Kubernetes 集群安装 MetalLB

Kubernetes 集群安装 MetalLB

MetalLB是一个用于为Kubernetes服务提供负载均衡的开源项目。它为Kubernetes集群提供了对外部访问的能力，特别是对于那些没有云提供商负载均衡器的环境，比如裸金属或者本地虚拟机环境。

启用严格 ARP 模式

如果 kube-proxy 使用的是 ipvs 模式，需要修改 kube-proxy 配置文件，启用严格的 ARP

~# kubectl edit configmap -n kube-system kube-proxy
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
...
mode: "ipvs"
ipvs:
  strictARP: true

~# kubectl rollout restart daemonset kube-proxy -n kube-system

安装MetalLB

安装 metalLB

# 原生
# kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.14.9/config/manifests/metallb-native.yaml
~# wget https://raw.githubusercontent.com/metallb/metallb/v0.14.9/config/manifests/metallb-native.yaml
~# kubectl apply metallb-native.yaml
# 启用 FRR(可选)
~# kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.14.9/config/manifests/metallb-frr.yaml

~# kubectl  get pod -n metallb-system -o wide 
NAME                          READY   STATUS    RESTARTS   AGE   IP               NODE            NOMINATED NODE   READINESS GATES
controller-7499d4584d-czt74   1/1     Running   0          82s   10.244.7.132     k8s-worker-03   <none>           <none>
speaker-m6l75                 1/1     Running   0          82s   192.168.122.22   k8s-worker-02   <none>           <none>
speaker-mpmg8                 1/1     Running   0          82s   192.168.122.23   k8s-worker-03   <none>           <none>
speaker-msq7g                 1/1     Running   0          82s   192.168.122.21   k8s-worker-01   <none>           <none>
speaker-scjrl                 1/1     Running   0          82s   192.168.122.11   k8s-master-01   <none>           <none>

定义IP地址池

~# cat >  ipaddresspool.yaml <<EOF
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
  name: ip-pool
  namespace: metallb-system
spec:
  addresses:
  - 192.168.122.106-192.168.122.110
EOF
~# kubectl apply -f ipaddresspool.yaml 

~# ~# kubectl  get ipaddresspools  -n metallb-system
NAME      AUTO ASSIGN   AVOID BUGGY IPS   ADDRESSES
ip-pool   true          false             ["192.168.122.106-192.168.122.110"]

创建 L2Advertisement，并关联 IPAdressPool

L2 模式不要求将 IP 绑定到网络接口 工作节点。它的工作原理是响应本地网络 arp 请求，以将计算机的 MAC 地址提供给客户端

如果不设置关联到 IPAdressPool，那默认 L2Advertisement 会关联上所有可用的 IPAdressPool

~# cat  > l2advertise.yaml <<EOF
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
  name: l2adver
  namespace: metallb-system
spec:
  ipAddressPools: 
    - ip-pool
EOF
~# kubectl apply -f l2advertise.yaml 

验证 MetalLB 可用性

~# kubectl create deployment demoapp --image=ikubernetes/demoapp:v1.0 --replicas=2
~# kubectl create service loadbalancer demoapp --tcp=80:80
~# kubectl get svc demoapp
NAME      TYPE           CLUSTER-IP      EXTERNAL-IP       PORT(S)        AGE
demoapp   LoadBalancer   10.100.49.222   192.168.122.107   80:28156/TCP   21s
~# curl 192.168.122.107
iKubernetes demoapp v1.0 !! ClientIP: 10.244.151.128, ServerName: demoapp-7c58cd6bb-7645v, ServerIP: 10.244.118.68!

集成 Ingress-Nginx

部署Ingress-Controller

部署nginx-controller，且通过修改kube-apiserver的 service监听端口范围含80和443端口，部署结果如果如下：

# kubectl  get svc ingress-nginx-controller  -n ingress-nginx 
NAME                       TYPE           CLUSTER-IP       EXTERNAL-IP       PORT(S)                 AGE
ingress-nginx-controller   LoadBalancer   10.111.253.253   192.168.122.106   80:80/TCP,443:443/TCP   26m

定义Ingress 规则

echo "---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: demoappingress
spec:
  rules:
  - host: demoapp.linux.io
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: demoapp
            port:
              number: 80
  ingressClassName: nginx"|tee demoapp-ngress.yaml|kubectl apply -f -

~# curl -H 'Host: demoapp.linux.io' 192.168.122.106
iKubernetes demoapp v1.0 !! ClientIP: 10.244.7.131, ServerName: demoapp-7c58cd6bb-mfqn6, ServerIP: 10.244.7.133!