Setup the MetalLB Loadbalancer
The MetalLb loadbalancer can be setup by editing the following file metallb-openstack-service-lb.yml
, You will need to add
your "external" VIP(s) to the loadbalancer so that they can be used within services. These IP addresses are unique and will
need to be customized to meet the needs of your environment.
Tip
When L2Advertisement is used, you should use a CIDR that is not overlapping with any local interface CIDR. This also enables later migration to BGP advertisement.
Create the MetalLB namespace
Install MetalLB
Run the MetalLB deployment Script /opt/genestack/bin/install-metallb.sh
You can include paramaters to deploy aio or base-monitoring. No paramaters deploys base
#!/bin/bash
# shellcheck disable=SC2124,SC2145,SC2294
GLOBAL_OVERRIDES_DIR="/etc/genestack/helm-configs/global_overrides"
SERVICE_CONFIG_DIR="/etc/genestack/helm-configs/metallb"
BASE_OVERRIDES="/opt/genestack/base-helm-configs/metallb/metallb-helm-overrides.yaml"
METALLB_VERSION="v0.13.12"
helm repo add metallb https://metallb.github.io/metallb
helm repo update
HELM_CMD="helm upgrade --install --namespace metallb-system metallb metallb/metallb --version ${METALLB_VERSION}"
HELM_CMD+=" -f ${BASE_OVERRIDES}"
for dir in "$GLOBAL_OVERRIDES_DIR" "$SERVICE_CONFIG_DIR"; do
if compgen -G "${dir}/*.yaml" > /dev/null; then
for yaml_file in "${dir}"/*.yaml; do
# Avoid re-adding the base override file if present in the service directory
if [ "${yaml_file}" != "${BASE_OVERRIDES}" ]; then
HELM_CMD+=" -f ${yaml_file}"
fi
done
fi
done
HELM_CMD+=" $@"
echo "Executing Helm command:"
echo "${HELM_CMD}"
eval "${HELM_CMD}"
Example LB manifest
Example for metallb-openstack-service-lb.yml
file.
---
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: gateway-api-external
namespace: metallb-system
spec:
addresses:
- 10.74.8.99/32 # This is assumed to be the public LB vip address
autoAssign: false
avoidBuggyIPs: true
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: openstack-external-advertisement
namespace: metallb-system
spec:
ipAddressPools:
- gateway-api-external
nodeSelectors: # Optional block to limit nodes for a given advertisement
- matchLabels:
node-role.kubernetes.io/worker: worker
# interfaces: # Optional block to limit ifaces used to advertise VIPs
# - br-host
---
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: primary
namespace: metallb-system
spec:
addresses:
- 10.234.0.0/24
autoAssign: false
avoidBuggyIPs: true
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: cluster-internal-advertisement
namespace: metallb-system
spec:
ipAddressPools:
- primary
nodeSelectors: # Optional block to limit nodes for a given advertisement
- matchLabels:
node-role.kubernetes.io/worker: worker
# interfaces: # Optional block to limit ifaces used to advertise VIPs
# - br-host
Tip
Edit the /etc/genestack/manifests/metallb/metallb-openstack-service-lb.yml
file following the comment instructions with the details of your cluster.
The file metallb-openstack-service-lb.yml
is intially provided during bootstrap for genestack.
Verify the deployment of MetalLB by checking the pods in the metallb-system
namespace.
Once MetalLB is operatianal, apply the metallb service manifest.
Re-IP the advertisement pools
In situations where the advertisement pools must be changed, the following disruptive procedure can be used:
Update existing metallb configuration:
kubectl -n metallb-system delete IPAddressPool/primary
kubectl -n metallb-system delete IPAddressPool/gateway-api-external
kubectl apply -f /etc/genestack/manifests/metallb/metallb-openstack-service-lb.yml
Restart the metallb controller:
```shell
kubectl rollout restart deployment metallb-controller -n metallb-system
Once the metallb controller restarts it'll begin to reip the external service IP associations which typically requires DNS entry updates. This change including the DNS refresh (TTL) time will be disruptive.