RubyGems - porkadot - Versions diffs - 0.19.1 → 0.22.2 - Mend

porkadot 0.19.1 → 0.22.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (49) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 834e1f31cbbf8c7c8766162945572512fc0311dbf772df008f85ef2a00b3ea3d
-  data.tar.gz: f453e7a4899673f08a550b69c41b30c908eb5bf0906a67eee79a21ccd5fc1dcd
+  metadata.gz: 89c9072a82772720ff6d492d2dcaf475ef31460bc108886be716b1b7b0e0a3d7
+  data.tar.gz: edcc58e0f9e5a616020caa2348a46ecb06e796930fb565efcc6dfad25244d69b
 SHA512:
-  metadata.gz: e13576f10e90eb2d277302bfcfe7cecb7feb681d25070052c50b6060b95e0b455061d093d8ddde84a69c650e2fa6f2b3775e25913cf743023c2ee036bdef0764
-  data.tar.gz: 5714fefdd57b9683974ea42f6d111ac87b66f723221f5f0852c95b758d92cf19f6eac32c9ddd2e98e1f77dcbac4db70c735eddf4999cb39be71ad2717efb5d5d
+  metadata.gz: aa12a3f43721a233b17f46708cced2989430da72ccd3e90be46c72b4d2d01b675372f07f609050d0c49cb966d600c40b2eb209a591715e62c411d148a9ace680
+  data.tar.gz: 2cacb639c73ecb17300b48ba50e923a15a02f95b619fec2c05d3c3ae50eef7f9b5ae5a62fc784c4957bcf8a04850384d1bca7ba6c623101d812d669cd8939423

data/lib/porkadot/assets/bootstrap/manifests/kube-apiserver.bootstrap.yaml.erb CHANGED Viewed

@@ -12,6 +12,9 @@ metadata:
     <%- end -%>
 spec:
   hostNetwork: true
+  securityContext:
+    seccompProfile:
+      type: RuntimeDefault
   containers:
   - name: kube-apiserver
     resources:
@@ -23,6 +26,35 @@ spec:
     <%- k8s.apiserver.args(bootstrap: true).each do |k, v| -%>
     - <%= k %><% if v ;%>=<%= v %><%; end %>
     <%- end -%>
+    livenessProbe:
+      failureThreshold: 8
+      httpGet:
+        host: 127.0.0.1
+        path: /livez
+        port: 6443
+        scheme: HTTPS
+      initialDelaySeconds: 10
+      periodSeconds: 10
+      timeoutSeconds: 15
+    readinessProbe:
+      failureThreshold: 3
+      httpGet:
+        host: 127.0.0.1
+        path: /readyz
+        port: 6443
+        scheme: HTTPS
+      periodSeconds: 1
+      timeoutSeconds: 15
+    startupProbe:
+      failureThreshold: 24
+      httpGet:
+        host: 127.0.0.1
+        path: /livez
+        port: 6443
+        scheme: HTTPS
+      initialDelaySeconds: 10
+      periodSeconds: 10
+      timeoutSeconds: 15
     env:
     - name: POD_IP
       valueFrom:

data/lib/porkadot/assets/bootstrap/manifests/kube-controller-manager.bootstrap.yaml.erb CHANGED Viewed

@@ -10,6 +10,9 @@ metadata:
     <%= k.to_s %>: <%= v %>
     <%- end -%>
 spec:
+  securityContext:
+    seccompProfile:
+      type: RuntimeDefault
   containers:
   - name: kube-controller-manager
     image: <%= k8s.image_repository %>/kube-controller-manager:<%= k8s.kubernetes_version %>
@@ -18,6 +21,26 @@ spec:
     <%- k8s.controller_manager.args(bootstrap: true).each do |k, v| -%>
     - <%= k %><% if v ;%>=<%= v %><%; end %>
     <%- end -%>
+    livenessProbe:
+      failureThreshold: 8
+      httpGet:
+        host: 127.0.0.1
+        path: /healthz
+        port: 10257
+        scheme: HTTPS
+      initialDelaySeconds: 10
+      periodSeconds: 10
+      timeoutSeconds: 15
+    startupProbe:
+      failureThreshold: 24
+      httpGet:
+        host: 127.0.0.1
+        path: /healthz
+        port: 10257
+        scheme: HTTPS
+      initialDelaySeconds: 10
+      periodSeconds: 10
+      timeoutSeconds: 15
     volumeMounts:
     - name: var-run-kubernetes
       mountPath: /var/run/kubernetes

data/lib/porkadot/assets/bootstrap/manifests/kube-scheduler.bootstrap.yaml.erb CHANGED Viewed

@@ -10,6 +10,9 @@ metadata:
     <%= k.to_s %>: <%= v %>
     <%- end -%>
 spec:
+  securityContext:
+    seccompProfile:
+      type: RuntimeDefault
   containers:
   - name: kube-scheduler
     image: <%= k8s.image_repository %>/kube-scheduler:<%= k8s.kubernetes_version %>
@@ -18,6 +21,26 @@ spec:
     <%- k8s.scheduler.args(bootstrap: true).each do |k, v| -%>
     - <%= k %><% if v ;%>=<%= v %><%; end %>
     <%- end -%>
+    livenessProbe:
+      failureThreshold: 8
+      httpGet:
+        host: 127.0.0.1
+        path: /healthz
+        port: 10259
+        scheme: HTTPS
+      initialDelaySeconds: 10
+      periodSeconds: 10
+      timeoutSeconds: 15
+    startupProbe:
+      failureThreshold: 24
+      httpGet:
+        host: 127.0.0.1
+        path: /healthz
+        port: 10259
+        scheme: HTTPS
+      initialDelaySeconds: 10
+      periodSeconds: 10
+      timeoutSeconds: 15
     volumeMounts:
     - name: kubernetes
       mountPath: /etc/kubernetes

data/lib/porkadot/assets/kubelet/install-deps.sh.erb CHANGED Viewed

@@ -37,3 +37,12 @@ chmod +x ${ETCD_TMP}/etcdctl
 rm -f /opt/bin/etcdctl
 mv ${ETCD_TMP}/etcdctl /opt/bin/etcdctl-${ETCD_VER}
 ln -s /opt/bin/etcdctl-${ETCD_VER} /opt/bin/etcdctl
+CRICTL_VER="<%= global_config.k8s.crictl_version %>"
+CRICTL_URL=https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRICTL_VER}/crictl-${CRICTL_VER}-linux-${architecture}.tar.gz
+CRICTL_TMP=$(mktemp -d)
+curl -L ${CRICTL_URL} -o ${CRICTL_TMP}/crictl.tar.gz
+tar zxvf ${CRICTL_TMP}/crictl.tar.gz -C ${CRICTL_TMP}/
+rm -f /opt/bin/crictl
+mv ${CRICTL_TMP}/crictl /opt/bin/crictl-${CRICTL_VER}
+ln -s /opt/bin/crictl-${CRICTL_VER} /opt/bin/crictl

data/lib/porkadot/assets/kubelet/setup-containerd.sh.erb CHANGED Viewed

@@ -5,6 +5,13 @@ ROOT=$(dirname "${BASH_SOURCE}")
 mkdir -p /etc/containerd
 containerd config default | tee /etc/containerd/config.toml
-sed -i -e "/containerd.runtimes.runc.options/a SystemdCgroup = true" /etc/containerd/config.toml
+grep SystemdCgroup /etc/containerd/config.toml && :
+if [[ $? == 0 ]]; then
+  sed -i -e "s/SystemdCgroup.*$/SystemdCgroup = true/" /etc/containerd/config.toml
+else
+  sed -i -e "/containerd.runtimes.runc.options/a SystemdCgroup = true" /etc/containerd/config.toml
+fi
 systemctl restart containerd

data/lib/porkadot/assets/kubelet-default/install.sh.erb ADDED Viewed

@@ -0,0 +1,14 @@
+#!/bin/bash
+set -eu
+export LC_ALL=C
+ROOT=$(dirname "${BASH_SOURCE}")
+# Install addons
+for addon in $(ls ${ROOT}/addons/); do
+  install_sh="${ROOT}/addons/${addon}/install.sh"
+  if [[ -f ${install_sh} ]]; then
+    echo "Install: ${install_sh}"
+    bash ${install_sh}
+  fi
+done

data/lib/porkadot/assets/kubelet.rb CHANGED Viewed

@@ -7,11 +7,13 @@ module Porkadot; module Assets
   class KubeletList
     attr_reader :global_config
     attr_reader :logger
+    attr_reader :kubelet_default
     attr_reader :kubelets
     def initialize global_config
       @global_config = global_config
       @logger = global_config.logger
+      @kubelet_default = KubeletDefault.new(global_config.kubelet_default)
       @kubelets = {}
       global_config.nodes.each do |k, config|
         @kubelets[k] = Kubelet.new(config)
@@ -19,6 +21,7 @@ module Porkadot; module Assets
     end
     def render
+      self.kubelet_default.render
       self.kubelets.each do |_, v|
         v.render
       end
@@ -29,6 +32,35 @@ module Porkadot; module Assets
     end
   end
+  class KubeletDefault
+    include Porkadot::Assets
+    TEMPLATE_DIR = File.join(File.dirname(__FILE__), "kubelet-default")
+    attr_reader :global_config
+    attr_reader :config
+    attr_reader :logger
+    attr_reader :certs
+    def initialize config
+      @config = config
+      @logger = config.logger
+      @global_config = config.config
+      @certs = Porkadot::Assets::Certs::Kubernetes.new(global_config)
+    end
+    def render
+      logger.info "--> Rendering Kubelet default configs"
+      unless File.directory?(config.addon_path)
+        FileUtils.mkdir_p(config.addon_path)
+      end
+      unless File.directory?(config.addon_secrets_path)
+        FileUtils.mkdir_p(config.addon_secrets_path)
+      end
+      render_erb 'install.sh'
+    end
+  end
   class Kubelet
     include Porkadot::Assets
     TEMPLATE_DIR = File.join(File.dirname(__FILE__), "kubelet")

data/lib/porkadot/assets/kubernetes/install.secrets.sh.erb ADDED Viewed

@@ -0,0 +1,8 @@
+#!/bin/bash
+set -eu
+export LC_ALL=C
+ROOT=$(dirname "${BASH_SOURCE}")
+/opt/bin/kubectl apply -R -f ${ROOT}/manifests

data/lib/porkadot/assets/kubernetes/install.sh.erb CHANGED Viewed

@@ -3,5 +3,12 @@
 set -eu
 export LC_ALL=C
 ROOT=$(dirname "${BASH_SOURCE}")
+KUBECTL_OPTS=${KUBECTL_OPTS:-""}
-/opt/bin/kubectl apply -f ${ROOT}/manifests/
+KUBECTL_OPTS="${KUBECTL_OPTS} --server-side --force-conflicts --prune"
+KUBECTL_OPTS="${KUBECTL_OPTS} -l kubernetes.unstable.cloud/installed-by=porkadot"
+<%- prune_allowlist.each do |a| -%>
+KUBECTL_OPTS="${KUBECTL_OPTS} --prune-whitelist=<%= a %>"
+<%- end -%>
+/opt/bin/kubectl apply ${KUBECTL_OPTS} -k ${ROOT}

data/lib/porkadot/assets/kubernetes/kubeconfig.yaml.erb ADDED Viewed

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Config
+clusters:
+- name: kubernetes
+  cluster:
+    certificate-authority-data: <%= certs.kubernetes.to_base64(:ca_cert) %>
+    server: https://127.0.0.1:<%= global_config.k8s.apiserver.bind_port %>
+users:
+- name: admin
+  user:
+    client-certificate-data: <%= certs.kubernetes.to_base64(:client_cert) %>
+    client-key-data: <%= certs.kubernetes.to_base64(:client_key) %>
+contexts:
+- context:
+    cluster: kubernetes
+    user: admin
+  name: admin-context
+current-context: admin-context

data/lib/porkadot/assets/kubernetes/kustomization.yaml.erb ADDED Viewed

@@ -0,0 +1,7 @@
+# Modify this file if you want to kustomize generated manifests
+# This file will not be overridden by Porkadot.
+labels:
+- pairs:
+    'kubernetes.unstable.cloud/installed-by': 'porkadot'
+resources:
+- manifests

data/lib/porkadot/assets/kubernetes/manifests/{coredns.yaml.erb → addons/coredns/coredns.yaml.erb} RENAMED Viewed

@@ -75,7 +75,7 @@ data:
             lameduck 5s
         }
         ready
-        kubernetes <%= k8s.networking.dns_domain %>  in-addr.arpa ip6.arpa {
+        kubernetes <%= k8s.networking.dns_domain %> <%= k8s.networking.additional_domains.join(" ") %> in-addr.arpa ip6.arpa {
             pods insecure
             fallthrough in-addr.arpa ip6.arpa
             ttl 30
@@ -193,6 +193,7 @@ metadata:
     kubernetes.io/cluster-service: "true"
     addonmanager.kubernetes.io/mode: Reconcile
     kubernetes.io/name: "CoreDNS"
+    app.kubernetes.io/name: kube-dns
 spec:
   selector:
     k8s-app: kube-dns

data/lib/porkadot/assets/kubernetes/manifests/{dns-horizontal-autoscaler.yaml.erb → addons/coredns/dns-horizontal-autoscaler.yaml.erb} RENAMED Viewed

@@ -82,8 +82,6 @@ spec:
       securityContext:
         supplementalGroups: [ 65534 ]
         fsGroup: 65534
-      nodeSelector:
-        kubernetes.io/os: linux
       containers:
       - name: autoscaler
         image: k8s.gcr.io/cluster-proportional-autoscaler-amd64:1.7.1

data/lib/porkadot/assets/kubernetes/manifests/addons/coredns/kustomization.yaml.erb ADDED Viewed

@@ -0,0 +1,3 @@
+resources:
+- coredns.yaml
+- dns-horizontal-autoscaler.yaml

data/lib/porkadot/assets/kubernetes/manifests/{flannel.yaml.erb → addons/flannel/flannel.yaml.erb} RENAMED Viewed

@@ -1,3 +1,5 @@
+<% cni = config.flannel -%>
+<% k8s = global_config.k8s -%>
 ---
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
@@ -125,9 +127,15 @@ data:
     }
   net-conf.json: |
     {
-      "Network": "<%= global_config.k8s.networking.pod_subnet %>",
+      <%- if k8s.networking.enable_ipv4 -%>
+      "Network": "<%= k8s.networking.pod_v4subnet %>",
+      <%- end -%>
+      <%- if k8s.networking.enable_ipv6 -%>
+      "EnableIPv6": true,
+      "IPv6Network": "<%= k8s.networking.pod_v6subnet %>",
+      <%- end -%>
       "Backend": {
-        "Type": "<%= global_config.cni.backend %>"
+        "Type": "<%= cni.backend %>"
       }
     }
 ---
@@ -165,8 +173,20 @@ spec:
         effect: NoSchedule
       serviceAccountName: flannel
       initContainers:
+      - name: install-cni-plugin
+       #image: flannelcni/flannel-cni-plugin:v1.0.1 for ppc64le and mips64le (dockerhub limitations may apply)
+        image: <%= cni.plugin_image_repository %>:<%= cni.plugin_image_tag %>
+        command:
+        - cp
+        args:
+        - -f
+        - /flannel
+        - /opt/cni/bin/flannel
+        volumeMounts:
+        - name: cni-plugin
+          mountPath: /opt/cni/bin
       - name: install-cni
-        image: quay.io/coreos/flannel:v0.13.0
+        image: <%= cni.daemon_image_repository %>:<%= cni.daemon_image_tag %>
         command:
         - cp
         args:
@@ -180,19 +200,14 @@ spec:
           mountPath: /etc/kube-flannel/
       containers:
       - name: kube-flannel
-        image: quay.io/coreos/flannel:v0.13.0
+        image: <%= cni.daemon_image_repository %>:<%= cni.daemon_image_tag %>
         command:
         - /opt/bin/flanneld
         args:
         - --ip-masq
         - --kube-subnet-mgr
         resources:
-          requests:
-            cpu: "100m"
-            memory: "50Mi"
-          limits:
-            cpu: "100m"
-            memory: "50Mi"
+<%= u.to_yaml(cni.resources, 10)%>
         securityContext:
           privileged: false
           capabilities:
@@ -211,13 +226,27 @@ spec:
           mountPath: /run/flannel
         - name: flannel-cfg
           mountPath: /etc/kube-flannel/
+        - name: ipam-data
+          mountPath: /var/lib/cni/networks
+        - name: xtables-lock
+          mountPath: /run/xtables.lock
       volumes:
       - name: run
         hostPath:
           path: /run/flannel
+      - name: cni-plugin
+        hostPath:
+          path: /opt/cni/bin
       - name: cni
         hostPath:
           path: /etc/cni/net.d
+      - name: ipam-data
+        hostPath:
+          path: /var/lib/cni/networks
       - name: flannel-cfg
         configMap:
           name: kube-flannel-cfg
+      - name: xtables-lock
+        hostPath:
+          path: /run/xtables.lock
+          type: FileOrCreate

data/lib/porkadot/assets/kubernetes/manifests/addons/flannel/kustomization.yaml.erb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ resources:
2	+ - flannel.yaml

data/lib/porkadot/assets/kubernetes/manifests/{kubelet-rubber-stamp.yaml.erb → addons/kubelet-rubber-stamp/kubelet-rubber-stamp.yaml.erb} RENAMED Viewed

@@ -24,7 +24,7 @@ spec:
         - name: kubelet-rubber-stamp
           # image: quay.io/kontena/kubelet-rubber-stamp-amd64:0.2
           # Use following image until issue is fixed
-          image: yuanying/kubelet-rubber-stamp:0.3.0.y01
+          image: ghcr.io/porkadot/kubelet-rubber-stamp:0.22.0
           args:
             - "--v=2"
           imagePullPolicy: Always

data/lib/porkadot/assets/kubernetes/manifests/addons/kubelet-rubber-stamp/kustomization.yaml.erb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ resources:
2	+ - kubelet-rubber-stamp.yaml

data/lib/porkadot/assets/kubernetes/manifests/addons/kustomization.yaml.erb ADDED Viewed

@@ -0,0 +1,4 @@
+resources:
+<%- config.enabled.each do |a| -%>
+- <%= a %>
+<%- end %>

data/lib/porkadot/assets/kubernetes/manifests/addons/metallb/000-metallb.yaml.erb ADDED Viewed

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    app: metallb
+  name: metallb-system

data/lib/porkadot/assets/kubernetes/manifests/addons/metallb/kustomization.yaml.erb ADDED Viewed

@@ -0,0 +1,4 @@
+resources:
+- 000-metallb.yaml
+- metallb.config.yaml
+- metallb.yaml

data/lib/porkadot/assets/kubernetes/manifests/addons/metallb/metallb.config.yaml.erb ADDED Viewed

@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: metallb
+  name: config
+  namespace: metallb-system
+data:
+  config: |
+<%= u.indent(config.metallb.config, 4) %>

data/lib/porkadot/assets/kubernetes/manifests/{metallb.secrets.yaml.erb → addons/metallb/metallb.secrets.yaml.erb} RENAMED Viewed

File without changes

data/lib/porkadot/assets/kubernetes/manifests/{metallb.yaml.erb → addons/metallb/metallb.yaml.erb} RENAMED Viewed

@@ -1,11 +1,3 @@
-<% k8s = global_config.k8s -%>
-apiVersion: v1
-kind: Namespace
-metadata:
-  labels:
-    app: metallb
-  name: metallb-system
----
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
@@ -58,9 +50,7 @@ metadata:
 spec:
   allowPrivilegeEscalation: false
   allowedCapabilities:
-  - NET_ADMIN
   - NET_RAW
-  - SYS_ADMIN
   allowedHostPaths: []
   defaultAddCapabilities: []
   defaultAllowPrivilegeEscalation: false
@@ -72,6 +62,8 @@ spec:
   hostPorts:
   - max: 7472
     min: 7472
+  - max: 7946
+    min: 7946
   privileged: true
   readOnlyRootFilesystem: true
   requiredDropCapabilities:
@@ -118,7 +110,6 @@ rules:
   - get
   - list
   - watch
-  - update
 - apiGroups:
   - ''
   resources:
@@ -158,6 +149,13 @@ rules:
   - get
   - list
   - watch
+- apiGroups: ["discovery.k8s.io"]
+  resources:
+  - endpointslices
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - ''
   resources:
@@ -207,6 +205,37 @@ rules:
   - list
 ---
 apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app: metallb
+  name: controller
+  namespace: metallb-system
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - secrets
+  verbs:
+  - create
+- apiGroups:
+  - ''
+  resources:
+  - secrets
+  resourceNames:
+  - memberlist
+  verbs:
+  - list
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  resourceNames:
+  - controller
+  verbs:
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   labels:
@@ -268,6 +297,21 @@ subjects:
 - kind: ServiceAccount
   name: speaker
 ---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app: metallb
+  name: controller
+  namespace: metallb-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: controller
+subjects:
+- kind: ServiceAccount
+  name: controller
+---
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
@@ -308,47 +352,44 @@ spec:
             fieldRef:
               fieldPath: status.podIP
         # needed when another software is also using memberlist / port 7946
+        # when changing this default you also need to update the container ports definition
+        # and the PodSecurityPolicy hostPorts definition
         #- name: METALLB_ML_BIND_PORT
         #  value: "7946"
         - name: METALLB_ML_LABELS
           value: "app=metallb,component=speaker"
-        - name: METALLB_ML_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
         - name: METALLB_ML_SECRET_KEY
           valueFrom:
             secretKeyRef:
               name: memberlist
               key: secretkey
-        image: metallb/speaker:v0.9.4
-        imagePullPolicy: Always
+        image: quay.io/metallb/speaker:v0.10.2
         name: speaker
         ports:
         - containerPort: 7472
           name: monitoring
-        resources:
-          limits:
-            cpu: 100m
-            memory: 100Mi
+        - containerPort: 7946
+          name: memberlist-tcp
+        - containerPort: 7946
+          name: memberlist-udp
+          protocol: UDP
         securityContext:
           allowPrivilegeEscalation: false
           capabilities:
             add:
-            - NET_ADMIN
             - NET_RAW
-            - SYS_ADMIN
             drop:
             - ALL
           readOnlyRootFilesystem: true
       hostNetwork: true
       nodeSelector:
-        beta.kubernetes.io/os: linux
+        kubernetes.io/os: linux
       serviceAccountName: speaker
       terminationGracePeriodSeconds: 2
       tolerations:
       - effect: NoSchedule
         key: node-role.kubernetes.io/master
+        operator: Exists
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -377,16 +418,16 @@ spec:
       - args:
         - --port=7472
         - --config=config
-        image: metallb/controller:v0.9.5
-        imagePullPolicy: Always
+        env:
+        - name: METALLB_ML_SECRET_NAME
+          value: memberlist
+        - name: METALLB_DEPLOYMENT
+          value: controller
+        image: quay.io/metallb/controller:v0.10.2
         name: controller
         ports:
         - containerPort: 7472
           name: monitoring
-        resources:
-          limits:
-            cpu: 100m
-            memory: 100Mi
         securityContext:
           allowPrivilegeEscalation: false
           capabilities:
@@ -400,14 +441,3 @@ spec:
         runAsUser: 65534
       serviceAccountName: controller
       terminationGracePeriodSeconds: 0
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  labels:
-    app: metallb
-  name: config
-  namespace: metallb-system
-data:
-  config: |
-<%= u.indent(global_config.lb.lb_config, 4) %>

data/lib/porkadot/assets/kubernetes/manifests/addons/storage-version-migrator/kustomization.yaml.erb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ resources:
2	+ - storage-version-migrator.yaml

data/lib/porkadot/assets/kubernetes/manifests/{storage-version-migrator.yaml.erb → addons/storage-version-migrator/storage-version-migrator.yaml.erb} RENAMED Viewed

File without changes