diff --git a/contrib/metallb/roles/provision/tasks/main.yml b/contrib/metallb/roles/provision/tasks/main.yml index 66fcc591c..a51eeaf13 100644 --- a/contrib/metallb/roles/provision/tasks/main.yml +++ b/contrib/metallb/roles/provision/tasks/main.yml @@ -1,4 +1,9 @@ --- +- name: "Kubernetes Apps | Check cluster settings for MetalLB" + fail: + msg: "MetalLB require kube_proxy_strict_arp = true, see https://github.com/danderson/metallb/issues/153#issuecomment-518651132" + when: + - "kube_proxy_mode == 'ipvs' and not kube_proxy_strict_arp" - name: "Kubernetes Apps | Lay Down MetalLB" become: true template: { src: "{{ item }}.j2", dest: "{{ kube_config_dir }}/{{ item }}" } diff --git a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml index a7aa43873..09a378bf1 100644 --- a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml +++ b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml @@ -101,6 +101,10 @@ kube_apiserver_insecure_port: 0 # (disabled) # Can be ipvs, iptables kube_proxy_mode: ipvs +# configure arp_ignore and arp_announce to avoid answering ARP queries from kube-ipvs0 interface +# must be set to true for MetalLB to work +kube_proxy_strict_arp: false + # A string slice of values which specify the addresses to use for NodePorts. # Values may be valid IP blocks (e.g. 1.2.3.0/24, 1.2.3.4/32). # The default empty string slice ([]) means to use all local addresses. diff --git a/roles/kubernetes/master/defaults/main/kube-proxy.yml b/roles/kubernetes/master/defaults/main/kube-proxy.yml index 102cd009b..49c4198fd 100644 --- a/roles/kubernetes/master/defaults/main/kube-proxy.yml +++ b/roles/kubernetes/master/defaults/main/kube-proxy.yml @@ -80,6 +80,8 @@ kube_proxy_exclude_cidrs: [] # nq: never queue kube_proxy_scheduler: rr +# configure arp_ignore and arp_announce to avoid answering ARP queries from kube-ipvs0 interface +# must be set to true for MetalLB to work kube_proxy_strict_arp: false # The IP address and port for the metrics server to serve on