Control Plane Ingress IP managed by MetalLB

CHANGELOG.md

@@ -59,8 +59,10 @@
 - [#2381](https://github.com/scality/metalk8s/issues/2381)) - Allow
   configuring the Control Plane Ingress' external IP, to enable high
   availability with failover of this (virtual) IP between control plane
-  nodes. This failover is not managed by MetalK8s.
-  (PR[#3415](https://github.com/scality/metalk8s/pull/3415))
+  nodes (PR[#3415](https://github.com/scality/metalk8s/pull/3415)).
+  If supported by the user environment, MetalK8s can manage fail-over
+  of this virtual IP using [MetalLB](https://metallb.universe.tf/)
+  (PR[#3418](https://github.com/scality/metalk8s/pull/3418)).
 
 ### Breaking changes
 

buildchain/buildchain/constants.py

@@ -17,6 +17,7 @@
 CMD_WIDTH: int = 14
 
 # URLs of the main container repositories.
+BITNAMI_REPOSITORY: str = "docker.io/bitnami"
 CALICO_REPOSITORY: str = "docker.io/calico"
 COREDNS_REPOSITORY: str = "k8s.gcr.io/coredns"
 DEX_REPOSITORY: str = "ghcr.io/dexidp"

buildchain/buildchain/image.py

@@ -174,6 +174,7 @@ def _operator_image(name: str, **kwargs: Any) -> targets.OperatorImage:
 TO_PULL: List[targets.RemoteImage] = []
 
 IMGS_PER_REPOSITORY: Dict[str, List[str]] = {
+    constants.BITNAMI_REPOSITORY: ["metallb-controller", "metallb-speaker"],
     constants.CALICO_REPOSITORY: [
         "calico-node",
         "calico-kube-controllers",

buildchain/buildchain/salt_tree.py

@@ -426,8 +426,19 @@ def _get_parts(self) -> Iterator[str]:
     Path("salt/metalk8s/addons/nginx-ingress-control-plane/certs/init.sls"),
     Path("salt/metalk8s/addons/nginx-ingress-control-plane/certs/server.sls"),
     Path("salt/metalk8s/addons/nginx-ingress-control-plane/deployed/init.sls"),
-    Path("salt/metalk8s/addons/nginx-ingress-control-plane/deployed/chart.sls"),
+    Path(
+        "salt/metalk8s/addons/nginx-ingress-control-plane/deployed/",
+        "chart-daemonset.sls",
+    ),
+    Path(
+        "salt/metalk8s/addons/nginx-ingress-control-plane/deployed/",
+        "chart-deployment.sls",
+    ),
     Path("salt/metalk8s/addons/nginx-ingress-control-plane/deployed/tls-secret.sls"),
+    Path("salt/metalk8s/addons/metallb/deployed/chart.sls"),
+    Path("salt/metalk8s/addons/metallb/deployed/config.sls"),
+    Path("salt/metalk8s/addons/metallb/deployed/init.sls"),
+    Path("salt/metalk8s/addons/metallb/deployed/namespace.sls"),
     Path("salt/metalk8s/beacon/certificates.sls"),
     Path("salt/metalk8s/container-engine/containerd/configured.sls"),
     Path("salt/metalk8s/container-engine/containerd/files/50-metalk8s.conf.j2"),

buildchain/buildchain/versions.py

@@ -175,6 +175,16 @@ def _version_prefix(version: str, prefix: str = "v") -> str:
         version="v1.1.2",
         digest="sha256:22fbde17ab647ddf89841e5e464464eece111402b7d599882c2a3393bc0d2810",
     ),
+    Image(
+        name="metallb-controller",
+        version="0.10.2-debian-10-r0",
+        digest="sha256:573792b177b3fbe2c645f0d4fa084b3d6b8dbb6e0510fac00b0aa256d8315299",
+    ),
+    Image(
+        name="metallb-speaker",
+        version="0.10.2-debian-10-r0",
+        digest="sha256:8dc5efb75ef21f9052265d6c1571199b0542515cd4a23349c8590c67f9f01b1b",
+    ),
     Image(
         name="pause",
         version="3.2",

charts/ingress-nginx-control-plane-deployment.yaml

@@ -0,0 +1,76 @@
+controller:
+  image:
+    digest: null
+    repository: '__image__(nginx-ingress-controller)'
+
+  defaultBackendService: 'metalk8s-ingress/nginx-ingress-default-backend'
+
+  electionID: ingress-control-plane-controller-leader
+
+  ingressClass: nginx-control-plane
+
+  admissionWebhooks:
+    enabled: false
+
+  kind: Deployment
+
+  replicaCount: 2
+
+  minAvailable: 0
+
+  updateStrategy:
+    type: RollingUpdate
+
+  tolerations:
+    - key: "node-role.kubernetes.io/bootstrap"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node-role.kubernetes.io/master"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node-role.kubernetes.io/infra"
+      operator: "Exists"
+      effect: "NoSchedule"
+
+  nodeSelector:
+    node-role.kubernetes.io/master: ''
+
+  service:
+    loadBalancerIP: '__var__(salt.metalk8s_network.get_control_plane_ingress_ip())'
+    externalTrafficPolicy: Local
+
+    enableHttp: false
+
+    ports:
+      https: 8443
+
+  extraArgs:
+    default-ssl-certificate: "metalk8s-ingress/ingress-control-plane-default-certificate"
+    metrics-per-host: false
+
+  metrics:
+    enabled: true
+    serviceMonitor:
+      enabled: true
+      additionalLabels:
+        metalk8s.scality.com/monitor: ''
+
+defaultBackend:
+  enabled: true
+
+  image:
+    repository: '__image__(nginx-ingress-defaultbackend-amd64)'
+
+  tolerations:
+    - key: "node-role.kubernetes.io/bootstrap"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node-role.kubernetes.io/master"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node-role.kubernetes.io/infra"
+      operator: "Exists"
+      effect: "NoSchedule"
+
+  nodeSelector:
+    node-role.kubernetes.io/master: ''

charts/metallb.yaml

@@ -0,0 +1,42 @@
+existingConfigMap: metallb-config
+
+controller:
+  image:
+    registry: null
+    repository: '__image__(metallb-controller)'
+
+  nodeSelector:
+    node-role.kubernetes.io/master: ''
+
+  tolerations:
+    - key: "node-role.kubernetes.io/bootstrap"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node-role.kubernetes.io/master"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node-role.kubernetes.io/infra"
+      operator: "Exists"
+      effect: "NoSchedule"
+
+  podAnnotations:
+    checksum/config: '__slot__:salt:metalk8s_kubernetes.get_object_digest(kind="ConfigMap", apiVersion="v1", namespace="metalk8s-loadbalancing", name="metallb-config", path="data:config")'
+
+speaker:
+  image:
+    registry: null
+    repository: '__image__(metallb-speaker)'
+
+  nodeSelector:
+    node-role.kubernetes.io/master: ''
+
+  tolerations:
+    - key: "node-role.kubernetes.io/bootstrap"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node-role.kubernetes.io/master"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node-role.kubernetes.io/infra"
+      operator: "Exists"
+      effect: "NoSchedule"

charts/metallb/.helmignore

@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/metallb/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: common
+  repository: https://charts.bitnami.com/bitnami
+  version: 1.5.2
+digest: sha256:7b5a8ece9b57d70ef47eb7ed27e6f66b059fb0fc1f2ca59a15bb495e32366690
+generated: "2021-05-21T16:07:33.182224097Z"

charts/metallb/Chart.yaml

@@ -0,0 +1,32 @@
+annotations:
+  category: Infrastructure
+apiVersion: v2
+appVersion: 0.10.2
+dependencies:
+- name: common
+  repository: https://charts.bitnami.com/bitnami
+  tags:
+  - bitnami-common
+  version: 1.x.x
+description: The Metal LB for Kubernetes
+home: https://github.com/bitnami/charts/tree/master/bitnami/metallb
+icon: https://bitnami.com/assets/stacks/metallb-speaker/img/metallb-speaker-stack-220x234.png
+keywords:
+- load-balancer
+- balancer
+- lb
+- bgp
+- arp
+- vrrp
+- vip
+maintainers:
+- email: [email protected]
+  name: cellebyte
+- email: [email protected]
+  name: Bitnami
+name: metallb
+sources:
+- https://github.com/metallb/metallb
+- https://github.com/bitnami/bitnami-docker-metallb
+- https://metallb.universe.tf
+version: 2.4.3