Support MetalLB

[eaudetcobello]

Testing

• l2-mode is covered by our integration tests and has been tested manually by deploying an nginx service.
• bgp mode is not covered by our integration tests and has been tested manually by deploying a bgp router using bird on a multipass vm and verifying that an nginx service on a node can obtain an ip using the bgp protocol.

Example generated templates from values.yaml

Metallb values.yaml:

driver: metallb

l2:
  enabled: true
  # interfaces:
  # - "^eth[0-9]+"
  interfaces:
    - eth1

ipPool:
  # cidrs:
  # - cidr: "10.42.254.176/28"
  cidrs:
    - cidr: "192.168.10.0/24"
    - start: "192.168.11.1"
      end: "192.168.11.254"

bgp:
  enabled: true
  localASN: 64512
  # neighbors:
  # - peerAddress: '10.0.0.60/24'
  #   peerASN: 65100
  #   peerPort: 179
  neighbors:
    - peerAddress: "10.0.0.60"
      peerASN: 65100
      peerPort: 179

Metallb template output:

---
# Source: ck-loadbalancer/templates/metallb/bgp-policy.yaml
apiVersion: "metallb.io/v1beta1"
kind: BGPAdvertisement
metadata:
  name: release-name-ck-loadbalancer
  labels:
    helm.sh/chart: ck-loadbalancer-0.1.1
    app.kubernetes.io/name: ck-loadbalancer
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/version: "0.1.1"
    app.kubernetes.io/managed-by: Helm
spec:
   ipAddressPools:
     - release-name-ck-loadbalancer
---
# Source: ck-loadbalancer/templates/metallb/bgp-policy.yaml
apiVersion: "metallb.io/v1beta2"
kind: BGPPeer
metadata:
  name: release-name-ck-loadbalancer
  labels:
    helm.sh/chart: ck-loadbalancer-0.1.1
    app.kubernetes.io/name: ck-loadbalancer
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/version: "0.1.1"
    app.kubernetes.io/managed-by: Helm
spec:
  myASN: 64512
  neighbors:
    - peerASN: 65100
      peerAddress: 10.0.0.60
      peerPort: 179
---
# Source: ck-loadbalancer/templates/metallb/lb-ip-pool.yaml
apiVersion: "metallb.io/v1beta1"
kind: IPAddressPool
metadata:
  name: release-name-ck-loadbalancer
  labels:
    helm.sh/chart: ck-loadbalancer-0.1.1
    app.kubernetes.io/name: ck-loadbalancer
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/version: "0.1.1"
    app.kubernetes.io/managed-by: Helm
spec:
  addresses:
    - 192.168.10.0/24
---
# Source: ck-loadbalancer/templates/metallb/l2-policy.yaml
apiVersion: "metallb.io/v1beta1"
kind: L2Advertisement
metadata:
  name: release-name-ck-loadbalancer
  labels:
    helm.sh/chart: ck-loadbalancer-0.1.1
    app.kubernetes.io/name: ck-loadbalancer
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/version: "0.1.1"
    app.kubernetes.io/managed-by: Helm
spec:
  ipAddressPools:
    - release-name-ck-loadbalancer
  interfaces:
    - eth1

Potential improvements

When a user gets an IP for a service using bgp-mode=true, a BGPPeer and a BGPAdvertisement resource are created. If the user then sets bgp-mode=false, the BGPPeer and BGPAdvertisement resources will continue existing. When the user sets l2-mode=true, the service will successfully receive a IP using l2 mode.

From my testing this does not cause problems in terms of bugs or functionality but it could be nice to clean up when the config is changed.

[addyess]

Provided some thoughts to chew on. I think there's a bug in the cilium/l2-policy.yaml

[eaudetcobello]

Let me know if you have any ideas on what to do with gateway-api. Leave the script in hacks/ and run it from update-component-versions.py? @neoaggelos

[neoaggelos]

In addition, please add a comment with all the metallb images that are used.

k8s kubectl get node -o template='{{ range .items }}{{ .metadata.name }}{{":"}}{{ range .status.images }}{{ "\n- " }}{{ index .names 1 }}{{ end }}{{"\n"}}{{ end }}'

can help with this

[eaudetcobello]

MetalLB images:

• quay.io/metallb/speaker:v0.14.5
• quay.io/metallb/controller:v0.14.5

[eaudetcobello]

I added a description with an example values.yaml and the generated template.

[louiseschmidtgen]

Please rebase, there's changes with Contour.

[louiseschmidtgen]

Great work Etienne!

One last thing, please add all the images in use by metallb in the PR.

k8s kubectl get node -o template='{{ range .items }}{{ .metadata.name }}{{":"}}{{ range .status.images }}{{ "\n- " }}{{ index .names 1 }}{{ end }}{{"\n"}}{{ end }}'

Just add a comment or add it to your PR description please.
Additionally, please add a var with the image repo and the tag similar to here.

[louiseschmidtgen]

Another last comment :)
Please write a card to add some bgp integration tests in the future.

[eaudetcobello]

Great work Etienne!

One last thing, please add all the images in use by metallb in the PR.

k8s kubectl get node -o template='{{ range .items }}{{ .metadata.name }}{{":"}}{{ range .status.images }}{{ "\n- " }}{{ index .names 1 }}{{ end }}{{"\n"}}{{ end }}'

Just add a comment or add it to your PR description please. Additionally, please add a var with the image repo and the tag similar to here.

Already done but I can paste it again.

MetalLB images:

quay.io/metallb/speaker:v0.14.5
quay.io/metallb/controller:v0.14.5