apiVersion: apps/v1 kind: DaemonSet metadata: annotations: deprecated.daemonset.template.generation: "1" creationTimestamp: "2026-04-06T12:14:03Z" generation: 1 labels: app: frr-k8s app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: v0.0.16 component: frr-k8s helm.sh/chart: frr-k8s-0.0.16 name: frr-k8s namespace: metallb-system ownerReferences: - apiVersion: metallb.io/v1beta1 blockOwnerDeletion: true controller: true kind: MetalLB name: metallb uid: 4cdd3a81-ce00-4649-bbac-92ab1bab4377 resourceVersion: "37986" uid: da8e8905-d85f-4fac-822d-bc1e815ef0ce spec: revisionHistoryLimit: 10 selector: matchLabels: app: frr-k8s component: frr-k8s template: metadata: creationTimestamp: null labels: app: frr-k8s component: frr-k8s spec: containers: - args: - --node-name=$(NODE_NAME) - --namespace=$(NAMESPACE) - --metrics-bind-address=127.0.0.1:7572 - --log-level=debug command: - /frr-k8s env: - name: FRR_CONFIG_FILE value: /etc/frr_reloader/frr.conf - name: FRR_RELOADER_PID_FILE value: /etc/frr_reloader/reloader.pid - name: NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace image: registry.redhat.io/openshift4/frr-rhel9@sha256:2157d8b664937a8c3871c12e9a4ee90e7da1a3db2b240bdd320b5dc619b9b8d4 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: host: 127.0.0.1 path: /metrics port: monitoring scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: controller ports: - containerPort: 7572 name: monitoring protocol: TCP readinessProbe: failureThreshold: 3 httpGet: host: 127.0.0.1 path: /metrics port: monitoring scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: {} securityContext: allowPrivilegeEscalation: false capabilities: add: - NET_RAW drop: - ALL readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /etc/frr_reloader name: reloader - command: - /bin/sh - -c - | /sbin/tini -- /usr/lib/frr/docker-start & attempts=0 until [[ -f /etc/frr/frr.log || $attempts -eq 60 ]]; do sleep 1 attempts=$(( $attempts + 1 )) done tail -f /etc/frr/frr.log env: - name: TINI_SUBREAPER value: "true" image: registry.redhat.io/openshift4/frr-rhel9@sha256:2157d8b664937a8c3871c12e9a4ee90e7da1a3db2b240bdd320b5dc619b9b8d4 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: host: 127.0.0.1 path: /livez port: 7573 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: frr resources: {} securityContext: capabilities: add: - NET_ADMIN - NET_RAW - SYS_ADMIN - NET_BIND_SERVICE startupProbe: failureThreshold: 30 httpGet: host: 127.0.0.1 path: /livez port: 7573 scheme: HTTP periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/frr name: frr-sockets - mountPath: /etc/frr name: frr-conf - command: - /etc/frr_reloader/frr-reloader.sh image: registry.redhat.io/openshift4/frr-rhel9@sha256:2157d8b664937a8c3871c12e9a4ee90e7da1a3db2b240bdd320b5dc619b9b8d4 imagePullPolicy: IfNotPresent name: reloader resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/frr name: frr-sockets - mountPath: /etc/frr name: frr-conf - mountPath: /etc/frr_reloader name: reloader - args: - --metrics-port=7573 - --metrics-bind-address=127.0.0.1 command: - /etc/frr_metrics/frr-metrics image: registry.redhat.io/openshift4/frr-rhel9@sha256:2157d8b664937a8c3871c12e9a4ee90e7da1a3db2b240bdd320b5dc619b9b8d4 imagePullPolicy: IfNotPresent name: frr-metrics ports: - containerPort: 7573 name: monitoring protocol: TCP resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/frr name: frr-sockets - mountPath: /etc/frr name: frr-conf - mountPath: /etc/frr_metrics name: metrics - args: - --logtostderr - --secure-listen-address=:9140 - --upstream=http://127.0.0.1:7572/ - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - --tls-private-key-file=/etc/metrics/tls.key - --tls-cert-file=/etc/metrics/tls.crt image: registry.redhat.io/openshift4/ose-kube-rbac-proxy-rhel9@sha256:4fdd6da66aba2523d2c21cef306b7650659926bbadb96dedd000d2b8c0229078 imagePullPolicy: IfNotPresent name: kube-rbac-proxy ports: - containerPort: 9140 name: metricshttps protocol: TCP resources: requests: cpu: 10m memory: 20Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/metrics name: metrics-certs readOnly: true - args: - --logtostderr - --secure-listen-address=:9141 - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - --upstream=http://127.0.0.1:7573/ - --tls-private-key-file=/etc/metrics/tls.key - --tls-cert-file=/etc/metrics/tls.crt image: registry.redhat.io/openshift4/ose-kube-rbac-proxy-rhel9@sha256:4fdd6da66aba2523d2c21cef306b7650659926bbadb96dedd000d2b8c0229078 imagePullPolicy: IfNotPresent name: kube-rbac-proxy-frr ports: - containerPort: 9141 name: metricshttps protocol: TCP resources: requests: cpu: 10m memory: 20Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/metrics name: metrics-certs readOnly: true dnsPolicy: ClusterFirst hostNetwork: true initContainers: - command: - /bin/sh - -c - cp -rLf /tmp/frr/* /etc/frr/ image: registry.redhat.io/openshift4/frr-rhel9@sha256:2157d8b664937a8c3871c12e9a4ee90e7da1a3db2b240bdd320b5dc619b9b8d4 imagePullPolicy: IfNotPresent name: cp-frr-files resources: {} securityContext: runAsGroup: 101 runAsUser: 100 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /tmp/frr name: frr-startup - mountPath: /etc/frr name: frr-conf - command: - /bin/sh - -c - cp -f /frr-reloader.sh /etc/frr_reloader/ image: registry.redhat.io/openshift4/frr-rhel9@sha256:2157d8b664937a8c3871c12e9a4ee90e7da1a3db2b240bdd320b5dc619b9b8d4 imagePullPolicy: IfNotPresent name: cp-reloader resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /etc/frr_reloader name: reloader - command: - /bin/sh - -c - cp -f /frr-metrics /etc/frr_metrics/ image: registry.redhat.io/openshift4/frr-rhel9@sha256:2157d8b664937a8c3871c12e9a4ee90e7da1a3db2b240bdd320b5dc619b9b8d4 imagePullPolicy: IfNotPresent name: cp-metrics resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /etc/frr_metrics name: metrics nodeSelector: kubernetes.io/os: linux node-role.kubernetes.io/worker: "" restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: frr-k8s-daemon serviceAccountName: frr-k8s-daemon shareProcessNamespace: true terminationGracePeriodSeconds: 0 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoSchedule key: node-role.kubernetes.io/control-plane operator: Exists volumes: - emptyDir: {} name: frr-sockets - configMap: defaultMode: 420 name: frr-startup name: frr-startup - emptyDir: {} name: frr-conf - emptyDir: {} name: reloader - emptyDir: {} name: metrics - name: metrics-certs secret: defaultMode: 420 secretName: frr-k8s-certs-secret updateStrategy: rollingUpdate: maxSurge: 0 maxUnavailable: 1 type: RollingUpdate status: currentNumberScheduled: 1 desiredNumberScheduled: 1 numberAvailable: 1 numberMisscheduled: 0 numberReady: 1 observedGeneration: 1 updatedNumberScheduled: 1