If you’re trying to run MetalLB on a cloud platform, you should also look at the cloud compatibility page and make sure your cloud platform can work with MetalLB (most cannot).
There are two supported ways to install MetalLB: using plain Kubernetes manifests, or using Kustomize.
If you’re using kube-proxy in IPVS mode, since Kubernetes v1.14.2 you have to enable strict ARP mode.
Note, you don’t need this if you’re using kube-router as service-proxy because it is enabling strict arp by default.
You can achieve this by editing kube-proxy config in current cluster:
kubectl edit configmap -n kube-system kube-proxy
apiVersion: kubeproxy.config.k8s.io/v1alpha1 kind: KubeProxyConfiguration mode: "ipvs" ipvs: strictARP: true
You can also add this configuration snippet to your kubeadm-config, just append it with
--- after the main configuration.
If you are trying to automate this change, these shell snippets may help you:
# see what changes would be made, returns nonzero returncode if different kubectl get configmap kube-proxy -n kube-system -o yaml | \ sed -e "s/strictARP: false/strictARP: true/" | \ kubectl diff -f - -n kube-system # actually apply the changes, returns nonzero returncode on errors only kubectl get configmap kube-proxy -n kube-system -o yaml | \ sed -e "s/strictARP: false/strictARP: true/" | \ kubectl apply -f - -n kube-system
To install MetalLB, apply the manifest:
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.9.3/manifests/namespace.yaml kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.9.3/manifests/metallb.yaml # On first install only kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)"
This will deploy MetalLB to your cluster, under the
namespace. The components in the manifest are:
metallb-system/controllerdeployment. This is the cluster-wide controller that handles IP address assignments.
metallb-system/speakerdaemonset. This is the component that speaks the protocol(s) of your choice to make the services reachable.
The installation manifest does not include a configuration
file. MetalLB’s components will still start, but will remain idle
define and deploy a configmap.
memberlist secret contains the
secretkey to encrypt the communication between speakers for the fast dead node detection.
You can install MetalLB with kustomize by pointing on the remote kustomization fle :
# kustomization.yml namespace: metallb-system resources: - github.com/metallb/metallb//manifests?ref=v0.9.3 - configmap.yml - secret.yml
If you want to use a
for config file, you want to tell kustomize not to append a hash to
the configMap, as MetalLB is waiting for a configMap named
# kustomization.yml namespace: metallb-system resources: - github.com/metallb/metallb//manifests?ref=v0.9.3 configMapGenerator: - name: config files: - configs/config secretGenerator: - name: memberlist files: - configs/secretkey generatorOptions: disableNameSuffixHash: true
When upgrading MetalLB, always check the release notes to see the changes and required actions, if any. Pay special attention to the release notes when upgrading to newer major/minor releases.