Leveled logging is now supported. You can set
--log-level flag to one of
none to filter produced logs by level.
The default value is set to
info on both helm charts and k8s manifests.
MetalLB previously required the speaker to run on the same node as a pod backing a LoadBalancer, even when the ExternalTrafficPolicy was set to cluster. You may now run the MetalLB speaker on a subset of nodes, and the LoadBalancer will work for the cluster policy, regardless of where the endpoints are located. (PR #976)
It is now possible to configure the source address used for BGP sessions. (PR #902)
A new config flag has been added to allow disabling the use of Kubernetes EndpointSlices. (PR #937)
A new manifest,
prometheus-operator.yaml is now included with MetalLB to
help set up the resources necessary to allow Prometheus to gather metrics
from the MetalLB services.
(helm chart) Add support for specifying additional labels for
PrometheusRule resources. This is needed when using the Prometheus
operator and have it configured to use
that are using a specific label.
Changes in behavior:
With the newly introduced leveled logging support, the default value for the
--log-level is set to
info on both helm charts and k8s manifests.
This will produce fewer logs compared to the previous releases,
debug level logs will be filtered out. You can preserve the old verbosity by
editing the k8s manifests and setting the argument
--log-level=all for both the controller and
speaker when installing using manifests, or by overriding helm values
speaker.logLevel=all when installing with Helm.
The L2 node allocation logic is now using the LoadBalancer IP and not the service name. This means that the node associated to a given service may change across releases. This would affect established connections as a new GARP will sent out to announce the IP belonging to the new node. (PR #976)
L2 mode now allows to announce from nodes where the speaker is not running from in case of ExternalTrafficPolicy = Cluster. The association of the node to the service is done via the LoadBalancerIP, avoiding scenarios where two services sharing the same IP are announced from different nodes. (Issue #968) (Issue #558) (Issue #315)
Multi-arch images have been fixed to ensure the included busybox is based on the target platform architecture instead of the build platform architecture. Previously this made debugging these running containers more difficult as the included tools were not usable. (Issue #618)
This release includes contributions from bootjp / Yoshiaki Ueda, Brandon B. Jozsa, Carlos Goncalves, Christoph Raab, claudex, David Anderson, Dax McDonald, Etienne Champetier, Federico Paolinelli, Graeme Lawes, jlclx, Johannes Liebermann, Mark Gray, Maxim Makarov, Mike McKiernan, Mohamed Mahmoud, Ori Braunshtein, Rodrigo Campos, Russell Bryant, Sabina Aledort, t0b3, Till Adam, Tomofumi Hayashi, Trey Dockendorf, Utku Ozdemir, and Yves Mettier. Thank you!
fsGroup to the MetalLB controller deployment to address compatibility with Kubernetes 1.21
and later. See Kubernetes issue #70679.
This ensures the MetalLB controller can read the service account token volume.
helm: fix validation of imagePullSecrets (Issue #897)
layer2: Fix a race condition when sending gratuitous ARP or NDP messages where an error on a removed interface would cause MetalLB to skip sending the same message out on the rest of the list of interfaces. (Issue #681)
manifests/metallb.yamlto refer to the images for the release tag instead of the
mainbranch. (Issue #874)
Helm Charts are now provided. You should be able to migrate from Bitnami Charts to MetalLB Charts by just changing the repo and upgrading. For more details, see the installation documentation.
Version 0.9.x required the creation of a Secret called
Secret is now automatically created by the MetalLB controller if it does not
already exist. To use this feature you must set the new
METALLB_DEPLOYMENT environment variables.
This is already done in the manifests provided with this release.
Endpoint Slices support. Endpoint slices are the proposed and more scalable way introduced in k8s to find services endpoints. From this version, MetalLB checks for EndpointSlices availability and uses them, otherwise it backs up to endpoints.
Changes in behavior:
port option to the
speaker, which is the prometheus metrics port, now
defaults to port
7472. This was already the default in the manifests
included with MetalLB, but the binary itself previously defaulted to port
config-ns option of both the
controller and the
speaker and the
METALLB_ML_NAMESPACE environment variable of the
replaced by the
namespace option or the
variable. If not set the namespace is read from
This release includes contributions from Adit Sachde, Adrian Goins, Andrew Grosser, Brian Topping, Chance Carey, Chris Tarazi, Damien TOURDE, David Anderson, Dax McDonald, dougbtv, Etienne Champetier, Federico Paolinelli, Graeme Lawes, Henry-Kim-Youngwoo, Igal Serban, Jan Krcmar, JinLin Fu, Johannes Liebermann, Jumpy Squirrel, Lars Ekman, Leroy Shirto, Mark Gray, NorthFuture, Oleg Mayko, Reinier Schoof, Rodrigo Campos, Russell Bryant, Sebastien Dionne, Stefan Lasiewski, Steven Follis, sumarsono, Thorsten Schifferdecker, toby cabot, Tomofumi Hayashi, Tony Perez, and Yuan Liu. Thank you!
This release includes contributions from Lars Ekman, Rodrigo Campos, Russell Bryant and Stefan Lasiewski. Thanks for making MetalLB better!
This release includes contributions from Adit Sachde and Jan Krcmar. Thanks for making MetalLB better!
This release includes contributions from Andrew Grosser, Chance Carey, Damien TOURDE, Etienne Champetier, Johannes Liebermann, Jumpy Squirrel, Lars Ekman, Rodrigo Campos, Russell Bryant, Sebastien Dionne, Steven Follis, sumarsono Thorsten Schifferdecker, toby cabot and Yuan Liu. Thanks to all of them for making MetalLB better!
Fix manifests to use container image version
v0.9.3 instead of
v0.9.2 are encouraged to upgrade, as manifests included in that
use an incorrect container image version. Those two images happen to match
now but, as development continues on
main branch, they will differ.
Update installation procedure to create the namespace first (#557).
This release includes contributions from Henry-Kim-Youngwoo, Oleg Mayko and Rodrigo Campos. Thanks to all of them for making MetalLB better!
Dramatically reduce dead node detection time when using Layer 2 mode (#527).
This is improvement closes the long standing issue
#298 that has been a common
pain point for users using Layer 2 mode. This feature is enabled by default. You
can disable it by simply changing the
Daemonset manifest and
METALLB_ML_BIND_ADDR environment variable. Also, you can verify
the old method is being used by checking the
speaker log on startup to
Not starting fast dead node detection (MemberList). If not shown,
the new fast node detection method is being used.
Allow spaces in address pool IP ranges (#499).
address_totalPrometheus metric (#518).
kube-proxyin IPVS mode (#507).
This release includes contributions from binoue, David Anderson, dulltz, Etienne Champetier, Gary Richards, Jean-Philippe Evrard, Johan Fleury, k2mahajan, Knic Knic, kvaps, Lars Ekman, masa213f, remche, Rickard von Essen, Rui Lopes, Serge Bazanski, Spence. Thanks to all of them for making MetalLB better!
0.9.0 and 0.9.1 were never released, due to a bug that prevented building Docker images. 0.9.2 is the first “real” release of the 0.9.x branch.
This release includes contributions from Rémi Cailletaud.
This release includes contributions from David Anderson and Gary Richards.
This release includes contributions from David Anderson.
Action required if updating from 0.7.x:
speakerDaemonSet now specifies a toleration to run on Kubernetes control plane nodes that have the standard, unfortunately named “master” taint. If you don’t want MetalLB to run on control plane nodes, you need to remove that toleration from the manifest.
speakerDaemonSet to request the elevated privileges it needs. If your cluster enforces pod security policies, you should review the provided policy before deploying it.
kubectl get nodes -owide). To revert to the previous behavior of offering metrics on all interfaces, remove the METALLB_HOST environment variable from the manifest.
PodSecurityPolicyfor the MetalLB speaker, granting it the necessary privileges for it to function. This should make MetalLB work out of the box in clusters with pod security policies enforced.
DaemonSet, rather than the obsolete
glogtrying to write to disk despite explicit instructions to the contrary. (#427)
spec.loadBalancerIPvalidation on IPv6 clusters. (#301)
This release includes contributions from Alex Lovell-Troy, Antonio Ojea, aojeagarcia, Ashley Dumaine, Brian, Brian Topping, David Anderson, Eduardo Minguez Perez, Elan Hasson, Irit Goihman, Ivan Kurnosov, Jeff Kolb, johnl, Jordan Neufeld, kvaps, Lars Ekman, Matt Sharpe, Maxime Guyot, Miek Gieben, Niklas Voss, Oilbeater, remche, Rodrigo Campos, Sergey Anisimov, Stephan Fudeus, Steven Beverly, stokbaek and till. Thanks to all of them for making MetalLB better!
x/sys/unixinstead of the
Action required if updating from 0.6.x:
kubectl delete -nmetallb-system endpoints metallb-speaker
kubectl delete -nmetallb-system rolebinding leader-election
kubectl delete -nmetallb-system role leader-election
externalTrafficPolicy=Local, meaning layer2 services can see the true client source IP. (#257)
This release includes contributions from Baul, David Anderson, Ryan Roemmich, Sanjeev Rampal, and Steve Sloka. Thanks to all of them for making MetalLB better!
Action required if upgrading from 0.5.x:
cidrfield of address pools to
arp-networkstatements with a range-based IP allocation
This release includes contributions from David Anderson, ghorofamike, Serguei Bezverkhi, and Zsombor Welker. Thanks to all of them for making MetalLB better!
Action required if upgrading from 0.4.x:
cidrfield of address pools in the configuration file has been renamed to
addresses. MetalLB 0.5 understands both
addresses, but in 0.6 it will only understand
addresses, so please update now.
ndpprotocols have been replaced by a unified
layer2protocol. MetalLB 0.5 understands both the old and new names, but 0.6 will only understand
layer2, so please update now.
arp-networkentries from your configuration. If your address pool overlaps with the ethernet network or broadcast addresses for your LAN, use IP range notation (see new features) to exclude them from your address pool.
ndp_*metrics, there is now single set of
layer2_*metrics, in which the
iplabel can be IPv4 or IPv6.
protocol: layer2in the configuration file. Layer 2 mode uses ARP and NDP under the hood, but having a single protocol name makes it easier to build protocol-agnostic configuration templates.
192.168.0.0-192.168.0.255is equivalent to
192.168.0.0/24. This makes it much easier to allocate IP ranges that don’t fall cleanly on CIDR prefix boundaries.
This was a broken attempt to fix the same bugs as 0.4.5. You should not use this version.
Action required if upgrading from 0.3.x:
app: speakerKubernetes labels to find MetalLB objects, you should now match on a combination of
component: speaker, depending on what objects you want to select.
kubectl delete -f metallb.yaml.
ndpprotocol allows v6 Kubernetes clusters to advertise their services using the Neighbor Discovery Protocol, IPv6’s analog to ARP. If you have an IPv6 Kubernetes cluster, please try it out and file bugs!
This release includes contributions from Oga Ajima, David Anderson, Matt Layher, John Marcou, Paweł Prażak, and Hugo Slabbert. Thanks to all of them for making MetalLB better!
Fixes a couple of embarrassing bugs that sneaked into 0.3.
apps/v1for MetalLB’s Deployment and Daemonset, to remain compatible with Kubernetes 1.8.
metallb-systemnamespace when installing
test-bgp-router. Bird got updated to 2.0, and the integration with
test-bgp-routerneeds some reworking.
Action required if upgrading from 0.2.x:
bgp-speakerDaemonSet has been renamed to just
speaker. Before applying the manifest for 0.3.0, delete the old daemonset with
kubectl delete -n metallb-system ds/bgp-speaker. This will take down your load balancers until you deploy the new DaemonSet.
address-poolmust now have a
protocolfield, to select between ARP and BGP mode. For your existing configurations, add
protocol: bgpto each address pool definition.
address-poolhas been renamed to
bgp-advertisements, and is now optional. If you don’t need any special advertisement settings, you can remove the section entirely, and MetalLB will use a reasonable default.
communitiessection has been renamed to
protocol: arpon an address pool. ARP mode does not require any special network equipment, and minimal configuration. You can follow the ARP mode tutorial to get started. There is also a page about ARP mode’s behavior and tradeoffs, and documentation on configuring ARP mode.
This release includes contributions from David Anderson, Charles Eckman, Miek Gieben, Matt Layher, Xavier Naveira, Marcus Söderberg, Kouhei Ueno. Thanks to all of them for making MetalLB better!
Major themes for this version are: improved BGP interoperability, vastly increased test coverage, and improved documentation structure and accessibility.
This was the first tagged version of MetalLB. Its changelog is effectively “MetalLB now exists, where previously it did not.”