C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

First attempt

Browse source
This commit is contained in:
Jeroen Rijken 2022-07-25 16:32:39 +02:00
parent 9fdda7eca8
commit c2ff8b6864
1 changed files with 89 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

111
docs/metallb.md
View file

@ -14,7 +14,7 @@ kube_proxy_strict_arp: true
## Install
You have to explicitly enable the MetalLB extension and set an IP address range from which to allocate LoadBalancer IPs.
You have to explicitly enable the MetalLB extension.
```yaml
metallb_enabled: true
@ -38,34 +38,101 @@ metallb_controller_tolerations:
effect: "NoSchedule"
```
## BGP Mode
## Pools
When operating in BGP Mode MetalLB needs to have defined upstream peers:
First you need to specify all of the pools you are going to use:
```yaml
metallb_protocol: bgp
metallb_ip_range:
- 10.5.0.0/16
metallb_peers:
- peer_address: 192.0.2.1
peer_asn: 64512
my_asn: 4200000000
- peer_address: 192.0.2.2
peer_asn: 64513
my_asn: 4200000000
metallb_config:
address_pools:
primary:
ip_range:
- 172.18.113.167-172.18.113.169
auto_assign: true
pool1:
ip_range:
- 172.18.113.20-172.18.113.39
- 172.18.113.120-172.18.113.139
auto_assign: false # When set to false, you need to explicitly set the loadBalancerIP in the service!
pool2:
ip_range:
- 172.18.113.40-172.18.113.59
- 172.18.113.140-172.18.113.159
auto_assign: false
```
Some upstream BGP peers may require password authentication:
## Layer2 Mode
Pools that need to be configured in layer2 mode, need to be specified in a list:
```yaml
metallb_protocol: bgp
metallb_ip_range:
- 10.5.0.0/16
metallb_peers:
- peer_address: 192.0.2.1
peer_asn: 64512
my_asn: 4200000000
password: "changeme"
metallb_config:
layer2:
- primary
```
## BGP Mode
When operating in BGP Mode MetalLB needs to have defined upstream peers and link the pool(s) specified above to the correct peer:
```yaml
metallb_config:
layer3:
defaults:
peer_port: 179 # The TCP port to talk to. Defaults to 179, you shouldn't need to set this in production.
hold_time: 120s # Requested BGP hold time, per RFC4271.
keepalive_time: 120s # Requested BGP keepalive time, per RFC4271.
communities:
vpn-only: "1234:1"
NO_ADVERTISE: "65535:65282"
metallb_peers:
JRITEST:
peer_address: 192.0.2.1
peer_asn: 64512
my_asn: 4200000000
communities:
- vpn-only
address_pool:
- pool1
# (optional) The source IP address to use when establishing the BGP session. In most cases the source-address field should only be used with per-node peers, i.e. peers with node selectors which select only one node. CURRENTLY NOT SUPPORTED BY US (ACC ICT)
source_address: 172.18.113.161
# (optional) The router ID to use when connecting to this peer. Defaults to the node IP address.
# Generally only useful when you need to peer with another BGP router running on the same machine as MetalLB.
router_id: 1.2.3.4
# (optional) Password for TCPMD5 authenticated BGP sessions offered by some peers.
password: "changeme"
JRITEST2:
peer_address: 192.0.2.2
peer_asn: 64513
my_asn: 4200000000
communities:
- NO_ADVERTISE
address_pool:
- pool2
# (optional) The source IP address to use when establishing the BGP session. In most cases the source-address field should only be used with per-node peers, i.e. peers with node selectors which select only one node. CURRENTLY NOT SUPPORTED BY US (ACC ICT)
source_address: 172.18.113.162
# (optional) The router ID to use when connecting to this peer. Defaults to the node IP address.
# Generally only useful when you need to peer with another BGP router running on the same machine as MetalLB.
router_id: 1.2.3.5
# (optional) Password for TCPMD5 authenticated BGP sessions offered by some peers.
password: "changeme"
```
When using calico >= 3.18 you can replace MetalLB speaker by calico Service LoadBalancer IP advertisement.