Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- it-wiki:kubernetes:kube-vip_daemonset_ersatz_fuer_metallb [2025/07/11 10:41] – angelegt marko
+++ it-wiki:kubernetes:kube-vip_daemonset_ersatz_fuer_metallb [2025/10/16 09:44] (aktuell) – marko
@@ Zeile 3: / Zeile 3: @@
 Worker Nodes markieren.
 <code bash>
-kubectl label node worker1-<userid> node-role.kubernetes.io/worker=""
+kubectl label node worker1 node-role.kubernetes.io/worker=""
-kubectl label node worker2-<userid> node-role.kubernetes.io/worker=""
+kubectl label node worker2 node-role.kubernetes.io/worker=""
 </code>
 > RBAC.yml
-<code <yaml>
+<code bash>
-apiVersion: v1
+kubectl apply -f https://kube-vip.io/manifests/rbac.yaml
-kind: ServiceAccount
-metadata:
-  name: kube-vip
-  namespace: kube-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  annotations:
-    rbac.authorization.kubernetes.io/autoupdate: "true"
-  name: system:kube-vip-role
-rules:
-  - apiGroups: [""]
-    resources: ["services/status"]
-    verbs: ["update"]
-  - apiGroups: [""]
-    resources: ["services", "endpoints"]
-    verbs: ["list","get","watch", "update"]
-  - apiGroups: [""]
-    resources: ["nodes"]
-    verbs: ["list","get","watch", "update", "patch"]
-  - apiGroups: ["coordination.k8s.io"]
-    resources: ["leases"]
-    verbs: ["list", "get", "watch", "update", "create"]
-  - apiGroups: ["discovery.k8s.io"]
-    resources: ["endpointslices"]
-    verbs: ["list","get","watch", "update"]
-  - apiGroups: [""]
-    resources: ["pods"]
-    verbs: ["list"]
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: system:kube-vip-binding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:kube-vip-role
-subjects:
-- kind: ServiceAccount
-  name: kube-vip
-  namespace: kube-system
 </code>
@@ Zeile 61: / Zeile 17: @@
 kind: DaemonSet
 metadata:
-  name: kube-vip
+  annotations:
+  name: kube-vip-lb
   namespace: kube-system
 spec:
   selector:
     matchLabels:
-      app: kube-vip
+      name: kube-vip-lb
   template:
     metadata:
+      creationTimestamp: null
       labels:
-        app: kube-vip
+        name: kube-vip-lb
     spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: node-role.kubernetes.io/worker
+                operator: Exists
       containers:
-        - name: kube-vip
+      - args:
-          image: ghcr.io/kube-vip/kube-vip:v0.9.0
+        - manager
-          args:
+        env:
-            - manager
+        - name: vip_arp
-          env:
+          value: "true"
-          - name: vip_arp
+        - name: vip_nodename
-            value: "true"
+          valueFrom:
-          - name: vip_nodename
+            fieldRef:
-            valueFrom:
+              fieldPath: spec.nodeName
-              fieldRef:
+        - name: vip_interface
-                fieldPath: spec.nodeName
+          value: ens3
-          - name: vip_interface
+        - name: vip_cidr
-            value: ens3
+          value: "32"
-          - name: vip_cidr
+        - name: cp_enable
-            value: "32"
+          value: "true"
-          - name: dns_mode
+        - name: vip_ddns
-            value: first
+          value: "false"
-          - name: svc_enable
+        - name: svc_enable
-            value: "true"
+          value: "true"
-          - name: svc_leasename
+        - name: vip_leaderelection
-            value: plndr-svcs-lock
+          value: "true"
-          - name: vip_leaderelection
+        - name: vip_leaseduration
-            value: "true"
+          value: "5"
-          - name: vip_leasename
+        - name: vip_renewdeadline
-            value: plndr-cp-lock
+          value: "3"
-          - name: vip_leaseduration
+        - name: vip_retryperiod
-            value: "60"
+          value: "1"
-          - name: vip_renewdeadline
+        - name: lb_enable
-            value: "45"
+          value: "true"
-          - name: vip_retryperiod
+        image: ghcr.io/kube-vip/kube-vip:v1.0.1
-            value: "15"
+        imagePullPolicy: Always
-          - name: lb_enable
+        name: kube-vip
-            value: "true"
+        resources: {}
-          imagePullPolicy: IfNotPresent
+        securityContext:
-          name: kube-vip
+          capabilities:
-          resources: {}
+            add:
-          securityContext:
+            - NET_ADMIN
-            capabilities:
+            - NET_RAW
-              add:
+            - SYS_TIME
-              - NET_ADMIN
+        terminationMessagePath: /dev/termination-log
-              - NET_RAW
+        terminationMessagePolicy: File
+      dnsPolicy: ClusterFirst
       hostNetwork: true
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      serviceAccount: kube-vip
       serviceAccountName: kube-vip
-      # Nur auf Worker Nodes laufen:
+      terminationGracePeriodSeconds: 30
-      nodeSelector:
+  updateStrategy:
-         node-role.kubernetes.io/worker: ""
+    rollingUpdate:
-      tolerations:
+      maxSurge: 0
-        - operator: Exists
+      maxUnavailable: 1
+    type: RollingUpdate
 </code>
@@ Zeile 135: / Zeile 106: @@
   namespace: webserver
 spec:
-  allocateLoadBalancerNodePorts: true
+  allocateLoadBalancerNodePorts: false
   loadBalancerIP: <dig ingress-<userid>.training.lab>
   ports: