Skip to content

Configuring MetalLB

  • hosting
  • server
  • servers
  • infrastructure
  • kubernetes

## Router Configuration

Each router has it's own method of configuration, therefor I will not detail it here. I will at least cover the basics though.

To setup MetalLB the Router needs to have BGP configured, and will set explicit ip addresses that are allowed to update the routing tables. This means each node in the kubernetes cluster must have a static IP address. Once that's set a secret key must be created, along with setting an ASN number. When these are all configured MetalLB can be configured. FRR(Fast ReRoute) is used to reduce downtime.

## Read the manual The MetalLB official website covers in great detail the setup. I'm going to dump my configurations below mostly for my reference.

apiVersion: metallb.io/v1beta1
kind: BGPAdvertisement
metadata:
  name: cisco3750x
  namespace: metallb-system
spec:
  aggregationLength: 32
  aggregationLengthV6: 128
  ipAddressPools:
    - first-pool


apiVersion: metallb.io/v1beta2
kind: BGPPeer
metadata:
  name: cisco3750x
  namespace: metallb
spec:
  bfdProfile: cisco3750x-bfd-profile
  disableMP: false
  holdTime: 1m30s
  keepaliveTime: 0s
  myASN: 64512
  passwordSecret:
    name: metallb-bgp-secret
  peerASN: 64512
  peerAddress: 192.168.1.77
  peerPort: 179


apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
  name: first-pool
  namespace: metallb
spec:
  addresses:
    - 192.168.94.10-192.168.94.250
    - fd60:2::1:0-fd60:2::ffff:ffff
  autoAssign: true
  avoidBuggyIPs: false

apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
  name: metal-l2-advertise
  namespace: metallb
spec:
  ipAddressPools:
    - first-pool

apiVersion: v1
data:
  config: |
    peers:
    - my-asn: 64512
      peer-asn: 64512
      peer-address: 192.168.1.77
kind: ConfigMap
metadata:
  name: config
  namespace: metallb


apiVersion: v1
data:
  password: SecretPasswordChangeThisFR
  username: your-username
kind: Secret
metadata:
  name: metallb-bgp-secret
  namespace: metallb
type: kubernetes.io/basic-auth

Cisco 3750x Configuration

cisco(config)#router bgp 64512
cisco(config-router)#address-family ipv6 unicast
% IPv6 routing not enabled
cisco(config-router)#exit
cisco(config)#ipv6 unicast-routing
cisco(config)#router bgp 64512
cisco(config-router)#address-family ipv6 unicast
cisco(config-router)#address-family ipv4 unicast
cisco(config-router)#neighbor 192.168.22.133 remote-as 64512
cisco(config-router)#neighbor 192.168.22.134 remote-as 64512
cisco(config-router)#neighbor 192.168.22.135 remote-as 64512
cisco(config-router)#neighbor 192.168.22.136 remote-as 64512
cisco(config-router)#neighbor 192.168.22.137 remote-as 64512
cisco(config-router)#$neighbor 192.168.22.137 password SecretPasswordChangeThisFR
cisco(config-router)#$neighbor 192.168.22.136 password SecretPasswordChangeThisFR
cisco(config-router)#$neighbor 192.168.22.135 password SecretPasswordChangeThisFR
cisco(config-router)#$neighbor 192.168.22.134 password SecretPasswordChangeThisFR
cisco(config-router)#$neighbor 192.168.22.133 password SecretPasswordChangeThisFR