目录
[2.支持自定义 IP 地址范围](#2.支持自定义 IP 地址范围)
[3.创建一个 IPAddressPool地址池,用来指定用于分配的 IP 池,在后面又继续创建了一个二层通告,去关联这个地址池将其中的IP地址们通告出去](#3.创建一个 IPAddressPool地址池,用来指定用于分配的 IP 池,在后面又继续创建了一个二层通告,去关联这个地址池将其中的IP地址们通告出去)
一.metallb简介
MetalLB(Metal Load Balancer)是 Kubernetes 中一个开源的负载均衡器,它通过为 Kubernetes 集群中的服务分配外部 IP 地址,将流量从集群中的 Pod 重定向到合适的服务上。相比于 Kubernetes 默认的负载均衡机制,MetalLB 提供了更加灵活和可定制的负载均衡方案。MetalLB旨在通过提供网络负载均衡器来纠正不平衡实现与标准网络设备集成,尽可能器保障裸机集群上的外部服务也同样"正常工作"。
1.支持多种负载均衡协议
MetalLB 支持多种负载均衡协议,包括 Layer 2 和 BGP 等协议。这使得 MetalLB 可以适用于不同的网络环境和场景,并能够提供更好的性能和可靠性。
2.支持自定义 IP 地址范围
在运行 MetalLB 时,可以配置自定义的 IP 地址范围,这些 IP 地址可以用于为服务分配外部 IP。管理员可以更灵活地控制服务的 IP 地址分配和管理,避免与其他网络设备或服务冲突。
3.无需额外的硬件设备
相对于传统的负载均衡器,MetalLB 不需要额外的硬件设备或专门的负载均衡软件。它可以直接运行在 Kubernetes 集群中,使用集群中的节点来提供负载均衡服务。
4.易于安装和配置
MetalLB 的安装和配置非常简单,可以通过一个 YAML 文件来轻松部署和运行。它还提供了丰富的文档和示例,帮助用户快速上手并进行定制化配置。
5.可扩展性强
由于 MetalLB 是基于开源软件 Quagga 和 Bird 项目实现的,因此它具有较高的可扩展性和性能。同时,它还支持水平扩展和故障转移等特性,以保证高可用性和容错性。
6.layer2模式下选举的leader节点压力大
k8s节点中选举出一个Leader,leader节点响应LB地址段的ARP请求,上层路由就会把原本发给LB的流量发给Leader,负载压力大。
二.layer2模式配置演示
1.开启ipvs并开启严格ARP模式
[root@k8s-master metallb]# kubectl edit configmap kube-proxy -n kube-system
[root@k8s-master metallb]# kubectl get configmap -n kube-system kube-proxy -o yaml | grep strictARP
strictARP: true
[root@k8s-master metallb]# kubectl get configmap -n kube-system kube-proxy -o yaml | grep mode
mode: "ipvs"
[root@k8s-master metallb]# kubectl rollout restart ds kube-proxy -n kube-system
2.下载并应用metallb
链接:百度网盘 请输入提取码 提取码:rycy
#官网网址直接应用
[root@k8s-master metallb]# kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.7/config/manifests/metallb-native.yaml
[root@k8s-master metallb]# kubectl apply -f metallb-native.yaml
namespace/metallb-system created
customresourcedefinition.apiextensions.k8s.io/addresspools.metallb.io created
customresourcedefinition.apiextensions.k8s.io/bfdprofiles.metallb.io created
customresourcedefinition.apiextensions.k8s.io/bgpadvertisements.metallb.io created
customresourcedefinition.apiextensions.k8s.io/bgppeers.metallb.io created
customresourcedefinition.apiextensions.k8s.io/communities.metallb.io created
customresourcedefinition.apiextensions.k8s.io/ipaddresspools.metallb.io created
customresourcedefinition.apiextensions.k8s.io/l2advertisements.metallb.io created
serviceaccount/controller created
serviceaccount/speaker created
role.rbac.authorization.k8s.io/controller created
role.rbac.authorization.k8s.io/pod-lister created
clusterrole.rbac.authorization.k8s.io/metallb-system:controller created
clusterrole.rbac.authorization.k8s.io/metallb-system:speaker created
rolebinding.rbac.authorization.k8s.io/controller created
rolebinding.rbac.authorization.k8s.io/pod-lister created
clusterrolebinding.rbac.authorization.k8s.io/metallb-system:controller created
clusterrolebinding.rbac.authorization.k8s.io/metallb-system:speaker created
secret/webhook-server-cert created
service/webhook-service created
deployment.apps/controller created
daemonset.apps/speaker created
validatingwebhookconfiguration.admissionregistration.k8s.io/metallb-webhook-configuration created
[root@k8s-master metallb]# kubectl get service,pods -n metallb-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/webhook-service ClusterIP 10.105.188.236 <none> 443/TCP 35s
NAME READY STATUS RESTARTS AGE
pod/controller-67d9f4b5bc-z8279 1/1 Running 0 35s #controller-pod
pod/speaker-ndgjt 1/1 Running 0 35s
pod/speaker-tdtnb 1/1 Running 0 35s
pod/speaker-xblwh 1/1 Running 0 35s
[root@k8s-master metallb]# kubectl get deploy,ds -n metallb-system
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/controller 1/1 1 1 52s
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
daemonset.apps/speaker 3 3 3 3 3 kubernetes.io/os=linux 52s
3.创建一个 IPAddressPool地址池,用来指定用于分配的 IP 池,在后面又继续创建了一个二层通告,去关联这个地址池将其中的IP地址们通告出去
[root@k8s-master metallb]# cat metallb-ip-pool.yaml
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: metallb-ip-pool
namespace: metallb-system
spec:
addresses:
- 192.168.2.20-192.168.2.25
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: my-adver
namespace: metallb-system
spec:
ipAddressPools:
- metallb-ip-pool
[root@k8s-master metallb]# kubectl apply -f metallb-ip-pool.yaml
4.创建service测试负载均衡效果
[root@k8s-master metallb]# cat service1.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
name: my-nginx
name: my-nginx
namespace: myns
spec:
replicas: 3
selector:
matchLabels:
name: my-nginx-deploy
template:
metadata:
labels:
name: my-nginx-deploy
spec:
containers:
- name: my-nginx-pod
image: nginx
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: my-nginx-service
namespace: myns
annotations:
metallb.universe.tf/address-pool: metallb-ip-pool #添加注解,指定地址池
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
name: my-nginx-deploy
type: LoadBalancer #需要指定为loadBalancer类型
[root@k8s-master metallb]# kubectl get all -n myns
NAME READY STATUS RESTARTS AGE
pod/my-nginx-5d67c8f488-cdrbd 1/1 Running 0 2m10s
pod/my-nginx-5d67c8f488-dzz29 1/1 Running 0 2m10s
pod/my-nginx-5d67c8f488-np26z 1/1 Running 0 2m10s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/my-nginx-service LoadBalancer 10.106.134.212 192.168.2.22 80:30100/TCP 2m10s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/my-nginx 3/3 3 3 2m10s
NAME DESIRED CURRENT READY AGE
replicaset.apps/my-nginx-5d67c8f488 3 3 3 2m10s
[root@k8s-master metallb]# kubectl describe service my-nginx-service -n myns
Name: my-nginx-service
Namespace: myns
Labels: <none>
Annotations: metallb.universe.tf/address-pool: metallb-ip-pool
Selector: name=my-nginx-deploy
Type: LoadBalancer
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.96.88.241
IPs: 10.96.88.241
LoadBalancer Ingress: 192.168.2.22
Port: <unset> 80/TCP
TargetPort: 80/TCP
NodePort: <unset> 32053/TCP
Endpoints: 10.244.169.147:80,10.244.169.148:80,10.244.36.73:80
Session Affinity: None
External Traffic Policy: Cluster
[root@k8s-master metallb]# kubectl exec -it my-nginx-5d67c8f488-cdrbd -n myns -- /bin/sh -c "echo pod1 > /usr/share/nginx/html/index.html"
[root@k8s-master metallb]# kubectl exec -it my-nginx-5d67c8f488-dzz29 -n myns -- /bin/sh -c "echo pod2 > /usr/share/nginx/html/index.html"
[root@k8s-master metallb]# kubectl exec -it my-nginx-5d67c8f488-np26z -n myns -- /bin/sh -c "echo pod3 > /usr/share/nginx/html/index.html"
[root@k8s-master metallb]# curl 192.168.2.22
pod1
[root@k8s-master metallb]# curl 192.168.2.22
pod1
[root@k8s-master metallb]# curl 192.168.2.22
pod2
[root@k8s-master metallb]# curl 192.168.2.22
pod2
[root@k8s-master metallb]# curl 192.168.2.22
pod3
[root@k8s-master metallb]# curl 192.168.2.22
pod1
[root@k8s-master metallb]# curl 192.168.2.22
pod2
[root@k8s-master metallb]# curl 192.168.2.22
pod2
[root@k8s-master metallb]# curl 192.168.2.22
pod2
5.卸载metallb
我们是manifest方式安装就直接kubectl delete -f 就可以
[root@k8s-master metallb]# kubectl delete -f metallb-ip-pool.yaml
ipaddresspool.metallb.io "metallb-ip-pool" deleted
l2advertisement.metallb.io "my-adver" deleted
[root@k8s-master metallb]# kubectl delete -f service1.yaml
deployment.apps "my-nginx" deleted
service "my-nginx-service" deleted
[root@k8s-master metallb]# kubectl delete -f metallb-native.yaml
namespace "metallb-system" deleted
customresourcedefinition.apiextensions.k8s.io "addresspools.metallb.io" deleted
customresourcedefinition.apiextensions.k8s.io "bfdprofiles.metallb.io" deleted
customresourcedefinition.apiextensions.k8s.io "bgpadvertisements.metallb.io" deleted
customresourcedefinition.apiextensions.k8s.io "bgppeers.metallb.io" deleted
customresourcedefinition.apiextensions.k8s.io "communities.metallb.io" deleted
customresourcedefinition.apiextensions.k8s.io "ipaddresspools.metallb.io" deleted
customresourcedefinition.apiextensions.k8s.io "l2advertisements.metallb.io" deleted
serviceaccount "controller" deleted
serviceaccount "speaker" deleted
role.rbac.authorization.k8s.io "controller" deleted
role.rbac.authorization.k8s.io "pod-lister" deleted
clusterrole.rbac.authorization.k8s.io "metallb-system:controller" deleted
clusterrole.rbac.authorization.k8s.io "metallb-system:speaker" deleted
rolebinding.rbac.authorization.k8s.io "controller" deleted
rolebinding.rbac.authorization.k8s.io "pod-lister" deleted
clusterrolebinding.rbac.authorization.k8s.io "metallb-system:controller" deleted
clusterrolebinding.rbac.authorization.k8s.io "metallb-system:speaker" deleted
secret "webhook-server-cert" deleted
service "webhook-service" deleted
deployment.apps "controller" deleted
daemonset.apps "speaker" deleted
validatingwebhookconfiguration.admissionregistration.k8s.io "metallb-webhook-configuration" deleted