charts/metallb/values.yaml

# Default values for metallb.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
loadBalancerClass: ""

# To configure MetalLB, you must specify ONE of the following two
# options.

rbac:
  # create specifies whether to install and use RBAC rules.
  create: true

prometheus:
  # scrape annotations specifies whether to add Prometheus metric
  # auto-collection annotations to pods. See
  # https://github.com/prometheus/prometheus/blob/release-2.1/documentation/examples/prometheus-kubernetes.yml
  # for a corresponding Prometheus configuration. Alternatively, you
  # may want to use the Prometheus Operator
  # (https://github.com/coreos/prometheus-operator) for more powerful
  # monitoring configuration. If you use the Prometheus operator, this
  # can be left at false.
  scrapeAnnotations: false

  # port both controller and speaker will listen on for metrics
  metricsPort: 7472

  # if set, enables rbac proxy on the controller and speaker to expose
  # the metrics via tls.
  # secureMetricsPort: 9120

  # the name of the secret to be mounted in the speaker pod
  # to expose the metrics securely. If not present, a self signed
  # certificate to be used.
  speakerMetricsTLSSecret: ""

  # the name of the secret to be mounted in the controller pod
  # to expose the metrics securely. If not present, a self signed
  # certificate to be used.
  controllerMetricsTLSSecret: ""

  # prometheus doens't have the permission to scrape all namespaces so we give it permission to scrape metallb's one
  rbacPrometheus: true

  # the service account used by prometheus
  # required when " .Values.prometheus.rbacPrometheus == true " and " .Values.prometheus.podMonitor.enabled=true or prometheus.serviceMonitor.enabled=true "
  serviceAccount: ""

  # the namespace where prometheus is deployed
  # required when " .Values.prometheus.rbacPrometheus == true " and " .Values.prometheus.podMonitor.enabled=true or prometheus.serviceMonitor.enabled=true "
  namespace: ""

  # the image to be used for the kuberbacproxy container
  rbacProxy:
    repository: gcr.io/kubebuilder/kube-rbac-proxy
    tag: v0.12.0
    pullPolicy:

  # Prometheus Operator PodMonitors
  podMonitor:
    # enable support for Prometheus Operator
    enabled: false

    # optional additionnal labels for podMonitors
    additionalLabels: {}

    # optional annotations for podMonitors
    annotations: {}

    # Job label for scrape target
    jobLabel: "app.kubernetes.io/name"

    # Scrape interval. If not set, the Prometheus default scrape interval is used.
    interval:

    # 	metric relabel configs to apply to samples before ingestion.
    metricRelabelings: []
    # - action: keep
    #   regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
    #   sourceLabels: [__name__]

    # 	relabel configs to apply to samples before ingestion.
    relabelings: []
    # - sourceLabels: [__meta_kubernetes_pod_node_name]
    #   separator: ;
    #   regex: ^(.*)$
    #   target_label: nodename
    #   replacement: $1
    #   action: replace

  # Prometheus Operator ServiceMonitors. To be used as an alternative
  # to podMonitor, supports secure metrics.
  serviceMonitor:
    # enable support for Prometheus Operator
    enabled: false

    speaker:
      # optional additional labels for the speaker serviceMonitor
      additionalLabels: {}
      # optional additional annotations for the speaker serviceMonitor
      annotations: {}
      # optional tls configuration for the speaker serviceMonitor, in case
      # secure metrics are enabled.
      tlsConfig:
        insecureSkipVerify: true

    controller:
      # optional additional labels for the controller serviceMonitor
      additionalLabels: {}
      # optional additional annotations for the controller serviceMonitor
      annotations: {}
      # optional tls configuration for the controller serviceMonitor, in case
      # secure metrics are enabled.
      tlsConfig:
        insecureSkipVerify: true

    # Job label for scrape target
    jobLabel: "app.kubernetes.io/name"

    # Scrape interval. If not set, the Prometheus default scrape interval is used.
    interval:

    # 	metric relabel configs to apply to samples before ingestion.
    metricRelabelings: []
    # - action: keep
    #   regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
    #   sourceLabels: [__name__]

    # 	relabel configs to apply to samples before ingestion.
    relabelings: []
    # - sourceLabels: [__meta_kubernetes_pod_node_name]
    #   separator: ;
    #   regex: ^(.*)$
    #   target_label: nodename
    #   replacement: $1
    #   action: replace

  # Prometheus Operator alertmanager alerts
  prometheusRule:
    # enable alertmanager alerts
    enabled: false

    # optional additionnal labels for prometheusRules
    additionalLabels: {}

    # optional annotations for prometheusRules
    annotations: {}

    # MetalLBStaleConfig
    staleConfig:
      enabled: true
      labels:
        severity: warning

    # MetalLBConfigNotLoaded
    configNotLoaded:
      enabled: true
      labels:
        severity: warning

    # MetalLBAddressPoolExhausted
    addressPoolExhausted:
      enabled: true
      labels:
        severity: alert

    addressPoolUsage:
      enabled: true
      thresholds:
        - percent: 75
          labels:
            severity: warning
        - percent: 85
          labels:
            severity: warning
        - percent: 95
          labels:
            severity: alert

    # MetalLBBGPSessionDown
    bgpSessionDown:
      enabled: true
      labels:
        severity: alert

    extraAlerts: []

# controller contains configuration specific to the MetalLB cluster
# controller.
controller:
  enabled: true
  # -- Controller log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none`
  logLevel: info
  # command: /controller
  # webhookMode: enabled
  image:
    repository: quay.io/metallb/controller
    tag:
    pullPolicy:
  ## @param controller.updateStrategy.type Metallb controller deployment strategy type.
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
  ## e.g:
  ## strategy:
  ##  type: RollingUpdate
  ##  rollingUpdate:
  ##    maxSurge: 25%
  ##    maxUnavailable: 25%
  ##
  strategy:
    type: RollingUpdate
  serviceAccount:
    # Specifies whether a ServiceAccount should be created
    create: true
    # The name of the ServiceAccount to use. If not set and create is
    # true, a name is generated using the fullname template
    name: ""
    annotations: {}
  securityContext:
    runAsNonRoot: true
    # nobody
    runAsUser: 65534
    fsGroup: 65534
  resources: {}
    # limits:
      # cpu: 100m
      # memory: 100Mi
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
  runtimeClassName: ""
  affinity: {}
  podAnnotations: {}
  labels: {}
  livenessProbe:
    enabled: true
    failureThreshold: 3
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
  readinessProbe:
    enabled: true
    failureThreshold: 3
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1

# speaker contains configuration specific to the MetalLB speaker
# daemonset.
speaker:
  enabled: true
  # command: /speaker
  # -- Speaker log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none`
  logLevel: info
  tolerateMaster: true
  memberlist:
    enabled: true
    mlBindPort: 7946
    mlSecretKeyPath: "/etc/ml_secret_key"
  excludeInterfaces:
    enabled: true
  image:
    repository: quay.io/metallb/speaker
    tag:
    pullPolicy:
  ## @param speaker.updateStrategy.type Speaker daemonset strategy type
  ## ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/
  ##
  updateStrategy:
    ## StrategyType
    ## Can be set to RollingUpdate or OnDelete
    ##
    type: RollingUpdate
  serviceAccount:
    # Specifies whether a ServiceAccount should be created
    create: true
    # The name of the ServiceAccount to use. If not set and create is
    # true, a name is generated using the fullname template
    name: ""
    annotations: {}
  ## Defines a secret name for the controller to generate a memberlist encryption secret
  ## By default secretName: {{ "metallb.fullname" }}-memberlist
  ##
  # secretName:
  resources: {}
    # limits:
      # cpu: 100m
      # memory: 100Mi
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
  affinity: {}
  ## Selects which runtime class will be used by the pod.
  runtimeClassName: ""
  podAnnotations: {}
  labels: {}
  livenessProbe:
    enabled: true
    failureThreshold: 3
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
  readinessProbe:
    enabled: true
    failureThreshold: 3
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
  startupProbe:
    enabled: true
    failureThreshold: 30
    periodSeconds: 5
  # frr contains configuration specific to the MetalLB FRR container,
  # for speaker running alongside FRR.
  frr:
    enabled: true
    image:
      repository: quay.io/frrouting/frr
      tag: 8.5.2
      pullPolicy:
    metricsPort: 7473
    resources: {}

    # if set, enables a rbac proxy sidecar container on the speaker to
    # expose the frr metrics via tls.
    # secureMetricsPort: 9121

  reloader:
    resources: {}

  frrMetrics:
    resources: {}

crds:
  enabled: true
  validationFailurePolicy: Fail