Metal Lb : A Kubernetes Load balancer for non cloud environments
In this post I will show how to install a load balancer for non-cloud environment and depends on premises.
Metal LB provides a load balancer for non cloud environment and allow to create the “LoadBalancer” service type in Kubernetes clusters that don’t run on a cloud provider.
Project site : https://metallb.universe.tf/concepts/
1. Network Modes
There are two types for network mode :
- layer 2: In layer 2 mode, one machine in the cluster takes ownership of the service, and uses standard address discovery protocols (ARP for IPv4, NDP for IPv6) to make those IPs reachable on the local network.
- layer 3 by BGP: In BGP mode, all machines in the cluster establish BGP peering sessions with nearby routers that you control, and tell those routers how to forward traffic to the service IPs. Using BGP allows for true load balancing across multiple nodes
In this article, the overlay network for the pods is done with Calico. You can also use Flannel,Weavenet or Romana.
So, I would like to create a simple lab with layer 2 with this post and I recommend to read the documentation before any deployment.
2. Laboratory
I wrote a post with all details for Kubernetes deployment with Ansible.
My lab :
[root@master1 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master1 Ready master 9d v1.17.4
master2 Ready master 9d v1.17.4
master3 Ready master 9d v1.17.4
worker1 Ready <none> 9d v1.17.4
worker2 Ready <none> 9d v1.17.4
worker3 Ready <none> 9d v1.17.4
3. Metal LB configuration
Always check the last version from official repository.
Install the metal lb :
# Create the metal lb namespace
$ kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.9.3/manifests/namespace.yaml# Create a secret on first install only
$ kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)"
# Install metal lb
$ https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/metallb.yaml
- The
metallb-system/controller
deployment. This is the cluster-wide controller that handles IP address assignments. - The
metallb-system/speaker
daemonset. This is the component that speaks the protocol(s) of your choice to make the services reachable. - Service accounts for the controller and speaker, along with the RBAC permissions that the components need to function.
Create a metallb-configmap.yaml file to configure the IP for network . So , in my scenario my layer 2 range is 192.168.15.0/24 .
$ vi metallb-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
namespace: metallb-system
name: config
data:
config: |
address-pools:
- name: my-ip-space
protocol: layer2
addresses:
- 192.168.15.11-192.168.15.15
I reserve 5 ips from range in the config map above, then apply this config map configuration :
$ kubectl apply -f metallb-config.yml
Create a Nginx pod for validate the configution :
vi nginx-pod.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
selector:
matchLabels:
app: nginx
replicas: 2
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
Apply the pod yaml :
$ kubectl apply -f nginx-pod.yml
Create a service with Loadbalancer service type :
vi nginx-service.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx
spec:
type: LoadBalancer
selector:
app: nginx
ports:
- port: 80
name: http
Apply the service yaml :
$ kubectl apply -f nginx-service.yml
Check the services on cluster :
$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.233.0.1 <none> 443/TCP 46h
nginx LoadBalancer 10.233.50.165 192.168.15.11 80:30651/TCP 5m41s
We can access my web pod Nginx with ip 192.168.15.11 as showed above :
$ curl 192.168.15.11
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p><p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p><p><em>Thank you for using nginx.</em></p>
</body>
</html>