How to Deploy MetalLB BGP LoadBalancer on a Bare‑Metal Kubernetes Cluster
Facing the limitation of LoadBalancer services on bare‑metal Kubernetes, this guide walks through the background, MetalLB overview, and step‑by‑step deployment using BGP, including environment setup, configuration files, and verification of external IP routing.
MetalLB BGP LoadBalancer on Bare‑Metal Kubernetes
1. Background
To support large‑screen display interfaces for the Asian Games, the team needed external access for these pages. Initially they tried Ingress, then NodePort, but leadership required a LoadBalancer. Traditional LoadBalancer services only work on cloud providers that supply an external load balancer, which is not possible on a bare‑metal cluster, so an open‑source solution was needed.
Two options were considered: Kubesphere's OpenELB and MetalLB. Due to limited documentation for OpenELB, MetalLB was chosen.
2. MetalLB Overview
Kubernetes does not provide a network load balancer for bare‑metal clusters. The built‑in implementations call external load balancers from various IaaS platforms, leaving bare‑metal clusters with only "NodePort" or "externalIPs" options, which are suboptimal for production. MetalLB aims to correct this imbalance by offering a load‑balancer implementation that integrates with standard network equipment, allowing external services on bare‑metal clusters to work like on cloud environments. MetalLB provides two key features: address allocation and external advertisement.
3. Deploy MetalLB (BGP)
3.1 Deployment Environment
This is a simplified diagram of the internal cluster topology:
Server topology details:
Master – IP 192.168.0.1 – BGP AS 50001 Worker1 – IP 192.168.0.2 – BGP AS 50001 Worker2 – IP 192.168.0.3 – BGP AS 50001 Switch – IP 192.168.0.254 – BGP AS 50000
<code>注意:如果集群的CNI使用的是calico,你需要禁用calico的BGP模式,否则会影响MetalLB的正常工作</code>3.2 Deployment Steps
<code># 安装前准备
# 如果kube-proxy使用的是IPVS模式,你需要启用staticARP
kubectl edit configmap -n kube-system kube-proxy
# 设置staticARP为 true
mode: "ipvs"
ipvs:
strictARP: true
# 部署metalLB
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/namespace.yaml
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/metallb.yaml
# 检查pod运行状态
kubectl get pods -n metallb-system
# 配置metalLB
cat > metallb-eip.yaml <<EOF
apiVersion: v1
kind: ConfigMap
metadata:
namespace: metallb-system
name: config
data:
config: |
peers:
- peer-address: 192.168.0.254 # BGP邻居IP(Core Switch的IP)
peer-asn: 50000 # 对端AS号
my-asn: 50001 # 本地AS号
address-pools:
- name: default
protocol: bgp # 协议使用BGP
addresses:
- 10.11.11.1-10.11.11.254
EOF
# 配置核心交换机
[Core-Switch]bgp 50000
[Core-Switch-bgp]peer 192.168.0.1 as-num 50001
[Core-Switch-bgp]peer 192.168.0.2 as-num 50001
[Core-Switch-bgp]peer 192.168.0.3 as-num 50001
</code>Verify BGP neighbor status on the core switch:
Testing the LoadBalancer
<code># 使用K8S dashboard做实验
kubectl get svc -n kubernetes-dashboard
# 将 NodePort 服务改为 LoadBalancer
kubectl edit svc -n kubernetes-dashboard kubernetes-dashboard
# 修改 type: LoadBalancer 并保存
kubectl get svc -n kubernetes-dashboard
# 看到 EXTERNAL-IP 已分配为 10.11.11.1
</code>On the core switch, check the routing table and IP routes for the allocated address:
The switch has learned the route to 10.11.11.1. Access the service in a browser via
https://10.11.11.1to confirm external connectivity.
Ops Development Stories
Maintained by a like‑minded team, covering both operations and development. Topics span Linux ops, DevOps toolchain, Kubernetes containerization, monitoring, log collection, network security, and Python or Go development. Team members: Qiao Ke, wanger, Dong Ge, Su Xin, Hua Zai, Zheng Ge, Teacher Xia.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.