apiVersion: apps/v1
kind: DaemonSet
metadata:
  annotations:
    deprecated.daemonset.template.generation: "1"
  creationTimestamp: "2026-04-02T13:55:56Z"
  generation: 1
  labels:
    app: metallb
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/version: v0.0.0
    component: speaker
    helm.sh/chart: metallb-0.0.0
  name: speaker
  namespace: metallb-system
  ownerReferences:
  - apiVersion: metallb.io/v1beta1
    blockOwnerDeletion: true
    controller: true
    kind: MetalLB
    name: metallb
    uid: a75beae5-c65b-4505-abe5-bd49b2acab3e
  resourceVersion: "36244"
  uid: 90c846cc-fa41-4872-aff0-2c140b9bb1dd
spec:
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: metallb
      component: speaker
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: metallb
        component: speaker
    spec:
      containers:
      - args:
        - --port=29150
        - --log-level=debug
        - --host=localhost
        command:
        - /speaker
        env:
        - name: METALLB_NODE_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: spec.nodeName
        - name: METALLB_HOST
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: status.hostIP
        - name: METALLB_ML_BIND_ADDR
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: status.podIP
        - name: METALLB_ML_LABELS
          value: app=metallb,component=speaker
        - name: METALLB_ML_BIND_PORT
          value: "9122"
        - name: METALLB_ML_SECRET_KEY_PATH
          value: /etc/ml_secret_key
        - name: METALLB_BGP_TYPE
          value: frr-k8s
        - name: METALLB_POD_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        image: registry.redhat.io/openshift4/metallb-rhel9@sha256:d4b55965af5982c936d8796001d4c79f7469480ef4bd33baa888de96fc3aed9e
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            host: localhost
            path: /metrics
            port: monitoring
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        name: speaker
        ports:
        - containerPort: 29150
          name: monitoring
          protocol: TCP
        - containerPort: 9122
          name: memberlist-tcp
          protocol: TCP
        - containerPort: 9122
          name: memberlist-udp
          protocol: UDP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            host: localhost
            path: /metrics
            port: monitoring
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        resources: {}
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            add:
            - NET_RAW
            drop:
            - ALL
          readOnlyRootFilesystem: true
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /etc/ml_secret_key
          name: memberlist
        - mountPath: /etc/metallb
          name: metallb-excludel2
      - args:
        - --logtostderr
        - --secure-listen-address=:9120
        - --upstream=http://localhost:29150/
        - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
        - --tls-private-key-file=/etc/metrics/tls.key
        - --tls-cert-file=/etc/metrics/tls.crt
        image: registry.redhat.io/openshift4/ose-kube-rbac-proxy-rhel9@sha256:4fdd6da66aba2523d2c21cef306b7650659926bbadb96dedd000d2b8c0229078
        imagePullPolicy: IfNotPresent
        name: kube-rbac-proxy
        ports:
        - containerPort: 9120
          name: metricshttps
          protocol: TCP
        resources:
          requests:
            cpu: 10m
            memory: 20Mi
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: FallbackToLogsOnError
        volumeMounts:
        - mountPath: /etc/metrics
          name: metrics-certs
          readOnly: true
      dnsPolicy: ClusterFirst
      hostNetwork: true
      nodeSelector:
        kubernetes.io/os: linux
        node-role.kubernetes.io/worker: ""
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      serviceAccount: speaker
      serviceAccountName: speaker
      terminationGracePeriodSeconds: 0
      tolerations:
      - effect: NoSchedule
        key: node-role.kubernetes.io/master
        operator: Exists
      - effect: NoSchedule
        key: node-role.kubernetes.io/control-plane
        operator: Exists
      volumes:
      - name: metrics-certs
        secret:
          defaultMode: 420
          secretName: speaker-certs-secret
      - name: memberlist
        secret:
          defaultMode: 420
          secretName: metallb-memberlist
      - configMap:
          defaultMode: 256
          name: metallb-excludel2
        name: metallb-excludel2
  updateStrategy:
    rollingUpdate:
      maxSurge: 0
      maxUnavailable: 1
    type: RollingUpdate
status:
  currentNumberScheduled: 1
  desiredNumberScheduled: 1
  numberAvailable: 1
  numberMisscheduled: 0
  numberReady: 1
  observedGeneration: 1
  updatedNumberScheduled: 1