Skip to content

MetalLB Service Installation Guide

This document describes the process of installing and configuring MetalLB on a Kubernetes cluster, enabling external access to the RDAF Platform’s application services.

1.Pre-requisites

  • Ensure you have the CLI version 1.4.1.1. Verify that the installation or upgrade of the registry is successful.

  • Check if the namespace rda-fabric exists, using the command given below 

kubectl get namespaces
  • create namespace rda-fabric using the below given command if it doesn't exist.
kubectl create namespace rda-fabric

  • The Kubernetes cluster's kube-proxy service should be configured with IPVS settings, enabling strict ARP. Enabling strictARP: true ensures that kube-proxy in IPVS mode correctly handles ARP responses for services with virtual IPs, preventing traffic from being sent to the wrong node.

  • Run the following command to edit the configmap of kube-proxy service.

kubectl edit configmap kube-proxy -n kube-system
  • Modify strictARP and set to true, and save the changes.
ipvs:
  excludeCIDRs: null
  minSyncPeriod: 0s
  scheduler: ""
  strictARP: true
  syncPeriod: 0s
  tcpFinTimeout: 0s
  • Run the following command to apply the change to kube-proxy service
kubectl -n kube-system rollout restart ds kube-proxy
  • Run the following command to verify all of the kube-proxy pods are restarted
kubectl get pods -n kube-system

2. Extract MetalLB Installation File

  • Download the metallb installation file from the following link
wget https://macaw-amer.s3.us-east-1.amazonaws.com/releases/rdaf-platform/1.4.1/metallb-installation.tar.gz
  • Untar the file using below command
tar -zxvf metallb-installation.tar.gz

3. Configure IP Address Pool

  • Edit the ipaddresspool.yaml file inside the extracted metallb-installation directory
cd metallb-installation

Replace the IP placeholder (${IP}) with the actual VIP (Virtual IP) address of RDAF Platform.

vi ipaddresspool.yaml

apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
  name: first-pool
spec:
  addresses:
    - ${IP}-${IP}
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
  name: example
spec:
  ipAddressPools:
    - first-pool

  • And add the Virtual IP as shown below. In this example, 192.168.109.21 used as Virtual IP for a reference only.
vi ipaddresspool.yaml
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
  name: first-pool
spec:
  addresses:
    - 192.168.109.21-192.168.109.21
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
  name: example
spec:
  ipAddressPools:
    - first-pool

4. Configure Metallb Helm Values

  • Open metallb-values.yaml and change the replica
vi metallb-values.yaml

  tag:
  pullPolicy:
strategy:
  type: RollingUpdate
replicas: ${REPLICAS}
serviceAccount:
  create: true
  name: ""
  annotations: {}
securityContext:
  runAsNonRoot: true
  runAsUser: 65534
  fsGroup: 65534
resources: {}
nodeSelector:
  rdaf_infra_haproxy: allow
labels:
  app: rda-fabric-services
  app_category: rdaf-infra
  app_component: rda-metallb
livenessProbe:
  enabled: true
  failureThreshold: 3
  initialDelaySeconds: 10
  periodSeconds: 10
  successThreshold: 1
  timeoutSeconds: 1
readinessProbe:
  • Replica value should be 1 for standalone and 2 for HA
vi metallb-values.yaml
rbac:
  create: true
controller:
  enabled: true
  logLevel: info
  image:
    repository: quay.io/metallb/controller
    tag:
    pullPolicy:
  strategy:
    type: RollingUpdate
  replicas: 2
serviceAccount:
  create: true

5. Label Required RDAF Kubernetes Worker Nodes

  • Add the following node labels to the Kubernetes worker node where the current HAProxy instances are running:

rdaf_infra_haproxy=allow

rdaf_infra_services=allow

Run the command below get the RDAF Infra VM IPs on which the current HAProxy instances are running.

rdafk8s infra status | grep haproxy

Run the following command to list the current Kubernetes worker nodes along with their names and IP addresses:

kubectl get nodes -o wide

Run the following command to add the node labels.

kubectl label node <k8s_worker_node_name1> rdaf_infra_haproxy=allow
kubectl label node <k8s_worker_node_name1> rdaf_infra_services=allow

kubectl label node <k8s_worker_node_name2> rdaf_infra_haproxy=allow
kubectl label node <k8s_worker_node_name2> rdaf_infra_services=allow

Run the following command to verify the Node labels are applied.

kubectl get nodes --show-labels | grep rdaf_infra_haproxy

6. Install MetallB Using Helm

  • Navigate to the metallb-installation directory. List the contents of the directory using below given command 
cd metallb-installation
  • To verify the necessary files are present, use the ls command:
ls
  • User should see the following files
ipaddresspool.yaml  metallb-values.yaml  rda-metallb
  • Execute the Helm installation command below to deploy MetalLB using the provided values file:
helm install rda-metallb -n rda-fabric ./rda-metallb/ -f metallb-values.yaml

helm install rda-metallb -n rda-fabric ./rda-metallb/ -f metallb-values.yaml
NAME: rda-metallb  
LAST DEPLOYED: Thu May 15 14:58:29 2025  
NAMESPACE: rda-fabric  
STATUS: deployed  
REVISION: 1  
TEST SUITE: None  
NOTES:  
MetalLB is now running in the cluster.

Now you can configure it via its CRs. Please refer to the metallb official docs on how to use the Crs
kubectl get po -n rda-fabric | grep metallb
rda-metallb-controller-579b4967cf-vc59j   1/1   Running   0   23s  
rda-metallb-speaker-4g7cz                 2/4   Running   0   23s  
rda-metallb-speaker-k9lmf                 4/4   Running   0   23s  
rda-metallb-speaker-nxfnr                 0/4   PodInitializing   0   23s
kubectl get po -n rda-fabric | grep metallb
rda-metallb-controller-579b4967cf-vc59j   1/1   Running   0   25s  
rda-metallb-speaker-4g7cz                 2/4   Running   0   25s  
rda-metallb-speaker-k9lmf                 4/4   Running   0   25s  
rda-metallb-speaker-nxfnr                 4/4   Running   0   25s