-
Notifications
You must be signed in to change notification settings - Fork 3
/
provision-chart-metallb.sh
62 lines (56 loc) · 2.21 KB
/
provision-chart-metallb.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
#!/bin/bash
source /vagrant/lib.sh
# metallb chart.
# see https://github.com/metallb/metallb/releases
# see https://github.com/metallb/metallb/tree/v0.13.10/charts/metallb
# see https://metallb.universe.tf/installation/#installation-with-helm
# see https://metallb.universe.tf/configuration/#layer-2-configuration
metallb_chart_version="${1:-0.13.10}"; shift || true
metallb_ip_addresses="${1:-10.10.0.200-10.10.0.219}"; shift || true
# add the metallb helm charts repository.
helm repo add metallb https://metallb.github.io/metallb
# search the chart and app versions, e.g.: in this case we are using:
# NAME CHART VERSION APP VERSION DESCRIPTION
# metallb/metallb 0.13.10 v0.13.10 A network load-balancer implementation for Kube...
helm search repo metallb/metallb --versions | head -5
# create the namespace.
# see https://github.com/metallb/metallb/blob/v0.13.10/config/native/ns.yaml
# see https://github.com/metallb/metallb/issues/1457
kubectl apply -f - <<'EOF'
apiVersion: v1
kind: Namespace
metadata:
name: metallb-system
labels:
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/warn: privileged
EOF
# install.
helm upgrade --install \
metallb \
metallb/metallb \
--version $metallb_chart_version \
--namespace metallb-system \
--wait
# advertise addresses using the L2 mode.
# NB we have to sit in a loop until the metallb-webhook-service endpoint is
# available. while its starting, it will fail with:
# Error from server (InternalError): error when creating "STDIN": Internal error occurred: failed calling webhook "ipaddresspoolvalidationwebhook.metallb.io": failed to call webhook: Post "https://metallb-webhook-service.cluster-metallb.svc:443/validate-metallb-io-v1beta1-ipaddresspool?timeout=10s": dial tcp 10.103.0.220:443: connect: connection refused
# see https://github.com/metallb/metallb/issues/1547
while ! kubectl apply --namespace metallb-system -f - <<EOF
---
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: default
spec:
addresses:
- $metallb_ip_addresses
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: default
EOF
do sleep 5; done