Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add MetalLB to bare-metal deployment page #3074

Merged
merged 1 commit into from
Sep 12, 2018
Merged

Add MetalLB to bare-metal deployment page #3074

merged 1 commit into from
Sep 12, 2018
+150 −6

Conversation

antoineco
Copy link
Contributor

@antoineco antoineco commented Sep 11, 2018
edited
Loading

What this PR does / why we need it: second part of #3027
Adds a usage example for MetalLB.

Which issue this PR fixes: closes #3055

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. approved Indicates a PR has been approved by an approver from all required OWNERS files. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Sep 11, 2018
@kfox1111
Copy link

lgtm. :)

@antoineco
Copy link
Contributor Author

antoineco commented Sep 11, 2018
edited
Loading

/hold

Some user reported on Slack it was sufficient to set externalIPs on the ingress-nginx Service. This apparently makes kube-proxy add iptables NAT entries that forward all incoming traffic for the externalIP:servicePort combination to the internal Service.

That would be new to me, but let me test.

edit: it does indeed work. Now I definitely feel ignorant. I'll add it to the docs and probably remove the section about NodePorts.

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 11, 2018
@aledbf
Copy link
Member

aledbf commented Sep 11, 2018

@antoineco the problem with that approach is that you lose the source IP address
https://kubernetes.io/docs/concepts/services-networking/service/#shortcomings

@antoineco
Copy link
Contributor Author

@aledbf the docs mention the userspace proxy, but nowadays iptables is the default (and soon ipvs). Wouldn't the Local externalTrafficPolicy solve that issue (with the limitations that we know)?

@aledbf
Copy link
Member

aledbf commented Sep 11, 2018
edited
Loading

@antoineco I am not sure because externalTrafficPolicy is another iptables hack. Also, I think it doesn't work with extrernalips kubernetes/kubernetes#62537 (comment)

@antoineco
Copy link
Contributor Author

@aledbf fair point. Let me do some more extensive testing. I will also mention that limitation in the MetalLB section (which is also another iptables trick on the node 😄)

@kfox1111
Copy link

I have used externalIP without metallb as well, in production. It works well. That is in additional option to using metallb.

the externalIP method has no HA option by itself, nor a way to put the ip on a host unless it is already there. You could add keepalived to do this.

metallb will move the ip around in case of failure.

@aledbf
Copy link
Member

aledbf commented Sep 11, 2018

You could add keepalived to do this.

Same issue, you lose the source IP address.

@kfox1111
Copy link

Yup. But can be worth it for the HA.

You can get close to seamless by using metallb in bgp mode with nginx-ingress with daemonset and the service externalTrafficPolicy=Local. But sticky connections might roll around due to the rehashing.

Really, I think currently there is a complete tradeoff between getting seamless rolling upgrades of nginx-ingress and getting external ip's in the logs. You get one or the other. :(

@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Sep 12, 2018
@antoineco
Copy link
Contributor Author

/hold cancel

PR and live preview updated with what we discussed.

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 12, 2018
@aledbf
Copy link
Member

aledbf commented Sep 12, 2018

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 12, 2018
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: aledbf, antoineco

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit 1c1a910 into kubernetes:master Sep 12, 2018
@antoineco antoineco deleted the docs/metallb branch September 12, 2018 12:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@aledbf aledbf

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

baremetal.md should reference MetalLB
4 participants
@antoineco @kfox1111 @aledbf @k8s-ci-robot