Tuesday, 24 July 2018

Using MetalLB in Kubernetes for the external connectivity

MetalLB for External Connectivity

   This post explains how we can use MetalLB to attract traffic from a gateway router to kubernetes cluster. 

Prerequisites

  • kubernetes cluster ( I have 1 master + 2 node cluster)
  • Installed pod networking. Calico is used as CNI in my setup
  • Gateway router with BGP. 

Installation and configuration 

  1. Install Metallb using below yaml file. 
kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.6.2/manifests/metallb.yaml

This will create one controller and two speaker pods. Controller will be responsible for assigning external IP address from the address pool defined in the config file (step 3).
Speaker nodes will announce the IP address to the gateway router

      2.  You can view the pods running successfully in namespace metallb-system

    







      3. Create a config map with BGP configuration details and address pool from which externalIP for the services will be picked automatically as shown below

apiVersion: v1
kind: ConfigMap
metadata:
  namespace: metallb-system
  name: config
data:
  config: |
    peers:
    - peer-address: 172.16.0.11
      peer-asn: 65001
      my-asn: 64512
    address-pools:
    - name: default
      protocol: bgp
      addresses:
      - 80.11.12.0/30
In the above configuration peer-address and peer-asn are the IP address and asn of my gateway router.

    4. After creating config map file check whether BGP peer is established with the gateway router in the speaker logs.

root@master1:~/metalLB# kubectl logs -n metallb-system speaker-fx4d9
......
{"caller":"bgp.go:62","event":"sessionUp","localASN":64512,"msg":"BGP session established","peer":"172.16.0.11:179","peerASN":65001,"ts":"2018-07-06T00:19:51.282711062Z"}

Create a service and test


  •      Create a service to check whether metalLB assigns externalIP. If you dont want to assign a fixed externalIP to your service you can use loadBalancerIP. Note that the address must be in the range defined in the config map in step 3.

apiVersion: v1
kind: Service
metadata:
  name: metalservice
  namespace: default
spec:
  ports:
  - port: 5001
    protocol: TCP
    targetPort: 80
  selector:
    run: my-nginx
  loadBalancerIP: 80.11.12.1
  type: LoadBalancer

  •     Check whether the service got external-ip

root@master1:~/metalLB# kubectl get svc
NAME           TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
kubernetes     ClusterIP      10.96.0.1                 <none>        443/TCP          17h
metalservice   LoadBalancer   10.111.117.248   80.11.12.1    5001:30879/TCP   2h


In the speaker logs you can see the external IP is advertised 

{"caller":"bgp_controller.go:162","event":"updatedAdvertisements","ip":"80.11.12.1","msg":"making advertisements using BGP","numAds":1,"pool":"default","protocol":"bgp","service":"default/metalservice","ts":"2018-07-06T00:22:18.896880181Z"}


  • Verification from router

In the router you can see the externalIP address and next hop as the worker nodes

vm-011 ~ # gobgp global rib
   Network              Next Hop             AS_PATH              Age        Attrs
*> 80.11.12.1/32    172.16.0.10          64512                02:11:07   [{Origin: ?} {Med: 0} {LocalPref: }]
80.11.12.1/32      172.16.0.9           64512                02:11:07   [{Origin: ?} {Med: 0} {LocalPref:}]
*> 172.16.0.0/16        0.0.0.0                                   00:21:31   [{Origin: i} {Med: 0}]

Check whether you can access the service from the router

vm-011 ~ # wget http://80.11.12.1:5001
Connecting to 80.11.12.1:5001 (80.11.12.1:5001)
index.html           100% |**************************************************************************************************************************************************************|   612   0:00:00 ETA
vm-011 ~ #


References