Split config, update metallb template

2022-07-27 10:47:28 +02:00 · 2022-07-27 10:47:28 +02:00 · 83bb00ca8f
commit 83bb00ca8f
parent 80531a0a1e
6 changed files with 1769 additions and 255 deletions
--- a/roles/kubernetes-apps/metallb/tasks/main.yml
+++ b/roles/kubernetes-apps/metallb/tasks/main.yml
@ -15,8 +15,8 @@
  fail:
    msg: "metallb_peers is mandatory when metallb_protocol is bgp and metallb_speaker_enabled"
  when:
-    - metallb_protocol == 'bgp' and metallb_speaker_enabled
-    - metallb_peers is not defined or not metallb_peers
+    - metallb_config.layer3 is defined and metallb_speaker_enabled
+    - metallb_config.metallb_peers is not defined or not metallb_config.metallb_peers

 - name: Kubernetes Apps | Check that the deprecated 'matallb_auto_assign' variable is not used anymore
  fail:
@ -45,11 +45,29 @@
    src: "{{ item }}.j2"
    dest: "{{ kube_config_dir }}/{{ item }}"
    mode: 0644
-  with_items: ["metallb.yml", "metallb-config.yml"]
+  with_items: ["metallb.yml", "metallb-config.yml", "pools.yaml", "layer2.yaml", "layer3.yaml"]
  register: "rendering"
  when:
    - "inventory_hostname == groups['kube_control_plane'][0]"

+- name: Kubernetes Apps | Create MetalLB resources and replace existing
+  k8s:
+    definition: "{{ lookup('template', 'metallb.yaml') }}"
+
+- name: Kubernetes Apps | Wait for MetalLB controller to be running
+  k8s_info:
+    kind: Deployment
+    namespace: "{{ namespace_name }}"
+    name: controller
+    wait: True
+    wait_sleep: 10
+    wait_timeout: 360
+    wait_condition:
+      status: "True"
+      type: Available
+  register: result
+  until: result is not failed
+
 - name: Kubernetes Apps | Install and configure MetalLB
  kube:
    name: "MetalLB"
@ -60,3 +78,10 @@
  with_items: "{{ rendering.results }}"
  when:
    - "inventory_hostname == groups['kube_control_plane'][0]"
+
+- name: Kubernetes Apps | Delete MetalLB ConfigMap
+  k8s:
+    name: config
+    kind: ConfigMap
+    namespace: "{{ namespace_name }}"
+    state: absent
--- a/roles/kubernetes-apps/metallb/templates/layer2.yaml.j2
+++ b/roles/kubernetes-apps/metallb/templates/layer2.yaml.j2
@ -0,0 +1,18 @@
+#jinja2: trim_blocks: True, lstrip_blocks: True
+# yamllint disable-file
+---
+
+# Create layer2 configuration
+{% for entry in metallb_config.layer2 %}
+
+# L2 Configuration
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+  name: "{{ entry }}"
+  namespace: "{{ namespace_name }}"
+spec:
+  ipAddressPools:
+  - "{{ entry }}"
+
+{% endfor %}
--- a/roles/kubernetes-apps/metallb/templates/layer3.yaml.j2
+++ b/roles/kubernetes-apps/metallb/templates/layer3.yaml.j2
@ -0,0 +1,103 @@
+#jinja2: trim_blocks: True, lstrip_blocks: True
+# yamllint disable-file
+---
+
+# Create layer3 configuration
+{% for community_name, community in metallb_config.layer3.communities.items() %}
+---
+apiVersion: metallb.io/v1beta1
+kind: Community
+metadata:
+  name: "{{ community_name }}"
+  namespace: "{{ namespace_name }}"
+spec:
+  community:
+  - name: "{{ community_name }}"
+    value: "{{ community }}"
+{% endfor %}
+
+{% for peer_name, peer in metallb_config.layer3.metallb_peers.items() %}
+
+# BGPAdvertisement is used to advertise the specified address pool to the BGP peer.
+# Local BGP Advertisement specifies that the IP specified in the address pool will be used as source address for traffic entering your cluster from the remote peer.
+---
+apiVersion: metallb.io/v1beta1
+kind: BGPAdvertisement
+metadata:
+  name: "{{ peer_name }}-local"
+  namespace: "{{ namespace_name }}"
+spec:
+  ipAddressPools:
+  {% for address_pool in peer.address_pool %}
+  - "{{ address_pool }}"
+  {% endfor %}
+  {% if peer.advanced | length > 0 %}
+  aggregationLength: 32
+  localpref: "{{ peer.localpref | default ("100") }}"
+  communities:
+  {% for community in peer.communities %}
+  - "{{ community }}"
+  {% endfor %}
+  {% endif %}
+
+
+# External GBP Advertisement. The IP range specied in the address pool is advertized to the BGP peer.
+---
+apiVersion: metallb.io/v1beta1
+kind: BGPAdvertisement
+metadata:
+  name: "{{ peer_name }}-external"
+  namespace: "{{ namespace_name }}"
+spec:
+  ipAddressPools:
+  {% for address_pool in peer.address_pool %}
+  - "{{ address_pool }}"
+  {% endfor %}
+  {% if peer.advanced | length > 0 %}
+  aggregationLength: "{{ peer.aggregation_length }}"
+  {% endif %}
+
+
+# Configuration for the GBP peer.
+---
+apiVersion: metallb.io/v1beta2
+kind: BGPPeer
+metadata:
+  name: "{{ peer_name }}"
+  namespace: "{{ namespace_name }}"
+spec:
+  myASN: {{ peer.my_asn }}
+  peerASN: {{ peer.peer_asn }}
+  peerAddress: {{ peer.peer_address }}
+
+  {% if peer.peer_port is defined %}
+  peerPort: {{ peer.peer_port }}
+  {% else %}
+  peerPort: {{ metallb_config.layer3.defaults.peer_port }}
+  {% endif %}
+
+  {% if peer.password is defined %}
+  password: "{{ peer.password }}"
+  {% endif %}
+
+  {% if peer.router_id is defined %}
+  routerID: "{{ peer.router_id }}"
+  {% endif %}
+
+  {% if peer.hold_time is defined %}
+  holdTime: {{ peer.hold_time }}
+  {% else %}
+  holdTime: {{ metallb_config.layer3.defaults.hold_time }}
+  {% endif %}
+
+  {% if peer.keepalive_time is defined %}
+  keepaliveTime: {{ peer.keepalive_time }}
+  {% else %}
+  keepaliveTime: {{ metallb_config.layer3.defaults.keepalive_time }}
+  {% endif %}
+
+  {% if peer.multihop is defined %}
+  elayer3MultiHop: "{{ peer.multihop }}"
+  {% endif %}
+
+{% endfor %}
--- a/roles/kubernetes-apps/metallb/templates/metallb-config.yml.j2
+++ b/roles/kubernetes-apps/metallb/templates/metallb-config.yml.j2
@ -1,54 +0,0 @@
---
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  namespace: metallb-system
-  name: config
-data:
-  config: |
-{% if metallb_peers | length > 0 %}
-    peers:
-{% for peer in metallb_peers %}
-    - peer-address: {{ peer.peer_address }}
-      peer-asn: {{ peer.peer_asn }}
-      my-asn: {{ peer.my_asn }}
-{% if peer.password is defined %}
-      password: "{{ peer.password }}"
-{% endif %}
-{% if peer.source_address is defined %}
-      source-address: {{ peer.source_address }}
-{% endif %}
-{% if peer.node_selectors is defined %}
-      node-selectors:
-        {{ peer.node_selectors | to_yaml(indent=2, width=1337) | indent(8) }}
-{% endif %}
-{% endfor %}
-{% endif %}
-    address-pools:
-    - name: {{ metallb_pool_name }}
-      protocol: {{ metallb_protocol }}
-      addresses:
-{% for ip_range in metallb_ip_range %}
-      - {{ ip_range }}
-{% endfor %}
-{% if metallb_auto_assign == false %}
-      auto-assign: false
-{% endif %}
-{% if metallb_avoid_buggy_ips == true %}
-      avoid-buggy-ips: true
-{% endif %}
-{% if metallb_additional_address_pools is defined %}{% for pool in metallb_additional_address_pools %}
-    - name: {{ pool }}
-      protocol: {{ metallb_additional_address_pools[pool].protocol }}
-      addresses:
-{% for ip_range in metallb_additional_address_pools[pool].ip_range %}
-      - {{ ip_range }}
-{% endfor %}
-{% if metallb_additional_address_pools[pool].auto_assign is defined %}
-      auto-assign: {{ metallb_additional_address_pools[pool].auto_assign }}
-{% endif %}
-{% if metallb_additional_address_pools[pool].avoid_buggy_ips is defined %}
-      avoid-buggy-ips: {{ metallb_additional_address_pools[pool].avoid_buggy_ips }}
-{% endif %}
-{% endfor %}
-{% endif %}
--- a/roles/kubernetes-apps/metallb/templates/metallb.yml.j2
+++ b/roles/kubernetes-apps/metallb/templates/metallb.yml.j2
--- a/roles/kubernetes-apps/metallb/templates/pools.yaml.j2
+++ b/roles/kubernetes-apps/metallb/templates/pools.yaml.j2
@ -0,0 +1,22 @@
+#jinja2: trim_blocks: True, lstrip_blocks: True
+# yamllint disable-file
+---
+
+# Create all pools
+{% for pool_name, pool in metallb_config.address_pools.items() %}
+
+---
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  namespace: "{{ namespace_name }}"
+  name: "{{ pool_name }}"
+spec:
+{% for ip_range in pool.ip_range %}
+  addresses:
+  - "{{ ip_range }}"
+{% endfor %}
+  auto-assign: "{{ pool.auto_assign }}"
+  avoidBuggyIPs: true
+
+{% endfor %}