Allocated external-ip of LB can not be reached outside cluster

[xuchengli]

I installed metallb follow by doc: https://metallb.universe.tf/installation/, after installed successfully I deployed test nginx deployment and LoadBalancer service, the service has allocated a external-ip by metallb. I can access the nginx service inside cluster(include master and worker node) by curl, like: curl http://<external-ip>, but outside the cluster, I can not curl to the nginx service, show error: curl: (7) Failed to connect to <external-ip> port 80: no route to the host. Has anyone had this problem?

My k8s version is: v1.20.11, metallb version is: v0.11.0

[Oleksii Fominykh]

I have the same issue.

 Metallb doesn't add this IP to the node network interface.

[Elias Morais Pereira]

It occurs in my config as well.

Did you solve it?

[IlluminateS]

This is known for the cloud deployments and the solution would be to have a secondary IP ( available for example AWS ) run traefik ( https://www.traefik.io ) as LoadBalancer and balance the traffic with ingressroutes to the services. still you can use the metallb as NFS server internal . In PfSense on a virtualisation like VMWare/ProxMox this must work with metallb..  at least it works at me like a charm

[Elias Morais Pereira]

Hello Christian,

I use it in baremetal; my k8s nodes are in a proxmox.

How did you make it work with public IP?

[IlluminateS]

Hey Elias,

You need a router/firewall like PFsense in front which has a public IP and private network where the metallb can have ips from the private network. After you can just NAT and loadbalance with HAproxy.

[Willian Kévenis]

I have same problem.  IP it design but not acesssible outside 

 

[Elias Morais Pereira]

Willian,

Does your infrastructure have an edge router? Something like a pfsense? If yes, google for "metallb+bgp". This way you leave your public address accessible externally.

--
You received this message because you are subscribed to a topic in the Google Groups "metallb-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/metallb-users/3UTxMISr9AE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to metallb-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/metallb-users/ba7dacd9-1f29-472f-9337-2d1ee9e981fbn%40googlegroups.com.

[Willian Kévenis]

Yes, it has Mikrotik Router.

So much so that the public IP reaches the Rancher, if I raise the IP on the Rancher it is accessible to the world normally.

See my on-premise infra

[Anton Rukhlin]

Willian,

Were you able to resolve the problem?

I have a similar setup. A proxmox cluster running several k3s nodes. The ARP request is received by the Mikrotik router and the traffic is then sent to the correct node. But after a packet reaches the k3s node it is never forwarded to k3s cluster. Instead it is sent back to the router, because the VM is not aware of the public IP.

I assigned the public IP to the VM, and now it is pingable. But the packet is still not forwarded to k3s cluster. I think the problem is that iptables is missing entries to do that.

Anton