LoadBalancer将服务暴露到外部实现负载均衡metallb-layer2模式配置介绍

目录

一.metallb简介

1.支持多种负载均衡协议

2.支持自定义 IP 地址范围

3.无需额外的硬件设备

4.易于安装和配置

5.可扩展性强

6.layer2模式下选举的leader节点压力大

二.layer2模式配置演示

1.开启ipvs并开启严格ARP模式

2.下载并应用metallb

3.创建一个 IPAddressPool地址池，用来指定用于分配的 IP 池，在后面又继续创建了一个二层通告，去关联这个地址池将其中的IP地址们通告出去

4.创建service测试负载均衡效果

5.卸载metallb

---

 

一.metallb简介

MetalLB（Metal Load Balancer）是 Kubernetes 中一个开源的负载均衡器，它通过为 Kubernetes 集群中的服务分配外部 IP 地址，将流量从集群中的 Pod 重定向到合适的服务上。相比于 Kubernetes 默认的负载均衡机制，MetalLB 提供了更加灵活和可定制的负载均衡方案。MetalLB旨在通过提供网络负载均衡器来纠正不平衡实现与标准网络设备集成，尽可能器保障裸机集群上的外部服务也同样“正常工作”。

1.支持多种负载均衡协议

MetalLB 支持多种负载均衡协议，包括 Layer 2 和 BGP 等协议。这使得 MetalLB 可以适用于不同的网络环境和场景，并能够提供更好的性能和可靠性。

2.支持自定义 IP 地址范围

在运行 MetalLB 时，可以配置自定义的 IP 地址范围，这些 IP 地址可以用于为服务分配外部 IP。管理员可以更灵活地控制服务的 IP 地址分配和管理，避免与其他网络设备或服务冲突。

3.无需额外的硬件设备

相对于传统的负载均衡器，MetalLB 不需要额外的硬件设备或专门的负载均衡软件。它可以直接运行在 Kubernetes 集群中，使用集群中的节点来提供负载均衡服务。

4.易于安装和配置

MetalLB 的安装和配置非常简单，可以通过一个 YAML 文件来轻松部署和运行。它还提供了丰富的文档和示例，帮助用户快速上手并进行定制化配置。

5.可扩展性强

由于 MetalLB 是基于开源软件 Quagga 和 Bird 项目实现的，因此它具有较高的可扩展性和性能。同时，它还支持水平扩展和故障转移等特性，以保证高可用性和容错性。

6.layer2模式下选举的leader节点压力大

k8s节点中选举出一个Leader，leader节点响应LB地址段的ARP请求，上层路由就会把原本发给LB的流量发给Leader，负载压力大。

二.layer2模式配置演示

1.开启ipvs并开启严格ARP模式

[root@k8s-master metallb]# kubectl edit configmap kube-proxy -n kube-system
[root@k8s-master metallb]# kubectl get configmap -n kube-system kube-proxy -o yaml | grep strictARPstrictARP: true
[root@k8s-master metallb]# kubectl get configmap -n kube-system kube-proxy -o yaml | grep modemode: "ipvs"
​
[root@k8s-master metallb]# kubectl rollout restart ds kube-proxy -n kube-system 

2.下载并应用metallb

链接：百度网盘 请输入提取码 提取码：rycy

#官网网址直接应用
[root@k8s-master metallb]# kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.7/config/manifests/metallb-native.yaml
​
[root@k8s-master metallb]# kubectl apply -f metallb-native.yaml 
namespace/metallb-system created
customresourcedefinition.apiextensions.k8s.io/addresspools.metallb.io created
customresourcedefinition.apiextensions.k8s.io/bfdprofiles.metallb.io created
customresourcedefinition.apiextensions.k8s.io/bgpadvertisements.metallb.io created
customresourcedefinition.apiextensions.k8s.io/bgppeers.metallb.io created
customresourcedefinition.apiextensions.k8s.io/communities.metallb.io created
customresourcedefinition.apiextensions.k8s.io/ipaddresspools.metallb.io created
customresourcedefinition.apiextensions.k8s.io/l2advertisements.metallb.io created
serviceaccount/controller created
serviceaccount/speaker created
role.rbac.authorization.k8s.io/controller created
role.rbac.authorization.k8s.io/pod-lister created
clusterrole.rbac.authorization.k8s.io/metallb-system:controller created
clusterrole.rbac.authorization.k8s.io/metallb-system:speaker created
rolebinding.rbac.authorization.k8s.io/controller created
rolebinding.rbac.authorization.k8s.io/pod-lister created
clusterrolebinding.rbac.authorization.k8s.io/metallb-system:controller created
clusterrolebinding.rbac.authorization.k8s.io/metallb-system:speaker created
secret/webhook-server-cert created
service/webhook-service created
deployment.apps/controller created
daemonset.apps/speaker created
validatingwebhookconfiguration.admissionregistration.k8s.io/metallb-webhook-configuration created
​
[root@k8s-master metallb]# kubectl get service,pods -n metallb-system 
NAME                      TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
service/webhook-service   ClusterIP   10.105.188.236   <none>        443/TCP   35s
​
NAME                              READY   STATUS    RESTARTS   AGE
pod/controller-67d9f4b5bc-z8279   1/1     Running   0          35s  #controller-pod
pod/speaker-ndgjt                 1/1     Running   0          35s
pod/speaker-tdtnb                 1/1     Running   0          35s
pod/speaker-xblwh                 1/1     Running   0          35s
[root@k8s-master metallb]# kubectl get deploy,ds -n metallb-system 
NAME                         READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/controller   1/1     1            1           52s
​
NAME                     DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR            AGE
daemonset.apps/speaker   3         3         3       3            3           kubernetes.io/os=linux   52s

3.创建一个 IPAddressPool地址池，用来指定用于分配的 IP 池，在后面又继续创建了一个二层通告，去关联这个地址池将其中的IP地址们通告出去

[root@k8s-master metallb]# cat metallb-ip-pool.yaml 
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:name: metallb-ip-poolnamespace: metallb-system
spec:addresses:- 192.168.2.20-192.168.2.25 
​
---
​
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:name: my-advernamespace: metallb-system
spec:ipAddressPools:- metallb-ip-pool
[root@k8s-master metallb]# kubectl apply -f metallb-ip-pool.yaml 

4.创建service测试负载均衡效果

[root@k8s-master metallb]# cat service1.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:labels:name: my-nginxname: my-nginxnamespace: myns
spec:replicas: 3selector:matchLabels:name: my-nginx-deploytemplate:metadata:labels:name: my-nginx-deployspec:containers:- name: my-nginx-podimage: nginxports:- containerPort: 80
​
---
​
apiVersion: v1
kind: Service
metadata:name: my-nginx-servicenamespace: mynsannotations:metallb.universe.tf/address-pool: metallb-ip-pool   #添加注解，指定地址池
spec:ports:- port: 80protocol: TCPtargetPort: 80selector:name: my-nginx-deploytype: LoadBalancer   #需要指定为loadBalancer类型
​
​
[root@k8s-master metallb]# kubectl get all -n myns
NAME                            READY   STATUS    RESTARTS   AGE
pod/my-nginx-5d67c8f488-cdrbd   1/1     Running   0          2m10s
pod/my-nginx-5d67c8f488-dzz29   1/1     Running   0          2m10s
pod/my-nginx-5d67c8f488-np26z   1/1     Running   0          2m10s
​
NAME                       TYPE           CLUSTER-IP       EXTERNAL-IP    PORT(S)        AGE
service/my-nginx-service   LoadBalancer   10.106.134.212   192.168.2.22   80:30100/TCP   2m10s
​
NAME                       READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/my-nginx   3/3     3            3           2m10s
​
NAME                                  DESIRED   CURRENT   READY   AGE
replicaset.apps/my-nginx-5d67c8f488   3         3         3       2m10s
​
[root@k8s-master metallb]# kubectl describe  service my-nginx-service -n myns
Name:                     my-nginx-service
Namespace:                myns
Labels:                   <none>
Annotations:              metallb.universe.tf/address-pool: metallb-ip-pool
Selector:                 name=my-nginx-deploy
Type:                     LoadBalancer
IP Family Policy:         SingleStack
IP Families:              IPv4
IP:                       10.96.88.241
IPs:                      10.96.88.241
LoadBalancer Ingress:     192.168.2.22
Port:                     <unset>  80/TCP
TargetPort:               80/TCP
NodePort:                 <unset>  32053/TCP
Endpoints:                10.244.169.147:80,10.244.169.148:80,10.244.36.73:80
Session Affinity:         None
External Traffic Policy:  Cluster
​
​
[root@k8s-master metallb]# kubectl exec -it my-nginx-5d67c8f488-cdrbd -n myns -- /bin/sh -c "echo pod1 > /usr/share/nginx/html/index.html"
[root@k8s-master metallb]# kubectl exec -it my-nginx-5d67c8f488-dzz29 -n myns -- /bin/sh -c "echo pod2 > /usr/share/nginx/html/index.html"
[root@k8s-master metallb]# kubectl exec -it my-nginx-5d67c8f488-np26z -n myns -- /bin/sh -c "echo pod3 > /usr/share/nginx/html/index.html"
[root@k8s-master metallb]# curl 192.168.2.22
pod1
[root@k8s-master metallb]# curl 192.168.2.22
pod1
[root@k8s-master metallb]# curl 192.168.2.22
pod2
[root@k8s-master metallb]# curl 192.168.2.22
pod2
[root@k8s-master metallb]# curl 192.168.2.22
pod3
[root@k8s-master metallb]# curl 192.168.2.22
pod1
[root@k8s-master metallb]# curl 192.168.2.22
pod2
[root@k8s-master metallb]# curl 192.168.2.22
pod2
[root@k8s-master metallb]# curl 192.168.2.22
pod2

5.卸载metallb

我们是manifest方式安装就直接kubectl delete -f 就可以

[root@k8s-master metallb]# kubectl delete -f metallb-ip-pool.yaml 
ipaddresspool.metallb.io "metallb-ip-pool" deleted
l2advertisement.metallb.io "my-adver" deleted
[root@k8s-master metallb]# kubectl delete -f service1.yaml 
deployment.apps "my-nginx" deleted
service "my-nginx-service" deleted
[root@k8s-master metallb]# kubectl delete -f metallb-native.yaml 
namespace "metallb-system" deleted
customresourcedefinition.apiextensions.k8s.io "addresspools.metallb.io" deleted
customresourcedefinition.apiextensions.k8s.io "bfdprofiles.metallb.io" deleted
customresourcedefinition.apiextensions.k8s.io "bgpadvertisements.metallb.io" deleted
customresourcedefinition.apiextensions.k8s.io "bgppeers.metallb.io" deleted
customresourcedefinition.apiextensions.k8s.io "communities.metallb.io" deleted
customresourcedefinition.apiextensions.k8s.io "ipaddresspools.metallb.io" deleted
customresourcedefinition.apiextensions.k8s.io "l2advertisements.metallb.io" deleted
serviceaccount "controller" deleted
serviceaccount "speaker" deleted
role.rbac.authorization.k8s.io "controller" deleted
role.rbac.authorization.k8s.io "pod-lister" deleted
clusterrole.rbac.authorization.k8s.io "metallb-system:controller" deleted
clusterrole.rbac.authorization.k8s.io "metallb-system:speaker" deleted
rolebinding.rbac.authorization.k8s.io "controller" deleted
rolebinding.rbac.authorization.k8s.io "pod-lister" deleted
clusterrolebinding.rbac.authorization.k8s.io "metallb-system:controller" deleted
clusterrolebinding.rbac.authorization.k8s.io "metallb-system:speaker" deleted
secret "webhook-server-cert" deleted
service "webhook-service" deleted
deployment.apps "controller" deleted
daemonset.apps "speaker" deleted
validatingwebhookconfiguration.admissionregistration.k8s.io "metallb-webhook-configuration" deleted
​