Helm chart for KubeLB CCM. This is used to deploy the KubeLB CCM to a Kubernetes cluster. The CCM is responsible for propagating the load balancer configurations to the management cluster.
- Create a namespace
kubelbfor the CCM to be deployed in. - The agent expects a
Secretwith a kubeconf file namedkubelbto access the load balancer cluster. To create such run:kubectl --namespace kubelb create secret generic kubelb-cluster --from-file=<path to kubelb kubeconf file>. The name of secret cant be overridden using.Values.kubelb.clusterSecretName - Update the
tenantNamein the values.yaml to a unique identifier for the tenant. This is used to identify the tenant in the manager cluster. This can be any unique string that follows lower case RFC 1123.
At this point a minimal values.yaml should look like this:
kubelb:
clusterSecretName: kubelb-cluster
tenantName: <unique-identifier-for-tenant>Now, we can install the helm chart:
helm pull oci://quay.io/kubermatic/helm-charts/kubelb-ccm --version=v1.1.0 --untardir "kubelb-ccm" --untar
## Create and update values.yaml with the required values.
helm install kubelb-ccm kubelb-ccm --namespace kubelb -f values.yaml --create-namespace| Key | Type | Default | Description |
|---|---|---|---|
| affinity | object | {} |
|
| autoscaling.enabled | bool | false |
|
| autoscaling.maxReplicas | int | 10 |
|
| autoscaling.minReplicas | int | 1 |
|
| autoscaling.targetCPUUtilizationPercentage | int | 80 |
|
| autoscaling.targetMemoryUtilizationPercentage | int | 80 |
|
| extraVolumeMounts | list | [] |
|
| extraVolumes | list | [] |
|
| fullnameOverride | string | "" |
|
| image.pullPolicy | string | "IfNotPresent" |
|
| image.repository | string | "quay.io/kubermatic/kubelb-ccm" |
|
| image.tag | string | "v1.1.0" |
|
| imagePullSecrets | list | [] |
|
| kubelb.clusterSecretName | string | "kubelb-cluster" |
Name of the secret that contains kubeconfig for the loadbalancer cluster |
| kubelb.disableGRPCRouteController | bool | false |
disableGRPCRouteController specifies whether to disable the GRPCRoute Controller. |
| kubelb.disableGatewayController | bool | false |
disableGatewayController specifies whether to disable the Gateway Controller. |
| kubelb.disableHTTPRouteController | bool | false |
disableHTTPRouteController specifies whether to disable the HTTPRoute Controller. |
| kubelb.disableIngressController | bool | false |
disableIngressController specifies whether to disable the Ingress Controller. |
| kubelb.enableGatewayAPI | bool | false |
enableGatewayAPI specifies whether to enable the Gateway API and Gateway Controllers. By default Gateway API is disabled since without Gateway APIs installed the controller cannot start. |
| kubelb.enableLeaderElection | bool | true |
Enable the leader election. |
| kubelb.enableSecretSynchronizer | bool | false |
Enable to automatically convert Secrets labelled with kubelb.k8c.io/managed-by: kubelb to Sync Secrets. This is used to sync secrets from tenants to the LB cluster in a controlled and secure way. |
| kubelb.nodeAddressType | string | "ExternalIP" |
Address type to use for routing traffic to node ports. Values are ExternalIP, InternalIP. |
| kubelb.tenantName | string | nil |
Name of the tenant, must be unique against a load balancer cluster. |
| kubelb.useGatewayClass | bool | true |
useGatewayClass specifies whether to target resources with kubelb gateway class or all resources. |
| kubelb.useIngressClass | bool | true |
useIngressClass specifies whether to target resources with kubelb ingress class or all resources. |
| kubelb.useLoadBalancerClass | bool | false |
useLoadBalancerClass specifies whether to target services of type LoadBalancer with kubelb load balancer class or all services of type LoadBalancer. |
| nameOverride | string | "" |
|
| nodeSelector | object | {} |
|
| podAnnotations | object | {} |
|
| podLabels | object | {} |
|
| podSecurityContext.runAsNonRoot | bool | true |
|
| podSecurityContext.seccompProfile.type | string | "RuntimeDefault" |
|
| rbac.allowLeaderElectionRole | bool | true |
|
| rbac.allowMetricsReaderRole | bool | true |
|
| rbac.allowProxyRole | bool | true |
|
| rbac.enabled | bool | true |
|
| replicaCount | int | 1 |
|
| resources.limits.cpu | string | "500m" |
|
| resources.limits.memory | string | "512Mi" |
|
| resources.requests.cpu | string | "100m" |
|
| resources.requests.memory | string | "128Mi" |
|
| securityContext.allowPrivilegeEscalation | bool | false |
|
| securityContext.capabilities.drop[0] | string | "ALL" |
|
| securityContext.runAsUser | int | 65532 |
|
| service.port | int | 8443 |
|
| service.protocol | string | "TCP" |
|
| service.type | string | "ClusterIP" |
|
| serviceAccount.annotations | object | {} |
|
| serviceAccount.create | bool | true |
|
| serviceAccount.name | string | "" |
|
| serviceMonitor.enabled | bool | false |
|
| tolerations | list | [] |
| Name | Url | |
|---|---|---|
| Kubermatic | [email protected] | https://kubermatic.com |