This is the multi-page printable view of this section.
Click here to print.
Return to the regular view of this page.
MetalLB Configuration
MetalLB is a load-balancer implementation for on-premises Kubernetes clusters, using standard routing protocols.
Best Practice
Any supported EKS Anywhere curated package should be modified through package yaml files (with kind: Package
) and applied through the command eksctl anywhere apply package -f packageFileName
. Modifying objects outside of package yaml files may lead to unpredictable behaviors.
For automatic namespace (targetNamespace) creation, see createNamespace
field: PackagebundleController.spec
1 - MetalLB
Install/upgrade/uninstall MetalLB
If you have not already done so, make sure your cluster meets the package prerequisites.
Be sure to refer to the troubleshooting guide
in the event of a problem.
Important
- Starting at
eksctl anywhere
version v0.12.0
, packages on workload clusters are remotely managed by the management cluster.
- While following this guide to install packages on a workload cluster, please make sure the
kubeconfig
is pointing to the management cluster that was used to create the workload cluster. The only exception is the kubectl create namespace
command below, which should be run with kubeconfig
pointing to the workload cluster.
Install
-
Generate the package configuration
eksctl anywhere generate package metallb --cluster <cluster-name> > metallb.yaml
-
Add the desired configuration to metallb.yaml
Please see complete configuration options
for all configuration options and their default values.
Example package file with bgp configuration:
apiVersion: packages.eks.amazonaws.com/v1alpha1
kind: Package
metadata:
name: mylb
namespace: eksa-packages-<cluster-name>
spec:
packageName: metallb
config: |
IPAddressPools:
- name: default
addresses:
- 10.220.0.93/32
- 10.220.0.97-10.220.0.120
BGPAdvertisements:
- ipAddressPools:
- default
BGPPeers:
- peerAddress: 10.220.0.2
peerASN: 65000
myASN: 65002
Example package file with ARP configuration:
apiVersion: packages.eks.amazonaws.com/v1alpha1
kind: Package
metadata:
name: mylb
namespace: eksa-packages
spec:
packageName: metallb
config: |
IPAddressPools:
- name: default
addresses:
- 10.220.0.93/32
- 10.220.0.97-10.220.0.120
L2Advertisements:
- ipAddressPools:
- default
-
Create the namespace
(If overriding targetNamespace
, change metallb-system
to the value of targetNamespace
)
kubectl create namespace metallb-system
-
Install MetalLB
eksctl anywhere create packages -f metallb.yaml
-
Validate the installation
eksctl anywhere get packages --cluster <cluster-name>
Example command output
NAME PACKAGE AGE STATE CURRENTVERSION TARGETVERSION DETAIL
mylb metallb 22h installed 0.13.5-ce5b5de19014202cebd4ab4c091830a3b6dfea06 0.13.5-ce5b5de19014202cebd4ab4c091830a3b6dfea06 (latest)
Update
To update package configuration, update metallb.yaml file, and run the following command:
eksctl anywhere apply package -f metallb.yaml
Upgrade
MetalLB will automatically be upgraded when a new bundle is activated.
Uninstall
To uninstall MetalLB, simply delete the package
eksctl anywhere delete package --cluster <cluster-name> mylb
2 - v0.12.1
FRRouting
is currently not supported for MetalLB.
Example
apiVersion: packages.eks.amazonaws.com/v1alpha1
kind: Package
metadata:
name: mylb
namespace: eksa-packages-<cluster-name>
spec:
packageName: metallb
targetNamespace: metallb-system
config: |
IPAddressPools:
- name: default
addresses:
- 10.220.0.93/32
- 10.220.0.94/32
- 10.220.0.95/32
- name: bgp
addresses:
- 10.220.0.97-10.220.0.99
L2Advertisements:
- IPAddressPools:
- default
BGPAdvertisements:
- IPAddressPools:
- bgp
BGPPeers:
- myASN: 123
peerASN: 55001
peerAddress: 1.2.3.4
keepaliveTime: 30s
Parameter |
Description |
Default |
IPAddressPools[] |
A list of IPAddressPool. |
None |
L2Advertisements[] |
A list of L2Advertisement. |
None |
BGPAdvertisements[] |
A list of BGPAdvertisement. |
None |
BGPPeers[] |
A list of BGPPeer. |
None |
— |
— |
— |
IPAddressPool |
A list of IP address ranges over which MetalLB has authority. You can list multiple ranges in a single pool and they will all share the same settings. Each range can be either a CIDR prefix, or an explicit start-end range of IPs. |
|
name |
Name for the address pool. |
None |
addresses[] |
A list of string representing CIRD or IP ranges. |
None |
autoAssign |
AutoAssign flag used to prevent MetalLB from automatic allocation for a pool. |
true |
— |
— |
— |
L2Advertisement |
L2Advertisement allows MetalLB to advertise the LoadBalancer IPs provided by the selected pools via L2. |
|
IPAddressPools[] |
The list of IPAddressPools to advertise via this advertisement, selected by name. |
None |
— |
— |
— |
BGPAdvertisement |
BGPAdvertisement allows MetalLB to advertise the IPs coming from the selected IPAddressPools via BGP, setting the parameters of the BGP Advertisement. |
|
aggregationLength |
The aggregation-length advertisement option lets you “roll up” the /32s into a larger prefix. Defaults to 32. Works for IPv4 addresses. |
32 |
aggregationLengthV6 |
The aggregation-length advertisement option lets you “roll up” the /128s into a larger prefix. Defaults to 128. Works for IPv6 addresses. |
128 |
communities[] |
The BGP communities to be associated with the announcement. Each item can be a community of the form 1234:1234 or the name of an alias defined in the Community CRD. |
None |
IPAddressPools[] |
The list of IPAddressPools to advertise via this advertisement, selected by name. |
None |
localPref |
The BGP LOCAL_PREF attribute which is used by BGP best path algorithm, Path with higher localpref is preferred over one with lower localpref. |
None |
— |
— |
— |
BGPPeer |
Peers for the BGP protocol. |
|
bfdProfile |
The name of the BFD Profile to be used for the BFD session associated to the BGP session. If not set, the BFD session won’t be set up. |
None |
holdTime |
Requested BGP hold time, per RFC4271. |
None |
keepaliveTime |
Requested BGP keepalive time, per RFC4271. |
None |
myASN |
AS number to use for the local end of the session. |
None |
password |
Authentication password for routers enforcing TCP MD5 authenticated sessions. |
None |
peerASN |
AS number to expect from the remote end of the session. |
None |
peerAddress |
Address to dial when establishing the session. |
None |
peerPort |
Port to dial when establishing the session. |
179 |
routerID |
BGP router ID to advertise to the peer. |
None |
sourceAddress |
Source address to use when establishing the session. |
None |
3 - v0.13.5
FRRouting
is currently not supported for MetalLB.
Starting at v0.13.5, keys within each config section start with lowercase. For example:
L2Advertisements:
- IPAddressPools:
- default
Becomes:
L2Advertisements:
- ipAddressPools:
- default
Top-level section names remain capitalized as they represent CRDs:
config: |
IPAddressPools:
...
Example
apiVersion: packages.eks.amazonaws.com/v1alpha1
kind: Package
metadata:
name: mylb
namespace: eksa-packages-<cluster-name>
spec:
packageName: metallb
targetNamespace: metallb-system
config: |
IPAddressPools:
- name: default
addresses:
- 10.220.0.93/32
- 10.220.0.94/32
- 10.220.0.95/32
- name: bgp
addresses:
- 10.220.0.97-10.220.0.99
L2Advertisements:
- ipAddressPools:
- default
BGPAdvertisements:
- ipAddressPools:
- bgp
autoAssign: false
BGPPeers:
- myASN: 123
peerASN: 55001
peerAddress: 1.2.3.4
keepaliveTime: 30s
Parameter |
Description |
Default |
Required |
IPAddressPools[] |
A list of ip address pools. See IPAddressPool. |
None |
False |
L2Advertisements[] |
A list of Layer 2 advertisements. See L2Advertisement. |
None |
False |
BGPAdvertisements[] |
A list of BGP advertisements. See BGPAdvertisement. |
None |
False |
BGPPeers[] |
A list of BGP peers. See BGPPeer. |
None |
False |
— |
— |
— |
— |
IPAddressPool |
A list of IP address ranges over which MetalLB has authority. You can list multiple ranges in a single pool and they will all share the same settings. Each range can be either a CIDR prefix, or an explicit start-end range of IPs. |
|
|
name |
Name for the address pool. |
None |
True |
addresses[] |
A list of string representing CIRD or IP ranges. |
None |
True |
autoAssign |
AutoAssign flag used to prevent MetalLB from automatic allocation for a pool. |
true |
False |
— |
— |
— |
— |
L2Advertisement |
L2Advertisement allows MetalLB to advertise the LoadBalancer IPs provided by the selected pools via L2. |
|
|
ipAddressPools[] |
The list of IPAddressPool names to advertise. |
None |
True |
name |
Name for the L2Advertisement. |
None |
False |
— |
— |
— |
— |
BGPAdvertisement |
BGPAdvertisement allows MetalLB to advertise the IPs coming from the selected ipAddressPools via BGP, setting the parameters of the BGP Advertisement. |
|
|
aggregationLength |
The aggregation-length advertisement option lets you “roll up” the /32s into a larger prefix. Defaults to 32. Works for IPv4 addresses. |
32 |
False |
aggregationLengthV6 |
The aggregation-length advertisement option lets you “roll up” the /128s into a larger prefix. Defaults to 128. Works for IPv6 addresses. |
128 |
False |
communities[] |
The BGP communities to be associated with the announcement. Each item can be a community of the form 1234:1234 or the name of an alias defined in the Community CRD. |
None |
False |
ipAddressPools[] |
The list of IPAddressPool names to be advertised via BGP. |
None |
True |
localPref |
The BGP LOCAL_PREF attribute which is used by BGP best path algorithm, Path with higher localpref is preferred over one with lower localpref. |
None |
False |
peers[] |
List of peer names. Limits the bgppeer to advertise the ips of the selected pools to. When empty, the loadbalancer IP is announced to all the BGPPeers configured. |
None |
False |
— |
— |
— |
— |
BGPPeer |
Peers for the BGP protocol. |
|
|
holdTime |
Requested BGP hold time, per RFC4271. |
None |
False |
keepaliveTime |
Requested BGP keepalive time, per RFC4271. |
None |
False |
myASN |
AS number to use for the local end of the session. |
None |
True |
password |
Authentication password for routers enforcing TCP MD5 authenticated sessions. |
None |
False |
peerASN |
AS number to expect from the remote end of the session. |
None |
True |
peerAddress |
Address to dial when establishing the session. |
None |
True |
peerPort |
Port to dial when establishing the session. |
179 |
False |
routerID |
BGP router ID to advertise to the peer. |
None |
False |
sourceAddress |
Source address to use when establishing the session. |
None |
False |
4 - v0.13.7
FRRouting
is currently not supported for MetalLB.
Starting at v0.13.5, keys within each config section start with lowercase.
See v0.13.5
for details.
Example
apiVersion: packages.eks.amazonaws.com/v1alpha1
kind: Package
metadata:
name: mylb
namespace: eksa-packages-<cluster-name>
spec:
packageName: metallb
targetNamespace: metallb-system
config: |
IPAddressPools:
- name: default
addresses:
- 10.220.0.93/32
- 10.220.0.94/32
- 10.220.0.95/32
- name: bgp
addresses:
- 10.220.0.97-10.220.0.99
L2Advertisements:
- ipAddressPools:
- default
BGPAdvertisements:
- ipAddressPools:
- bgp
autoAssign: false
BGPPeers:
- myASN: 123
peerASN: 55001
peerAddress: 1.2.3.4
keepaliveTime: 30s
Parameter |
Description |
Default |
Required |
IPAddressPools[] |
A list of ip address pools. See IPAddressPool. |
None |
False |
L2Advertisements[] |
A list of Layer 2 advertisements. See L2Advertisement. |
None |
False |
BGPAdvertisements[] |
A list of BGP advertisements. See BGPAdvertisement. |
None |
False |
BGPPeers[] |
A list of BGP peers. See BGPPeer. |
None |
False |
— |
— |
— |
— |
IPAddressPool |
A list of IP address ranges over which MetalLB has authority. You can list multiple ranges in a single pool and they will all share the same settings. Each range can be either a CIDR prefix, or an explicit start-end range of IPs. |
|
|
name |
Name for the address pool. |
None |
True |
addresses[] |
A list of string representing CIRD or IP ranges. |
None |
True |
autoAssign |
AutoAssign flag used to prevent MetalLB from automatic allocation for a pool. |
true |
False |
— |
— |
— |
— |
L2Advertisement |
L2Advertisement allows MetalLB to advertise the LoadBalancer IPs provided by the selected pools via L2. |
|
|
ipAddressPools[] |
The list of IPAddressPool names to advertise. |
None |
True |
name |
Name for the L2Advertisement. |
None |
False |
— |
— |
— |
— |
BGPAdvertisement |
BGPAdvertisement allows MetalLB to advertise the IPs coming from the selected ipAddressPools via BGP, setting the parameters of the BGP Advertisement. |
|
|
aggregationLength |
The aggregation-length advertisement option lets you “roll up” the /32s into a larger prefix. Defaults to 32. Works for IPv4 addresses. |
32 |
False |
aggregationLengthV6 |
The aggregation-length advertisement option lets you “roll up” the /128s into a larger prefix. Defaults to 128. Works for IPv6 addresses. |
128 |
False |
communities[] |
The BGP communities to be associated with the announcement. Each item can be a community of the form 1234:1234 or the name of an alias defined in the Community CRD. |
None |
False |
ipAddressPools[] |
The list of IPAddressPool names to be advertised via BGP. |
None |
True |
localPref |
The BGP LOCAL_PREF attribute which is used by BGP best path algorithm, Path with higher localpref is preferred over one with lower localpref. |
None |
False |
peers[] |
List of peer names. Limits the bgppeer to advertise the ips of the selected pools to. When empty, the loadbalancer IP is announced to all the BGPPeers configured. |
None |
False |
— |
— |
— |
— |
BGPPeer |
Peers for the BGP protocol. |
|
|
holdTime |
Requested BGP hold time, per RFC4271. |
None |
False |
keepaliveTime |
Requested BGP keepalive time, per RFC4271. |
None |
False |
myASN |
AS number to use for the local end of the session. |
None |
True |
password |
Authentication password for routers enforcing TCP MD5 authenticated sessions. |
None |
False |
peerASN |
AS number to expect from the remote end of the session. |
None |
True |
peerAddress |
Address to dial when establishing the session. |
None |
True |
peerPort |
Port to dial when establishing the session. |
179 |
False |
routerID |
BGP router ID to advertise to the peer. |
None |
False |
sourceAddress |
Source address to use when establishing the session. |
None |
False |
password |
Authentication password for routers enforcing TCP MD5 authenticated sessions. |
None |
False |
passwordSecret |
passwordSecret is a reference to the authentication secret for BGP Peer. The secret must be of type ‘kubernetes.io/basic-auth’ and the password stored under the “password” key. Example:
passwordSecret: name: mySecret namespace: metallb-system |
None |
False |