Команда IT специалистов выполнит подготовку инфраструктуры для вашего бизнеса.
Внедрение самых передовых решений и технологий.
Поддержка и сопровождение ваших сервисов.
Выполнение работ под "ключ", от покупки сервера, до настройки автоматизации процессов. 8(977)608-78-62 adm@nixm.ru
Внедрение самых передовых решений и технологий.
Поддержка и сопровождение ваших сервисов.
Выполнение работ под "ключ", от покупки сервера, до настройки автоматизации процессов. 8(977)608-78-62 adm@nixm.ru
MetallB KUBERSPRAY
- ALEXX
- Администратор
- Сообщения: 1350
- Зарегистрирован: 21 дек 2014, 14:59
- Откуда: Королёв
- Контактная информация:
MetallB KUBERSPRAY
MetalLB
MetalLB hooks into your Kubernetes cluster, and provides a network load-balancer implementation. It allows you to create Kubernetes services of type "LoadBalancer" in clusters that don't run on a cloud provider, and thus cannot simply hook into 3rd party products to provide load-balancers. The default operating mode of MetalLB is in "Layer2" but it can also operate in "BGP" mode.
Prerequisites
You have to configure arp_ignore and arp_announce to avoid answering ARP queries from kube-ipvs0 interface for MetalLB to work.
Install
You have to explicitly enable the MetalLB extension.
By default only the MetalLB BGP speaker is allowed to run on control plane nodes. If you have a single node cluster or a cluster where control plane are also worker nodes you may need to enable tolerations for the MetalLB controller:
If you'd like to set additional nodeSelector and tolerations values, you can do so in the following fasion:
Pools
First you need to specify all of the pools you are going to use:
Layer2 Mode
Pools that need to be configured in layer2 mode, need to be specified in a list:
BGP Mode
When operating in BGP Mode MetalLB needs to have defined upstream peers and link the pool(s) specified above to the correct peer:
When using calico >= 3.18 you can replace MetalLB speaker by calico Service LoadBalancer IP advertisement. See calico service IPs advertisement documentation. In this scenario you should disable the MetalLB speaker and configure the calico_advertise_service_loadbalancer_ips to match your ip_range
If you have additional loadbalancer IP pool in metallb_config.address_pools , ensure to add them to the list.
MetalLB hooks into your Kubernetes cluster, and provides a network load-balancer implementation. It allows you to create Kubernetes services of type "LoadBalancer" in clusters that don't run on a cloud provider, and thus cannot simply hook into 3rd party products to provide load-balancers. The default operating mode of MetalLB is in "Layer2" but it can also operate in "BGP" mode.
Prerequisites
You have to configure arp_ignore and arp_announce to avoid answering ARP queries from kube-ipvs0 interface for MetalLB to work.
Код: Выделить всё
kube_proxy_strict_arp: true
You have to explicitly enable the MetalLB extension.
Код: Выделить всё
metallb_enabled: true
metallb_speaker_enabled: true
Код: Выделить всё
metallb_config:
controller:
nodeselector:
kubernetes.io/os: linux
tolerations:
- key: "node-role.kubernetes.io/control-plane"
operator: "Equal"
value: ""
effect: "NoSchedule"
Код: Выделить всё
metallb_config:
controller:
nodeselector:
kubernetes.io/os: linux
tolerations:
- key: "node-role.kubernetes.io/control-plane"
operator: "Equal"
value: ""
effect: "NoSchedule"
speaker:
nodeselector:
kubernetes.io/os: linux
tolerations:
- key: "node-role.kubernetes.io/control-plane"
operator: "Equal"
value: ""
effect: "NoSchedule"
First you need to specify all of the pools you are going to use:
Код: Выделить всё
metallb_config:
address_pools:
primary:
ip_range:
- 192.0.1.0-192.0.1.254
pool1:
ip_range:
- 192.0.2.1-192.0.2.1
auto_assign: false # When set to false, you need to explicitly set the loadBalancerIP in the service!
pool2:
ip_range:
- 192.0.3.0/24
avoid_buggy_ips: true # When set to true, .0 and .255 addresses will be avoided.
Pools that need to be configured in layer2 mode, need to be specified in a list:
Код: Выделить всё
metallb_config:
layer2:
- primary
When operating in BGP Mode MetalLB needs to have defined upstream peers and link the pool(s) specified above to the correct peer:
Код: Выделить всё
metallb_config:
layer3:
defaults:
peer_port: 179 # The TCP port to talk to. Defaults to 179, you shouldn't need to set this in production.
hold_time: 120s # Requested BGP hold time, per RFC4271.
communities:
vpn-only: "1234:1"
NO_ADVERTISE: "65535:65282"
metallb_peers:
peer1:
peer_address: 192.0.2.1
peer_asn: 64512
my_asn: 4200000000
communities:
- vpn-only
address_pool:
- pool1
# (optional) The source IP address to use when establishing the BGP session. In most cases the source-address field should only be used with per-node peers, i.e. peers with node selectors which select only one node. CURRENTLY NOT SUPPORTED
source_address: 192.0.2.2
# (optional) The router ID to use when connecting to this peer. Defaults to the node IP address.
# Generally only useful when you need to peer with another BGP router running on the same machine as MetalLB.
router_id: 1.2.3.4
# (optional) Password for TCPMD5 authenticated BGP sessions offered by some peers.
password: "changeme"
peer2:
peer_address: 192.0.2.2
peer_asn: 64513
my_asn: 4200000000
communities:
- NO_ADVERTISE
address_pool:
- pool2
# (optional) The source IP address to use when establishing the BGP session. In most cases the source-address field should only be used with per-node peers, i.e. peers with node selectors which select only one node. CURRENTLY NOT SUPPORTED
source_address: 192.0.2.1
# (optional) The router ID to use when connecting to this peer. Defaults to the node IP address.
# Generally only useful when you need to peer with another BGP router running on the same machine as MetalLB.
router_id: 1.2.3.5
# (optional) Password for TCPMD5 authenticated BGP sessions offered by some peers.
password: "changeme"
Код: Выделить всё
metallb_speaker_enabled: false
metallb_config:
address_pools:
primary:
ip_range:
- 10.5.0.0/16
auto_assign: true
layer2:
- primary
calico_advertise_service_loadbalancer_ips: "{{ metallb_config.address_pools.primary.ip_range }}"
Код: Выделить всё
metallb_speaker_enabled: false
metallb_config:
address_pools:
primary:
ip_range:
- 10.5.0.0/16
auto_assign: true
pool1:
ip_range:
- 10.6.0.0/16
auto_assign: true
pool2:
ip_range:
- 10.10.0.0/16
auto_assign: true
layer2:
- primary
layer3:
defaults:
peer_port: 179
hold_time: 120s
communities:
vpn-only: "1234:1"
NO_ADVERTISE: "65535:65282"
metallb_peers:
peer1:
peer_address: 10.6.0.1
peer_asn: 64512
my_asn: 4200000000
communities:
- vpn-only
address_pool:
- pool1
peer2:
peer_address: 10.10.0.1
peer_asn: 64513
my_asn: 4200000000
communities:
- NO_ADVERTISE
address_pool:
- pool2
calico_advertise_service_loadbalancer_ips:
- 10.5.0.0/16
- 10.6.0.0/16
- 10.10.0.0/16