin.readlines())))\"" -# curl -s http://6.6.6.1/shell?cmd="$(echo "env|grep -i node" | urlencode)"|jq -r '.output' diff --git a/graceful/green-pod-two.yaml b/graceful/green-pod-two.yaml deleted file mode 100644 index ed7fc80..0000000 --- a/graceful/green-pod-two.yaml +++ /dev/null @@ -1,100 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: green-two -spec: - replicas: 1 - selector: - matchLabels: - app: green-two - template: - metadata: - labels: - app: green-two - spec: - containers: - - name: agnhost - image: quay.io/karampok/snife:latest - imagePullPolicy: Always - securityContext: - privileged: true - - name: server - image: registry.k8s.io/e2e-test-images/agnhost:2.40 - command: - - /agnhost - - netexec - - --http-port=8080 - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - ports: - - name: http - containerPort: 8080 - - command: ["bash", "-c"] - args: ["iperf3 -s -p 60000"] - image: quay.io/karampok/snife:latest - imagePullPolicy: Always - name: iperf3 - ports: - - name: iperf3 - containerPort: 60000 ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - metallb.universe.tf/address-pool: green - metallb.universe.tf/allow-shared-ip: "key-to-share-two" - name: green-two-svc-http -spec: - type: LoadBalancer - externalTrafficPolicy: Cluster - allocateLoadBalancerNodePorts: false - ports: - - name: http - port: 5555 - protocol: TCP - targetPort: 8080 - selector: - app: green-two ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - metallb.universe.tf/address-pool: green - metallb.universe.tf/allow-shared-ip: "key-to-share-two" - name: green-two-svc-iperf-tcp -spec: - type: LoadBalancer - externalTrafficPolicy: Cluster - allocateLoadBalancerNodePorts: false - ports: - - name: tcp - port: 60000 - protocol: TCP - targetPort: 60000 - selector: - app: green-two ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - metallb.universe.tf/address-pool: green - metallb.universe.tf/allow-shared-ip: "key-to-share-two" - name: green-two-svc-iperf-udp -spec: - type: LoadBalancer - externalTrafficPolicy: Cluster - allocateLoadBalancerNodePorts: false - ports: - - name: udp - port: 60000 - protocol: UDP - targetPort: 60000 - selector: - app: green-two diff --git a/graceful/install-metallb.yaml b/graceful/install-metallb.yaml deleted file mode 100644 index 98e6e6c..0000000 --- a/graceful/install-metallb.yaml +++ /dev/null @@ -1,2158 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - pod-security.kubernetes.io/audit: privileged - pod-security.kubernetes.io/enforce: privileged - pod-security.kubernetes.io/warn: privileged - name: metallb-system ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: bfdprofiles.metallb.io -spec: - group: metallb.io - names: - kind: BFDProfile - listKind: BFDProfileList - plural: bfdprofiles - singular: bfdprofile - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.passiveMode - name: Passive Mode - type: boolean - - jsonPath: .spec.transmitInterval - name: Transmit Interval - type: integer - - jsonPath: .spec.receiveInterval - name: Receive Interval - type: integer - - jsonPath: .spec.detectMultiplier - name: Multiplier - type: integer - name: v1beta1 - schema: - openAPIV3Schema: - description: |- - BFDProfile represents the settings of the bfd session that can be - optionally associated with a BGP session. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: BFDProfileSpec defines the desired state of BFDProfile. - properties: - detectMultiplier: - description: |- - Configures the detection multiplier to determine - packet loss. The remote transmission interval will be multiplied - by this value to determine the connection loss detection timer. - format: int32 - maximum: 255 - minimum: 2 - type: integer - echoInterval: - description: |- - Configures the minimal echo receive transmission - interval that this system is capable of handling in milliseconds. - Defaults to 50ms - format: int32 - maximum: 60000 - minimum: 10 - type: integer - echoMode: - description: |- - Enables or disables the echo transmission mode. - This mode is disabled by default, and not supported on multi - hops setups. - type: boolean - minimumTtl: - description: |- - For multi hop sessions only: configure the minimum - expected TTL for an incoming BFD control packet. - format: int32 - maximum: 254 - minimum: 1 - type: integer - passiveMode: - description: |- - Mark session as passive: a passive session will not - attempt to start the connection and will wait for control packets - from peer before it begins replying. - type: boolean - receiveInterval: - description: |- - The minimum interval that this system is capable of - receiving control packets in milliseconds. - Defaults to 300ms. - format: int32 - maximum: 60000 - minimum: 10 - type: integer - transmitInterval: - description: |- - The minimum transmission interval (less jitter) - that this system wants to use to send BFD control packets in - milliseconds. Defaults to 300ms - format: int32 - maximum: 60000 - minimum: 10 - type: integer - type: object - status: - description: BFDProfileStatus defines the observed state of BFDProfile. - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: bgpadvertisements.metallb.io -spec: - group: metallb.io - names: - kind: BGPAdvertisement - listKind: BGPAdvertisementList - plural: bgpadvertisements - singular: bgpadvertisement - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.ipAddressPools - name: IPAddressPools - type: string - - jsonPath: .spec.ipAddressPoolSelectors - name: IPAddressPool Selectors - type: string - - jsonPath: .spec.peers - name: Peers - type: string - - jsonPath: .spec.nodeSelectors - name: Node Selectors - priority: 10 - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: |- - BGPAdvertisement allows to advertise the IPs coming - from the selected IPAddressPools via BGP, setting the parameters of the - BGP Advertisement. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: BGPAdvertisementSpec defines the desired state of BGPAdvertisement. - properties: - aggregationLength: - default: 32 - description: The aggregation-length advertisement option lets you - “roll up” the /32s into a larger prefix. Defaults to 32. Works for - IPv4 addresses. - format: int32 - minimum: 1 - type: integer - aggregationLengthV6: - default: 128 - description: The aggregation-length advertisement option lets you - “roll up” the /128s into a larger prefix. Defaults to 128. Works - for IPv6 addresses. - format: int32 - type: integer - communities: - description: |- - The BGP communities to be associated with the announcement. Each item can be a standard community of the - form 1234:1234, a large community of the form large:1234:1234:1234 or the name of an alias defined in the - Community CRD. - items: - type: string - type: array - ipAddressPoolSelectors: - description: |- - A selector for the IPAddressPools which would get advertised via this advertisement. - If no IPAddressPool is selected by this or by the list, the advertisement is applied to all the IPAddressPools. - items: - description: |- - A label selector is a label query over a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector matches all objects. A null - label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: array - ipAddressPools: - description: The list of IPAddressPools to advertise via this advertisement, - selected by name. - items: - type: string - type: array - localPref: - description: |- - The BGP LOCAL_PREF attribute which is used by BGP best path algorithm, - Path with higher localpref is preferred over one with lower localpref. - format: int32 - type: integer - nodeSelectors: - description: NodeSelectors allows to limit the nodes to announce as - next hops for the LoadBalancer IP. When empty, all the nodes having are - announced as next hops. - items: - description: |- - A label selector is a label query over a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector matches all objects. A null - label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: array - peers: - description: |- - Peers limits the bgppeer to advertise the ips of the selected pools to. - When empty, the loadbalancer IP is announced to all the BGPPeers configured. - items: - type: string - type: array - type: object - status: - description: BGPAdvertisementStatus defines the observed state of BGPAdvertisement. - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: bgppeers.metallb.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGWlRDQ0EwMmdBd0lCQWdJVU5GRW1XcTM3MVpKdGkrMmlSQzk1WmpBV1MxZ3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3UWpFTE1Ba0dBMVVFQmhNQ1dGZ3hGVEFUQmdOVkJBY01ERVJsWm1GMWJIUWdRMmwwZVRFY01Cb0dBMVVFDQpDZ3dUUkdWbVlYVnNkQ0JEYjIxd1lXNTVJRXgwWkRBZUZ3MHlNakEzTVRrd09UTXlNek5hRncweU1qQTRNVGd3DQpPVE15TXpOYU1FSXhDekFKQmdOVkJBWVRBbGhZTVJVd0V3WURWUVFIREF4RVpXWmhkV3gwSUVOcGRIa3hIREFhDQpCZ05WQkFvTUUwUmxabUYxYkhRZ1EyOXRjR0Z1ZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDDQpEd0F3Z2dJS0FvSUNBUUNxVFpxMWZRcC9vYkdlenhES0o3OVB3Ny94azJwellualNzMlkzb1ZYSm5sRmM4YjVlDQpma2ZZQnY2bndscW1keW5PL2phWFBaQmRQSS82aFdOUDBkdVhadEtWU0NCUUpyZzEyOGNXb3F0MGNTN3pLb1VpDQpvcU1tQ0QvRXVBeFFNZjhRZDF2c1gvVllkZ0poVTZBRXJLZEpIaXpFOUJtUkNkTDBGMW1OVW55Rk82UnRtWFZUDQpidkxsTDVYeTc2R0FaQVBLOFB4aVlDa0NtbDdxN0VnTWNiOXlLWldCYmlxQ3VkTXE5TGJLNmdKNzF6YkZnSXV4DQo1L1pXK2JraTB2RlplWk9ZODUxb1psckFUNzJvMDI4NHNTWW9uN0pHZVZkY3NoUnh5R1VpSFpSTzdkaXZVTDVTDQpmM2JmSDFYbWY1ZDQzT0NWTWRuUUV2NWVaOG8zeWVLa3ZrbkZQUGVJMU9BbjdGbDlFRVNNR2dhOGFaSG1URSttDQpsLzlMSmdDYjBnQmtPT0M0WnV4bWh2aERKV1EzWnJCS3pMQlNUZXN0NWlLNVlwcXRWVVk2THRyRW9FelVTK1lsDQpwWndXY2VQWHlHeHM5ZURsR3lNVmQraW15Y3NTU1UvVno2Mmx6MnZCS21NTXBkYldDQWhud0RsRTVqU2dyMjRRDQp0eGNXLys2N3d5KzhuQlI3UXdqVTFITndVRjBzeERWdEwrZ1NHVERnSEVZSlhZelYvT05zMy94TkpoVFNPSkxNDQpoeXNVdyttaGdackdhbUdXcHVIVU1DUitvTWJzMTc1UkcrQjJnUFFHVytPTjJnUTRyOXN2b0ZBNHBBQm8xd1dLDQpRYjRhY3pmeVVscElBOVFoSmFsZEY3S3dPSHVlV3gwRUNrNXg0T2tvVDBvWVp0dzFiR0JjRGtaSmF3SURBUUFCDQpvMU13VVRBZEJnTlZIUTRFRmdRVW90UlNIUm9IWTEyRFZ4R0NCdEhpb1g2ZmVFQXdId1lEVlIwakJCZ3dGb0FVDQpvdFJTSFJvSFkxMkRWeEdDQnRIaW9YNmZlRUF3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCDQpBUXNGQUFPQ0FnRUFSbkpsWWRjMTFHd0VxWnh6RDF2R3BDR2pDN2VWTlQ3aVY1d3IybXlybHdPYi9aUWFEa0xYDQpvVStaOVVXT1VlSXJTdzUydDdmQUpvVVAwSm5iYkMveVIrU1lqUGhvUXNiVHduOTc2ZldBWTduM3FMOXhCd1Y0DQphek41OXNjeUp0dlhMeUtOL2N5ak1ReDRLajBIMFg0bWJ6bzVZNUtzWWtYVU0vOEFPdWZMcEd0S1NGVGgrSEFDDQpab1Q5YnZHS25adnNHd0tYZFF0Wnh0akhaUjVqK3U3ZGtQOTJBT051RFNabS8rWVV4b2tBK09JbzdSR3BwSHNXDQo1ZTdNY0FTVXRtb1FORXd6dVFoVkJaRWQ1OGtKYjUrV0VWbGNzanlXNnRTbzErZ25tTWNqR1BsMWgxR2hVbjV4DQpFY0lWRnBIWXM5YWo1NmpBSjk1MVQvZjhMaWxmTlVnanBLQ0c1bnl0SUt3emxhOHNtdGlPdm1UNEpYbXBwSkI2DQo4bmdHRVluVjUrUTYwWFJ2OEhSSGp1VG9CRHVhaERrVDA2R1JGODU1d09FR2V4bkZpMXZYWUxLVllWb1V2MXRKDQo4dVdUR1pwNllDSVJldlBqbzg5ZytWTlJSaVFYUThJd0dybXE5c0RoVTlqTjA0SjdVL1RvRDFpNHE3VnlsRUc5DQorV1VGNkNLaEdBeTJIaEhwVncyTGFoOS9lUzdZMUZ1YURrWmhPZG1laG1BOCtqdHNZamJadnR5Mm1SWlF0UUZzDQpUU1VUUjREbUR2bVVPRVRmeStpRHdzK2RkWXVNTnJGeVVYV2dkMnpBQU4ydVl1UHFGY2pRcFNPODFzVTJTU3R3DQoxVzAyeUtYOGJEYmZFdjBzbUh3UzliQnFlSGo5NEM1Mjg0YXpsdTBmaUdpTm1OUEM4ckJLRmhBPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== - service: - name: metallb-webhook-service - namespace: metallb-system - path: /convert - conversionReviewVersions: - - v1beta1 - - v1beta2 - group: metallb.io - names: - kind: BGPPeer - listKind: BGPPeerList - plural: bgppeers - singular: bgppeer - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.peerAddress - name: Address - type: string - - jsonPath: .spec.peerASN - name: ASN - type: string - - jsonPath: .spec.bfdProfile - name: BFD Profile - type: string - - jsonPath: .spec.ebgpMultiHop - name: Multi Hops - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: BGPPeer is the Schema for the peers API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: BGPPeerSpec defines the desired state of Peer. - properties: - bfdProfile: - type: string - ebgpMultiHop: - description: EBGP peer is multi-hops away - type: boolean - holdTime: - description: Requested BGP hold time, per RFC4271. - type: string - keepaliveTime: - description: Requested BGP keepalive time, per RFC4271. - type: string - myASN: - description: AS number to use for the local end of the session. - format: int32 - maximum: 4294967295 - minimum: 0 - type: integer - nodeSelectors: - description: |- - Only connect to this peer on nodes that match one of these - selectors. - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - minItems: 1 - type: array - required: - - key - - operator - - values - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - password: - description: Authentication password for routers enforcing TCP MD5 - authenticated sessions - type: string - peerASN: - description: AS number to expect from the remote end of the session. - format: int32 - maximum: 4294967295 - minimum: 0 - type: integer - peerAddress: - description: Address to dial when establishing the session. - type: string - peerPort: - description: Port to dial when establishing the session. - maximum: 16384 - minimum: 0 - type: integer - routerID: - description: BGP router ID to advertise to the peer - type: string - sourceAddress: - description: Source address to use when establishing the session. - type: string - required: - - myASN - - peerASN - - peerAddress - type: object - status: - description: BGPPeerStatus defines the observed state of Peer. - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.peerAddress - name: Address - type: string - - jsonPath: .spec.peerASN - name: ASN - type: string - - jsonPath: .spec.bfdProfile - name: BFD Profile - type: string - - jsonPath: .spec.ebgpMultiHop - name: Multi Hops - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: BGPPeer is the Schema for the peers API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: BGPPeerSpec defines the desired state of Peer. - properties: - bfdProfile: - description: The name of the BFD Profile to be used for the BFD session - associated to the BGP session. If not set, the BFD session won't - be set up. - type: string - connectTime: - description: Requested BGP connect time, controls how long BGP waits - between connection attempts to a neighbor. - type: string - x-kubernetes-validations: - - message: connect time should be between 1 seconds to 65535 - rule: duration(self).getSeconds() >= 1 && duration(self).getSeconds() - <= 65535 - - message: connect time should contain a whole number of seconds - rule: duration(self).getMilliseconds() % 1000 == 0 - disableMP: - default: false - description: To set if we want to disable MP BGP that will separate - IPv4 and IPv6 route exchanges into distinct BGP sessions. - type: boolean - ebgpMultiHop: - description: To set if the BGPPeer is multi-hops away. Needed for - FRR mode only. - type: boolean - gracefulRestart: - description: |- - GracefulRestart allows BGP peer to continue to forward data packets along - known routes while the routing protocol information is being restored. - Needed for FRR mode only. - type: boolean - holdTime: - description: Requested BGP hold time, per RFC4271. - type: string - keepaliveTime: - description: Requested BGP keepalive time, per RFC4271. - type: string - myASN: - description: AS number to use for the local end of the session. - format: int32 - maximum: 4294967295 - minimum: 0 - type: integer - nodeSelectors: - description: |- - Only connect to this peer on nodes that match one of these - selectors. - items: - description: |- - A label selector is a label query over a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector matches all objects. A null - label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: array - password: - description: Authentication password for routers enforcing TCP MD5 - authenticated sessions - type: string - passwordSecret: - description: |- - passwordSecret is name of the authentication secret for BGP Peer. - the secret must be of type "kubernetes.io/basic-auth", and created in the - same namespace as the MetalLB deployment. The password is stored in the - secret as the key "password". - properties: - name: - description: name is unique within a namespace to reference a - secret resource. - type: string - namespace: - description: namespace defines the space within which the secret - name must be unique. - type: string - type: object - x-kubernetes-map-type: atomic - peerASN: - description: AS number to expect from the remote end of the session. - format: int32 - maximum: 4294967295 - minimum: 0 - type: integer - peerAddress: - description: Address to dial when establishing the session. - type: string - peerPort: - default: 179 - description: Port to dial when establishing the session. - maximum: 16384 - minimum: 0 - type: integer - routerID: - description: BGP router ID to advertise to the peer - type: string - sourceAddress: - description: Source address to use when establishing the session. - type: string - vrf: - description: |- - To set if we want to peer with the BGPPeer using an interface belonging to - a host vrf - type: string - required: - - myASN - - peerASN - - peerAddress - type: object - status: - description: BGPPeerStatus defines the observed state of Peer. - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: communities.metallb.io -spec: - group: metallb.io - names: - kind: Community - listKind: CommunityList - plural: communities - singular: community - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: |- - Community is a collection of aliases for communities. - Users can define named aliases to be used in the BGPPeer CRD. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: CommunitySpec defines the desired state of Community. - properties: - communities: - items: - properties: - name: - description: The name of the alias for the community. - type: string - value: - description: |- - The BGP community value corresponding to the given name. Can be a standard community of the form 1234:1234 - or a large community of the form large:1234:1234:1234. - type: string - type: object - type: array - type: object - status: - description: CommunityStatus defines the observed state of Community. - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: ipaddresspools.metallb.io -spec: - group: metallb.io - names: - kind: IPAddressPool - listKind: IPAddressPoolList - plural: ipaddresspools - singular: ipaddresspool - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.autoAssign - name: Auto Assign - type: boolean - - jsonPath: .spec.avoidBuggyIPs - name: Avoid Buggy IPs - type: boolean - - jsonPath: .spec.addresses - name: Addresses - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: |- - IPAddressPool represents a pool of IP addresses that can be allocated - to LoadBalancer services. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IPAddressPoolSpec defines the desired state of IPAddressPool. - properties: - addresses: - description: |- - A list of IP address ranges over which MetalLB has authority. - You can list multiple ranges in a single pool, they will all share the - same settings. Each range can be either a CIDR prefix, or an explicit - start-end range of IPs. - items: - type: string - type: array - autoAssign: - default: true - description: |- - AutoAssign flag used to prevent MetallB from automatic allocation - for a pool. - type: boolean - avoidBuggyIPs: - default: false - description: |- - AvoidBuggyIPs prevents addresses ending with .0 and .255 - to be used by a pool. - type: boolean - serviceAllocation: - description: |- - AllocateTo makes ip pool allocation to specific namespace and/or service. - The controller will use the pool with lowest value of priority in case of - multiple matches. A pool with no priority set will be used only if the - pools with priority can't be used. If multiple matching IPAddressPools are - available it will check for the availability of IPs sorting the matching - IPAddressPools by priority, starting from the highest to the lowest. If - multiple IPAddressPools have the same priority, choice will be random. - properties: - namespaceSelectors: - description: |- - NamespaceSelectors list of label selectors to select namespace(s) for ip pool, - an alternative to using namespace list. - items: - description: |- - A label selector is a label query over a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector matches all objects. A null - label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: array - namespaces: - description: Namespaces list of namespace(s) on which ip pool - can be attached. - items: - type: string - type: array - priority: - description: Priority priority given for ip pool while ip allocation - on a service. - type: integer - serviceSelectors: - description: |- - ServiceSelectors list of label selector to select service(s) for which ip pool - can be used for ip allocation. - items: - description: |- - A label selector is a label query over a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector matches all objects. A null - label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: array - type: object - required: - - addresses - type: object - status: - description: IPAddressPoolStatus defines the observed state of IPAddressPool. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: l2advertisements.metallb.io -spec: - group: metallb.io - names: - kind: L2Advertisement - listKind: L2AdvertisementList - plural: l2advertisements - singular: l2advertisement - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.ipAddressPools - name: IPAddressPools - type: string - - jsonPath: .spec.ipAddressPoolSelectors - name: IPAddressPool Selectors - type: string - - jsonPath: .spec.interfaces - name: Interfaces - type: string - - jsonPath: .spec.nodeSelectors - name: Node Selectors - priority: 10 - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: |- - L2Advertisement allows to advertise the LoadBalancer IPs provided - by the selected pools via L2. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: L2AdvertisementSpec defines the desired state of L2Advertisement. - properties: - interfaces: - description: |- - A list of interfaces to announce from. The LB IP will be announced only from these interfaces. - If the field is not set, we advertise from all the interfaces on the host. - items: - type: string - type: array - ipAddressPoolSelectors: - description: |- - A selector for the IPAddressPools which would get advertised via this advertisement. - If no IPAddressPool is selected by this or by the list, the advertisement is applied to all the IPAddressPools. - items: - description: |- - A label selector is a label query over a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector matches all objects. A null - label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: array - ipAddressPools: - description: The list of IPAddressPools to advertise via this advertisement, - selected by name. - items: - type: string - type: array - nodeSelectors: - description: NodeSelectors allows to limit the nodes to announce as - next hops for the LoadBalancer IP. When empty, all the nodes having are - announced as next hops. - items: - description: |- - A label selector is a label query over a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector matches all objects. A null - label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: array - type: object - status: - description: L2AdvertisementStatus defines the observed state of L2Advertisement. - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: servicel2statuses.metallb.io -spec: - group: metallb.io - names: - kind: ServiceL2Status - listKind: ServiceL2StatusList - plural: servicel2statuses - singular: servicel2status - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.node - name: Allocated Node - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: ServiceL2Status reveals the actual traffic status of loadbalancer - services in layer2 mode. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ServiceL2StatusSpec defines the desired state of ServiceL2Status. - type: object - status: - description: MetalLBServiceL2Status defines the observed state of ServiceL2Status. - properties: - interfaces: - description: Interfaces indicates the interfaces that receive the - directed traffic - items: - description: InterfaceInfo defines interface info of layer2 announcement. - properties: - name: - description: Name the name of network interface card - type: string - type: object - type: array - node: - description: Node indicates the node that receives the directed traffic - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: metallb - name: controller - namespace: metallb-system ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: metallb - name: speaker - namespace: metallb-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: metallb - name: controller - namespace: metallb-system -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resourceNames: - - memberlist - resources: - - secrets - verbs: - - list -- apiGroups: - - apps - resourceNames: - - controller - resources: - - deployments - verbs: - - get -- apiGroups: - - metallb.io - resources: - - bgppeers - verbs: - - get - - list -- apiGroups: - - metallb.io - resources: - - bfdprofiles - verbs: - - get - - list - - watch -- apiGroups: - - metallb.io - resources: - - ipaddresspools - verbs: - - get - - list - - watch -- apiGroups: - - metallb.io - resources: - - bgpadvertisements - verbs: - - get - - list - - watch -- apiGroups: - - metallb.io - resources: - - l2advertisements - verbs: - - get - - list - - watch -- apiGroups: - - metallb.io - resources: - - communities - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: metallb - name: pod-lister - namespace: metallb-system -rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - list -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch -- apiGroups: - - metallb.io - resources: - - bfdprofiles - verbs: - - get - - list - - watch -- apiGroups: - - metallb.io - resources: - - bgppeers - verbs: - - get - - list - - watch -- apiGroups: - - metallb.io - resources: - - l2advertisements - verbs: - - get - - list - - watch -- apiGroups: - - metallb.io - resources: - - bgpadvertisements - verbs: - - get - - list - - watch -- apiGroups: - - metallb.io - resources: - - ipaddresspools - verbs: - - get - - list - - watch -- apiGroups: - - metallb.io - resources: - - communities - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: metallb - name: metallb-system:controller -rules: -- apiGroups: - - "" - resources: - - services - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "" - resources: - - services/status - verbs: - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - policy - resourceNames: - - controller - resources: - - podsecuritypolicies - verbs: - - use -- apiGroups: - - admissionregistration.k8s.io - resourceNames: - - metallb-webhook-configuration - resources: - - validatingwebhookconfigurations - - mutatingwebhookconfigurations - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - - mutatingwebhookconfigurations - verbs: - - list - - watch -- apiGroups: - - apiextensions.k8s.io - resourceNames: - - bfdprofiles.metallb.io - - bgpadvertisements.metallb.io - - bgppeers.metallb.io - - ipaddresspools.metallb.io - - l2advertisements.metallb.io - - communities.metallb.io - resources: - - customresourcedefinitions - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: metallb - name: metallb-system:speaker -rules: -- apiGroups: - - metallb.io - resources: - - servicel2statuses - - servicel2statuses/status - verbs: - - '*' -- apiGroups: - - "" - resources: - - services - - endpoints - - nodes - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - policy - resourceNames: - - speaker - resources: - - podsecuritypolicies - verbs: - - use ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app: metallb - name: controller - namespace: metallb-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: controller -subjects: -- kind: ServiceAccount - name: controller - namespace: metallb-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app: metallb - name: pod-lister - namespace: metallb-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: pod-lister -subjects: -- kind: ServiceAccount - name: speaker - namespace: metallb-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app: metallb - name: metallb-system:controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: metallb-system:controller -subjects: -- kind: ServiceAccount - name: controller - namespace: metallb-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app: metallb - name: metallb-system:speaker -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: metallb-system:speaker -subjects: -- kind: ServiceAccount - name: speaker - namespace: metallb-system ---- -apiVersion: v1 -data: - daemons: | - # This file tells the frr package which daemons to start. - # - # Sample configurations for these daemons can be found in - # /usr/share/doc/frr/examples/. - # - # ATTENTION: - # - # When activating a daemon for the first time, a config file, even if it is - # empty, has to be present *and* be owned by the user and group "frr", else - # the daemon will not be started by /etc/init.d/frr. The permissions should - # be u=rw,g=r,o=. - # When using "vtysh" such a config file is also needed. It should be owned by - # group "frrvty" and set to ug=rw,o= though. Check /etc/pam.d/frr, too. - # - # The watchfrr and zebra daemons are always started. - # - bgpd=yes - ospfd=no - ospf6d=no - ripd=no - ripngd=no - isisd=no - pimd=no - ldpd=no - nhrpd=no - eigrpd=no - babeld=no - sharpd=no - pbrd=no - bfdd=yes - fabricd=no - vrrpd=no - - # - # If this option is set the /etc/init.d/frr script automatically loads - # the config via "vtysh -b" when the servers are started. - # Check /etc/pam.d/frr if you intend to use "vtysh"! - # - vtysh_enable=yes - zebra_options=" -A 127.0.0.1 -s 90000000" - bgpd_options=" -A 127.0.0.1 -p 0" - ospfd_options=" -A 127.0.0.1" - ospf6d_options=" -A ::1" - ripd_options=" -A 127.0.0.1" - ripngd_options=" -A ::1" - isisd_options=" -A 127.0.0.1" - pimd_options=" -A 127.0.0.1" - ldpd_options=" -A 127.0.0.1" - nhrpd_options=" -A 127.0.0.1" - eigrpd_options=" -A 127.0.0.1" - babeld_options=" -A 127.0.0.1" - sharpd_options=" -A 127.0.0.1" - pbrd_options=" -A 127.0.0.1" - staticd_options="-A 127.0.0.1" - bfdd_options=" -A 127.0.0.1" - fabricd_options="-A 127.0.0.1" - vrrpd_options=" -A 127.0.0.1" - - # configuration profile - # - #frr_profile="traditional" - #frr_profile="datacenter" - - # - # This is the maximum number of FD's that will be available. - # Upon startup this is read by the control files and ulimit - # is called. Uncomment and use a reasonable value for your - # setup if you are expecting a large number of peers in - # say BGP. - #MAX_FDS=1024 - - # The list of daemons to watch is automatically generated by the init script. - #watchfrr_options="" - - # for debugging purposes, you can specify a "wrap" command to start instead - # of starting the daemon directly, e.g. to use valgrind on ospfd: - # ospfd_wrap="/usr/bin/valgrind" - # or you can use "all_wrap" for all daemons, e.g. to use perf record: - # all_wrap="/usr/bin/perf record --call-graph -" - # the normal daemon command is added to this at the end. - frr.conf: | - ! This file gets overriden the first time the speaker renders a config. - ! So anything configured here is only temporary. - frr version 7.5.1 - frr defaults traditional - hostname Router - line vty - log file /etc/frr/frr.log informational - vtysh.conf: | - service integrated-vtysh-config -kind: ConfigMap -metadata: - name: frr-startup - namespace: metallb-system ---- -apiVersion: v1 -data: - excludel2.yaml: | - announcedInterfacesToExclude: ["^docker.*", "^cbr.*", "^dummy.*", "^virbr.*", "^lxcbr.*", "^veth.*", "^lo$", "^cali.*", "^tunl.*", "^flannel.*", "^kube-ipvs.*", "^cni.*", "^nodelocaldns.*"] -kind: ConfigMap -metadata: - name: metallb-excludel2 - namespace: metallb-system ---- -apiVersion: v1 -kind: Secret -metadata: - name: metallb-webhook-cert - namespace: metallb-system ---- -apiVersion: v1 -kind: Service -metadata: - name: metallb-webhook-service - namespace: metallb-system -spec: - ports: - - port: 443 - targetPort: 9443 - selector: - component: controller ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: metallb - component: controller - name: controller - namespace: metallb-system -spec: - revisionHistoryLimit: 3 - selector: - matchLabels: - app: metallb - component: controller - template: - metadata: - annotations: - prometheus.io/port: "7472" - prometheus.io/scrape: "true" - labels: - app: metallb - component: controller - spec: - containers: - - args: - - --port=7472 - - --log-level=all - - --tls-min-version=VersionTLS12 - env: - - name: METALLB_BGP_TYPE - value: frr - - name: METALLB_ML_SECRET_NAME - value: memberlist - - name: METALLB_DEPLOYMENT - value: controller - image: quay.io/metallb/controller:dev-amd64 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /metrics - port: monitoring - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 7472 - name: monitoring - - containerPort: 9443 - name: webhook-server - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /metrics - port: monitoring - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - all - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - nodeSelector: - kubernetes.io/os: linux - securityContext: - fsGroup: 65534 - runAsNonRoot: true - runAsUser: 65534 - serviceAccountName: controller - terminationGracePeriodSeconds: 0 - volumes: - - name: cert - secret: - defaultMode: 420 - secretName: metallb-webhook-cert ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - labels: - app: metallb - component: speaker - name: speaker - namespace: metallb-system -spec: - selector: - matchLabels: - app: metallb - component: speaker - template: - metadata: - annotations: - prometheus.io/port: "7472" - prometheus.io/scrape: "true" - labels: - app: metallb - component: speaker - spec: - containers: - - command: - - /bin/sh - - -c - - | - /sbin/tini -- /usr/lib/frr/docker-start & - attempts=0 - until [[ -f /etc/frr/frr.log || $attempts -eq 60 ]]; do - sleep 1 - attempts=$(( $attempts + 1 )) - done - tail -f /etc/frr/frr.log - env: - - name: TINI_SUBREAPER - value: "true" - image: quay.io/frrouting/frr:9.0.2 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /livez - port: 7473 - periodSeconds: 5 - name: frr - securityContext: - capabilities: - add: - - NET_ADMIN - - NET_RAW - - SYS_ADMIN - - NET_BIND_SERVICE - startupProbe: - failureThreshold: 30 - httpGet: - path: /livez - port: 7473 - periodSeconds: 5 - volumeMounts: - - mountPath: /var/run/frr - name: frr-sockets - - mountPath: /etc/frr - name: frr-conf - - command: - - /etc/frr_reloader/frr-reloader.sh - image: quay.io/frrouting/frr:9.0.2 - name: reloader - volumeMounts: - - mountPath: /var/run/frr - name: frr-sockets - - mountPath: /etc/frr - name: frr-conf - - mountPath: /etc/frr_reloader - name: reloader - - args: - - --metrics-port=7473 - command: - - /etc/frr_metrics/frr-metrics - image: quay.io/frrouting/frr:9.0.2 - name: frr-metrics - ports: - - containerPort: 7473 - name: monitoring - volumeMounts: - - mountPath: /var/run/frr - name: frr-sockets - - mountPath: /etc/frr - name: frr-conf - - mountPath: /etc/frr_metrics - name: metrics - - args: - - --port=7472 - - --log-level=all - env: - - name: FRR_CONFIG_FILE - value: /etc/frr_reloader/frr.conf - - name: FRR_RELOADER_PID_FILE - value: /etc/frr_reloader/reloader.pid - - name: METALLB_BGP_TYPE - value: frr - - name: METALLB_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: METALLB_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: METALLB_ML_BIND_ADDR - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: METALLB_ML_LABELS - value: app=metallb,component=speaker - - name: METALLB_ML_SECRET_KEY_PATH - value: /etc/ml_secret_key - image: quay.io/metallb/speaker:dev-amd64 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /metrics - port: monitoring - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: speaker - ports: - - containerPort: 7472 - name: monitoring - - containerPort: 7946 - name: memberlist-tcp - - containerPort: 7946 - name: memberlist-udp - protocol: UDP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /metrics - port: monitoring - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_RAW - drop: - - ALL - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /etc/frr_reloader - name: reloader - - mountPath: /etc/ml_secret_key - name: memberlist - readOnly: true - - mountPath: /etc/metallb - name: metallb-excludel2 - readOnly: true - hostNetwork: true - initContainers: - - command: - - /bin/sh - - -c - - cp -rLf /tmp/frr/* /etc/frr/ - image: quay.io/frrouting/frr:9.0.2 - name: cp-frr-files - securityContext: - runAsGroup: 101 - runAsUser: 100 - volumeMounts: - - mountPath: /tmp/frr - name: frr-startup - - mountPath: /etc/frr - name: frr-conf - - command: - - /bin/sh - - -c - - cp -f /frr-reloader.sh /etc/frr_reloader/ - image: quay.io/metallb/speaker:dev-amd64 - name: cp-reloader - volumeMounts: - - mountPath: /etc/frr_reloader - name: reloader - - command: - - /bin/sh - - -c - - cp -f /frr-metrics /etc/frr_metrics/ - image: quay.io/metallb/speaker:dev-amd64 - name: cp-metrics - volumeMounts: - - mountPath: /etc/frr_metrics - name: metrics - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: speaker - shareProcessNamespace: true - terminationGracePeriodSeconds: 2 - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - operator: Exists - volumes: - - emptyDir: {} - name: frr-sockets - - configMap: - name: frr-startup - name: frr-startup - - emptyDir: {} - name: frr-conf - - emptyDir: {} - name: reloader - - emptyDir: {} - name: metrics - - name: memberlist - secret: - defaultMode: 420 - secretName: memberlist - - configMap: - defaultMode: 256 - name: metallb-excludel2 - name: metallb-excludel2 ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - creationTimestamp: null - name: metallb-webhook-configuration -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: metallb-webhook-service - namespace: metallb-system - path: /validate-metallb-io-v1beta2-bgppeer - failurePolicy: Fail - name: bgppeersvalidationwebhook.metallb.io - rules: - - apiGroups: - - metallb.io - apiVersions: - - v1beta2 - operations: - - CREATE - - UPDATE - resources: - - bgppeers - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: metallb-webhook-service - namespace: metallb-system - path: /validate-metallb-io-v1beta1-bfdprofile - failurePolicy: Fail - name: bfdprofilevalidationwebhook.metallb.io - rules: - - apiGroups: - - metallb.io - apiVersions: - - v1beta1 - operations: - - CREATE - - DELETE - resources: - - bfdprofiles - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: metallb-webhook-service - namespace: metallb-system - path: /validate-metallb-io-v1beta1-bgpadvertisement - failurePolicy: Fail - name: bgpadvertisementvalidationwebhook.metallb.io - rules: - - apiGroups: - - metallb.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - bgpadvertisements - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: metallb-webhook-service - namespace: metallb-system - path: /validate-metallb-io-v1beta1-community - failurePolicy: Fail - name: communityvalidationwebhook.metallb.io - rules: - - apiGroups: - - metallb.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - communities - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: metallb-webhook-service - namespace: metallb-system - path: /validate-metallb-io-v1beta1-ipaddresspool - failurePolicy: Fail - name: ipaddresspoolvalidationwebhook.metallb.io - rules: - - apiGroups: - - metallb.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - ipaddresspools - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: metallb-webhook-service - namespace: metallb-system - path: /validate-metallb-io-v1beta1-l2advertisement - failurePolicy: Fail - name: l2advertisementvalidationwebhook.metallb.io - rules: - - apiGroups: - - metallb.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - l2advertisements - sideEffects: None diff --git a/graceful/red-peering.yaml b/graceful/red-peering.yaml deleted file mode 100644 index 931b1b2..0000000 --- a/graceful/red-peering.yaml +++ /dev/null @@ -1,48 +0,0 @@ ---- -apiVersion: metallb.io/v1beta1 -kind: BFDProfile -metadata: - name: red - namespace: metallb-system -spec: - detectMultiplier: 3 - echoMode: false - passiveMode: false ---- -apiVersion: metallb.io/v1beta2 -kind: BGPPeer -metadata: - name: red - namespace: metallb-system -spec: - peerAddress: 12.12.12.1 - peerASN: 8012 - myASN: 7003 - holdTime: 60s - gracefulRestart: true - bfdProfile: red - nodeSelectors: - - matchLabels: - metallb-speaker: "" ---- -apiVersion: metallb.io/v1beta1 -kind: BGPAdvertisement -metadata: - name: red - namespace: metallb-system -spec: - ipAddressPools: - - red - peers: - - red ---- -apiVersion: metallb.io/v1beta1 -kind: IPAddressPool -metadata: - name: red - namespace: metallb-system -spec: - autoAssign: false - addresses: - - 6.6.6.1/32 - - 6.6.6.2/32 diff --git a/graceful/red-pod-one.yaml b/graceful/red-pod-one.yaml deleted file mode 100644 index dbb0f8e..0000000 --- a/graceful/red-pod-one.yaml +++ /dev/null @@ -1,105 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: red -spec: - replicas: 1 - selector: - matchLabels: - app: red - template: - metadata: - labels: - app: red - spec: - containers: - - name: agnhost - image: quay.io/karampok/snife:latest - imagePullPolicy: Always - securityContext: - privileged: true - - name: server - image: registry.k8s.io/e2e-test-images/agnhost:2.40 - command: - - /agnhost - - netexec - - --http-port=8080 - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - ports: - - name: http - containerPort: 8080 - - command: ["bash", "-c"] - args: ["iperf3 -s -p 60000"] - image: quay.io/karampok/snife:latest - imagePullPolicy: Always - name: iperf3 - ports: - - name: iperf3 - containerPort: 60000 ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - metallb.universe.tf/address-pool: red - metallb.universe.tf/allow-shared-ip: "key-to-share-red" - name: red-svc-http -spec: - type: LoadBalancer - externalTrafficPolicy: Local - allocateLoadBalancerNodePorts: false - ports: - - name: http - port: 5555 - protocol: TCP - targetPort: 8080 - selector: - app: red ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - metallb.universe.tf/address-pool: red - metallb.universe.tf/allow-shared-ip: "key-to-share-red" - name: red-svc-iperf-tcp -spec: - type: LoadBalancer - externalTrafficPolicy: Local - allocateLoadBalancerNodePorts: false - ports: - - name: tcp - port: 60000 - protocol: TCP - targetPort: 60000 - selector: - app: red ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - metallb.universe.tf/address-pool: red - metallb.universe.tf/allow-shared-ip: "key-to-share-red" - name: red-svc-iperf-udp -spec: - type: LoadBalancer - externalTrafficPolicy: Local - allocateLoadBalancerNodePorts: false - ports: - - name: udp - port: 60000 - protocol: UDP - targetPort: 60000 - selector: - app: red - -# show bgp vrf red ipv4 summary -# from red -# alias urlencode="python3 -c \"import sys, urllib.parse; print(urllib.parse.quote(''.join(sys.stdin.readlines())))\"" -# curl -s http://6.6.6.1/shell?cmd="$(echo "env|grep -i node" | urlencode)"|jq -r '.output' diff --git a/graceful/red-pod-two.yaml b/graceful/red-pod-two.yaml deleted file mode 100644 index 2b286ff..0000000 --- a/graceful/red-pod-two.yaml +++ /dev/null @@ -1,105 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: red-two -spec: - replicas: 2 - selector: - matchLabels: - app: red-two - template: - metadata: - labels: - app: red-two - spec: - containers: - - name: agnhost - image: quay.io/karampok/snife:latest - imagePullPolicy: Always - securityContext: - privileged: true - - name: server - image: registry.k8s.io/e2e-test-images/agnhost:2.40 - command: - - /agnhost - - netexec - - --http-port=8080 - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - ports: - - name: http - containerPort: 8080 - - command: ["bash", "-c"] - args: ["iperf3 -s -p 60000"] - image: quay.io/karampok/snife:latest - imagePullPolicy: Always - name: iperf3 - ports: - - name: iperf3 - containerPort: 60000 ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - metallb.universe.tf/address-pool: red - metallb.universe.tf/allow-shared-ip: "key-to-share-red-two" - name: red-two-svc-http -spec: - type: LoadBalancer - externalTrafficPolicy: Local - allocateLoadBalancerNodePorts: false - ports: - - name: http - port: 5555 - protocol: TCP - targetPort: 8080 - selector: - app: red-two ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - metallb.universe.tf/address-pool: red - metallb.universe.tf/allow-shared-ip: "key-to-share-red-two" - name: red-two-svc-iperf-tcp -spec: - type: LoadBalancer - externalTrafficPolicy: Local - allocateLoadBalancerNodePorts: false - ports: - - name: tcp - port: 60000 - protocol: TCP - targetPort: 60000 - selector: - app: red-two ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - metallb.universe.tf/address-pool: red - metallb.universe.tf/allow-shared-ip: "key-to-share-red-two" - name: red-two-svc-iperf-udp -spec: - type: LoadBalancer - externalTrafficPolicy: Local - allocateLoadBalancerNodePorts: false - ports: - - name: udp - port: 60000 - protocol: UDP - targetPort: 60000 - selector: - app: red-two - -# show bgp vrf red ipv4 summary -# from red -# alias urlencode="python3 -c \"import sys, urllib.parse; print(urllib.parse.quote(''.join(sys.stdin.readlines())))\"" -# curl -s http://6.6.6.1/shell?cmd="$(echo "env|grep -i node" | urlencode)"|jq -r '.output' diff --git a/infra/deploy-ocp.sh b/infra/deploy-ocp.sh new file mode 100755 index 0000000..18a338c --- /dev/null +++ b/infra/deploy-ocp.sh @@ -0,0 +1,26 @@ +#! /usr/bin/env bash +set -euoE pipefail + +openshift-install version + +name=${1:-mno} #mno,sno,5gc +folder=${folder:-"/share/${name}"} +cp -r "${name}"-template "${folder}" + +PULL_SECRET=$(jq '.' -c "${PULL_SECRET_PATH:-.pull-secret.json}") #one liner +sed -i "s/PULLSECRET/$PULL_SECRET/g" "${folder}"/install-config.yaml + +openshift-install agent create image --log-level info --dir "${folder}" + +source ./redfish-actions/sushy.sh +for node in $(cat "${folder}"/bmc-hosts); +do + power_off "$node" + media_eject "$node" + media_insert "$node" "${HTTP_SERVER:-http://10.10.20.200:9000}"/"${name}"/agent.x86_64.iso + boot_once "$node" + power_on "$node" +done + +mkdir -p ~/.kube && cp "${folder}"/auth/kubeconfig ~/.kube/config +#openshift-install agent wait-for install-complete --log-level info --dir /share/${name} diff --git a/k00-config.yaml b/k00-config.yaml deleted file mode 100644 index ca3c0cd..0000000 --- a/k00-config.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: kind.x-k8s.io/v1alpha4 -kind: Cluster -# networking: -# disableDefaultCNI: true -nodes: - - role: control-plane - - role: worker - labels: - metallb-speaker: "" - - role: worker - labels: - metallb-speaker: "" diff --git a/opt/cni.d/access.conflist b/opt/cni.d/access.conflist deleted file mode 100644 index 5264c10..0000000 --- a/opt/cni.d/access.conflist +++ /dev/null @@ -1,16 +0,0 @@ -{ - "cniVersion": "0.4.0", - "name": "access", - "plugins": [ - { - "type": "bridge", - "bridge": "access", - "isGateway": false, - "ipMasq": false, - "hairpinMode": true, - "ipam": { - "type": "" - } - } - ] -} diff --git a/opt/cni.d/baremetal.conflist b/opt/cni.d/baremetal.conflist deleted file mode 100644 index 9a0a1a7..0000000 --- a/opt/cni.d/baremetal.conflist +++ /dev/null @@ -1,25 +0,0 @@ -{ - "args": { - "podman_options": { - "mtu": "9000" - } - }, - "cniVersion": "0.4.0", - "name": "baremetal", - "plugins": [ - { - "type": "bridge", - "bridge": "baremetal", - "isGateway": false, - "ipMasq": false, - "mtu": 9000, - "hairpinMode": false, - "ipam": { - "type": "" - } - }, - { - "type": "tuning" - } - ] -} diff --git a/opt/cni.d/bmc.conflist b/opt/cni.d/bmc.conflist deleted file mode 100644 index a7c21db..0000000 --- a/opt/cni.d/bmc.conflist +++ /dev/null @@ -1,19 +0,0 @@ -{ - "cniVersion": "0.4.0", - "name": "bmc", - "plugins": [ - { - "type": "bridge", - "bridge": "bmc", - "isGateway": false, - "ipMasq": false, - "hairpinMode": false, - "ipam": { - "type": "" - } - }, - { - "type": "tuning" - } - ] -} diff --git a/opt/cni.d/green-net.conflist b/opt/cni.d/green-net.conflist deleted file mode 100644 index 21db198..0000000 --- a/opt/cni.d/green-net.conflist +++ /dev/null @@ -1,16 +0,0 @@ -{ - "cniVersion": "0.4.0", - "name": "green-net", - "plugins": [ - { - "type": "bridge", - "bridge": "access", - "isGateway": false, - "ipMasq": false, - "hairpinMode": true, - "ipam": { - "type": "" - } - } - ] -} diff --git a/opt/cni.d/red-net.conflist b/opt/cni.d/red-net.conflist deleted file mode 100644 index b850c85..0000000 --- a/opt/cni.d/red-net.conflist +++ /dev/null @@ -1,16 +0,0 @@ -{ - "cniVersion": "0.4.0", - "name": "red-net", - "plugins": [ - { - "type": "bridge", - "bridge": "access", - "isGateway": false, - "ipMasq": false, - "hairpinMode": true, - "ipam": { - "type": "" - } - } - ] -} diff --git a/opt/coredns/zones/hub.telco.vlab.db b/opt/coredns/zones/hub.telco.vlab.db deleted file mode 100644 index 9e39301..0000000 --- a/opt/coredns/zones/hub.telco.vlab.db +++ /dev/null @@ -1,16 +0,0 @@ -; hub.telco.vlab zone file - -$ORIGIN hub.telco.vlab. -$TTL 3600 - -@ IN SOA ns1.hub.telco.vlab. hostmaster.hub.telco.vlab. ( - 2023112201 ; Serial - 3600 ; Refresh - 900 ; Retry - 604800 ; Expire - 86400 ) ; Minimum TTL - -@ IN NS ns1.hub.telco.vlab. - -api IN A 10.10.20.225 -*.apps IN A 10.10.20.225 diff --git a/pkg/cleanup.go b/pkg/cleanup.go index f6bd3b6..17fce68 100644 --- a/pkg/cleanup.go +++ b/pkg/cleanup.go @@ -6,9 +6,7 @@ import ( func Clean() *Run { r := NewRun("Clean") - //r.StepCanFail(S("Clean VMS"), S(cleanup04)) - r.Step(S("Clean L2"), nil) - for _, cmd := range cleanupL2 { + for _, cmd := range cleanup { r.StepCanFail(nil, S(cmd)) } diff --git a/pkg/gather.go b/pkg/gather.go index ba5524d..8d57739 100644 --- a/pkg/gather.go +++ b/pkg/gather.go @@ -2,55 +2,39 @@ package pkg import . "github.com/saschagrunert/demo" +var cleanup = []string{ + "ip link delete sw1", + "ip link delete dataplane", + "ip link delete ixp-net", + "ip link delete bmc", + "virsh net-destroy sw1", + "virsh net-destroy dataplane", +} + func SetupInfra() *Run { r := NewRun("Setup Virtual Infra") - r.BreakPoint() r.Step(S("Build L2 fabric"), S(bridges)) - r.BreakPoint() - r.Step(S("Enable libvirt to attach vms"), nil) + r.Step(S("Enable bridges in libvirt"), nil) r.Step(nil, S(cmd03)) - // r.Step(S("Configure GW-zero with upstream"), S(gw00)) - - r.BreakPoint() c := "containerlab deploy" r.Step(S("Containerlab"), S(c)) - //r.Step(S("Setup workstation"), S(workstation)) + cleanup = append(cleanup, "containerlab destroy") - // r.BreakPoint() - // r.Step(S("Setup GW-one (L3 Gateway) on baremetal,access net"), S(gw1)) - // r.Step(S("Configure GW-one with vlan"), S(gw10)) - // - // r.BreakPoint() - // r.Step(S("Setup GW-two (L3 Gateway) on baremetal,access,green net"), S(gw2)) - // r.Step(S("Configure GW-two with vlan"), S(gw20)) - // r.Step(S("Setup green VRF in router"), S(gw21)) - // r.Step(S("Setup red VRF in router"), S(gw22)) + vbmh := `kcli create plan -f vbmh-kcli-plan.yaml vbmh` + r.Step(S("Create baremetal with kcli"), S(vbmh)) + cleanup = append(cleanup, "kcli delete -y plan vbmh") // // r.BreakPoint() // r.Step(S("Setup green client on green net "), S(green)) // r.Step(S("Setup red client on red net "), S(red)) // r.Step(S("Setup macnet host on baremetal net "), S(macnet)) - // - // r.BreakPoint() - // r.Step(S("Setup DNS (CoreDNS) service"), S(dns)) - // r.Step(S("Configure routing for DNS"), S(dns01)) - // - // r.BreakPoint() // r.Step(S("Setup proxy"), S(proxy)) // r.Step(S("Configure routing for proxy"), S(proxy01)) - // - // r.Step(S("proxy/dns needs connectivity"), nil) - // not using my image, I can do - // r.Step(S("podman run --net=container:dns --rm --privileged -it quay.io/karampok/snife /bin/bash"), nil) - - // r.BreakPoint() // r.Step(S("Setup DHCPv4"), S(dhcpv4)) // r.Step(S("Setup DHCPv6"), S(dhcpv6)) // - // r.BreakPoint() - // r.Step(S("Create baremetal with kcli"), S(vbmh)) // // r.BreakPoint() // r.Step(S("Create bmc with Sushy"), S(sushy)) diff --git a/pkg/l2-networks.go b/pkg/l2-networks.go index d658c43..cf57bda 100644 --- a/pkg/l2-networks.go +++ b/pkg/l2-networks.go @@ -4,6 +4,8 @@ var bridges = `ip link add name dataplane type bridge ip link set dev dataplane up ip link add name sw1 type bridge ip link set dev sw1 up +ip link add name bmc type bridge +ip link set dev bmc up ip link add name ixp-net type bridge ip link set dev ixp-net up` @@ -16,6 +18,7 @@ var cmd03 = `cat > /tmp/sw1.xml < /tmp/dataplane.xml < dataplane @@ -23,14 +26,6 @@ rm /tmp/sw1.xml EOM virsh net-create /tmp/dataplane.xml -rm /tmp/sw1.xml +rm /tmp/dataplane.xml #virsh net-list` - -var cleanupL2 = []string{ - "ip link delete sw1", - "ip link delete dataplane", - "ip link delete ixp-net", - "virsh net-destroy sw1", - "virsh net-destroy dataplane", -} diff --git a/pkg/setup-vbmh.go b/pkg/setup-vbmh.go index 5d054f5..410054e 100644 --- a/pkg/setup-vbmh.go +++ b/pkg/setup-vbmh.go @@ -1,7 +1,5 @@ package pkg -var vbmh = `kcli create plan -f vbmh-kcli-plan.yaml vbmh` - var sushy = `podman run --name sushy --rm -d --privileged --hostname bmc-sushy \ -v ./opt/sushy:/etc/sushy:Z -v /var/run/libvirt:/var/run/libvirt:rw --net=bmc:interface_name=eth0 \ --dns 10.10.20.10 \ diff --git a/telco-ocp-lab b/telco-ocp-lab index 955edd0..2470c65 100755 Binary files a/telco-ocp-lab and b/telco-ocp-lab differ diff --git a/telco-ocp-lab.go b/telco-ocp-lab.go index 190c8a8..e5572f1 100644 --- a/telco-ocp-lab.go +++ b/telco-ocp-lab.go @@ -2,28 +2,41 @@ package main import ( "embed" + "fmt" "io" "io/fs" "os" + "os/user" "path/filepath" "github.com/karampok/telco-ocp-lab/pkg" "github.com/saschagrunert/demo" ) -//go:embed opt/* -var optFS embed.FS +//go:embed config/* +var configFS embed.FS + +//go:embed infra/* +var infraFS embed.FS + +//go:embed topo.clab.yml +var cclab []byte //go:embed vbmh-kcli-plan.yaml var kplan []byte func main() { + if !isRoot() { + fmt.Println("clab needs root") + os.Exit(1) + } d := demo.New() + d.Name = "telco-ocp-lab" d.Description = "Setup virtual infra for multi-interface cluster" - d.Add(pkg.Clean(), "clean", "clean system") d.Add(pkg.SetupInfra(), "setup", "setup virtual infra") + d.Add(pkg.Clean(), "clean", "clean system") d.Add(pkg.RunIPForwardingDemo(), "ipforwarding", "reproduce ipforwarding demo") d.Add(pkg.RunBGPGracefulRestart(), "BGP-GR", "demo BGP w,w/o GR (Graceful restart)") d.Add(pkg.RunBGPGracefulRestartWithBFD(), "BGP-GR-BFD", "demo BGP w,w/o GR (Graceful restart), BFD") @@ -36,32 +49,48 @@ func main() { } func extractConfig() error { + clab := "topo.clab.yaml" + _, err := os.Stat(clab) + if os.IsNotExist(err) { + if err := os.WriteFile(clab, cclab, 0o644); err != nil { + return err + } + } + plan := "vbmh-kcli-plan.yaml" - _, err := os.Stat(plan) + _, err = os.Stat(plan) if os.IsNotExist(err) { if err := os.WriteFile(plan, kplan, 0o644); err != nil { return err } } - files, err := getAllFilenames(&optFS) - if err != nil { - return err - } - for _, f := range files { - src, err := optFS.Open(f) + extractDir := func(efs *embed.FS) error { + files, err := getAllFilenames(efs) if err != nil { return err } - if err := os.MkdirAll(filepath.Dir(f), 0o755); err != nil { - return err - } + for _, f := range files { + src, err := efs.Open(f) + if err != nil { + return err + } + if err := os.MkdirAll(filepath.Dir(f), 0o755); err != nil { + return err + } - dst, err := os.OpenFile(f, os.O_WRONLY|os.O_CREATE, 0o644) - if err != nil { - return err + dst, err := os.OpenFile(f, os.O_WRONLY|os.O_CREATE, 0o644) + if err != nil { + return err + } + if _, err = io.Copy(dst, src); err != nil { + return err + } } - if _, err = io.Copy(dst, src); err != nil { + return nil + } + for _, fs := range []*embed.FS{&configFS, &infraFS} { + if err := extractDir(fs); err != nil { return err } } @@ -85,3 +114,11 @@ func getAllFilenames(efs *embed.FS) (files []string, err error) { return files, nil } + +func isRoot() bool { + currentUser, err := user.Current() + if err != nil { + panic(err) + } + return currentUser.Username == "root" +} diff --git a/topo.clab.yml b/topo.clab.yml index 6bd52c2..1a0dd89 100644 --- a/topo.clab.yml +++ b/topo.clab.yml @@ -7,6 +7,8 @@ mgmt: topology: nodes: + bmc: + kind: bridge ixp-net: kind: bridge sw1: @@ -15,9 +17,9 @@ topology: kind: linux image: quay.io/frrouting/frr:9.0.2 binds: - - opt/frr-zero/daemons:/etc/frr/daemons - - opt/frr-zero/frr.conf:/etc/frr/frr.conf - - opt/frr-zero/vtysh.conf:/etc/frr/vtysh.conf + - config/frr-zero/daemons:/etc/frr/daemons + - config/frr-zero/frr.conf:/etc/frr/frr.conf + - config/frr-zero/vtysh.conf:/etc/frr/vtysh.conf exec: # - ip addr add 192.168.0.166/24 dev upstream # - ip route add default via 192.168.0.254 @@ -31,9 +33,9 @@ topology: image: quay.io/frrouting/frr:9.0.2 network-mode: none binds: - - opt/frr-one/daemons:/etc/frr/daemons - - opt/frr-one/frr.conf:/etc/frr/frr.conf - - opt/frr-one/vtysh.conf:/etc/frr/vtysh.conf + - config/frr-one/daemons:/etc/frr/daemons + - config/frr-one/frr.conf:/etc/frr/frr.conf + - config/frr-one/vtysh.conf:/etc/frr/vtysh.conf exec: - ip link set dev eth1 address aa:aa:aa:aa:aa:00 - ip link add link eth1 name eth1.blue type vlan id 10 @@ -62,22 +64,40 @@ topology: - ip route add default via 10.10.20.254 - ip route add 10.10.10.0/24 via 10.10.20.1 binds: - - opt/coredns:/etc/coredns - # TODO: add healthcheck + - config/coredns:/etc/coredns + sushy: + kind: linux + image: quay.io/karampok/sushy-emulator:latest + network-mode: none + exec: + - ip addr add 192.168.100.100/24 dev eth1 + binds: + - config/sushy/:/etc/sushy + - /var/run/libvirt:/var/run/libvirt:rw + cmd: /usr/local/bin/sushy-emulator --config /etc/sushy/emulator.conf --debug + infra: kind: linux image: quay.io/karampok/infra:latest exec: - ip addr add 10.10.20.200/24 dev eth1 - - ip route add default via 10.10.20.254 + - ip addr add 192.168.100.200/24 dev bmc - ip route add 10.10.10.0/24 via 10.10.20.1 + # - ip route add default via 10.10.20.254 + binds: + - infra/:/workdir + - /root/.ssh/authorized_keys:/root/.ssh/authorized_keys:ro ports: - 51820:51820/udp + env: + PUBLICIP: 10.1.98.12 links: - endpoints: ["r01:eth1", "ixp-net:ixp-port0"] # - endpoints: ["r01:upstream", "host:r01-up"] #"macvlan:bond0"] - endpoints: ["dns:eth1", "ixp-net:ixp-port10"] - endpoints: ["infra:eth1", "ixp-net:ixp-port200"] + - endpoints: ["infra:bmc", "bmc:infra"] + - endpoints: ["sushy:eth1", "bmc:sushy"] - endpoints: ["gw1:eth0", "ixp-net:ixp-port1"] - endpoints: ["gw1:eth1", "sw1:sw1-port1"]