![\"Kubernetes](\"https:\/\/collabnix.com\/wp-content\/uploads\/2019\/08\/metallb-1024x560.png\")
<\/figure>\r\n<\/p>\r\n\r\n\r\n\r\n\r\n\r\n
Basic understanding first..!<\/h2>\r\n\r\n\r\n\r\n
Q. <\/strong>What makes it possible to automatically attach an external LoadBalancing Solution (like AWS-ELB<\/strong>) to an underlying cloud-provider (like AWS<\/strong>) with a service object of type: LoadBalancer<\/strong><\/em> in Kubernetes, as shown below?<\/p>\r\n \r\n\r\n<\/p>\r\n Example:<\/strong><\/p>\r\n \r\n\r\n<\/p>\r\n \r\n\r\n<\/p>\r\n It’s the Kubernetes “cloud-controller-manager<\/strong><\/em>“. This is where the magic happens. It is not an easy task to develop a Kubernetes core while integrating it with the cloud platform it is going to run on simultaneously. Moreover, it is also not practical since the development of the Kubernetes project and cloud platform are at a different pace. To overcome such real-world issues, a daemon called Cloud Controller Manager(CCM<\/a>)<\/strong> was introduced that embeds cloud-specific control loops in the Kubernetes setup. CCM<\/strong> can be linked to any cloud provider as long as two conditions are satisfied: the cloud provider has a CloudProviderInterface<\/strong> (CPI<\/a>) and the core CCM package has support for the said cloud provider. But, as of now, this is true for very few providers:<\/p>\r\n\r\n\r\n\r\n List: providors.go<\/a><\/p>\r\n\r\n\r\n\r\n \r\n\r\n<\/p>\r\n My case is the one without CCM since my datacenter (OpenNebula) doesn’t fall under the supported category nor does it provides any custom CCM support, like DigitalOcean<\/strong> does. To read more look at the digitalocean-cloud-controller-manager<\/a> page.<\/p>\r\n<\/div>\r\n<\/div><\/div>\r\n \r\n\r\n<\/p>\r\n \r\n\r\n<\/p>\r\n Luckily we have two very promising solutions available. They are:<\/p>\r\n \r\n\r\n<\/p>\r\n \r\n\r\n<\/p>\r\n \r\n\r\n<\/p>\r\n \r\n\r\n<\/p>\r\n Enters\u00a0 \r\n\r\n<\/p>\r\n \r\n\r\n<\/p>\r\n The latter is simpler because it works with almost any layer 2 network without further configuration. In ARP mode, Metallb is quite simple to configure. We just have to give it a bunch of IP’s to use and we are good to go.<\/p>\r\n \r\n\r\n<\/p>\r\n The deployment manifests are available here<\/a>. To configure the IP addresses we need to go\u00a0with a\u00a0ConfigMap<\/em><\/a>.<\/p>\r\n \r\n\r\n<\/p>\r\n \r\n\r\n<\/p>\r\n \r\n\r\n<\/p>\r\n \r\n\r\n<\/p>\r\n We will also need to generate a secret to secure<\/strong> Metallb components’ communication, this can be done using\u00a0this<\/a> command\u00a0to generate the Kubernetes secret yaml:<\/p>\r\n<\/div>\r\n<\/div><\/div>\r\n \r\n\r\n<\/p>\r\n \r\n\r\n<\/p>\r\n Once everything is deployed you should see your pods inside the\u00a0 \r\n\r\n<\/p>\r\n \r\n\r\n<\/p>\r\n WOoooo… !! Congratulation it’s all set and ready to be tested.<\/p>\r\n \r\n\r\n<\/p>\r\n \r\n\r\n<\/p>\r\n <\/p>\r\n Try creating any kubernetes service with type: LoadBalancer and you will be assigned an ExternalIP. But this is not all. Further, we might have to do some NATting<\/strong> since the ExternalIP (Range: 10.12.0.200-10.12.0.220 ), in the manifest above, is within a private network. This can be done in either of the two ways, if there is a NAT service option in our cloud provider’s (Local Data Center) Management UI, we can simply do the mapping there, else, we can log in to our router and write the NATting rules there.<\/p>\r\n \r\n\r\n<\/p>\r\n \r\n\r\n<\/p>\r\n \r\n\r\n<\/p>\r\n I carried out testing to make sure there would be no performance penalties.<\/p>\r\n \r\n\r\n<\/p>\r\n \r\n\r\n<\/p>\r\n \r\n\r\n<\/p>\r\n \r\n\r\n<\/p>\r\n Two web applications were deployed, one with state and a database; the other, stateless, roughly simulating our workloads. Their traffic was exposed to NGINX ingress, and NGINX ingress service was set to type LoadBalancer with a MetalLB IP attached. I used locust.io<\/a> to simulate traffic to web applications.<\/p>\r\n \r\n\r\n<\/p>\r\n The goal was to see if taking a node down would cause downtime or network instability.<\/p>\r\n \r\n\r\n<\/p>\r\n \r\n\r\n<\/p>\r\n \r\n\r\n<\/p>\r\n \r\n\r\n<\/p>\r\n \r\n\r\n<\/p>\r\n \r\n\r\n<\/p>\r\n \r\n\r\n<\/p>\r\n \r\n\r\n<\/p>\r\n \r\n\r\n<\/p>\r\n Read more: https:\/\/github.com\/kubesphere\/porter<\/a><\/p>\r\n \r\n\r\n<\/p>\r\n \r\n\r\n<\/p>\r\n Apparently, both Porter and MetalLB are similar, both are service proxy, and are equipped with support for baremetal<\/strong> kubernetes clusters.<\/p>\r\n \r\n\r\n<\/p>\r\n \r\n\r\n<\/p>\r\n I have personally tested Metallb in the production environment in various datacenters one such is: Alibaba(UAE Region)<\/strong> and even on public-cloud like AWS<\/strong>. It’s amazing. Mostly, in my environment, I have an ingress that routes all the external traffic within my cluster, and an external_ip is attached to it.<\/p>\r\n \r\n\r\n<\/p>\r\n For more interesting Kubernetes updates and problem statements, follow me on:<\/p>\r\n \r\n\r\n<\/p>\r\n Linkedin<\/a><\/p>\r\n<\/div>\r\n<\/div><\/div>\r\n \r\n\r\n<\/p>\r\n Thank you all..!<\/p>\r\n Opstree is an End to End DevOps solution provider<\/p>\r\n CONTACT US<\/a><\/p>\r\n <\/p>\r\n <\/p>","protected":false},"excerpt":{"rendered":" Problem Statement..? Most of us, who have used Kubernetes with a public cloud, have created a cloud loadbalancer as well. Ever thought about how can this be achieved in a Private Data Center. The easiest way would be to use the concept of Node Port and expose our services with it. In this blog, however, … Continue reading “Kubernetes Diary – Software LoadBalancer”<\/span><\/a><\/p>\n","protected":false},"author":181194697,"featured_media":29900,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[28070474],"tags":[768739309,96903315,219611],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/opstree.com\/blog\/wp-content\/uploads\/2025\/11\/DevSecOps-1.jpg","jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pfDBOm-18l","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/posts\/4361"}],"collection":[{"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/users\/181194697"}],"replies":[{"embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/comments?post=4361"}],"version-history":[{"count":28,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/posts\/4361\/revisions"}],"predecessor-version":[{"id":30834,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/posts\/4361\/revisions\/30834"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/media\/29900"}],"wp:attachment":[{"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/media?parent=4361"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/categories?post=4361"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/tags?post=4361"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}apiVersion: v1\r\nkind: Service\r\nmetadata:\r\n name: example-service\r\nspec:\r\n selector:\r\n app: example\r\n ports:\r\n - port: 8765\r\n targetPort: 9376\r\ntype: LoadBalancer<\/pre>\r\n
Solution:<\/strong><\/h5>\r\n\r\n\r\n\r\n
\r\n
Architecture with the cloud controller manager (CCM):<\/h5>\r\n\r\n\r\n\r\n
![\"\"](\"https:\/\/i.imgur.com\/eZK0HZ7.png\")
<\/figure>\r\n<\/div>\r\n\r\n\r\n\r\nThe architecture of a Kubernetes cluster without the cloud controller manager (CCM):<\/h5>\r\n\r\n\r\n\r\n
![\"\"](\"https:\/\/i.imgur.com\/yzrbLX9.png\")
<\/figure>\r\n<\/div>\r\n\r\n\r\n\r\nSo how do we create a LoadBalancer type service object if we don’t support custom CCM (cloud-controller-manager<\/strong>)?<\/h2>\r\n
\r\n
MetalLb:<\/h2>\r\n
![\"\"](\"https:\/\/banzaicloud.com\/blog\/load-balancing-on-prem\/metallb-l2.gif\")
<\/figure>\r\nMetallb<\/code>\u00a0which can provide virtual load balancer in two modes:<\/p>\r\n\r\n
metallb-configmap.yml<\/pre>\r\n
apiVersion: v1\r\nkind: ConfigMap\r\nmetadata:\r\n namespace: metallb-system\r\n name: config\r\ndata:\r\n config: |\r\n address-pools:\r\n - name: default\r\n protocol: layer2\r\n addresses:\r\n - 10.12.0.200-10.12.0.220<\/pre>\r\n
kubectl apply -f metallb-configmap.yml<\/code><\/pre>\r\nkubectl create secret generic -n metallb-system memberlist --from-literal=secretkey=\"$(openssl rand -base64 128)\" -o yaml --dry-run=client > metallb-secret.yaml\r\n<\/pre>\r\n
metallb-system<\/code>\u00a0namespace:<\/p>\r\nNAME READY STATUS RESTARTS AGE\r\ncontroller-57f648cb96-tvr9q 1\/1 Running 0 3d6h\r\nspeaker-uj78g 1\/1 Running 0 3d6h\r\nspeaker-y7iu6 1\/1 Running 0 3d6h\r\nspeaker-ko09j 1\/1 Running 0 3d6h\r\nspeaker-de43w 1\/1 Running 0 3d6h\r\nspeaker-gt654 1\/1 Running 0 3d6h\r\nspeaker-asd32 1\/1 Running 0 3d6h\r\nspeaker-a43de 1\/1 Running 0 3d6h\r\nspeaker-df54r 1\/1 Running 0 3d6h\r\nspeaker-lo78h 1\/1 Running 0 3d6h\r\nspeaker-hj879 1\/1 Running 0 3d6h<\/pre>\r\n
![\"K8s,](\"https:\/\/virtualthoughts.blob.core.windows.net\/uploads\/2019\/10\/MetalLB.png\")
<\/figure>\r\nTesting phase<\/strong><\/h2>\r\n
![\"What](\"https:\/\/www.objectif-libre.com\/wp-content\/uploads\/2019\/05\/archi-300x223.png\")
<\/figure>\r\nInfra Configuration:<\/h5>\r\n
\r\n
Workload:<\/h5>\r\n
Test procedure followed:<\/h5>\r\n
![\"\"](\"https:\/\/uploads-ssl.webflow.com\/5ea88781be15eaddffecc8d7\/5ee9ec2b18b46500f0aff078_Jirle8n2GRHAdzpohvchobbgX7ywIAHM8g5nRLr-sAOvdE5eEV31_MZdPaF58hEzp-wJni2jVhw2TrvjQvQ19CHCdhN_48iwIhJ12Nm63P5S-hFuzDYAf00eL5HFIxqpQuy9DJmC.jpeg\")
<\/figure>\r\nPorter:<\/h2>\r\n
\r\n
![\"logo\"](\"https:\/\/github.com\/kubesphere\/porter\/raw\/master\/doc\/img\/porter-logo.png\"){kind=logo}
<\/figure>\r\n<\/li>\r\n<\/ul>\r\n<\/div>\r\nCore Features<\/h5>\r\n
\r\n
Deployment Architecture<\/h5>\r\n
![\"porter](\"https:\/\/github.com\/kubesphere\/porter\/raw\/master\/doc\/img\/porter-deployment.png\")
<\/figure>\r\nSimilarity\/difference between these two:<\/h3>\r\n
Summary:<\/h2>\r\n