I’ve been tinkering with a number of different Kubernetes platforms again and the relative complication of external networking for deployed Kubernetes applications remains real. In the Public Cloud world, services such as EKS, GKE and AKS all have some form of external networking built into the offerings and VMware’s Tanzu can rely on NSX-T, HAProxy and more recently AVI Networks to bridge the gap between what is happening on the inside of a Kubernetes deployment and how to get applications published with some level of ease and resiliency to the outside.
There is a reason why there are a million posts on how to expose the Kubernetes Dashboard when deploying to a BareOS server like Ubuntu or CentOS… it’s not straight forward.
Today I came across MetalLB
Kubernetes does not offer an implementation of network load-balancers (Services of type LoadBalancer) for bare metal clusters. The implementations of Network LB that Kubernetes does ship with are all glue code that calls out to various IaaS platforms (GCP, AWS, Azure…). If you’re not running on a supported IaaS platform (GCP, AWS, Azure…), LoadBalancers will remain in the “pending” state indefinitely when created. Bare metal cluster operators are left with two lesser tools to bring user traffic into their clusters, “NodePort” and “externalIPs” services. Both of these options have significant downsides for production use, which makes bare metal clusters second class citizens in the Kubernetes ecosystem.
Thanks to Platform9, I came across MetalLB, which aims to correct the imbalance by offering a Network LB implementation that integrates with standard network equipment, so that external services on BareOS clusters just work as much as possible. I had MetalLB deployed into a relatively fresh single node Kubernetes Cluster in under 5 minutes as was able to expose applications through the services command without any issue. All I needed was a pre-allocated block (no need specifically for CIDR) of IP addresses and that was pretty much it.
There are a few more advanced scenarios that can be used, including BGP support… but for the purposes of quick and easy access to services deploying inside a cluster, this is as easy as it gets!
Quick Install and Config Demo