From 58986e1d5b949d729e532e46c15f4995244aed3d Mon Sep 17 00:00:00 2001
From: Stefan Reimer <stefan@zero-downtime.net>
Date: Mon, 2 Jun 2025 17:47:10 +0000
Subject: [PATCH] feat: remove metallb, minor control-plane fix

---
 admin/kubezero.sh                             |  2 +-
 charts/kubezero-network/Chart.yaml            |  5 ----
 charts/kubezero-network/README.md             | 21 +++++++--------
 .../templates/metallb/config.yaml             | 27 -------------------
 charts/kubezero-network/values.yaml           | 16 -----------
 charts/kubezero/templates/network.yaml        |  5 ----
 6 files changed, 11 insertions(+), 65 deletions(-)
 delete mode 100644 charts/kubezero-network/templates/metallb/config.yaml

diff --git a/admin/kubezero.sh b/admin/kubezero.sh
index 58be1ac3..1034a065 100755
--- a/admin/kubezero.sh
+++ b/admin/kubezero.sh
@@ -251,7 +251,7 @@ control_plane_node() {
     done
 
     # see if we are a former member and remove our former self if so
-    MY_ID=$(etcdctl member list --endpoints=$etcd_endpoints | grep $ETCD_NODENAME | awk '{print $1}' | sed -e 's/,$//')
+    MY_ID=$(etcdctl member list --endpoints=$etcd_endpoints | grep $ETCD_NODENAME | awk '{print $1}' | sed -e 's/,$//' || true)
     [ -n "$MY_ID" ] && retry 12 5 5 etcdctl member remove $MY_ID --endpoints=$etcd_endpoints
 
     # flush etcd data directory as joining with previous storage seems flaky, especially during etcd version upgrades
diff --git a/charts/kubezero-network/Chart.yaml b/charts/kubezero-network/Chart.yaml
index 47891ba3..c64214c3 100644
--- a/charts/kubezero-network/Chart.yaml
+++ b/charts/kubezero-network/Chart.yaml
@@ -10,7 +10,6 @@ keywords:
   - multus
   - cilium
   - aws-cni
-  - metallb
 maintainers:
   - name: Stefan Reimer
     email: stefan@zero-downtime.net
@@ -22,10 +21,6 @@ dependencies:
     version: 1.17.4
     repository: https://helm.cilium.io/
     condition: cilium.enabled
-  - name: metallb
-    version: 0.14.9
-    repository: https://metallb.github.io/metallb
-    condition: metallb.enabled
   - name: haproxy
     version: 1.24.0
     repository: https://haproxytech.github.io/helm-charts
diff --git a/charts/kubezero-network/README.md b/charts/kubezero-network/README.md
index 7dae8001..700562a6 100644
--- a/charts/kubezero-network/README.md
+++ b/charts/kubezero-network/README.md
@@ -21,19 +21,21 @@ Kubernetes: `>= 1.30.0-0`
 | https://cdn.zero-downtime.net/charts/ | kubezero-lib | 0.2.1 |
 | https://haproxytech.github.io/helm-charts | haproxy | 1.24.0 |
 | https://helm.cilium.io/ | cilium | 1.17.4 |
-| https://metallb.github.io/metallb | metallb | 0.14.9 |
 
 ## Values
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
+| cilium.bpf.preallocateMaps | bool | `true` |  |
 | cilium.cgroup.autoMount.enabled | bool | `false` |  |
 | cilium.cgroup.hostRoot | string | `"/sys/fs/cgroup"` |  |
 | cilium.cluster.id | int | `240` |  |
 | cilium.cluster.name | string | `"default"` |  |
 | cilium.cni.binPath | string | `"/usr/libexec/cni"` |  |
-| cilium.cni.exclusive | bool | `false` |  |
+| cilium.cni.exclusive | bool | `true` |  |
+| cilium.cni.iptablesRemoveAWSRules | bool | `false` |  |
 | cilium.cni.logFile | string | `"/var/log/cilium-cni.log"` |  |
+| cilium.dnsProxy.enableTransparentMode | bool | `true` |  |
 | cilium.enabled | bool | `false` |  |
 | cilium.envoy.enabled | bool | `false` |  |
 | cilium.hubble.enabled | bool | `false` |  |
@@ -45,7 +47,8 @@ Kubernetes: `>= 1.30.0-0`
 | cilium.hubble.ui.enabled | bool | `false` |  |
 | cilium.image.useDigest | bool | `false` |  |
 | cilium.ipam.operator.clusterPoolIPv4PodCIDRList[0] | string | `"10.240.0.0/16"` |  |
-| cilium.k8s.apiServerURLs | string | `""` |  |
+| cilium.k8sServiceHost | string | `""` |  |
+| cilium.k8sServicePort | int | `6443` |  |
 | cilium.kubeProxyReplacement | bool | `true` |  |
 | cilium.l7Proxy | bool | `false` |  |
 | cilium.operator.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` |  |
@@ -56,12 +59,13 @@ Kubernetes: `>= 1.30.0-0`
 | cilium.operator.tolerations[0].key | string | `"node-role.kubernetes.io/control-plane"` |  |
 | cilium.operator.tolerations[1].effect | string | `"NoSchedule"` |  |
 | cilium.operator.tolerations[1].key | string | `"node.cilium.io/agent-not-ready"` |  |
+| cilium.operator.tolerations[2].effect | string | `"NoSchedule"` |  |
+| cilium.operator.tolerations[2].key | string | `"node.kubernetes.io/not-ready"` |  |
 | cilium.prometheus.enabled | bool | `false` |  |
 | cilium.prometheus.port | int | `9091` |  |
 | cilium.prometheus.serviceMonitor.enabled | bool | `false` |  |
-| cilium.resources.limits.memory | string | `"1Gi"` |  |
-| cilium.resources.requests.cpu | string | `"10m"` |  |
-| cilium.resources.requests.memory | string | `"160Mi"` |  |
+| cilium.resources.requests.cpu | string | `"50m"` |  |
+| cilium.resources.requests.memory | string | `"256Mi"` |  |
 | cilium.routingMode | string | `"tunnel"` |  |
 | cilium.sysctlfix.enabled | bool | `false` |  |
 | cilium.tunnelProtocol | string | `"geneve"` |  |
@@ -109,11 +113,6 @@ Kubernetes: `>= 1.30.0-0`
 | haproxy.serviceMonitor.endpoints[0].path | string | `"/metrics"` |  |
 | haproxy.serviceMonitor.endpoints[0].port | string | `"prometheus"` |  |
 | haproxy.serviceMonitor.endpoints[0].scheme | string | `"http"` |  |
-| metallb.controller.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` |  |
-| metallb.controller.tolerations[0].effect | string | `"NoSchedule"` |  |
-| metallb.controller.tolerations[0].key | string | `"node-role.kubernetes.io/control-plane"` |  |
-| metallb.enabled | bool | `false` |  |
-| metallb.ipAddressPools | list | `[]` |  |
 | multus.clusterNetwork | string | `"cilium"` |  |
 | multus.defaultNetworks | list | `[]` |  |
 | multus.enabled | bool | `false` |  |
diff --git a/charts/kubezero-network/templates/metallb/config.yaml b/charts/kubezero-network/templates/metallb/config.yaml
deleted file mode 100644
index bdadb1ff..00000000
--- a/charts/kubezero-network/templates/metallb/config.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-{{- if .Values.metallb.enabled }}
-apiVersion: metallb.io/v1beta1
-kind: L2Advertisement
-metadata:
-  name: l2advertisement1
-  namespace: kube-system
-spec:
-  ipAddressPools:
-    {{- range $key, $val := .Values.metallb.ipAddressPools }}
-    {{- if eq $val.protocol "layer2" }}
-    - {{ $val.name }}
-    {{- end }}
-    {{- end }}
----
-
-{{- range $key, $val := .Values.metallb.ipAddressPools }}
-apiVersion: metallb.io/v1beta1
-kind: IPAddressPool
-metadata:
-  name: {{ $val.name }}
-  namespace: kube-system
-spec:
-  addresses:
-  {{- $val.addresses | toYaml | nindent 4 }}
-{{- end }}
----
-{{- end }}
diff --git a/charts/kubezero-network/values.yaml b/charts/kubezero-network/values.yaml
index c99bed7f..ec854ab4 100644
--- a/charts/kubezero-network/values.yaml
+++ b/charts/kubezero-network/values.yaml
@@ -1,19 +1,3 @@
-metallb:
-  enabled: false
-
-  controller:
-    tolerations:
-    - key: node-role.kubernetes.io/control-plane
-      effect: NoSchedule
-    nodeSelector:
-      node-role.kubernetes.io/control-plane: ""
-
-  ipAddressPools: []
-  #- name: my-ip-space
-  #  protocol: layer2
-  #  addresses:
-  #  - 192.168.42.0/24
-
 multus:
   enabled: false
   image:
diff --git a/charts/kubezero/templates/network.yaml b/charts/kubezero/templates/network.yaml
index 92d38bc6..7587eeec 100644
--- a/charts/kubezero/templates/network.yaml
+++ b/charts/kubezero/templates/network.yaml
@@ -32,11 +32,6 @@ cilium:
       serviceMonitor:
         enabled: {{ .Values.metrics.enabled }}
 
-{{- with .Values.network.metallb }}
-metallb:
-  {{- toYaml . | nindent 2 }}
-{{- end }}
-
 {{- with .Values.network.haproxy }}
 haproxy:
   {{- toYaml . | nindent 2 }}