Kube-vip as a Static Pod
In Hybrid mode kube-vip
will manage a virtual IP address that is passed through it's configuration for a Highly Available Kubernetes cluster, it will also "watch" services of type:LoadBalancer
and once their spec.LoadBalancerIP
is updated (typically by a cloud controller) it will advertise this address using BGP/ARP.
The "hybrid" mode is now the default mode in kube-vip
from 0.2.3
onwards, and allows both modes to be enabled at the same time.
Generating a Manifest
This section details creating a number of manifests for various use cases
Set configuration details
export VIP=192.168.0.40
export INTERFACE=<interface>
Configure to use a container runtime
The easiest method to generate a manifest is using the container itself, below will create an alias for different container runtimes.
containerd
alias kube-vip="ctr run --rm --net-host docker.io/plndr/kube-vip:0.2.3 vip /kube-vip"
Docker
alias kube-vip="docker run --network host --rm plndr/kube-vip:0.2.3"
ARP
This configuration will create a manifest that starts kube-vip
providing controlplane and services management, using leaderElection. When this instance is elected as the leader it will bind the vip
to the specified interface
, this is also the same for services of type:LoadBalancer
.
export INTERFACE=eth0
kube-vip manifest pod \
--interface $INTERFACE \
--vip $VIP \
--controlplane \
--services \
--arp \
--leaderElection
BGP
This configuration will create a manifest that will start kube-vip
providing controlplane and services management. Unlike ARP, all nodes in the BGP configuration will advertise virtual IP addresses.
Note we bind the address to lo
as we don't want multiple devices that have the same address on public interfaces. We can specify all the peers in a comma seperate list in the format of address:AS:password:multihop
.
export INTERFACE=lo
kube-vip manifest pod \
--interface $INTERFACE \
--vip $VIP \
--controlplane \
--services \
--bgp \
--bgppeers 192.168.0.10:65000::false,192.168.0.11:65000::false
BGP with Packet
We can enable kube-vip
with the capability to pull all of the required configuration for BGP by passing the --packet
flag and the API Key and our project ID.
kube-vip manifest pod \
--interface $INTERFACE\
--vip $VIP \
--controlplane \
--services \
--bgp \
--packet \
--packetAPI xxxxxxx \
--packetProjectID xxxxx
Deploy your Kubernetes Cluster
First node
sudo kubeadm init \
--kubernetes-version 1.19.0 \
--control-plane-endpoint $VIP \
--upload-certs
Additional Node(s)
Due to an oddity with kubeadm
we can't have our kube-vip
manifest present before joining our additional nodes. So on these control plane nodes we will add them first to the cluster.
sudo kubeadm join $VIP:6443 \
--token w5atsr.blahblahblah
--control-plane \
--certificate-key abc123
Once, joined these nodes can have the same command that we ran on the first node to populate the /etc/kubernetes/manifests/
folder with the kube-vip
manifest.
Services
At this point your kube-vip
static pods will be up and running and where used with the --services
flag will also be watching for Kubernetes services that they can advertise. In order for kube-vip
to advertise a service it needs a CCM or other controller to apply an IP address to the spec.LoadBalancerIP
, which marks the loadbalancer as defined.