--- apiVersion: v1 kind: ServiceAccount metadata: name: kube-loxilb namespace: kube-system --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: kube-loxilb rules: - apiGroups: - "" resources: - nodes verbs: - get - watch - list - patch - apiGroups: - "" resources: - pods verbs: - get - watch - list - patch - apiGroups: - "" resources: - endpoints - services - namespaces - services/status verbs: - get - watch - list - patch - update - apiGroups: - gateway.networking.k8s.io resources: - gatewayclasses - gatewayclasses/status - gateways - gateways/status - tcproutes - udproutes verbs: ["get", "watch", "list", "patch", "update"] - apiGroups: - discovery.k8s.io resources: - endpointslices verbs: - get - watch - list - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - get - watch - list - apiGroups: - authentication.k8s.io resources: - tokenreviews verbs: - create - apiGroups: - authorization.k8s.io resources: - subjectaccessreviews verbs: - create - apiGroups: - bgppeer.loxilb.io resources: - bgppeerservices verbs: - get - watch - list - create - update - delete - apiGroups: - bgppolicydefinedsets.loxilb.io resources: - bgppolicydefinedsetsservices verbs: - get - watch - list - create - update - delete - apiGroups: - bgppolicydefinition.loxilb.io resources: - bgppolicydefinitionservices verbs: - get - watch - list - create - update - delete - apiGroups: - bgppolicyapply.loxilb.io resources: - bgppolicyapplyservices verbs: - get - watch - list - create - update - delete - apiGroups: - loxiurl.loxilb.io resources: - loxiurls verbs: - get - watch - list - create - update - delete --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: kube-loxilb roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kube-loxilb subjects: - kind: ServiceAccount name: kube-loxilb namespace: kube-system --- apiVersion: apps/v1 kind: Deployment metadata: name: kube-loxilb namespace: kube-system labels: app: kube-loxilb-app spec: replicas: 1 selector: matchLabels: app: kube-loxilb-app template: metadata: labels: app: kube-loxilb-app spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet tolerations: # Mark the pod as a critical add-on for rescheduling. - key: CriticalAddonsOnly operator: Exists priorityClassName: system-node-critical serviceAccountName: kube-loxilb terminationGracePeriodSeconds: 0 containers: - name: kube-loxilb image: ghcr.io/loxilb-io/kube-loxilb:latest imagePullPolicy: Always command: - /bin/kube-loxilb args: - --loxiURL=http://12.12.12.1:11111,http://14.14.14.1:11111 - --cidrPools=defaultPool=123.123.123.1/24 #- --monitor #- --setBGP=64512 #- --extBGPPeers=50.50.50.1:65101,51.51.51.1:65102 #- --setRoles #- --setLBMode=1 #- --config=/opt/loxilb/agent/kube-loxilb.conf resources: requests: cpu: "100m" memory: "50Mi" limits: cpu: "100m" memory: "50Mi" securityContext: privileged: true capabilities: add: ["NET_ADMIN", "NET_RAW"]