Skip to content

Kubernetes Cluster LoadBalancer for Bare Metal/VM Installations

For our example we are going to enable a Kubernetes based LoadBalancer to issue IP addresses to our Kubernetes Services of type LoadBalancer using kube-vip.

Ingress Service is pending

The ingress-nginx-controller is currently in the pending state as there is no CCM/LoadBalancer pending_service.gif

kube-vip

We will install two components into our Kubernetes CLuster

kube-vip-cloud-controller

Quote

The kube-vip cloud provider can be used to populate an IP address for Services of type LoadBalancer similar to what public cloud providers allow through a Kubernetes CCM.

Install the kube-vip CCM

kube_vip_install_ccm.gif

Install the kube-vip CCM
kubectl apply -f https://raw.githubusercontent.com/kube-vip/kube-vip-cloud-provider/main/manifest/kube-vip-cloud-controller.yaml

Now we need to setup the required RBAC permissions: -

Install the kube-vip RBAC

kube_vip_install_rbac.gif

Install kube-vip RBAC
kubectl apply -f https://kube-vip.io/manifests/rbac.yaml

The following ConfigMap will configure the kube-vip-cloud-controller to obtain IP addresses from the host networks DHCP server. i.e. the DHCP on the physical network that the host machine or VM is connected to.

Install the kube-vip ConfigMap

kube_vip_install_configmap.gif

Install the kube-vip ConfigMap
apiVersion: v1
kind: ConfigMap
metadata:
  name: kubevip
  namespace: kube-system
data:
  cidr-global: 0.0.0.0/32

It is possible to specify IP address ranges see here.

Kubernetes Load-Balancer Service

Obtain the Master Node IP address & Interface name

kube_vip_install_ip_a.gif

Obtain the Master Node IP address & Interface name
ip a

In this example the network interface of the master node is 192.168.2.180 and the interface is enp0s1.

We need to apply the kube-vip daemonset but first we need to create the configuration

Install the kube-vip Daemonset
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
apiVersion: apps/v1
kind: DaemonSet
metadata:
  labels:
    app.kubernetes.io/name: kube-vip-ds
    app.kubernetes.io/version: v0.7.2
  name: kube-vip-ds
  namespace: kube-system
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: kube-vip-ds
  template:
    metadata:
      labels:
        app.kubernetes.io/name: kube-vip-ds
        app.kubernetes.io/version: v0.7.2
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: node-role.kubernetes.io/master
                operator: Exists
            - matchExpressions:
              - key: node-role.kubernetes.io/control-plane
                operator: Exists
      containers:
      - args:
        - manager
        env:
        - name: vip_arp
          value: "true"
        - name: port
          value: "6443"
        - name: vip_interface
          value: enp0s1
        - name: vip_cidr
          value: "32"
        - name: dns_mode
          value: first
        - name: cp_enable
          value: "true"
        - name: cp_namespace
          value: kube-system
        - name: svc_enable
          value: "true"
        - name: svc_leasename
          value: plndr-svcs-lock
        - name: vip_leaderelection
          value: "true"
        - name: vip_leasename
          value: plndr-cp-lock
        - name: vip_leaseduration
          value: "5"
        - name: vip_renewdeadline
          value: "3"
        - name: vip_retryperiod
          value: "1"
        - name: address
          value: 192.168.2.180
        - name: prometheus_server
          value: :2112
        image: ghcr.io/kube-vip/kube-vip:v0.7.2
        imagePullPolicy: Always
        name: kube-vip
        resources: {}
        securityContext:
          capabilities:
            add:
            - NET_ADMIN
            - NET_RAW
      hostNetwork: true
      serviceAccountName: kube-vip
      tolerations:
      - effect: NoSchedule
        operator: Exists
      - effect: NoExecute
        operator: Exists
  updateStrategy: {}

Lines 5, 7, 12, 16, 38 and 62 need modifying to your environment.

Install the kube-vip Daemonset

kube_vip_install_daemonset.gif

ARP or BGP

The Daemonset above uses ARP to communicate with the network it is also possible to use BGP. See Here

Example showing DHCP allocated external IP address to the Ingress Controller

ingress_not_pending.png

Our ingress-nginx-controller has been allocated the IP Address 192.168.2.194.

Ingress Access

The ingress-niginx-controller requires the host FQDN to be on the user requests in order to know how to route the requests to the correct Kubernetes Service. Using the iP address in the URL will cause an error as ingress cannot select the correct service.

List Ingress

kube_vip_get_ing.gif

get_ing.png

If you did not set the FQDN of the Kinetica Cluster to a DNS resolvable hostname add local.kinetica to your /etc/hosts/ file in order to be able to access the Kinetica URLs

Edit /etc/hosts

kube_vip_etc_hosts.gif

Accessing the Workbench

You should be able to access the workbench at http://local.kinetica