Kubernetes bare-metal load balancer – MetalLB deployment – Part 2

How to install and configure the MetalLB load balancer on the Kubernetes cluster? MetalLB uses a standard routing protocol to provide a network load-balancing solution for bare metal kubernetes clusters. Kubernetes doesn’t offer any network load balancers for bare-metal implementation. It does have peace to code to call the Cloud network load balancers if you are planning to host it in AWS, Azure, and GCP IaaS services. On bare-metal implementation, Nodeport is the only way to access the services outside the cluster. But Nodeport has its own limitations. You need to track the nodes which have the pods with exposed ports and port range allowed from  30,000 to 32,767 only.

MetalLB fills this gap by providing a load balancer to access the services outside the kubernetes cluster on the bare-metal implementation.

Pre-requisite:

1. Kubernetes bare-metal cluster with version 1.13.0 or later.
2. IPV4 subnet range for Metal Loadbalancer.
3. Port  7946 must be allowed between nodes if you are using the firewall.

Installing & Configuring MetalLB:

1. Log into the kubernetes cluster with the required privileges.

2. Let’s identify the IP range for the MetalLB. Check the k8s node IP range.

lingesh@uamaster1:~$ kubectl get nodes -o wide
NAME        STATUS   ROLES                  AGE    VERSION   INTERNAL-IP      EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION      CONTAINER-RUNTIME
uamaster1   Ready    control-plane,master   152d   v1.23.5   192.168.23.132   <none>        Ubuntu 20.04.4 LTS   5.4.0-125-generic   containerd://1.6.2
uaworker1   Ready    <none>                 152d   v1.23.5   192.168.23.133   <none>        Ubuntu 20.04.4 LTS   5.4.0-125-generic   containerd://1.6.2
uaworker2   Ready    <none>                 152d   v1.23.5   192.168.23.134   <none>        Ubuntu 20.04.4 LTS   5.4.0-125-generic   containerd://1.6.2
lingesh@uamaster1:~$ 

In my case, the network is 192.168.23.1/24

3. Use “sipcalc” to know your IP range.

lingesh@uamaster1:~$ sipcalc 192.168.23.1/24
-[ipv4 : 192.168.23.1/24] - 0

[CIDR]
Host address            - 192.168.23.1
Host address (decimal)  - 3232241409
Host address (hex)      - C0A81701
Network address         - 192.168.23.0
Network mask            - 255.255.255.0
Network mask (bits)     - 24
Network mask (hex)      - FFFFFF00
Broadcast address       - 192.168.23.255
Cisco wildcard          - 0.0.0.255
Addresses in network    - 256
Network range           - 192.168.23.0 - 192.168.23.255
Usable range            - 192.168.23.1 - 192.168.23.254

-
lingesh@uamaster1:~$

4. For MetalLB, You need to enable strict ARP if the Kube-proxy is using IPVS mode.

lingesh@uamaster1:~$ kubectl describe  configmaps -n kube-system kube-proxy |egrep "mode|strict"
  strictARP: true
mode: ipvs
lingesh@uamaster1:~$

5. Creates a namespace called “metallb-system” and install MetalLB using the manifest. Kindly refer MetalLB installation page to find the correct manifest URL.

lingesh@uamaster1:~$ kubectl create ns metallb-system
lingesh@uamaster1:~$ kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/metallb.yaml -n metallb-system

My K8s cluster version is v1.23.5 and faced issues with MetalLB version v0.13.5. I am able to deploy the metalLB but services are unable to get the Load Balancer IP (shows pending).

You can test and share your experience in the comments section.

You can also install MetalLB using a helm chart.

lingesh@uamaster1:~$ helm repo add metallb https://metallb.github.io/metallb
lingesh@uamaster1:~$ helm install metallb metallb/metallb

6. Verify the MetalLB installation.

lingesh@uamaster1:~$ kubectl get all -n metallb-system
NAME                              READY   STATUS    RESTARTS   AGE
pod/controller-65b5d5b754-wslgv   1/1     Running   0          61s
pod/speaker-cc7sp                 1/1     Running   0          32m
pod/speaker-cqqrc                 1/1     Running   0          6m24s
pod/speaker-rcdb2                 1/1     Running   0          32m

NAME                      TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
service/webhook-service   ClusterIP   10.233.54.207   <none>        443/TCP   32m

NAME                     DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR            AGE
daemonset.apps/speaker   3         3         3       3            3           kubernetes.io/os=linux   32m

NAME                         READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/controller   1/1     1            1           32m

NAME                                    DESIRED   CURRENT   READY   AGE
replicaset.apps/controller-65b5d5b754   1         1         1       32m
lingesh@uamaster1:~$

7. Configure the address pool for the MetalLB. Create a manifest like below.

apiVersion: v1
kind: ConfigMap
metadata:
  namespace: metallb-system
  name: config
data:
  config: |
    address-pools:
    - name: default
      protocol: layer2
      addresses:
      - 192.168.23.150-192.168.23.250

8. Create the config map using the kubectl create command.

lingesh@uamaster1:~$ kubectl create -f metallb.yaml -n metallb-system
configmap/config created
lingesh@uamaster1:~$

Test the MetalLB LoadBalancer using nginx deployment

1. I have an existing nginx deployment and have yet to expose it to the load balancer

lingesh@uamaster1:~$ kubectl get all -n nginx-test
NAME                                    READY   STATUS    RESTARTS   AGE
pod/nginx-deployment-74d589986c-lxkfq   1/1     Running   0          33m

NAME                               READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/nginx-deployment   1/1     1            1           33m

NAME                                          DESIRED   CURRENT   READY   AGE
replicaset.apps/nginx-deployment-74d589986c   1         1         1       33m

2. Expose the nginx deployment to LoadBalancer.

lingesh@uamaster1:~$ kubectl expose deployment.apps/nginx-deployment --port 80 --type LoadBalancer -n nginx-test
service/nginx-deployment exposed
lingesh@uamaster1:~$ kubectl get all -n nginx-test
NAME                                    READY   STATUS    RESTARTS   AGE
pod/nginx-deployment-74d589986c-lxkfq   1/1     Running   0          59m

NAME                       TYPE           CLUSTER-IP      EXTERNAL-IP      PORT(S)        AGE
service/nginx-deployment   LoadBalancer   10.233.11.165   192.168.23.153   80:30218/TCP   2s

NAME                               READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/nginx-deployment   1/1     1            1           59m

NAME                                          DESIRED   CURRENT   READY   AGE
replicaset.apps/nginx-deployment-74d589986c   1         1         1       59m
lingesh@uamaster1:~$

3. Try to access the service using the external IP which was allocated by the MetalLB.

Conclusion:

We have successfully deployed the MetalLB load balancer on the bare metal Kubernetes cluster. Tested the Loadbalancer functionality by exposing the existing nginx deployment. As part of the Baremetal K8s series, we have completed step 2 successfully.

1. kubernetes cluster setup – k8s LAB using Kubespary – Part 1
2. Kubernetes bare metal load balancer – MetalLB deployment – Part 2 (You are here now)