2 # Copyright 2020 Huawei Technologies Co., Ltd.
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
8 # http://www.apache.org/licenses/LICENSE-2.0
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
16 apiVersion: policy/v1beta1
17 kind: PodSecurityPolicy
22 namespace: metallb-system
24 allowPrivilegeEscalation: false
25 allowedCapabilities: []
27 defaultAddCapabilities: []
28 defaultAllowPrivilegeEscalation: false
38 readOnlyRootFilesystem: true
39 requiredDropCapabilities:
58 apiVersion: policy/v1beta1
59 kind: PodSecurityPolicy
64 namespace: metallb-system
66 allowPrivilegeEscalation: false
72 defaultAddCapabilities: []
73 defaultAllowPrivilegeEscalation: false
83 readOnlyRootFilesystem: true
84 requiredDropCapabilities:
103 namespace: metallb-system
111 namespace: metallb-system
113 apiVersion: rbac.authorization.k8s.io/v1
118 name: metallb-system:controller
147 - podsecuritypolicies
151 apiVersion: rbac.authorization.k8s.io/v1
156 name: metallb-system:speaker
180 - podsecuritypolicies
184 apiVersion: rbac.authorization.k8s.io/v1
190 namespace: metallb-system
201 apiVersion: rbac.authorization.k8s.io/v1
207 namespace: metallb-system
216 apiVersion: rbac.authorization.k8s.io/v1
217 kind: ClusterRoleBinding
221 name: metallb-system:controller
223 apiGroup: rbac.authorization.k8s.io
225 name: metallb-system:controller
227 - kind: ServiceAccount
229 namespace: metallb-system
231 apiVersion: rbac.authorization.k8s.io/v1
232 kind: ClusterRoleBinding
236 name: metallb-system:speaker
238 apiGroup: rbac.authorization.k8s.io
240 name: metallb-system:speaker
242 - kind: ServiceAccount
244 namespace: metallb-system
246 apiVersion: rbac.authorization.k8s.io/v1
252 namespace: metallb-system
254 apiGroup: rbac.authorization.k8s.io
258 - kind: ServiceAccount
260 - kind: ServiceAccount
263 apiVersion: rbac.authorization.k8s.io/v1
269 namespace: metallb-system
271 apiGroup: rbac.authorization.k8s.io
275 - kind: ServiceAccount
285 namespace: metallb-system
294 prometheus.io/port: '7472'
295 prometheus.io/scrape: 'true'
305 - name: METALLB_NODE_NAME
308 fieldPath: spec.nodeName
312 fieldPath: status.hostIP
313 - name: METALLB_ML_BIND_ADDR
316 fieldPath: status.podIP
317 - name: METALLB_ML_LABELS
318 value: "app=metallb,component=speaker"
319 - name: METALLB_ML_NAMESPACE
322 fieldPath: metadata.namespace
323 - name: METALLB_ML_SECRET_KEY
328 image: metallb/speaker:v0.9.3
329 imagePullPolicy: IfNotPresent
332 - containerPort: 7472
339 allowPrivilegeEscalation: false
347 readOnlyRootFilesystem: true
350 beta.kubernetes.io/os: linux
351 serviceAccountName: speaker
352 terminationGracePeriodSeconds: 2
355 key: node-role.kubernetes.io/master
362 component: controller
364 namespace: metallb-system
366 revisionHistoryLimit: 3
370 component: controller
374 prometheus.io/port: '7472'
375 prometheus.io/scrape: 'true'
378 component: controller
384 image: metallb/controller:v0.9.3
385 imagePullPolicy: IfNotPresent
388 - containerPort: 7472
395 allowPrivilegeEscalation: false
399 readOnlyRootFilesystem: true
401 beta.kubernetes.io/os: linux
405 serviceAccountName: controller
406 terminationGracePeriodSeconds: 0