keepalived: Initial commit
Running `keepalived` as a DaemonSet will allow managing floating "virtual" IP addresses for Kubernetes services with configured external IP addresses. The main services we want to expose outside the cluster are _ingress-nginx_, Mosquitto, and RabbitMQ. The `keepalived` cluster will negotiate using the VRRF protocol to determine which node should have each external address. Using the process tracking feature of `keepalived`, we can steer traffic directly to the node where the target service is running.
This commit is contained in:
54
keepalived/keepalived.yaml
Normal file
54
keepalived/keepalived.yaml
Normal file
@@ -0,0 +1,54 @@
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: keepalived
|
||||
labels: &labels
|
||||
app.kubernetes.io/name: keepalived
|
||||
spec:
|
||||
selector:
|
||||
matchLabels: *labels
|
||||
minReadySeconds: 10
|
||||
template:
|
||||
metadata:
|
||||
labels: *labels
|
||||
spec:
|
||||
initContainers:
|
||||
- name: init
|
||||
image: docker.io/library/busybox
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
printf '$INTERFACE=%s\n' \
|
||||
$(ip route | awk '/^default via/{print $5}') \
|
||||
> /run/keepalived.interface
|
||||
volumeMounts:
|
||||
- mountPath: /run
|
||||
name: tmp
|
||||
subPath: run
|
||||
containers:
|
||||
- name: keepalived
|
||||
image: git.pyrocufflink.net/containerimages/keepalived:dev
|
||||
imagePullPolicy: Always
|
||||
command:
|
||||
- keepalived
|
||||
- -nGlD
|
||||
securityContext:
|
||||
privileged: true
|
||||
readOnlyRootFilesystem: true
|
||||
volumeMounts:
|
||||
- mountPath: /etc/keepalived
|
||||
name: config
|
||||
readOnly: true
|
||||
- mountPath: /run
|
||||
name: tmp
|
||||
subPath: run
|
||||
hostNetwork: true
|
||||
hostPID: true
|
||||
volumes:
|
||||
- name: config
|
||||
configMap:
|
||||
name: keepalived
|
||||
- name: tmp
|
||||
emptyDir:
|
||||
medium: Memory
|
||||
Reference in New Issue
Block a user