Support Calico advertisement of MetalLB LoadBalancer IPs (#7593)

* add initial MetalLB docs * metallb allow disabling the deployment of the metallb speaker * calico>=3.18 allow using calico to advertise service loadbalancer IPs * Document the use of MetalLB and Calico * clean MetalLB docs
2026-02-20 20:50:12 -03:30 · 2021-05-12 15:22:17 +03:00
parent afbabebfd5
commit 14cf3e138b
9 changed files with 110 additions and 17 deletions
--- a/roles/kubernetes-apps/metallb/README.md
+++ b/roles/kubernetes-apps/metallb/README.md
@@ -1,17 +0,0 @@
-# Deploy MetalLB into Kubespray/Kubernetes
-
-MetalLB hooks into your Kubernetes cluster, and provides a network load-balancer implementation.
-In short, it allows you to create Kubernetes services of type "LoadBalancer" in clusters that
-don't run on a cloud provider, and thus cannot simply hook into paid products to provide load-balancers.
-This addon aims to automate [MetalLB in layer 2 mode](https://metallb.universe.tf/concepts/layer2/)
-or [MetalLB in BGP mode](https://metallb.universe.tf/concepts/bgp/).
-It deploys MetalLB into Kubernetes and sets up a layer 2 or BGP load-balancer.
-
-## Install
-
-In the default, MetalLB is not deployed into your Kubernetes cluster.
-You can override the defaults by copying the contents of roles/kubernetes-apps/metallb/defaults/main.yml
-to somewhere in inventory/mycluster/group_vars such as inventory/mycluster/groups_vars/k8s_cluster/addons.yml
-and updating metallb_enabled option to `true`.
-In addition you need to update metallb_ip_range option on the addons.yml at least for suiting your network
-environment, because MetalLB allocates external IP addresses from this metallb_ip_range option.
--- a/roles/kubernetes-apps/metallb/defaults/main.yml
+++ b/roles/kubernetes-apps/metallb/defaults/main.yml
@@ -6,6 +6,7 @@ metallb_port: "7472"
 metallb_limits_cpu: "100m"
 metallb_limits_mem: "100Mi"
 metallb_peers: []
+metallb_speaker_enabled: true
 metallb_speaker_nodeselector: {}
 metallb_controller_nodeselector: {}
 metallb_speaker_tolerations:
--- a/roles/kubernetes-apps/metallb/templates/metallb.yml.j2
+++ b/roles/kubernetes-apps/metallb/templates/metallb.yml.j2
@@ -47,6 +47,7 @@ spec:
  - secret
  - emptyDir
 ---
+{% if metallb_speaker_enabled %}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
@@ -85,6 +86,7 @@ spec:
  - configMap
  - secret
  - emptyDir
+{% endif %}
 ---
 apiVersion: v1
 kind: ServiceAccount
@@ -94,6 +96,7 @@ metadata:
  name: controller
  namespace: metallb-system
 ---
+{% if metallb_speaker_enabled %}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -101,6 +104,7 @@ metadata:
    app: metallb
  name: speaker
  namespace: metallb-system
+{% endif %}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -140,6 +144,7 @@ rules:
  verbs:
  - use
 ---
+{% if metallb_speaker_enabled %}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@@ -172,6 +177,7 @@ rules:
  - podsecuritypolicies
  verbs:
  - use
+{% endif %}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
@@ -220,6 +226,7 @@ subjects:
  name: controller
  namespace: metallb-system
 ---
+{% if metallb_speaker_enabled %}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@@ -234,6 +241,7 @@ subjects:
 - kind: ServiceAccount
  name: speaker
  namespace: metallb-system
+{% endif %}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -267,6 +275,7 @@ subjects:
 - kind: ServiceAccount
  name: speaker
 ---
+{% if metallb_speaker_enabled %}
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
@@ -353,6 +362,7 @@ spec:
      tolerations:
        {{ metallb_speaker_tolerations | to_nice_yaml(indent=2) | indent(width=8) }}
 {% endif %}
+{% endif %}
 ---
 apiVersion: apps/v1
 kind: Deployment