--- apiVersion: v1 kind: ServiceAccount metadata: name: kube-loxilb namespace: kube-system --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: kube-loxilb rules: - apiGroups: - "" resources: - nodes verbs: - get - watch - list - patch - apiGroups: - "" resources: - pods verbs: - get - watch - list - patch - apiGroups: - "" resources: - endpoints - services - namespaces - services/status verbs: - get - watch - list - patch - update - apiGroups: - gateway.networking.k8s.io resources: - gatewayclasses - gatewayclasses/status - gateways - gateways/status - tcproutes - udproutes verbs: ["get", "watch", "list", "patch", "update"] - apiGroups: - discovery.k8s.io resources: - endpointslices verbs: - get - watch - list - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - get - watch - list - apiGroups: - authentication.k8s.io resources: - tokenreviews verbs: - create - apiGroups: - authorization.k8s.io resources: - subjectaccessreviews verbs: - create - apiGroups: - bgppeer.loxilb.io resources: - bgppeerservices verbs: - get - watch - list - create - update - delete - apiGroups: - bgppolicydefinedsets.loxilb.io resources: - bgppolicydefinedsetsservices verbs: - get - watch - list - create - update - delete - apiGroups: - bgppolicydefinition.loxilb.io resources: - bgppolicydefinitionservices verbs: - get - watch - list - create - update - delete - apiGroups: - bgppolicyapply.loxilb.io resources: - bgppolicyapplyservices verbs: - get - watch - list - create - update - delete - apiGroups: - loxiurl.loxilb.io resources: - loxiurls verbs: - get - watch - list - create - update - delete - apiGroups: - egress.loxilb.io resources: - egresses verbs: ["get", "watch", "list", "patch", "update"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: kube-loxilb roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kube-loxilb subjects: - kind: ServiceAccount name: kube-loxilb namespace: kube-system --- apiVersion: apps/v1 kind: Deployment metadata: name: kube-loxilb namespace: kube-system labels: app: kube-loxilb-app spec: replicas: 1 selector: matchLabels: app: kube-loxilb-app template: metadata: labels: app: kube-loxilb-app spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet tolerations: # Mark the pod as a critical add-on for rescheduling. - key: CriticalAddonsOnly operator: Exists priorityClassName: system-node-critical serviceAccountName: kube-loxilb terminationGracePeriodSeconds: 0 containers: - name: kube-loxilb image: ghcr.io/loxilb-io/kube-loxilb:latest imagePullPolicy: Always command: - /bin/kube-loxilb args: #- --loxiURL=http://192.168.80.10:11111 - --cidrPools=defaultPool=123.123.123.1/24 - --setBGP=64512 - --listenBGPPort=1791 - --setRoles=0.0.0.0 #- --monitor #- --extBGPPeers=50.50.50.1:65101,51.51.51.1:65102 #- --setLBMode=1 #- --config=/opt/loxilb/agent/kube-loxilb.conf resources: requests: cpu: "100m" memory: "50Mi" limits: cpu: "100m" memory: "50Mi" securityContext: privileged: true capabilities: add: ["NET_ADMIN", "NET_RAW"]