k8s部署metallb
其中最常用的k8s默认的是cluster IP类型,此类型只能在k8s集群和集群之间的服务器之间访问。而nodeport 类型是K8s将内部服务对外暴露的基础,service资源默认会产生一个IP地址,此IP地址只能在k8s集群内访问,如何让集群外访问service资源,通过对nodeport 暴露,上面我们提到,将K8s内部的服务通过NodePort方式暴露出去,K8s会在每个Worker节点上
一、介绍
k8s的service资源分为cluster IP类型、nodeport类型、loadbalancer类型、externalname类型
其中最常用的k8s默认的是cluster IP类型,此类型只能在k8s集群和集群之间的服务器之间访问。
而nodeport 类型是K8s将内部服务对外暴露的基础,service资源默认会产生一个IP地址,此IP地址只能在k8s集群内访问,如何让集群外访问service资源,通过对nodeport 暴露,
上面我们提到,将K8s内部的服务通过NodePort方式暴露出去,K8s会在每个Worker节点上都开启对应的NodePort端口。逻辑上看,K8s集群中的所有节点都会暴露这个服务,或者说这个服务是以集群方式暴露的(实际支持这个服务的Pod可能就分布在其中有限几个节点上,但是因为所有节点上都有Kube-Proxy,所以所有节点都知道该如何转发)。既然是集群,就会涉及负载均衡问题,谁负责对这个服务的负载均衡访问?答案是需要引入负载均衡器(Load Balancer)。下图是通过LoadBalancer,将服务对外暴露的概念模型
LoadBalancer底层有赖于NodePort
Kubernetes没有为裸机集群提供LoadBalance,私有云架构的kubernetes集群不支持LoadBalance,在自己的集群没有这个情况所以会出现以下的情况,为解决使用LoadBalance我们引入了metallb。
如果没有部署mtallb,直接 service 资源引用LoadBalance,就出现我安装的service在请求EXTERNAL-IP 时候一直处于pending
kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 7d20h
my-service LoadBalancer 10.104.156.116 <pending> 8080:32586/TCP 12m
二、准备工作
如果在 IPVS 模式下使用 kube-proxy,则从 Kubernetes v1.14.2 开始,您必须启用严格 ARP 模式。Kubernetes v1.14.2 以下的版本不支持IPVS调度,所以默认都是使用iptables,这样的话就不需要更改 kube-proxy 的 configmap。如果使用Kubernetes v1.14.2以上的版本,默认还是iptables,如果你不想更改为IPVS调度,也不需要更改。但是如果你想改成IPVS调度,就需要如下的操作。
请注意,如果使用 kube-router 作为服务代理,则不需要此选项,因为它默认启用严格 ARP。
可以通过编辑当前集群中的 kube-proxy 配置来实现此目的:
如何确认自己使用是iptables还是IPVS的调度算法:
kubectl get configmap kube-proxy -n kube-system -oyaml
mode: "" 或者 mode: "iptables" 则是iptables
更改为IPVS调度算法
kubectl edit configmap -n kube-system kube-proxy
并设置:
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: "ipvs" // 注意,这里修改
ipvs:
strictARP: true // 注意,这里也修改,因为通信的底层是通过mac地址进行区分的,这就的意思代表开启
建议:建议在k8s在v1.14.2 以上的建议都启动IPVS,并且都使用metallb的高版本,比如我的环境是v1.21.1
[root@master mnt]# kubectl get node
NAME STATUS ROLES AGE VERSION
master Ready control-plane,master 511d v1.21.1
slave01 Ready <none> 511d v1.21.1
slave02 Ready <none> 511d v1.21.1
我使用 iptables模式,metallb低版本,可能会出现问题,最简单的是部署的时候会有如下的提示
DaemonSet、Deployment、StatefulSet 和 ReplicaSet 在 v1.16 中将不再从 extensions/v1beta1、apps/v1beta1 或 apps/v1beta2 提供服务
解决方法是:
将yml配置文件内的api接口修改为 apps/v1 ,导致原因为之间使用的kubernetes 版本是1.14.x版本,1.16.x 版本放弃部分API支持
而且可能会存在 service 资源引用LoadBalance,就出现我安装的service在请求EXTERNAL-IP 时候一直处于pending。
三、部署metallb负载均衡器
1、修改kbe-proxy
kubectl edit configmap -n kube-system kube-proxy
并设置:
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: "ipvs" // 注意,这里修改
ipvs:
strictARP: true // 注意,这里也修改,因为通信的底层是通过mac地址进行区分的,这就的意思代表开启
修改后需要重新启动 kube-proxy 的 pod,可以用过滚动升级也可以直接 delete pod
kubectl rollout restart daemonset kube-proxy -n kube-syste
2、下载metallb的配置
wget https://raw.githubusercontent.com/google/metallb/v0.13.9/config/manifests/metallb-native.yaml
kubectl apply -f metallb-native.yaml
注意:如果你使用的是较新的 MetalLB 版本(特别是从 v0.10.0 版本开始),则需要配置 IPAddressPool 和 L2Advertisement 资源,而不是通过 ConfigMap 来配置地址池。MetalLB 的新版本采用了 CRD(Custom Resource Definitions)来配置。
这里直接使用了低版本的v0.7.3
wget https://raw.githubusercontent.com/google/metallb/v0.7.3/manifests/metallb.yaml
内容配置
apiVersion: v1
kind: Namespace
metadata:
labels:
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged
name: metallb-system
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
name: addresspools.metallb.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGWlRDQ0EwMmdBd0lCQWdJVU5GRW1XcTM3MVpKdGkrMmlSQzk1WmpBV1MxZ3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3UWpFTE1Ba0dBMVVFQmhNQ1dGZ3hGVEFUQmdOVkJBY01ERVJsWm1GMWJIUWdRMmwwZVRFY01Cb0dBMVVFDQpDZ3dUUkdWbVlYVnNkQ0JEYjIxd1lXNTVJRXgwWkRBZUZ3MHlNakEzTVRrd09UTXlNek5hRncweU1qQTRNVGd3DQpPVE15TXpOYU1FSXhDekFKQmdOVkJBWVRBbGhZTVJVd0V3WURWUVFIREF4RVpXWmhkV3gwSUVOcGRIa3hIREFhDQpCZ05WQkFvTUUwUmxabUYxYkhRZ1EyOXRjR0Z1ZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDDQpEd0F3Z2dJS0FvSUNBUUNxVFpxMWZRcC9vYkdlenhES0o3OVB3Ny94azJwellualNzMlkzb1ZYSm5sRmM4YjVlDQpma2ZZQnY2bndscW1keW5PL2phWFBaQmRQSS82aFdOUDBkdVhadEtWU0NCUUpyZzEyOGNXb3F0MGNTN3pLb1VpDQpvcU1tQ0QvRXVBeFFNZjhRZDF2c1gvVllkZ0poVTZBRXJLZEpIaXpFOUJtUkNkTDBGMW1OVW55Rk82UnRtWFZUDQpidkxsTDVYeTc2R0FaQVBLOFB4aVlDa0NtbDdxN0VnTWNiOXlLWldCYmlxQ3VkTXE5TGJLNmdKNzF6YkZnSXV4DQo1L1pXK2JraTB2RlplWk9ZODUxb1psckFUNzJvMDI4NHNTWW9uN0pHZVZkY3NoUnh5R1VpSFpSTzdkaXZVTDVTDQpmM2JmSDFYbWY1ZDQzT0NWTWRuUUV2NWVaOG8zeWVLa3ZrbkZQUGVJMU9BbjdGbDlFRVNNR2dhOGFaSG1URSttDQpsLzlMSmdDYjBnQmtPT0M0WnV4bWh2aERKV1EzWnJCS3pMQlNUZXN0NWlLNVlwcXRWVVk2THRyRW9FelVTK1lsDQpwWndXY2VQWHlHeHM5ZURsR3lNVmQraW15Y3NTU1UvVno2Mmx6MnZCS21NTXBkYldDQWhud0RsRTVqU2dyMjRRDQp0eGNXLys2N3d5KzhuQlI3UXdqVTFITndVRjBzeERWdEwrZ1NHVERnSEVZSlhZelYvT05zMy94TkpoVFNPSkxNDQpoeXNVdyttaGdackdhbUdXcHVIVU1DUitvTWJzMTc1UkcrQjJnUFFHVytPTjJnUTRyOXN2b0ZBNHBBQm8xd1dLDQpRYjRhY3pmeVVscElBOVFoSmFsZEY3S3dPSHVlV3gwRUNrNXg0T2tvVDBvWVp0dzFiR0JjRGtaSmF3SURBUUFCDQpvMU13VVRBZEJnTlZIUTRFRmdRVW90UlNIUm9IWTEyRFZ4R0NCdEhpb1g2ZmVFQXdId1lEVlIwakJCZ3dGb0FVDQpvdFJTSFJvSFkxMkRWeEdDQnRIaW9YNmZlRUF3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCDQpBUXNGQUFPQ0FnRUFSbkpsWWRjMTFHd0VxWnh6RDF2R3BDR2pDN2VWTlQ3aVY1d3IybXlybHdPYi9aUWFEa0xYDQpvVStaOVVXT1VlSXJTdzUydDdmQUpvVVAwSm5iYkMveVIrU1lqUGhvUXNiVHduOTc2ZldBWTduM3FMOXhCd1Y0DQphek41OXNjeUp0dlhMeUtOL2N5ak1ReDRLajBIMFg0bWJ6bzVZNUtzWWtYVU0vOEFPdWZMcEd0S1NGVGgrSEFDDQpab1Q5YnZHS25adnNHd0tYZFF0Wnh0akhaUjVqK3U3ZGtQOTJBT051RFNabS8rWVV4b2tBK09JbzdSR3BwSHNXDQo1ZTdNY0FTVXRtb1FORXd6dVFoVkJaRWQ1OGtKYjUrV0VWbGNzanlXNnRTbzErZ25tTWNqR1BsMWgxR2hVbjV4DQpFY0lWRnBIWXM5YWo1NmpBSjk1MVQvZjhMaWxmTlVnanBLQ0c1bnl0SUt3emxhOHNtdGlPdm1UNEpYbXBwSkI2DQo4bmdHRVluVjUrUTYwWFJ2OEhSSGp1VG9CRHVhaERrVDA2R1JGODU1d09FR2V4bkZpMXZYWUxLVllWb1V2MXRKDQo4dVdUR1pwNllDSVJldlBqbzg5ZytWTlJSaVFYUThJd0dybXE5c0RoVTlqTjA0SjdVL1RvRDFpNHE3VnlsRUc5DQorV1VGNkNLaEdBeTJIaEhwVncyTGFoOS9lUzdZMUZ1YURrWmhPZG1laG1BOCtqdHNZamJadnR5Mm1SWlF0UUZzDQpUU1VUUjREbUR2bVVPRVRmeStpRHdzK2RkWXVNTnJGeVVYV2dkMnpBQU4ydVl1UHFGY2pRcFNPODFzVTJTU3R3DQoxVzAyeUtYOGJEYmZFdjBzbUh3UzliQnFlSGo5NEM1Mjg0YXpsdTBmaUdpTm1OUEM4ckJLRmhBPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==
service:
name: webhook-service
namespace: metallb-system
path: /convert
conversionReviewVersions:
- v1alpha1
- v1beta1
group: metallb.io
names:
kind: AddressPool
listKind: AddressPoolList
plural: addresspools
singular: addresspool
scope: Namespaced
versions:
- deprecated: true
deprecationWarning: metallb.io v1alpha1 AddressPool is deprecated
name: v1alpha1
schema:
openAPIV3Schema:
description: AddressPool is the Schema for the addresspools API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AddressPoolSpec defines the desired state of AddressPool.
properties:
addresses:
description: A list of IP address ranges over which MetalLB has authority.
You can list multiple ranges in a single pool, they will all share
the same settings. Each range can be either a CIDR prefix, or an
explicit start-end range of IPs.
items:
type: string
type: array
autoAssign:
default: true
description: AutoAssign flag used to prevent MetallB from automatic
allocation for a pool.
type: boolean
bgpAdvertisements:
description: When an IP is allocated from this pool, how should it
be translated into BGP announcements?
items:
properties:
aggregationLength:
default: 32
description: The aggregation-length advertisement option lets
you “roll up” the /32s into a larger prefix.
format: int32
minimum: 1
type: integer
aggregationLengthV6:
default: 128
description: Optional, defaults to 128 (i.e. no aggregation)
if not specified.
format: int32
type: integer
communities:
description: BGP communities
items:
type: string
type: array
localPref:
description: BGP LOCAL_PREF attribute which is used by BGP best
path algorithm, Path with higher localpref is preferred over
one with lower localpref.
format: int32
type: integer
type: object
type: array
protocol:
description: Protocol can be used to select how the announcement is
done.
enum:
- layer2
- bgp
type: string
required:
- addresses
- protocol
type: object
status:
description: AddressPoolStatus defines the observed state of AddressPool.
type: object
required:
- spec
type: object
served: true
storage: false
subresources:
status: {}
- deprecated: true
deprecationWarning: metallb.io v1beta1 AddressPool is deprecated, consider using
IPAddressPool
name: v1beta1
schema:
openAPIV3Schema:
description: AddressPool represents a pool of IP addresses that can be allocated
to LoadBalancer services. AddressPool is deprecated and being replaced by
IPAddressPool.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AddressPoolSpec defines the desired state of AddressPool.
properties:
addresses:
description: A list of IP address ranges over which MetalLB has authority.
You can list multiple ranges in a single pool, they will all share
the same settings. Each range can be either a CIDR prefix, or an
explicit start-end range of IPs.
items:
type: string
type: array
autoAssign:
default: true
description: AutoAssign flag used to prevent MetallB from automatic
allocation for a pool.
type: boolean
bgpAdvertisements:
description: Drives how an IP allocated from this pool should translated
into BGP announcements.
items:
properties:
aggregationLength:
default: 32
description: The aggregation-length advertisement option lets
you “roll up” the /32s into a larger prefix.
format: int32
minimum: 1
type: integer
aggregationLengthV6:
default: 128
description: Optional, defaults to 128 (i.e. no aggregation)
if not specified.
format: int32
type: integer
communities:
description: BGP communities to be associated with the given
advertisement.
items:
type: string
type: array
localPref:
description: BGP LOCAL_PREF attribute which is used by BGP best
path algorithm, Path with higher localpref is preferred over
one with lower localpref.
format: int32
type: integer
type: object
type: array
protocol:
description: Protocol can be used to select how the announcement is
done.
enum:
- layer2
- bgp
type: string
required:
- addresses
- protocol
type: object
status:
description: AddressPoolStatus defines the observed state of AddressPool.
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: bfdprofiles.metallb.io
spec:
group: metallb.io
names:
kind: BFDProfile
listKind: BFDProfileList
plural: bfdprofiles
singular: bfdprofile
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.passiveMode
name: Passive Mode
type: boolean
- jsonPath: .spec.transmitInterval
name: Transmit Interval
type: integer
- jsonPath: .spec.receiveInterval
name: Receive Interval
type: integer
- jsonPath: .spec.detectMultiplier
name: Multiplier
type: integer
name: v1beta1
schema:
openAPIV3Schema:
description: BFDProfile represents the settings of the bfd session that can
be optionally associated with a BGP session.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: BFDProfileSpec defines the desired state of BFDProfile.
properties:
detectMultiplier:
description: Configures the detection multiplier to determine packet
loss. The remote transmission interval will be multiplied by this
value to determine the connection loss detection timer.
format: int32
maximum: 255
minimum: 2
type: integer
echoInterval:
description: Configures the minimal echo receive transmission interval
that this system is capable of handling in milliseconds. Defaults
to 50ms
format: int32
maximum: 60000
minimum: 10
type: integer
echoMode:
description: Enables or disables the echo transmission mode. This
mode is disabled by default, and not supported on multi hops setups.
type: boolean
minimumTtl:
description: 'For multi hop sessions only: configure the minimum expected
TTL for an incoming BFD control packet.'
format: int32
maximum: 254
minimum: 1
type: integer
passiveMode:
description: 'Mark session as passive: a passive session will not
attempt to start the connection and will wait for control packets
from peer before it begins replying.'
type: boolean
receiveInterval:
description: The minimum interval that this system is capable of receiving
control packets in milliseconds. Defaults to 300ms.
format: int32
maximum: 60000
minimum: 10
type: integer
transmitInterval:
description: The minimum transmission interval (less jitter) that
this system wants to use to send BFD control packets in milliseconds.
Defaults to 300ms
format: int32
maximum: 60000
minimum: 10
type: integer
type: object
status:
description: BFDProfileStatus defines the observed state of BFDProfile.
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: bgpadvertisements.metallb.io
spec:
group: metallb.io
names:
kind: BGPAdvertisement
listKind: BGPAdvertisementList
plural: bgpadvertisements
singular: bgpadvertisement
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.ipAddressPools
name: IPAddressPools
type: string
- jsonPath: .spec.ipAddressPoolSelectors
name: IPAddressPool Selectors
type: string
- jsonPath: .spec.peers
name: Peers
type: string
- jsonPath: .spec.nodeSelectors
name: Node Selectors
priority: 10
type: string
name: v1beta1
schema:
openAPIV3Schema:
description: BGPAdvertisement allows to advertise the IPs coming from the
selected IPAddressPools via BGP, setting the parameters of the BGP Advertisement.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: BGPAdvertisementSpec defines the desired state of BGPAdvertisement.
properties:
aggregationLength:
default: 32
description: The aggregation-length advertisement option lets you
“roll up” the /32s into a larger prefix. Defaults to 32. Works for
IPv4 addresses.
format: int32
minimum: 1
type: integer
aggregationLengthV6:
default: 128
description: The aggregation-length advertisement option lets you
“roll up” the /128s into a larger prefix. Defaults to 128. Works
for IPv6 addresses.
format: int32
type: integer
communities:
description: The BGP communities to be associated with the announcement.
Each item can be a community of the form 1234:1234 or the name of
an alias defined in the Community CRD.
items:
type: string
type: array
ipAddressPoolSelectors:
description: A selector for the IPAddressPools which would get advertised
via this advertisement. If no IPAddressPool is selected by this
or by the list, the advertisement is applied to all the IPAddressPools.
items:
description: A label selector is a label query over a set of resources.
The result of matchLabels and matchExpressions are ANDed. An empty
label selector matches all objects. A null label selector matches
no objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the
key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
type: array
ipAddressPools:
description: The list of IPAddressPools to advertise via this advertisement,
selected by name.
items:
type: string
type: array
localPref:
description: The BGP LOCAL_PREF attribute which is used by BGP best
path algorithm, Path with higher localpref is preferred over one
with lower localpref.
format: int32
type: integer
nodeSelectors:
description: NodeSelectors allows to limit the nodes to announce as
next hops for the LoadBalancer IP. When empty, all the nodes having are
announced as next hops.
items:
description: A label selector is a label query over a set of resources.
The result of matchLabels and matchExpressions are ANDed. An empty
label selector matches all objects. A null label selector matches
no objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the
key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
type: array
peers:
description: Peers limits the bgppeer to advertise the ips of the
selected pools to. When empty, the loadbalancer IP is announced
to all the BGPPeers configured.
items:
type: string
type: array
type: object
status:
description: BGPAdvertisementStatus defines the observed state of BGPAdvertisement.
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
name: bgppeers.metallb.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGWlRDQ0EwMmdBd0lCQWdJVU5GRW1XcTM3MVpKdGkrMmlSQzk1WmpBV1MxZ3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3UWpFTE1Ba0dBMVVFQmhNQ1dGZ3hGVEFUQmdOVkJBY01ERVJsWm1GMWJIUWdRMmwwZVRFY01Cb0dBMVVFDQpDZ3dUUkdWbVlYVnNkQ0JEYjIxd1lXNTVJRXgwWkRBZUZ3MHlNakEzTVRrd09UTXlNek5hRncweU1qQTRNVGd3DQpPVE15TXpOYU1FSXhDekFKQmdOVkJBWVRBbGhZTVJVd0V3WURWUVFIREF4RVpXWmhkV3gwSUVOcGRIa3hIREFhDQpCZ05WQkFvTUUwUmxabUYxYkhRZ1EyOXRjR0Z1ZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDDQpEd0F3Z2dJS0FvSUNBUUNxVFpxMWZRcC9vYkdlenhES0o3OVB3Ny94azJwellualNzMlkzb1ZYSm5sRmM4YjVlDQpma2ZZQnY2bndscW1keW5PL2phWFBaQmRQSS82aFdOUDBkdVhadEtWU0NCUUpyZzEyOGNXb3F0MGNTN3pLb1VpDQpvcU1tQ0QvRXVBeFFNZjhRZDF2c1gvVllkZ0poVTZBRXJLZEpIaXpFOUJtUkNkTDBGMW1OVW55Rk82UnRtWFZUDQpidkxsTDVYeTc2R0FaQVBLOFB4aVlDa0NtbDdxN0VnTWNiOXlLWldCYmlxQ3VkTXE5TGJLNmdKNzF6YkZnSXV4DQo1L1pXK2JraTB2RlplWk9ZODUxb1psckFUNzJvMDI4NHNTWW9uN0pHZVZkY3NoUnh5R1VpSFpSTzdkaXZVTDVTDQpmM2JmSDFYbWY1ZDQzT0NWTWRuUUV2NWVaOG8zeWVLa3ZrbkZQUGVJMU9BbjdGbDlFRVNNR2dhOGFaSG1URSttDQpsLzlMSmdDYjBnQmtPT0M0WnV4bWh2aERKV1EzWnJCS3pMQlNUZXN0NWlLNVlwcXRWVVk2THRyRW9FelVTK1lsDQpwWndXY2VQWHlHeHM5ZURsR3lNVmQraW15Y3NTU1UvVno2Mmx6MnZCS21NTXBkYldDQWhud0RsRTVqU2dyMjRRDQp0eGNXLys2N3d5KzhuQlI3UXdqVTFITndVRjBzeERWdEwrZ1NHVERnSEVZSlhZelYvT05zMy94TkpoVFNPSkxNDQpoeXNVdyttaGdackdhbUdXcHVIVU1DUitvTWJzMTc1UkcrQjJnUFFHVytPTjJnUTRyOXN2b0ZBNHBBQm8xd1dLDQpRYjRhY3pmeVVscElBOVFoSmFsZEY3S3dPSHVlV3gwRUNrNXg0T2tvVDBvWVp0dzFiR0JjRGtaSmF3SURBUUFCDQpvMU13VVRBZEJnTlZIUTRFRmdRVW90UlNIUm9IWTEyRFZ4R0NCdEhpb1g2ZmVFQXdId1lEVlIwakJCZ3dGb0FVDQpvdFJTSFJvSFkxMkRWeEdDQnRIaW9YNmZlRUF3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCDQpBUXNGQUFPQ0FnRUFSbkpsWWRjMTFHd0VxWnh6RDF2R3BDR2pDN2VWTlQ3aVY1d3IybXlybHdPYi9aUWFEa0xYDQpvVStaOVVXT1VlSXJTdzUydDdmQUpvVVAwSm5iYkMveVIrU1lqUGhvUXNiVHduOTc2ZldBWTduM3FMOXhCd1Y0DQphek41OXNjeUp0dlhMeUtOL2N5ak1ReDRLajBIMFg0bWJ6bzVZNUtzWWtYVU0vOEFPdWZMcEd0S1NGVGgrSEFDDQpab1Q5YnZHS25adnNHd0tYZFF0Wnh0akhaUjVqK3U3ZGtQOTJBT051RFNabS8rWVV4b2tBK09JbzdSR3BwSHNXDQo1ZTdNY0FTVXRtb1FORXd6dVFoVkJaRWQ1OGtKYjUrV0VWbGNzanlXNnRTbzErZ25tTWNqR1BsMWgxR2hVbjV4DQpFY0lWRnBIWXM5YWo1NmpBSjk1MVQvZjhMaWxmTlVnanBLQ0c1bnl0SUt3emxhOHNtdGlPdm1UNEpYbXBwSkI2DQo4bmdHRVluVjUrUTYwWFJ2OEhSSGp1VG9CRHVhaERrVDA2R1JGODU1d09FR2V4bkZpMXZYWUxLVllWb1V2MXRKDQo4dVdUR1pwNllDSVJldlBqbzg5ZytWTlJSaVFYUThJd0dybXE5c0RoVTlqTjA0SjdVL1RvRDFpNHE3VnlsRUc5DQorV1VGNkNLaEdBeTJIaEhwVncyTGFoOS9lUzdZMUZ1YURrWmhPZG1laG1BOCtqdHNZamJadnR5Mm1SWlF0UUZzDQpUU1VUUjREbUR2bVVPRVRmeStpRHdzK2RkWXVNTnJGeVVYV2dkMnpBQU4ydVl1UHFGY2pRcFNPODFzVTJTU3R3DQoxVzAyeUtYOGJEYmZFdjBzbUh3UzliQnFlSGo5NEM1Mjg0YXpsdTBmaUdpTm1OUEM4ckJLRmhBPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==
service:
name: webhook-service
namespace: metallb-system
path: /convert
conversionReviewVersions:
- v1beta1
- v1beta2
group: metallb.io
names:
kind: BGPPeer
listKind: BGPPeerList
plural: bgppeers
singular: bgppeer
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.peerAddress
name: Address
type: string
- jsonPath: .spec.peerASN
name: ASN
type: string
- jsonPath: .spec.bfdProfile
name: BFD Profile
type: string
- jsonPath: .spec.ebgpMultiHop
name: Multi Hops
type: string
name: v1beta1
schema:
openAPIV3Schema:
description: BGPPeer is the Schema for the peers API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: BGPPeerSpec defines the desired state of Peer.
properties:
bfdProfile:
type: string
ebgpMultiHop:
description: EBGP peer is multi-hops away
type: boolean
holdTime:
description: Requested BGP hold time, per RFC4271.
type: string
keepaliveTime:
description: Requested BGP keepalive time, per RFC4271.
type: string
myASN:
description: AS number to use for the local end of the session.
format: int32
maximum: 4294967295
minimum: 0
type: integer
nodeSelectors:
description: Only connect to this peer on nodes that match one of
these selectors.
items:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
minItems: 1
type: array
required:
- key
- operator
- values
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
type: array
password:
description: Authentication password for routers enforcing TCP MD5
authenticated sessions
type: string
peerASN:
description: AS number to expect from the remote end of the session.
format: int32
maximum: 4294967295
minimum: 0
type: integer
peerAddress:
description: Address to dial when establishing the session.
type: string
peerPort:
description: Port to dial when establishing the session.
maximum: 16384
minimum: 0
type: integer
routerID:
description: BGP router ID to advertise to the peer
type: string
sourceAddress:
description: Source address to use when establishing the session.
type: string
required:
- myASN
- peerASN
- peerAddress
type: object
status:
description: BGPPeerStatus defines the observed state of Peer.
type: object
type: object
served: true
storage: false
subresources:
status: {}
- additionalPrinterColumns:
- jsonPath: .spec.peerAddress
name: Address
type: string
- jsonPath: .spec.peerASN
name: ASN
type: string
- jsonPath: .spec.bfdProfile
name: BFD Profile
type: string
- jsonPath: .spec.ebgpMultiHop
name: Multi Hops
type: string
name: v1beta2
schema:
openAPIV3Schema:
description: BGPPeer is the Schema for the peers API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: BGPPeerSpec defines the desired state of Peer.
properties:
bfdProfile:
description: The name of the BFD Profile to be used for the BFD session
associated to the BGP session. If not set, the BFD session won't
be set up.
type: string
ebgpMultiHop:
description: To set if the BGPPeer is multi-hops away. Needed for
FRR mode only.
type: boolean
holdTime:
description: Requested BGP hold time, per RFC4271.
type: string
keepaliveTime:
description: Requested BGP keepalive time, per RFC4271.
type: string
myASN:
description: AS number to use for the local end of the session.
format: int32
maximum: 4294967295
minimum: 0
type: integer
nodeSelectors:
description: Only connect to this peer on nodes that match one of
these selectors.
items:
description: A label selector is a label query over a set of resources.
The result of matchLabels and matchExpressions are ANDed. An empty
label selector matches all objects. A null label selector matches
no objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the
key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
type: array
password:
description: Authentication password for routers enforcing TCP MD5
authenticated sessions
type: string
passwordSecret:
description: passwordSecret is name of the authentication secret for
BGP Peer. the secret must be of type "kubernetes.io/basic-auth",
and created in the same namespace as the MetalLB deployment. The
password is stored in the secret as the key "password".
properties:
name:
description: name is unique within a namespace to reference a
secret resource.
type: string
namespace:
description: namespace defines the space within which the secret
name must be unique.
type: string
type: object
x-kubernetes-map-type: atomic
peerASN:
description: AS number to expect from the remote end of the session.
format: int32
maximum: 4294967295
minimum: 0
type: integer
peerAddress:
description: Address to dial when establishing the session.
type: string
peerPort:
default: 179
description: Port to dial when establishing the session.
maximum: 16384
minimum: 0
type: integer
routerID:
description: BGP router ID to advertise to the peer
type: string
sourceAddress:
description: Source address to use when establishing the session.
type: string
vrf:
description: To set if we want to peer with the BGPPeer using an interface
belonging to a host vrf
type: string
required:
- myASN
- peerASN
- peerAddress
type: object
status:
description: BGPPeerStatus defines the observed state of Peer.
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: communities.metallb.io
spec:
group: metallb.io
names:
kind: Community
listKind: CommunityList
plural: communities
singular: community
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
description: Community is a collection of aliases for communities. Users can
define named aliases to be used in the BGPPeer CRD.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: CommunitySpec defines the desired state of Community.
properties:
communities:
items:
properties:
name:
description: The name of the alias for the community.
type: string
value:
description: The BGP community value corresponding to the given
name.
type: string
type: object
type: array
type: object
status:
description: CommunityStatus defines the observed state of Community.
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: ipaddresspools.metallb.io
spec:
group: metallb.io
names:
kind: IPAddressPool
listKind: IPAddressPoolList
plural: ipaddresspools
singular: ipaddresspool
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.autoAssign
name: Auto Assign
type: boolean
- jsonPath: .spec.avoidBuggyIPs
name: Avoid Buggy IPs
type: boolean
- jsonPath: .spec.addresses
name: Addresses
type: string
name: v1beta1
schema:
openAPIV3Schema:
description: IPAddressPool represents a pool of IP addresses that can be allocated
to LoadBalancer services.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: IPAddressPoolSpec defines the desired state of IPAddressPool.
properties:
addresses:
description: A list of IP address ranges over which MetalLB has authority.
You can list multiple ranges in a single pool, they will all share
the same settings. Each range can be either a CIDR prefix, or an
explicit start-end range of IPs.
items:
type: string
type: array
autoAssign:
default: true
description: AutoAssign flag used to prevent MetallB from automatic
allocation for a pool.
type: boolean
avoidBuggyIPs:
default: false
description: AvoidBuggyIPs prevents addresses ending with .0 and .255
to be used by a pool.
type: boolean
serviceAllocation:
description: AllocateTo makes ip pool allocation to specific namespace
and/or service. The controller will use the pool with lowest value
of priority in case of multiple matches. A pool with no priority
set will be used only if the pools with priority can't be used.
If multiple matching IPAddressPools are available it will check
for the availability of IPs sorting the matching IPAddressPools
by priority, starting from the highest to the lowest. If multiple
IPAddressPools have the same priority, choice will be random.
properties:
namespaceSelectors:
description: NamespaceSelectors list of label selectors to select
namespace(s) for ip pool, an alternative to using namespace
list.
items:
description: A label selector is a label query over a set of
resources. The result of matchLabels and matchExpressions
are ANDed. An empty label selector matches all objects. A
null label selector matches no objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or
DoesNotExist, the values array must be empty. This
array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key", the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
type: array
namespaces:
description: Namespaces list of namespace(s) on which ip pool
can be attached.
items:
type: string
type: array
priority:
description: Priority priority given for ip pool while ip allocation
on a service.
type: integer
serviceSelectors:
description: ServiceSelectors list of label selector to select
service(s) for which ip pool can be used for ip allocation.
items:
description: A label selector is a label query over a set of
resources. The result of matchLabels and matchExpressions
are ANDed. An empty label selector matches all objects. A
null label selector matches no objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or
DoesNotExist, the values array must be empty. This
array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key", the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
type: array
type: object
required:
- addresses
type: object
status:
description: IPAddressPoolStatus defines the observed state of IPAddressPool.
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: l2advertisements.metallb.io
spec:
group: metallb.io
names:
kind: L2Advertisement
listKind: L2AdvertisementList
plural: l2advertisements
singular: l2advertisement
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.ipAddressPools
name: IPAddressPools
type: string
- jsonPath: .spec.ipAddressPoolSelectors
name: IPAddressPool Selectors
type: string
- jsonPath: .spec.interfaces
name: Interfaces
type: string
- jsonPath: .spec.nodeSelectors
name: Node Selectors
priority: 10
type: string
name: v1beta1
schema:
openAPIV3Schema:
description: L2Advertisement allows to advertise the LoadBalancer IPs provided
by the selected pools via L2.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: L2AdvertisementSpec defines the desired state of L2Advertisement.
properties:
interfaces:
description: A list of interfaces to announce from. The LB IP will
be announced only from these interfaces. If the field is not set,
we advertise from all the interfaces on the host.
items:
type: string
type: array
ipAddressPoolSelectors:
description: A selector for the IPAddressPools which would get advertised
via this advertisement. If no IPAddressPool is selected by this
or by the list, the advertisement is applied to all the IPAddressPools.
items:
description: A label selector is a label query over a set of resources.
The result of matchLabels and matchExpressions are ANDed. An empty
label selector matches all objects. A null label selector matches
no objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the
key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
type: array
ipAddressPools:
description: The list of IPAddressPools to advertise via this advertisement,
selected by name.
items:
type: string
type: array
nodeSelectors:
description: NodeSelectors allows to limit the nodes to announce as
next hops for the LoadBalancer IP. When empty, all the nodes having are
announced as next hops.
items:
description: A label selector is a label query over a set of resources.
The result of matchLabels and matchExpressions are ANDed. An empty
label selector matches all objects. A null label selector matches
no objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the
key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
type: array
type: object
status:
description: L2AdvertisementStatus defines the observed state of L2Advertisement.
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: metallb
name: controller
namespace: metallb-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: metallb
name: speaker
namespace: metallb-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app: metallb
name: controller
namespace: metallb-system
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resourceNames:
- memberlist
resources:
- secrets
verbs:
- list
- apiGroups:
- apps
resourceNames:
- controller
resources:
- deployments
verbs:
- get
- apiGroups:
- metallb.io
resources:
- bgppeers
verbs:
- get
- list
- apiGroups:
- metallb.io
resources:
- addresspools
verbs:
- get
- list
- watch
- apiGroups:
- metallb.io
resources:
- bfdprofiles
verbs:
- get
- list
- watch
- apiGroups:
- metallb.io
resources:
- ipaddresspools
verbs:
- get
- list
- watch
- apiGroups:
- metallb.io
resources:
- bgpadvertisements
verbs:
- get
- list
- watch
- apiGroups:
- metallb.io
resources:
- l2advertisements
verbs:
- get
- list
- watch
- apiGroups:
- metallb.io
resources:
- communities
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app: metallb
name: pod-lister
namespace: metallb-system
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- metallb.io
resources:
- addresspools
verbs:
- get
- list
- watch
- apiGroups:
- metallb.io
resources:
- bfdprofiles
verbs:
- get
- list
- watch
- apiGroups:
- metallb.io
resources:
- bgppeers
verbs:
- get
- list
- watch
- apiGroups:
- metallb.io
resources:
- l2advertisements
verbs:
- get
- list
- watch
- apiGroups:
- metallb.io
resources:
- bgpadvertisements
verbs:
- get
- list
- watch
- apiGroups:
- metallb.io
resources:
- ipaddresspools
verbs:
- get
- list
- watch
- apiGroups:
- metallb.io
resources:
- communities
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: metallb
name: metallb-system:controller
rules:
- apiGroups:
- ""
resources:
- services
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services/status
verbs:
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- policy
resourceNames:
- controller
resources:
- podsecuritypolicies
verbs:
- use
- apiGroups:
- admissionregistration.k8s.io
resourceNames:
- metallb-webhook-configuration
resources:
- validatingwebhookconfigurations
- mutatingwebhookconfigurations
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
- mutatingwebhookconfigurations
verbs:
- list
- watch
- apiGroups:
- apiextensions.k8s.io
resourceNames:
- addresspools.metallb.io
- bfdprofiles.metallb.io
- bgpadvertisements.metallb.io
- bgppeers.metallb.io
- ipaddresspools.metallb.io
- l2advertisements.metallb.io
- communities.metallb.io
resources:
- customresourcedefinitions
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: metallb
name: metallb-system:speaker
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- nodes
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- policy
resourceNames:
- speaker
resources:
- podsecuritypolicies
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app: metallb
name: controller
namespace: metallb-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: controller
subjects:
- kind: ServiceAccount
name: controller
namespace: metallb-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app: metallb
name: pod-lister
namespace: metallb-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: pod-lister
subjects:
- kind: ServiceAccount
name: speaker
namespace: metallb-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: metallb
name: metallb-system:controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: metallb-system:controller
subjects:
- kind: ServiceAccount
name: controller
namespace: metallb-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: metallb
name: metallb-system:speaker
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: metallb-system:speaker
subjects:
- kind: ServiceAccount
name: speaker
namespace: metallb-system
---
apiVersion: v1
kind: Secret
metadata:
name: webhook-server-cert
namespace: metallb-system
---
apiVersion: v1
kind: Service
metadata:
name: webhook-service
namespace: metallb-system
spec:
ports:
- port: 443
targetPort: 9443
selector:
component: controller
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: metallb
component: controller
name: controller
namespace: metallb-system
spec:
revisionHistoryLimit: 3
selector:
matchLabels:
app: metallb
component: controller
template:
metadata:
annotations:
prometheus.io/port: "7472"
prometheus.io/scrape: "true"
labels:
app: metallb
component: controller
spec:
containers:
- args:
- --port=7472
- --log-level=info
env:
- name: METALLB_ML_SECRET_NAME
value: memberlist
- name: METALLB_DEPLOYMENT
value: controller
image: quay.io/metallb/controller:v0.13.9
livenessProbe:
failureThreshold: 3
httpGet:
path: /metrics
port: monitoring
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: controller
ports:
- containerPort: 7472
name: monitoring
- containerPort: 9443
name: webhook-server
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /metrics
port: monitoring
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
nodeSelector:
kubernetes.io/os: linux
securityContext:
fsGroup: 65534
runAsNonRoot: true
runAsUser: 65534
serviceAccountName: controller
terminationGracePeriodSeconds: 0
volumes:
- name: cert
secret:
defaultMode: 420
secretName: webhook-server-cert
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app: metallb
component: speaker
name: speaker
namespace: metallb-system
spec:
selector:
matchLabels:
app: metallb
component: speaker
template:
metadata:
annotations:
prometheus.io/port: "7472"
prometheus.io/scrape: "true"
labels:
app: metallb
component: speaker
spec:
containers:
- args:
- --port=7472
- --log-level=info
env:
- name: METALLB_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: METALLB_HOST
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: METALLB_ML_BIND_ADDR
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: METALLB_ML_LABELS
value: app=metallb,component=speaker
- name: METALLB_ML_SECRET_KEY_PATH
value: /etc/ml_secret_key
image: quay.io/metallb/speaker:v0.13.9
livenessProbe:
failureThreshold: 3
httpGet:
path: /metrics
port: monitoring
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: speaker
ports:
- containerPort: 7472
name: monitoring
- containerPort: 7946
name: memberlist-tcp
- containerPort: 7946
name: memberlist-udp
protocol: UDP
readinessProbe:
failureThreshold: 3
httpGet:
path: /metrics
port: monitoring
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_RAW
drop:
- ALL
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /etc/ml_secret_key
name: memberlist
readOnly: true
hostNetwork: true
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: speaker
terminationGracePeriodSeconds: 2
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
volumes:
- name: memberlist
secret:
defaultMode: 420
secretName: memberlist
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
creationTimestamp: null
name: metallb-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: metallb-system
path: /validate-metallb-io-v1beta2-bgppeer
failurePolicy: Fail
name: bgppeersvalidationwebhook.metallb.io
rules:
- apiGroups:
- metallb.io
apiVersions:
- v1beta2
operations:
- CREATE
- UPDATE
resources:
- bgppeers
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: metallb-system
path: /validate-metallb-io-v1beta1-addresspool
failurePolicy: Fail
name: addresspoolvalidationwebhook.metallb.io
rules:
- apiGroups:
- metallb.io
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- addresspools
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: metallb-system
path: /validate-metallb-io-v1beta1-bfdprofile
failurePolicy: Fail
name: bfdprofilevalidationwebhook.metallb.io
rules:
- apiGroups:
- metallb.io
apiVersions:
- v1beta1
operations:
- CREATE
- DELETE
resources:
- bfdprofiles
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: metallb-system
path: /validate-metallb-io-v1beta1-bgpadvertisement
failurePolicy: Fail
name: bgpadvertisementvalidationwebhook.metallb.io
rules:
- apiGroups:
- metallb.io
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- bgpadvertisements
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: metallb-system
path: /validate-metallb-io-v1beta1-community
failurePolicy: Fail
name: communityvalidationwebhook.metallb.io
rules:
- apiGroups:
- metallb.io
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- communities
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: metallb-system
path: /validate-metallb-io-v1beta1-ipaddresspool
failurePolicy: Fail
name: ipaddresspoolvalidationwebhook.metallb.io
rules:
- apiGroups:
- metallb.io
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- ipaddresspools
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: metallb-system
path: /validate-metallb-io-v1beta1-l2advertisement
failurePolicy: Fail
name: l2advertisementvalidationwebhook.metallb.io
rules:
- apiGroups:
- metallb.io
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- l2advertisements
sideEffects: None
/检查启动情况
kubectl get pod -n metallb-system -o wide
kubectl get daemonset -n metallb-system
kubectl get deployment -n metallb-system
3、创建MetalLB地址池
注意:如果你使用的是较新的 MetalLB 版本(特别是从 v0.10.0 版本开始),则需要配置 IPAddressPool 和 L2Advertisement 资源,而不是通过 ConfigMap 来配置地址池。MetalLB 的新版本采用了 CRD(Custom Resource Definitions)来配置。
这里就需要更改address,改成你自己想要的网段。
IP地址网段可以随意写,比如写172.30.1.150-172.30.1.180。
或者物理机器一个网段的192.168.206.150-192.168.206.180,但是注意网段不能是物理环境的已经存在的IP,这样地址冲突。重新不会提示冲突,因为这个虚拟机地址,但是访问会有问题
可能会创建多个对外暴露的Service,所以需要分配多个没有用到的IP地址给MetalLB。
可能会创建多个对外暴露的Service,所以需要分配多个没有用到的IP地址给MetalLB。
1.编写资源清单
[root@master231 ~]# cat metallb-ip-pool.yaml
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: first-pool
namespace: metallb-system
spec:
addresses:
# 注意改为你自己为MetalLB分配的IP地址
- 192.168.206.150-192.168.206.180
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: example
namespace: metallb-system
spec:
ipAddressPools:
- first-pool
[root@master231 ~]#
2.创建地址池资源
[root@master231 ~]# kubectl apply -f metallb-ip-pool.yaml
ipaddresspool.metallb.io/first-pool created
l2advertisement.metallb.io/example created
[root@master231 ~]#
温馨提示: 如果你的window系统和EXTERNAL-IP暴露的IP地址在同一个网段的话,也是可以直接访问的。比如我windows的IP是 192.168.206.3,而K8S的集群地址是192.168.206.10,192.168.206.11,192.168.206.12。而 metallb 的 IP 地址范围是192.168.206.150-192.168.206.180,故当一个svc启动后,例如占用的是192.168.206.150,
[root@master istio]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 511d
nginx-svc LoadBalancer 10.103.224.226 192.168.206.150 80:30701/TCP 48s
pv-svc NodePort 10.97.55.154 <none> 8080:30001/TCP 371d
[root@master istio]#
那么windows电脑是直接可以访问192.168.206.150。当然正常应该是访问宿主机IP:30701。因为宿主机的30701代理service的80
而如果跟windows不是一个网段,则windows不能直接访问,而只能通过访问宿主机的30701代理service的80
4、测试案例
编写资源清单
[root@master231 ~]# cat deploy-web.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.20.1-alpine
ports:
- containerPort: 80
[root@master231 ~]#
部署服务
[root@master231 ~]# kubectl apply -f deploy-web.yaml
deployment.apps/nginx-deployment created
[root@master231 ~]#
[root@master231 ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-deployment-f946c7d95-b52mx 1/1 Running 0 44s 10.100.1.12 worker232 <none> <none>
nginx-deployment-f946c7d95-qdrlj 1/1 Running 0 44s 10.100.2.11 worker233 <none> <none>
nginx-deployment-f946c7d95-w2d9l 1/1 Running 0 44s 10.100.1.13 worker232 <none> <none>
[root@master231 ~]#
创建svc
1.响应式创建
kubectl expose deployment nginx-deployment --name=nginx-svc --port=80 --target-port=80 --protocol=TCP --type=LoadBalancer
2.声明式创建
[root@master231 ~]# cat nginx-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-svc
spec:
type: LoadBalancer
ports:
- nodePort: 30080
port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx
[root@master231 ~]#
查看部署的svc
[root@master istio]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 511d
nginx-svc LoadBalancer 10.103.224.226 192.168.206.150 80:30701/TCP 48s
pv-svc NodePort 10.97.55.154 <none> 8080:30001/TCP 371d
[root@master istio]#
访问192.168.206.150
或者访问宿主机的30701,其中宿主机是三个节点,因为副本是3
http://192.168.206.10:30701/
http://192.168.206.11:30701/
http://192.168.206.12:30701/
5、修改MetalLB地址池
如果想要修改MetalLB地址池是可以的
1、修改IPAddressPool
[root@master istio]# kubectl get IPAddressPool -n metallb-system
NAME AUTO ASSIGN AVOID BUGGY IPS ADDRESSES
first-pool true false ["192.168.206.150-192.168.206.180"]
[root@master istio]# kubectl get L2Advertisement -n metallb-system
NAME IPADDRESSPOOLS IPADDRESSPOOL SELECTORS INTERFACES
example ["first-pool"]
[root@master istio]#
# 将192.168.206.150-192.168.206.180 改成 172.30.1.150-172.30.1.180
[root@master istio]# kubectl edit IPAddressPool first-pool -n metallb-system
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"metallb.io/v1beta1","kind":"IPAddressPool","metadata":{"annotations":{},"name":"first-pool","namespace":"metallb-system"},"spec":{"addresses":["172.30.1.150-172.30.1.180"]}}
creationTimestamp: "2024-06-26T01:41:31Z"
generation: 2
name: first-pool
namespace: metallb-system
resourceVersion: "641371"
uid: 86adc035-6ccb-4576-8c9d-0bfbaafa41cb
spec:
addresses:
- 172.30.1.150-172.30.1.180
autoAssign: true
avoidBuggyIPs: false
2、要删除metallb下的pod
kubectl delete pod controller-5684477f66-59sm5 speaker-fmzbn speaker-nrjqt speaker-tsjvq -n metallb-syste
更多推荐
所有评论(0)