apiVersion: v1
kind: Namespace
metadata:
  name: keepalived

---
kind: ConfigMap
apiVersion: v1
metadata:
  name: keepalived
  namespace: keepalived
data:
  keepalived-generic.conf: |-
    global_defs {
        default_interface $INTERFACE
        enable_script_security 
    }

    vrrp_instance VI_1 {
        state BACKUP
        interface $INTERFACE
        virtual_router_id 172
        priority 20
        advert_int 3
        authentication {
            auth_type PASS
            auth_pass $PASSWORD
        }

        virtual_ipaddress {
            $VIP label $INTERFACE:PUB_VIP
        }
    }

  init.sh: |-
    #!/bin/sh
    set -e
    cat /keepalived-generic.conf | sed -e "s/\$INTERFACE/$INTERFACE/g" -e "s/\$PASSWORD/$PASSWORD/g" -e "s/\$VIP/$VIP/g" > /keepalived.conf
    chown root /keepalived.conf && chmod 600 /keepalived.conf

---

apiVersion: v1
kind: Secret
metadata:
  name: keepalived
  namespace: keepalived
type: Opaque
data:
  password: WXVjaDVkb28=

---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  labels:
    app: keepalived
  name: keepalived-public
  namespace: keepalived
spec:
  selector:
    matchLabels:
      app: keepalived
  template:
    metadata:
      labels:
        app: keepalived
    spec:
      initContainers:
        - image: lettore/keepalived:latest
          imagePullPolicy: Always
          name: generate-config
          command: ["/bin/bash", "/init.sh"]
          env:
            - name: VIP
              value: 192.168.123.240
            - name: INTERFACE
              value: lan0
            - name: PASSWORD
              valueFrom:
                secretKeyRef:
                  name: keepalived
                  key: password
          volumeMounts:
            - mountPath: /keepalived.conf
              name: generated-config
            - mountPath: /keepalived-generic.conf
              name: generic-config
              subPath: keepalived-generic.conf
            - mountPath: /init.sh
              name: init
              subPath: init.sh
      containers:
        - image: lettore/keepalived:latest
          imagePullPolicy: Always
          livenessProbe:
            exec:
              command:
                - pidof
                - keepalived
            failureThreshold: 3
            initialDelaySeconds: 10
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 1
          name: keepalived
          resources: {}
          securityContext:
            capabilities:
              add:
                - NET_ADMIN
            privileged: true
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          volumeMounts:
            - mountPath: /etc/localtime
              name: host-localtime
            - mountPath: /usr/local/etc/keepalived/keepalived.conf
              name: generated-config
      dnsPolicy: ClusterFirstWithHostNet
      hostNetwork: true
      priorityClassName: system-cluster-critical
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      terminationGracePeriodSeconds: 30
      tolerations:
        - key: CriticalAddonsOnly
          operator: Exists
        - effect: NoSchedule
          key: node-role.kubernetes.io/master
        - effect: NoSchedule
          key: node-role.kubernetes.io/control-plane
      volumes:
        - name: generic-config
          configMap:
            name: keepalived
            items:
              - key: keepalived-generic.conf
                path: keepalived-generic.conf
        - name: init
          configMap:
            name: keepalived
            items:
              - key: init.sh
                path: init.sh
        - name: generated-config
          hostPath:
            path: /tmp/keepalived.conf
            type: FileOrCreate
        - name: host-localtime
          hostPath:
            path: /etc/localtime
            type: ""
  updateStrategy:
    rollingUpdate:
      maxSurge: 0
      maxUnavailable: 100%
    type: RollingUpdate