mirror of
https://github.com/lordmathis/dev-cluster.git
synced 2025-12-22 16:44:24 +00:00
126 lines
3.4 KiB
YAML
126 lines
3.4 KiB
YAML
# /infrastructure/controllers/metallb/config-job.yaml
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: metallb-config
|
|
namespace: metallb-system
|
|
spec:
|
|
template:
|
|
spec:
|
|
serviceAccountName: metallb-config-sa
|
|
containers:
|
|
- name: kubectl
|
|
image: bitnami/kubectl:latest
|
|
command:
|
|
- /bin/bash
|
|
- -c
|
|
- |
|
|
# Wait for the webhook to be ready
|
|
echo "Waiting for MetalLB webhook to be ready..."
|
|
sleep 30
|
|
kubectl -n metallb-system wait --for=condition=ready --timeout=120s pods --all
|
|
sleep 30
|
|
|
|
# Get the external IP of the node using kubectl
|
|
SERVER_IP=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[?(@.type=="ExternalIP")].address}')
|
|
|
|
# Fallback to other address types if ExternalIP isn't available
|
|
if [ -z "$SERVER_IP" ]; then
|
|
echo "ExternalIP not found, trying InternalIP..."
|
|
SERVER_IP=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[?(@.type=="InternalIP")].address}')
|
|
fi
|
|
|
|
echo "Detected server IP: $SERVER_IP"
|
|
|
|
if [ -z "$SERVER_IP" ]; then
|
|
echo "No external IP found for the node"
|
|
exit 1
|
|
fi
|
|
|
|
# Create a temporary file for the IPAddressPool
|
|
echo "Creating IPAddressPool with IP: $SERVER_IP/32"
|
|
|
|
cat > /tmp/ippool.yaml << EOF
|
|
apiVersion: metallb.io/v1beta1
|
|
kind: IPAddressPool
|
|
metadata:
|
|
name: first-pool
|
|
namespace: metallb-system
|
|
spec:
|
|
addresses:
|
|
- "$SERVER_IP/32"
|
|
EOF
|
|
|
|
kubectl apply -f /tmp/ippool.yaml
|
|
|
|
# Create the L2Advertisement
|
|
cat > /tmp/l2advert.yaml << EOF
|
|
apiVersion: metallb.io/v1beta1
|
|
kind: L2Advertisement
|
|
metadata:
|
|
name: l2-advert
|
|
namespace: metallb-system
|
|
spec:
|
|
ipAddressPools:
|
|
- first-pool
|
|
EOF
|
|
|
|
kubectl apply -f /tmp/l2advert.yaml
|
|
|
|
echo "MetalLB configured to use IP: $SERVER_IP"
|
|
restartPolicy: OnFailure
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: metallb-config-sa
|
|
namespace: metallb-system
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: metallb-config-role
|
|
rules:
|
|
- apiGroups: ["metallb.io"]
|
|
resources: ["ipaddresspools", "l2advertisements"]
|
|
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
|
- apiGroups: [""]
|
|
resources: ["nodes"]
|
|
verbs: ["get", "list"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: metallb-config-rolebinding
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: metallb-config-sa
|
|
namespace: metallb-system
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: metallb-config-role
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: metallb-config-role-ns
|
|
namespace: metallb-system
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["pods", "services"]
|
|
verbs: ["get", "list", "watch"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: metallb-config-rolebinding-ns
|
|
namespace: metallb-system
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: metallb-config-sa
|
|
namespace: metallb-system
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: metallb-config-role-ns |