Metallb can be used in Static (Bare Metal) clusters when there is no option to use cloud load balancers. Metallb can work in L2 or BGP modes.

Example of Metallb usage in L2 mode

Below is a small step-by-step guide on how to enable the metallb module, create a LoadBalancer and provide access to an application (Nginx web server).

  1. Specify node groups (NodeGroup) to run the applications to provide access to.

    For example, Ingress controllers are run on frontend nodes while the application is run on a worker node. Frontend nodes have a label node-role/metallb="".

    apiVersion: deckhouse.io/v1
    kind: NodeGroup
    metadata:
      name: frontend
    spec:
      disruptions:
        approvalMode: Manual
      nodeTemplate:
        labels:
          node-role.deckhouse.io/metallb: ""
        taints:
        - effect: NoExecute
          key: dedicated.deckhouse.io
          value: metallb
      nodeType: Static
    ---
    apiVersion: deckhouse.io/v1
    kind: NodeGroup
    metadata:
      name: worker
    spec:
      disruptions:
        approvalMode: Manual
      nodeType: Static
    
  2. Make sure the nodes are labeled correctly:

    kubectl get nodes -l node-role.deckhouse.io/metallb=
    

    Your output should look something like this:

    $ kubectl get nodes -l node-role/metallb
    NAME              STATUS   ROLES      AGE   VERSION
    demo-frontend-0   Ready    frontend   61d   v1.21.14
    demo-frontend-1   Ready    frontend   61d   v1.21.14
    
  3. Enable the metallb module and set the nodeSelector and tolerations parameters for the MetalLB speakers.

    Below is an example of the module configuration:

    apiVersion: deckhouse.io/v1alpha1
    kind: ModuleConfig
    metadata:
      name: metallb
    spec:
      version: 1
      enabled: true
      settings:
        addressPools:
        - addresses:
          - 192.168.199.100-192.168.199.102
          name: frontend-pool
          protocol: layer2
        speaker:
          nodeSelector:
            node-role.deckhouse.io/metallb: ""
          tolerations:
          - effect: NoExecute
            key: dedicated.deckhouse.io
            operator: Equal
            value: metallb
    
  4. Deploy the application (nginx) and Service on port 8080:

    kubectl create deploy nginx --image=nginx
    kubectl create svc loadbalancer nginx --tcp=8080:80
    
  5. Verify that the service has been created:

    kubectl get svc nginx
    

    Your output should look something like this:

    $ kubectl get svc nginx
    NAME    TYPE           CLUSTER-IP     EXTERNAL-IP       PORT(S)          AGE
    nginx   LoadBalancer   10.222.9.190   192.168.199.101   8080:31689/TCP   3m11s
    
  6. Check if the application is accessible.

    Example:

    $ curl -s -o /dev/null -w "%{http_code}" 192.168.199.101:8080
    200