一、实验说明
1、实验目的
基于metallb实现kubernetes的LoadBalancer型Service。
2、环境说明
VMware Workstation安装三台虚拟机,安装K8S集群,网络模式NAT模式。
master 11.0.1.131
node01 11.0.1.132
node02 11.0.1.133
oot@master:/home/user# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready control-plane 37d v1.26.3
node01 Ready <none> 37d v1.26.3
node02 Ready <none> 37d v1.26.3
二、安装metallb
参考官网安装
https://metallb.org/installation/
1、修改ipvs严格ARP模式
kubectl get configmap kube-proxy -n kube-system -o yaml | \
sed -e "s/strictARP: false/strictARP: true/" | \
kubectl apply -f - -n kube-system
2、创建metallb
root@master:/home/user# kubectl apply -f https://mirror.ghproxy.com/https://raw.githubusercontent.com/metallb/metallb/v0.13.12/config/manifests/etallb-native.yaml
namespace/metallb-system created
customresourcedefinition.apiextensions.k8s.io/addresspools.metallb.io created
customresourcedefinition.apiextensions.k8s.io/bfdprofiles.metallb.io created
customresourcedefinition.apiextensions.k8s.io/bgpadvertisements.metallb.io created
customresourcedefinition.apiextensions.k8s.io/bgppeers.metallb.io created
customresourcedefinition.apiextensions.k8s.io/communities.metallb.io created
customresourcedefinition.apiextensions.k8s.io/ipaddresspools.metallb.io created
customresourcedefinition.apiextensions.k8s.io/l2advertisements.metallb.io created
serviceaccount/controller created
serviceaccount/speaker created
role.rbac.authorization.k8s.io/controller created
role.rbac.authorization.k8s.io/pod-lister created
clusterrole.rbac.authorization.k8s.io/metallb-system:controller created
clusterrole.rbac.authorization.k8s.io/metallb-system:speaker created
rolebinding.rbac.authorization.k8s.io/controller created
rolebinding.rbac.authorization.k8s.io/pod-lister created
clusterrolebinding.rbac.authorization.k8s.io/metallb-system:controller created
clusterrolebinding.rbac.authorization.k8s.io/metallb-system:speaker created
configmap/metallb-excludel2 created
secret/webhook-server-cert created
service/webhook-service created
deployment.apps/controller created
daemonset.apps/speaker created
validatingwebhookconfiguration.admissionregistration.k8s.io/metallb-webhook-configuration created
root@master:/home/user# kubectl get ns
NAME STATUS AGE
default Active 37d
dev Active 18d
kube-node-lease Active 37d
kube-public Active 37d
kube-system Active 37d
metallb-system Active 2m24s
myapp Active 26d
myserver Active 36d
root@master:/home/user# kubectl api-versions
admissionregistration.k8s.io/v1
apiextensions.k8s.io/v1
apiregistration.k8s.io/v1
apps/v1
authentication.k8s.io/v1
authorization.k8s.io/v1
autoscaling/v1
autoscaling/v2
batch/v1
certificates.k8s.io/v1
coordination.k8s.io/v1
crd.projectcalico.org/v1
discovery.k8s.io/v1
events.k8s.io/v1
flowcontrol.apiserver.k8s.io/v1beta2
flowcontrol.apiserver.k8s.io/v1beta3
metallb.io/v1alpha1
metallb.io/v1beta1
metallb.io/v1beta2
networking.k8s.io/v1
node.k8s.io/v1
policy/v1
rbac.authorization.k8s.io/v1
scheduling.k8s.io/v1
storage.k8s.io/v1
storage.k8s.io/v1beta1
v1
root@master:/home/user# kubectl get pod -n metallb-system
NAME READY STATUS RESTARTS AGE
controller-586bfc6b59-wg286 1/1 Running 0 61s
speaker-bzhpc 1/1 Running 0 60s
speaker-k2s9j 1/1 Running 0 61s
3、创建metallb地址池
metallb的Addres Allocation (地址分配) : 基于用户配置的地址池,为用户创建的LoadBalancer分配IP地址,并配置在节点上。
本实验的地址池选择宿主机的NAT池网段,必须保证网络可达。
root@master:/home/user# cat metallb-ippool.yaml
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: localip-pool
namespace: metallb-system
spec:
addresses:
- 11.0.1.140-11.0.1.146
autoAssign: true
avoidBuggyIPs: true
root@master:/home/user# kubectl apply -f metallb-ippool.yaml
ipaddresspool.metallb.io/localip-pool created
root@master:/home/user# kubectl get ipaddresspool -n metallb-system
NAME AUTO ASSIGN AVOID BUGGY IPS ADDRESSES
localip-pool true true ["11.0.1.140-11.0.1.146"]
4、通过网卡对外通告
External Announcement(对外公告):让集群外部的网络了解新分配的IP地址,MetallB使用ARP、NDP或BGP实现。
root@master:/home/user# cat metallb-l2.yaml
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: localip-pool-l2a
namespace: metallb-system
spec:
ipAddressPools:
- localip-pool
interfaces:
- ens33
root@master:/home/user# kubectl apply -f metallb-l2.yaml
l2advertisement.metallb.io/localip-pool-l2a created
root@master:/home/user# kubectl get l2advertisement -n metallb-system
NAME IPADDRESSPOOLS IPADDRESSPOOL SELECTORS INTERFACES
localip-pool-l2a ["localip-pool"] ["ens33"]
三、实现应用的对外发布
1、创建deployment型工作负载的应用
root@master:/home/user# kubectl create deployment demoapp --image=ikubernetes/demoapp:v1.0 --replicas=3
deployment.apps/demoapp created
root@master:/home/user# kubectl get pod
NAME READY STATUS RESTARTS AGE
demoapp-75f59c894-2p5wr 1/1 Running 0 101s
demoapp-75f59c894-fx8xh 1/1 Running 0 101s
demoapp-75f59c894-k5stt 1/1 Running 0 101s
2、创建loadbalancer Service对外发布应用
root@master:/home/user# cat services-loadbalancer-demo.yaml
kind: Service
apiVersion: v1
metadata:
name: demoapp-loadbalancer-svc
spec:
type: LoadBalancer
selector:
app: demoapp
ports:
- name: http
protocol: TCP
port: 80
targetPort: 80
root@master:/home/user# kubectl apply -f services-loadbalancer-demo.yaml
service/demoapp-loadbalancer-svc created
root@master:/home/user# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
demoapp-loadbalancer-svc LoadBalancer 10.200.135.7 11.0.1.140 80:30970/TCP 18s
kubernetes ClusterIP 10.200.0.1 <none> 443/TCP 37d
以上已经为service自动分配外部地址11.0.1.140
四、通过外部IP访问集群
root@master:/home/user# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
demoapp-75f59c894-2p5wr 1/1 Running 0 36m 10.100.231.117 node02 <none> <none>
demoapp-75f59c894-fx8xh 1/1 Running 0 36m 10.100.231.119 node02 <none> <none>
demoapp-75f59c894-k5stt 1/1 Running 0 36m 10.100.231.118 node02 <none> <none>
刷新网页可以看到实现了流量的负载均衡,