keepalived: Initial commit

Running `keepalived` as a DaemonSet will allow managing floating
"virtual" IP addresses for Kubernetes services with configured external
IP addresses.  The main services we want to expose outside the cluster
are _ingress-nginx_, Mosquitto, and RabbitMQ.  The `keepalived` cluster
will negotiate using the VRRF protocol to determine which node should
have each external address.  Using the process tracking feature of
`keepalived`, we can steer traffic directly to the node where the target
service is running.

keepalived/keepalived.conf

@@ -0,0 +1,60 @@
+# vim: set sw=4 ts=4 sts=4 et:
+includea /run/keepalived.interface
+
+global_defs {
+    max_auto_priority 79
+}
+
+vrrp_track_process ingress-nginx {
+    process nginx-ingress-c
+    weight 90
+}
+
+vrrp_track_process mosquitto {
+    process mosquitto
+    weight 90
+}
+
+vrrp_track_process rabbitmq {
+    process rabbitmq-server
+    weight 90
+}
+
+vrrp_instance ingress-nginx {
+    state BACKUP
+    priority 100
+    interface ${INTERFACE}
+    virtual_router_id 51
+    virtual_ipaddress {
+        172.30.0.147/28
+    }
+    track_process {
+        ingress-nginx
+    }
+}
+
+vrrp_instance mosquitto {
+    state BACKUP
+    priority 100
+    interface ${INTERFACE}
+    virtual_router_id 52
+    virtual_ipaddress {
+        172.30.0.148/28
+    }
+    track_process {
+        mosquitto
+    }
+}
+
+vrrp_instance rabbitmq {
+    state BACKUP
+    priority 100
+    interface ${INTERFACE}
+    virtual_router_id 53
+    virtual_ipaddress {
+        172.30.0.149/28
+    }
+    track_process {
+        rabbitmq
+    }
+}

keepalived/keepalived.yaml

@@ -0,0 +1,54 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: keepalived
+  labels: &labels
+    app.kubernetes.io/name: keepalived
+spec:
+  selector:
+    matchLabels: *labels
+  minReadySeconds: 10
+  template:
+    metadata:
+      labels: *labels
+    spec:
+      initContainers:
+      - name: init
+        image: docker.io/library/busybox
+        command:
+        - sh
+        - -c
+        - |
+          printf '$INTERFACE=%s\n' \
+            $(ip route | awk '/^default via/{print $5}') \
+            > /run/keepalived.interface
+        volumeMounts:
+        - mountPath: /run
+          name: tmp
+          subPath: run
+      containers:
+      - name: keepalived
+        image: git.pyrocufflink.net/containerimages/keepalived:dev
+        imagePullPolicy: Always
+        command:
+        - keepalived
+        - -nGlD
+        securityContext:
+          privileged: true
+          readOnlyRootFilesystem: true
+        volumeMounts:
+        - mountPath: /etc/keepalived
+          name: config
+          readOnly: true
+        - mountPath: /run
+          name: tmp
+          subPath: run
+      hostNetwork: true
+      hostPID: true
+      volumes:
+      - name: config
+        configMap:
+          name: keepalived
+      - name: tmp
+        emptyDir:
+          medium: Memory

keepalived/kustomization.yaml

@@ -0,0 +1,24 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+labels:
+- pairs:
+    app.kubernetes.io/component: keepalived
+    app.kubernetes.io/instance: keepalived
+  includeSelectors: true
+  includeTemplates: true
+- pairs:
+    app.kubernetes.io/part-of: keepalived
+
+namespace: keepalived
+
+resources:
+- keepalived.yaml
+
+configMapGenerator:
+- name: keepalived
+  files:
+  - keepalived.conf
+  options:
+    labels:
+      app.kubernetes.io/name: keepalived

keepalived/namespace.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: keepalived
+  labels:
+    app.kubernetes.io/name: keepalived