it-wiki:kubernetes:kube-vip_daemonset_ersatz_fuer_metallb
kube-vip DaemonSet als Ersatz für Metallb
kube-vip DaemonSet
Worker Nodes markieren.
kubectl label node worker1 node-role.kubernetes.io/worker="" kubectl label node worker2 node-role.kubernetes.io/worker=""
RBAC.yml
apiVersion: v1 kind: ServiceAccount metadata: name: kube-vip-lb namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: rbac.authorization.kubernetes.io/autoupdate: "true" name: system:kube-vip-role rules: - apiGroups: [""] resources: ["services/status"] verbs: ["update"] - apiGroups: [""] resources: ["services", "endpoints"] verbs: ["list","get","watch", "update"] - apiGroups: [""] resources: ["nodes"] verbs: ["list","get","watch", "update", "patch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["list", "get", "watch", "update", "create"] - apiGroups: ["discovery.k8s.io"] resources: ["endpointslices"] verbs: ["list","get","watch", "update"] - apiGroups: [""] resources: ["pods"] verbs: ["list"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: system:kube-vip-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:kube-vip-role subjects: - kind: ServiceAccount name: kube-vip-lb namespace: kube-system
daemonset.yml
apiVersion: apps/v1 kind: DaemonSet metadata: name: kube-vip-lb namespace: kube-system spec: selector: matchLabels: app: kube-vip-lb template: metadata: labels: app: kube-vip-lb spec: containers: - name: kube-vip-lb image: ghcr.io/kube-vip/kube-vip:v0.9.0 args: - manager env: - name: vip_arp value: "true" - name: vip_nodename valueFrom: fieldRef: fieldPath: spec.nodeName - name: vip_interface value: ens3 - name: vip_cidr value: "32" - name: dns_mode value: first - name: svc_enable value: "true" - name: svc_leasename value: plndr-svcs-lock - name: vip_leaderelection value: "true" - name: vip_leasename value: plndr-cp-lock - name: vip_leaseduration value: "60" - name: vip_renewdeadline value: "45" - name: vip_retryperiod value: "15" - name: lb_enable value: "true" imagePullPolicy: IfNotPresent resources: {} securityContext: capabilities: add: - NET_ADMIN - NET_RAW hostNetwork: true serviceAccountName: kube-vip-lb # Nur auf Worker Nodes laufen: nodeSelector: node-role.kubernetes.io/worker: "" tolerations: - operator: Exists
Service Manifest als Beispiel
svc-homepage.yml
apiVersion: v1 kind: Service metadata: creationTimestamp: null labels: app: svc-homepage name: svc-homepage namespace: webserver spec: allocateLoadBalancerNodePorts: false loadBalancerIP: <dig ingress-<userid>.training.lab> ports: - name: "80" port: 80 protocol: TCP targetPort: 80 selector: run: nginx type: LoadBalancer status: loadBalancer: {}
it-wiki/kubernetes/kube-vip_daemonset_ersatz_fuer_metallb.txt · Zuletzt geändert: von marko