My Journey to Kubernetes onto Bare Metal — Part 4: MetalLB
Why I did what I did
This next guide will show you how I installed and configured MetalLB. Learn more about MetalLB. If you need MetalLB then you do not need my explanation, which will fall short of a proper introduction and lesson. TL;DR It will let you access your kubernetes services externally without needing to spend money an an external load-balancer or forwarder.
The way I configured my system was after days and weeks of experimenting different combinations of the underlying components (network connections, MetalLB, Traefik, Cert-Manager, and External-DNS. So this combination worked for me. There were plenty of guides on the internet to install and configure MetalLB but they were either out of date or structured to work with Nginx, which I preferred to use Traefik in its place.
Just use the Manifest installation process with these commands:
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.9.3/manifests/namespace.yaml
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.9.3/manifests/metallb.yaml
# On first install only
kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)
Before you can start using MetalLB you must create allocate a pool of ip address to use that will be exposed to the internet. These must be real unused public IP address. Since my cluster will span both a public and privately exposed network I chose to create two pools:
- name: private
- name: public
You will notice above that I have two pools, one for my internal private network (in the 192.168.x.x subnet) and then my public-facing IP address that I have from AT&T. There are some apps and service that I want to keep internal and others that I want exposed to the public.
You are done!
How to use MetalLB
We won’t be using MetalLB in this guide since we will be applying this to Traefik. But if you want to use it with any service then you must apply an annotation of “metallb.universe.tf/address-pool: <name of address pool>” from the configuration above. For me the only options are “private” or “public” since those are the names I assigned the IP address pool in the configuration file above. Below you see a sample service with using the metallb annotation.
namespace: <namespaces goes here>
To see if it is working please list the services. The example below lists services for all namespaces.
$ kubectl get services --all-namespacesNAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S)
traefik traefik-internal LoadBalancer 10.109.211.199 192.168.86.220 80:31054/TCP,443:30631/TCP
Notice that you will finally have a value listed for “EXTERNAL-IP”. It should grab the first IP address from your pool address that you assigned. For me my first address was “192.168.86.220” so that is what was assigned.