diff --git a/bindata/network/frr-k8s/001-crd.yaml b/bindata/network/frr-k8s/001-crd.yaml index 676d22e4ae..34c19baf86 100644 --- a/bindata/network/frr-k8s/001-crd.yaml +++ b/bindata/network/frr-k8s/001-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.17.3 name: frrconfigurations.frrk8s.metallb.io spec: group: frrk8s.metallb.io @@ -185,8 +185,10 @@ spec: disableMP: default: false description: |- - To set if we want to disable MP BGP that will separate IPv4 and IPv6 route exchanges into distinct BGP sessions. - Deprecated: DisableMP is deprecated in favor of dualStackAddressFamily. + DisableMP is no longer used and has no effect. + Use DualStackAddressFamily instead to enable the neighbor for both IPv4 and IPv6 address families. + + Deprecated: This field is ignored. Use DualStackAddressFamily instead. type: boolean dualStackAddressFamily: default: false @@ -490,7 +492,72 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.17.3 + name: frrk8sconfigurations.frrk8s.metallb.io +spec: + group: frrk8s.metallb.io + names: + kind: FRRK8sConfiguration + listKind: FRRK8sConfigurationList + plural: frrk8sconfigurations + singular: frrk8sconfiguration + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: |- + FRRK8sConfiguration holds the FRR Operator configuration with global + settings for the K8s and FRR. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: FRRK8sConfigurationSpec defines the desired state of FRRK8sConfiguration. + properties: + logLevel: + description: |- + LogLevel sets the logging verbosity for the FRR-K8s components at runtime. + When configured, this value overrides the defaults established by the --log-level CLI flag. + Valid values are: all, debug, info, warn, error, none. + enum: + - all + - debug + - info + - warn + - error + - none + type: string + type: object + status: + description: FRRK8sConfigurationStatus defines the observed state of FRRK8sConfiguration. + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.3 name: frrnodestates.frrk8s.metallb.io spec: group: frrk8s.metallb.io @@ -555,7 +622,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.17.3 name: bgpsessionstates.frrk8s.metallb.io spec: group: frrk8s.metallb.io diff --git a/bindata/network/frr-k8s/002-rbac.yaml b/bindata/network/frr-k8s/002-rbac.yaml index c1b3970642..bd282ad933 100644 --- a/bindata/network/frr-k8s/002-rbac.yaml +++ b/bindata/network/frr-k8s/002-rbac.yaml @@ -124,6 +124,14 @@ rules: - get - patch - update +- apiGroups: + - frrk8s.metallb.io + resources: + - frrk8sconfigurations + verbs: + - get + - list + - watch - apiGroups: - authentication.k8s.io resources: diff --git a/bindata/network/frr-k8s/frr-k8s.yaml b/bindata/network/frr-k8s/frr-k8s.yaml index 8d4c0aa037..102c5007d9 100644 --- a/bindata/network/frr-k8s/frr-k8s.yaml +++ b/bindata/network/frr-k8s/frr-k8s.yaml @@ -97,7 +97,8 @@ spec: args: - --node-name=$(NODE_NAME) - --namespace=$(NAMESPACE) - - --metrics-bind-address=127.0.0.1:7572 + - --metrics-bind-address=0.0.0.0:9140 + - --metrics-cert-dir=/etc/metrics - $(LOG_LEVEL) env: - name: FRR_CONFIG_FILE @@ -119,8 +120,8 @@ spec: fieldRef: fieldPath: metadata.namespace ports: - - containerPort: 7572 - name: monitoring + - containerPort: 9140 + name: metricshttps resources: requests: cpu: 100m @@ -128,8 +129,8 @@ spec: terminationMessagePolicy: FallbackToLogsOnError livenessProbe: httpGet: - path: /metrics - port: monitoring + path: /healthz + port: 7572 host: 127.0.0.1 initialDelaySeconds: 10 periodSeconds: 10 @@ -138,8 +139,8 @@ spec: failureThreshold: 3 readinessProbe: httpGet: - path: /metrics - port: monitoring + path: /readyz + port: 7572 host: 127.0.0.1 initialDelaySeconds: 10 periodSeconds: 10 @@ -157,6 +158,9 @@ spec: volumeMounts: - name: reloader mountPath: /etc/frr_reloader + - name: metrics-certs + mountPath: /etc/metrics + readOnly: true - name: frr securityContext: allowPrivilegeEscalation: false @@ -192,15 +196,15 @@ spec: livenessProbe: httpGet: path: /livez - port: 7573 - host: 127.0.0.1 + port: 9141 + scheme: HTTPS periodSeconds: 10 failureThreshold: 3 startupProbe: httpGet: path: /livez - port: 7573 - host: 127.0.0.1 + port: 9141 + scheme: HTTPS failureThreshold: 30 periodSeconds: 5 - name: reloader @@ -222,11 +226,13 @@ spec: image: {{.FRRK8sImage}} command: ["/etc/frr_metrics/frr-metrics"] args: - - --metrics-port=7573 - - --metrics-bind-address=127.0.0.1 + - --metrics-port=9141 + - --metrics-bind-address=0.0.0.0 + - --tls-cert-file=/etc/metrics/tls.crt + - --tls-private-key-file=/etc/metrics/tls.key ports: - - containerPort: 7573 - name: monitoring + - containerPort: 9141 + name: frrmetricshttps resources: requests: cpu: 10m @@ -239,13 +245,17 @@ spec: mountPath: /etc/frr - name: metrics mountPath: /etc/frr_metrics + - name: metrics-certs + mountPath: /etc/metrics + readOnly: true - name: frr-status image: {{.FRRK8sImage}} args: - --node-name=$(NODE_NAME) - --namespace=$(NAMESPACE) - --pod-name=$(POD_NAME) - - --poll-interval=2m + - $(LOG_LEVEL) + - $(POLL_INTERVAL) command: - /etc/frr_status/frr-status env: @@ -261,6 +271,18 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name + - name: LOG_LEVEL + valueFrom: + configMapKeyRef: + name: env-overrides + key: frrk8s-loglevel + optional: true + - name: POLL_INTERVAL + valueFrom: + configMapKeyRef: + name: env-overrides + key: frrk8s-poll-interval + optional: true volumeMounts: - mountPath: /var/run/frr name: frr-sockets @@ -272,48 +294,6 @@ spec: requests: cpu: 10m memory: 20Mi - - name: kube-rbac-proxy - image: {{.KubeRBACProxyImage}} - args: - - --logtostderr - - --secure-listen-address=:9140 - - --upstream=http://127.0.0.1:7572/ - - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - - --tls-private-key-file=/etc/metrics/tls.key - - --tls-cert-file=/etc/metrics/tls.crt - ports: - - containerPort: 9140 - name: metricshttps - resources: - requests: - cpu: 10m - memory: 20Mi - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - name: metrics-certs - mountPath: /etc/metrics - readOnly: true - - name: kube-rbac-proxy-frr - image: {{.KubeRBACProxyImage}} - args: - - --logtostderr - - --secure-listen-address=:9141 - - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - - --upstream=http://127.0.0.1:7573/ - - --tls-private-key-file=/etc/metrics/tls.key - - --tls-cert-file=/etc/metrics/tls.crt - ports: - - containerPort: 9141 - name: frrmetricshttps - resources: - requests: - cpu: 10m - memory: 20Mi - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - name: metrics-certs - mountPath: /etc/metrics - readOnly: true nodeSelector: kubernetes.io/os: linux tolerations: diff --git a/pkg/network/render.go b/pkg/network/render.go index 43458e2046..9bf285d31d 100644 --- a/pkg/network/render.go +++ b/pkg/network/render.go @@ -859,7 +859,6 @@ func renderAdditionalRoutingCapabilities(conf *operv1.NetworkSpec, manifestDir s case operv1.RoutingCapabilitiesProviderFRR: data := render.MakeRenderData() data.Data["FRRK8sImage"] = os.Getenv("FRR_K8S_IMAGE") - data.Data["KubeRBACProxyImage"] = os.Getenv("KUBE_RBAC_PROXY_IMAGE") data.Data["ReleaseVersion"] = os.Getenv("RELEASE_VERSION") objs, err := render.RenderDir(filepath.Join(manifestDir, "network/frr-k8s"), &data) if err != nil { diff --git a/pkg/network/render_test.go b/pkg/network/render_test.go index cbd4132ff7..045d4c704c 100644 --- a/pkg/network/render_test.go +++ b/pkg/network/render_test.go @@ -568,7 +568,7 @@ func Test_renderAdditionalRoutingCapabilities(t *testing.T) { }, }, }, - want: 19, + want: 20, expectedErr: nil, }, }