Deploy HA k3s with kube-vip and MetalLB using k3sup

k3s.md

Prerequisites

kubectl

Install the required tools for deploying and controlling k3s.

Installation Docs:

# Download
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"

# Checksum
curl -LO "https://dl.k8s.io/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl.sha256"
echo "$(cat kubectl.sha256)  kubectl" | sha256sum --check

# Install
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl

k3sup

Installation Docs

# Download
curl -sLS https://get.k3sup.dev | sh

# Install
sudo install k3sup /usr/local/bin/

Nodes

Requirements:

• Static IP address
• SSH key copied over
• Sudo setup for no password %sudo ALL=(ALL:ALL) NOPASSWD: ALL

Deploy First Master Node

Requirements & Information needed:

• IP Address of node: --ip = 192.168.0.161 (dust-01)
• IP Address to be used by kube-vup: --tls-san = 192.168.0.160
• User with sudo priviledges: --user ross

Deploy k3s:

Note: Ensure $HOME/.kube/ folder exists

k3sup install \
--ip 192.168.0.161 \
--tls-san 192.168.0.160 \
--cluster \
--k3s-channel latest \
--k3s-extra-args "--disable servicelb" \
--local-path $HOME/.kube/config \
--user ross

kube-config will be saved to $HOME/.kube/config for use with kubectl.

Deploy kube-vip DaemonSet

Installation Docs

Requirements & Information needed:

• IP Address to be used by kube-vup: --address 192.168.0.160
• Network interface (check with ip a): --interface eth0

Apply RBAC

kubectl apply -f https://kube-vip.io/manifests/rbac.yaml

Pull image and create alias

SSH into first master node and do these steps as root

ssh 192.168.0.161

# Pull image - Check latest version on github or refer to docs.
ctr image pull ghcr.io/kube-vip/kube-vip:v0.4.4

# Create alias
alias kube-vip="ctr run --rm --net-host ghcr.io/kube-vip/kube-vip:v0.4.4 vip /kube-vip"

Generate and deploy manifest

kube-vip manifest daemonset \
--interface eth0 \
--address 192.168.0.160 \
--inCluster \
--taint \
--controlplane \
--arp \
--leaderElection | tee /var/lib/rancher/k3s/server/manifests/kube-vip.yaml

This should autodeploy because the manifest is copied to the k3s/server folder.

Modify kubeconfig.yml

Modify kubeconfig and change the server IP address to that used by kube-vip 192.168.0.160.

Deploy Addtional Master Nodes

Requirements & Information needed:

• IP Address of new master nodes:
  • --ip = 192.168.0.162 (dust-02)
  • --ip = 192.168.0.163 (dust-03)
• IP address used by kube-vip: --server-ip 192.168.0.160
• User with sudo priviledges: --user ross

Deploy k3s to additional master nodes & join cluster:

Note --server flag is used

k3sup join \
--ip 192.168.0.162 \
--server-ip 192.168.0.160 \
--server \
--k3s-channel latest \
--user ross

Check nodes are up

kubectl get nodes

Add Worker Nodes

Requirements & Information needed:

• IP Address of new worker nodes:
  • --ip = 192.168.0.164 (dust-04)
  • --ip = 192.168.0.165 (dust-05)
• IP address used by kube-vip: --server-ip 192.168.0.160
• User with sudo priviledges: --user ross

Deploy k3s to additional master nodes & join cluster:

k3sup join \
--ip 192.168.0.164 \
--server-ip 192.168.0.160 \
--k3s-channel latest \
--user ross

Check nodes are up

kubectl get nodes

Deploy and Configure MetalLB

Installation Docs

Install manifests

# Create namespace (metallb-system)
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/namespace.yaml

# Deploy metallb
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/metallb.yaml

Create ConfigMap

Create config.yml as below, modify addresses to be the range of IP addresses MetalLb can hand out.

# config.yml
apiVersion: v1
kind: ConfigMap
metadata:
  namespace: metallb-system
  name: config
data:
  config: |
    address-pools:
    - name: default
      protocol: layer2
      addresses:
      - 192.168.0.170-192.168.0.180

Deploy ConfigMap

kubectl apply -f config.yml

Check MetalLb is running

kubectl get ds -n metallb-system

Test Deployment using Nginx

Create manifests

# deployment.yml
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 3
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
        - name: nginx
          image: nginx:alpine
          ports:
            - containerPort: 80

# service.yml
---
apiVersion: v1
kind: Service
metadata:
  name: nginx
spec:
  selector:
    app: nginx
  ports:
    - port: 80
      targetPort: 80
  type: LoadBalancer

Deploy manifests

kubectl apply -f deployment.yml

kubectl apply -f service.yml

Check IP address assigned by Metal-LB

kubectl describe service nginx

Check accessible

# ip address handed out by MetalLB from describe service above
curl 192.168.0.XXX 

Teardown

kubectl delete deployment,service nginx

Resources and Thanks

Thanks to:

• adrian (dot) goins
• Alex Ellis
• Techno Tim

Hi, just question why would you use kube-vip and metallb together when they do the same work and act as Loadbalancers? Trying to figure out why.

Thank you.

Hi, just question why would you use kube-vip and metallb together when they do the same work and act as Loadbalancers? Trying to figure out why.

Thank you.

I Think Kube-vip is used originally as a control plane load balancer/ HA fail over mechanism for the k3s cluster using leader election, while metallb is used as a service load balancer for the services of type LoadBalancer (actual workloads).

you can install the kube-vip cloud controller instead of metal-lb for the same functionality "service Load Balancer"