From e4a174a2372a35f0ea3af4710ffc1c34495bddf8 Mon Sep 17 00:00:00 2001 From: Mike Williams <7595658+gaima8@users.noreply.github.com> Date: Thu, 9 Jul 2020 13:32:15 +0100 Subject: [PATCH 1/5] Option for MetalLB to talk BGP --- inventory/sample/group_vars/k8s-cluster/addons.yml | 8 ++++++++ roles/kubernetes-apps/metallb/README.md | 6 +++--- roles/kubernetes-apps/metallb/defaults/main.yml | 8 ++++++++ .../metallb/templates/metallb-config.yml.j2 | 8 ++++++++ 4 files changed, 27 insertions(+), 3 deletions(-) diff --git a/inventory/sample/group_vars/k8s-cluster/addons.yml b/inventory/sample/group_vars/k8s-cluster/addons.yml index 4fd6a06074c..a9e2a7ba2a9 100644 --- a/inventory/sample/group_vars/k8s-cluster/addons.yml +++ b/inventory/sample/group_vars/k8s-cluster/addons.yml @@ -135,3 +135,11 @@ metallb_enabled: false # - "10.5.1.50-10.5.1.99" # protocol: "layer2" # auto_assign: false +# metallb_protocol: "bgp" +# metallb_peers: +# - peer_address: 192.0.2.1 +# peer_asn: 64512 +# my_asn: 4200000000 +# - peer_address: 192.0.2.2 +# peer_asn: 64513 +# my_asn: 4200000000 diff --git a/roles/kubernetes-apps/metallb/README.md b/roles/kubernetes-apps/metallb/README.md index d8d980f30ec..1e38012366c 100644 --- a/roles/kubernetes-apps/metallb/README.md +++ b/roles/kubernetes-apps/metallb/README.md @@ -3,13 +3,13 @@ MetalLB hooks into your Kubernetes cluster, and provides a network load-balancer implementation. In short, it allows you to create Kubernetes services of type "LoadBalancer" in clusters that don't run on a cloud provider, and thus cannot simply hook into paid products to provide load-balancers. -This addon aims to automate [this](https://metallb.universe.tf/concepts/layer2/). -It deploys MetalLB into Kubernetes and sets up a layer 2 load-balancer. +This addon aims to automate [this](https://metallb.universe.tf/concepts/layer2/) and/or [this][https://metallb.universe.tf/concepts/bgp/]. +It deploys MetalLB into Kubernetes and sets up a layer 2 and/or BGP load-balancer. ## Install In the default, MetalLB is not deployed into your Kubernetes cluster. -You can override the defaults by copying the contents of this file to somewhere in inventory/mycluster/group_vars +You can override the defaults by copying the contents of roles/kubernetes-apps/metallb/defaults/main.yml to somewhere in inventory/mycluster/group_vars such as inventory/mycluster/groups_vars/k8s-cluster/addons.yml and updating metallb_enabled option to `true`. In addition you need to update metallb_ip_range option on the addons.yml at least for suiting your network environment, because MetalLB allocates external IP addresses from this metallb_ip_range option. diff --git a/roles/kubernetes-apps/metallb/defaults/main.yml b/roles/kubernetes-apps/metallb/defaults/main.yml index 479f0636345..966b61fe6f9 100644 --- a/roles/kubernetes-apps/metallb/defaults/main.yml +++ b/roles/kubernetes-apps/metallb/defaults/main.yml @@ -5,3 +5,11 @@ metallb_protocol: "layer2" metallb_port: "7472" metallb_limits_cpu: "100m" metallb_limits_mem: "100Mi" +# metallb_protocol: "bgp" +# metallb_peers: +# - peer_address: 192.0.2.1 +# peer_asn: 64512 +# my_asn: 4200000000 +# - peer_address: 192.0.2.2 +# peer_asn: 64513 +# my_asn: 4200000000 diff --git a/roles/kubernetes-apps/metallb/templates/metallb-config.yml.j2 b/roles/kubernetes-apps/metallb/templates/metallb-config.yml.j2 index 73b29d72d29..1a4d20a7374 100644 --- a/roles/kubernetes-apps/metallb/templates/metallb-config.yml.j2 +++ b/roles/kubernetes-apps/metallb/templates/metallb-config.yml.j2 @@ -6,6 +6,14 @@ metadata: name: config data: config: | +{% if metallb_protocol == 'bgp' %} + peers: +{% for peer in metallb_peers %} + - peer-address: {{ peer.peer_address }} + peer-asn: {{ peer.peer_asn }} + my-asn: {{ peer.my_asn }} +{% endfor %} +{% endif %} address-pools: - name: loadbalanced protocol: {{ metallb_protocol }} From f185879c7e2ac4b108c6764a9b1bd4b39e1766fc Mon Sep 17 00:00:00 2001 From: Mike Williams <7595658+gaima8@users.noreply.github.com> Date: Thu, 9 Jul 2020 21:36:54 +0100 Subject: [PATCH 2/5] Check for BGP peers when metallb_protocol is bgp --- roles/kubernetes-apps/metallb/tasks/main.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/kubernetes-apps/metallb/tasks/main.yml b/roles/kubernetes-apps/metallb/tasks/main.yml index c7bbc1fc55a..5d3c58d6e4b 100644 --- a/roles/kubernetes-apps/metallb/tasks/main.yml +++ b/roles/kubernetes-apps/metallb/tasks/main.yml @@ -11,6 +11,12 @@ when: - metallb_ip_range is not defined or not metallb_ip_range +- name: Kubernetes Apps | Check BGP peers for MetalLB + fail: + msg: "metallb_peers is mandatory when metallb_protocol is bgp" + when: + - metallb_protocol == 'bgp' and metallb_peers is not defined + - name: Kubernetes Apps | Check AppArmor status command: which apparmor_parser register: apparmor_status From e54c174dabce7112fd7b779ec82fa1d5faba8bd9 Mon Sep 17 00:00:00 2001 From: Mike Williams <7595658+gaima8@users.noreply.github.com> Date: Thu, 9 Jul 2020 21:41:29 +0100 Subject: [PATCH 3/5] README clarification --- roles/kubernetes-apps/metallb/README.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/kubernetes-apps/metallb/README.md b/roles/kubernetes-apps/metallb/README.md index 1e38012366c..89ab555cd18 100644 --- a/roles/kubernetes-apps/metallb/README.md +++ b/roles/kubernetes-apps/metallb/README.md @@ -3,13 +3,15 @@ MetalLB hooks into your Kubernetes cluster, and provides a network load-balancer implementation. In short, it allows you to create Kubernetes services of type "LoadBalancer" in clusters that don't run on a cloud provider, and thus cannot simply hook into paid products to provide load-balancers. -This addon aims to automate [this](https://metallb.universe.tf/concepts/layer2/) and/or [this][https://metallb.universe.tf/concepts/bgp/]. +This addon aims to automate [MetalLB in layer 2 mode](https://metallb.universe.tf/concepts/layer2/) +and/or [MetalLB in BGP mode][https://metallb.universe.tf/concepts/bgp/]. It deploys MetalLB into Kubernetes and sets up a layer 2 and/or BGP load-balancer. ## Install In the default, MetalLB is not deployed into your Kubernetes cluster. -You can override the defaults by copying the contents of roles/kubernetes-apps/metallb/defaults/main.yml to somewhere in inventory/mycluster/group_vars -such as inventory/mycluster/groups_vars/k8s-cluster/addons.yml and updating metallb_enabled option to `true`. +You can override the defaults by copying the contents of roles/kubernetes-apps/metallb/defaults/main.yml +to somewhere in inventory/mycluster/group_vars such as inventory/mycluster/groups_vars/k8s-cluster/addons.yml +and updating metallb_enabled option to `true`. In addition you need to update metallb_ip_range option on the addons.yml at least for suiting your network environment, because MetalLB allocates external IP addresses from this metallb_ip_range option. From e1eaa43498c2904288b4a8148ae12f013d1b948e Mon Sep 17 00:00:00 2001 From: Mike Williams <7595658+gaima8@users.noreply.github.com> Date: Sat, 11 Jul 2020 11:51:39 +0100 Subject: [PATCH 4/5] Commented values as documentation only in the sample inventory --- roles/kubernetes-apps/metallb/defaults/main.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/roles/kubernetes-apps/metallb/defaults/main.yml b/roles/kubernetes-apps/metallb/defaults/main.yml index 966b61fe6f9..479f0636345 100644 --- a/roles/kubernetes-apps/metallb/defaults/main.yml +++ b/roles/kubernetes-apps/metallb/defaults/main.yml @@ -5,11 +5,3 @@ metallb_protocol: "layer2" metallb_port: "7472" metallb_limits_cpu: "100m" metallb_limits_mem: "100Mi" -# metallb_protocol: "bgp" -# metallb_peers: -# - peer_address: 192.0.2.1 -# peer_asn: 64512 -# my_asn: 4200000000 -# - peer_address: 192.0.2.2 -# peer_asn: 64513 -# my_asn: 4200000000 From 679610b65b0aca7358e78fee703683cc9619ec6c Mon Sep 17 00:00:00 2001 From: Mike Williams <7595658+gaima8@users.noreply.github.com> Date: Thu, 23 Jul 2020 15:19:23 +0100 Subject: [PATCH 5/5] layer 2 or BGP, not both --- roles/kubernetes-apps/metallb/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kubernetes-apps/metallb/README.md b/roles/kubernetes-apps/metallb/README.md index 89ab555cd18..71f1b5bd9f0 100644 --- a/roles/kubernetes-apps/metallb/README.md +++ b/roles/kubernetes-apps/metallb/README.md @@ -4,8 +4,8 @@ MetalLB hooks into your Kubernetes cluster, and provides a network load-balancer In short, it allows you to create Kubernetes services of type "LoadBalancer" in clusters that don't run on a cloud provider, and thus cannot simply hook into paid products to provide load-balancers. This addon aims to automate [MetalLB in layer 2 mode](https://metallb.universe.tf/concepts/layer2/) -and/or [MetalLB in BGP mode][https://metallb.universe.tf/concepts/bgp/]. -It deploys MetalLB into Kubernetes and sets up a layer 2 and/or BGP load-balancer. +or [MetalLB in BGP mode][https://metallb.universe.tf/concepts/bgp/]. +It deploys MetalLB into Kubernetes and sets up a layer 2 or BGP load-balancer. ## Install