-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Does Calico support Advanced Layer 2 within Metallb or Just BGP ? #6789
Comments
BGP should work but I'm not sure if Calico supports Metallb Layer 2 mode. @caseydavenport may know? |
It's not something that we have tested ourselves I'm afraid. I believe I have spoken to users who have done this, but I can't recall very clearly. If you try it, please report back and let us know what you find. |
will do , waiting on external network team to enable and provide subnets |
I can tell that for IPv4, I got it working with Layer2 config. For metallb, just make sure it has an L2Advertisement, next to IPAddressPool. I just have problems with IPv6. Only every third request has success. I will report as soon, as I have a solution. |
@jonahbohlmann could you please share your configuration for MelalLB Layer2 and Calico? Do you have several interfaces in your cluster node? I have an issue metallb/metallb#610 (comment) and cannot make it work. |
@caseydavenport, @deeco, @song-jiang: had you a chance to test that? |
@zentavr this is my IPPool in Calico:
For metallb IPAddressPool I have this:
And then my L2 Advertisement for Metallb:
On production I just have one interface. But with vagrant for local tests I have two (one for nat, one for internal). The same configuration, I think nothing changed. Maybe kubespray does some magic around, I can't tell you right now. |
@jonahbohlmann if you have more than one interfaces, source base routing configuration is required as well. |
Is there currently any working solution when using the second interface for public traffic? I am trying to get it running since days without any luck. |
@OLED1 check this issue: |
So it's not supported then? @caseydavenport is it possible to provide a definitive answer? It looks like @jonahbohlmann is leveraging MetalLB Speaker to announce his L2 pool, not Calico. |
My answer hasn't changed much here - MetalLB in L2 mode is something I have heard many users have set up, but I do not have much experience with it myself and it's not a configuration that is part of our standard test matrix. Most Calico users in my experience opt for BGP advertisement instead, which is supported. I'd say give it a try, and if it works that's great. If not, I'm happy to discuss and review any reasonable PRs to make the integration better. I don't have time to take that on myself, I'm afraid. |
Expected Behavior
Can connect to external IP on Load Balancer
Current Behavior
Unable to connect to external assigned Loadbalancer IP from outside cluster
Can connect to LoadBalancer IP from within the control plane and worker nodes , unable to connect from outside even in same vlan or lan
Possible Solution
Network Policy but only see BGP as supported here https://projectcalico.docs.tigera.io/security/services-cluster-ips
Steps to Reproduce (for bugs)
Context
Trying to connect to ingress in cluster from LAN in Vanilla k8s v1.23.5
Your Environment
The text was updated successfully, but these errors were encountered: