106 lines
3.1 KiB
Markdown
106 lines
3.1 KiB
Markdown
# MetalLB
|
|
|
|
MetalLB hooks into your Kubernetes cluster, and provides a network load-balancer implementation.
|
|
It allows you to create Kubernetes services of type "LoadBalancer" in clusters that don't run on a cloud provider, and thus cannot simply hook into 3rd party products to provide load-balancers.
|
|
The default operationg mode of MetalLB is in ["Layer2"](https://metallb.universe.tf/concepts/layer2/) but it can also operate in ["BGP"](https://metallb.universe.tf/concepts/bgp/) mode.
|
|
|
|
## Prerequisites
|
|
|
|
You have to configure arp_ignore and arp_announce to avoid answering ARP queries from kube-ipvs0 interface for MetalLB to work.
|
|
|
|
```yaml
|
|
kube_proxy_strict_arp: true
|
|
```
|
|
|
|
## Install
|
|
|
|
You have to explicitly enable the MetalLB extension and set an IP address range from which to allocate LoadBalancer IPs.
|
|
|
|
```yaml
|
|
metallb_enabled: true
|
|
metallb_speaker_enabled: true
|
|
metallb_avoid_buggy_ips: true
|
|
metallb_ip_range:
|
|
- 10.5.0.0/16
|
|
```
|
|
|
|
By default only the MetalLB BGP speaker is allowed to run on control plane nodes. If you have a single node cluster or a cluster where control plane are also worker nodes you may need to enable tolerations for the MetalLB controller:
|
|
|
|
```yaml
|
|
metallb_controller_tolerations:
|
|
- key: "node-role.kubernetes.io/master"
|
|
operator: "Equal"
|
|
value: ""
|
|
effect: "NoSchedule"
|
|
- key: "node-role.kubernetes.io/control-plane"
|
|
operator: "Equal"
|
|
value: ""
|
|
effect: "NoSchedule"
|
|
```
|
|
|
|
## BGP Mode
|
|
|
|
When operating in BGP Mode MetalLB needs to have defined upstream peers:
|
|
|
|
```yaml
|
|
metallb_protocol: bgp
|
|
metallb_ip_range:
|
|
- 10.5.0.0/16
|
|
metallb_peers:
|
|
- peer_address: 192.0.2.1
|
|
peer_asn: 64512
|
|
my_asn: 4200000000
|
|
- peer_address: 192.0.2.2
|
|
peer_asn: 64513
|
|
my_asn: 4200000000
|
|
```
|
|
|
|
Some upstream BGP peers may require password authentication:
|
|
|
|
```yaml
|
|
metallb_protocol: bgp
|
|
metallb_ip_range:
|
|
- 10.5.0.0/16
|
|
metallb_peers:
|
|
- peer_address: 192.0.2.1
|
|
peer_asn: 64512
|
|
my_asn: 4200000000
|
|
password: "changeme"
|
|
```
|
|
|
|
When using calico >= 3.18 you can replace MetalLB speaker by calico Service LoadBalancer IP advertisement.
|
|
See [calico service IPs advertisement documentation](https://docs.projectcalico.org/archive/v3.18/networking/advertise-service-ips#advertise-service-load-balancer-ip-addresses).
|
|
In this scenarion you should disable the MetalLB speaker and configure the `calico_advertise_service_loadbalancer_ips` to match your `metallb_ip_range`
|
|
|
|
```yaml
|
|
metallb_speaker_enabled: false
|
|
metallb_avoid_buggy_ips: true
|
|
metallb_ip_range:
|
|
- 10.5.0.0/16
|
|
calico_advertise_service_loadbalancer_ips: "{{ metallb_ip_range }}"
|
|
```
|
|
|
|
If you have additional loadbalancer IP pool in `metallb_additional_address_pools` , ensure to add them to the list.
|
|
|
|
```yaml
|
|
metallb_speaker_enabled: false
|
|
metallb_ip_range:
|
|
- 10.5.0.0/16
|
|
metallb_additional_address_pools:
|
|
kube_service_pool_1:
|
|
ip_range:
|
|
- 10.6.0.0/16
|
|
protocol: "bgp"
|
|
auto_assign: false
|
|
avoid_buggy_ips: true
|
|
kube_service_pool_2:
|
|
ip_range:
|
|
- 10.10.0.0/16
|
|
protocol: "bgp"
|
|
auto_assign: false
|
|
avoid_buggy_ips: true
|
|
calico_advertise_service_loadbalancer_ips:
|
|
- 10.5.0.0/16
|
|
- 10.6.0.0/16
|
|
- 10.10.0.0/16
|
|
```
|