From c02cb462920b3655a33598363546be88b4b115f0 Mon Sep 17 00:00:00 2001 From: LordMathis Date: Sun, 23 Mar 2025 13:49:26 +0100 Subject: [PATCH] Add wait conditions and namespace-specific roles for MetalLB configuration --- .../controllers/metallb/config-job.yaml | 30 +++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/infrastructure/controllers/metallb/config-job.yaml b/infrastructure/controllers/metallb/config-job.yaml index 05d4323..6b585c1 100644 --- a/infrastructure/controllers/metallb/config-job.yaml +++ b/infrastructure/controllers/metallb/config-job.yaml @@ -17,7 +17,9 @@ spec: - | # Wait for the webhook to be ready echo "Waiting for MetalLB webhook to be ready..." + sleep 30 kubectl -n metallb-system wait --for=condition=ready --timeout=120s pods --all + sleep 30 # Get the external IP of the node using kubectl SERVER_IP=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[?(@.type=="ExternalIP")].address}') @@ -75,7 +77,7 @@ rules: resources: ["ipaddresspools", "l2advertisements"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - apiGroups: [""] - resources: ["nodes", "pods"] + resources: ["nodes"] verbs: ["get", "list"] --- apiVersion: rbac.authorization.k8s.io/v1 @@ -89,4 +91,28 @@ subjects: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: metallb-config-role \ No newline at end of file + name: metallb-config-role +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: metallb-config-role-ns + namespace: metallb-system +rules: +- apiGroups: [""] + resources: ["pods", "services"] + verbs: ["get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: metallb-config-rolebinding-ns + namespace: metallb-system +subjects: +- kind: ServiceAccount + name: metallb-config-sa + namespace: metallb-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: metallb-config-role-ns \ No newline at end of file