1 # Copyright 2020 Canonical Ltd.
3 # Licensed under the Apache License, Version 2.0 (the "License");
4 # you may not use this file except in compliance with the License.
5 # You may obtain a copy of the License at
7 # http://www.apache.org/licenses/LICENSE-2.0
9 # Unless required by applicable law or agreed to in writing, software
10 # distributed under the License is distributed on an "AS IS" BASIS,
11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 # See the License for the specific language governing permissions and
13 # limitations under the License.
24 namespace: metallb-system
32 namespace: metallb-system
37 apiVersion: rbac.authorization.k8s.io/v1
40 name: metallb-system:controller
45 resources: ["services"]
46 verbs: ["get", "list", "watch", "update"]
48 resources: ["services/status"]
52 verbs: ["create", "patch"]
54 apiVersion: rbac.authorization.k8s.io/v1
57 name: metallb-system:speaker
62 resources: ["services", "endpoints", "nodes"]
63 verbs: ["get", "list", "watch"]
65 apiVersion: rbac.authorization.k8s.io/v1
68 namespace: metallb-system
74 resources: ["endpoints"]
75 resourceNames: ["metallb-speaker"]
76 verbs: ["get", "update"]
78 resources: ["endpoints"]
81 apiVersion: rbac.authorization.k8s.io/v1
84 namespace: metallb-system
90 resources: ["configmaps"]
91 verbs: ["get", "list", "watch"]
97 apiVersion: rbac.authorization.k8s.io/v1
98 kind: ClusterRoleBinding
100 name: metallb-system:controller
104 - kind: ServiceAccount
106 namespace: metallb-system
108 apiGroup: rbac.authorization.k8s.io
110 name: metallb-system:controller
112 apiVersion: rbac.authorization.k8s.io/v1
113 kind: ClusterRoleBinding
115 name: metallb-system:speaker
119 - kind: ServiceAccount
121 namespace: metallb-system
123 apiGroup: rbac.authorization.k8s.io
125 name: metallb-system:speaker
127 apiVersion: rbac.authorization.k8s.io/v1
130 namespace: metallb-system
135 - kind: ServiceAccount
137 - kind: ServiceAccount
140 apiGroup: rbac.authorization.k8s.io
144 apiVersion: rbac.authorization.k8s.io/v1
147 namespace: metallb-system
148 name: leader-election
152 - kind: ServiceAccount
155 apiGroup: rbac.authorization.k8s.io
157 name: leader-election
159 apiVersion: apps/v1beta2
162 namespace: metallb-system
178 prometheus.io/scrape: "true"
179 prometheus.io/port: "7472"
181 serviceAccountName: speaker
182 terminationGracePeriodSeconds: 0
186 image: metallb/speaker:v0.6.1
187 imagePullPolicy: IfNotPresent
192 - name: METALLB_NODE_NAME
195 fieldPath: spec.nodeName
204 allowPrivilegeEscalation: false
205 readOnlyRootFilesystem: true
212 apiVersion: apps/v1beta2
215 namespace: metallb-system
219 component: controller
221 revisionHistoryLimit: 3
225 component: controller
230 component: controller
232 prometheus.io/scrape: "true"
233 prometheus.io/port: "7472"
235 serviceAccountName: controller
236 terminationGracePeriodSeconds: 0
239 runAsUser: 65534 # nobody
242 image: metallb/controller:v0.6.1
243 imagePullPolicy: IfNotPresent
256 allowPrivilegeEscalation: false
260 readOnlyRootFilesystem: true