Closed zainal-abidin-assegaf closed 12 months ago
Thanks for the query. Currently this feature is already supported since this feature request . You need to use a similar yaml structure.
apiVersion: v1
kind: Service
metadata:
name: sctp-lb2
annotations:
loxilb.io/liveness: "yes"
loxilb.io/lbmode: "fullnat"
spec:
loadBalancerClass: loxilb.io/loxilb
externalTrafficPolicy: Local
selector:
what: sctp-test2
ports:
- port: 55004
protocol: SCTP
targetPort: 9999
type: LoadBalancer
externalIPs:
- 192.168.10.1
As you can see, there is no need to use annotation in case of loxilb. Just use standard field "externalIPs". The staticIP provided can be part of LB IPAM subnet or completely different.
not working,
apiVersion: v1
kind: Service
metadata:
annotations:
# If there is a need to do liveness check from loxilb
loxilb.io/liveness: "yes"
# Specify LB mode - one of default, onearm or fullnat
loxilb.io/lbmode: "fullnat"
# Specify loxilb IPAM mode - one of ipv4, ipv6 or ipv6to4
loxilb.io/ipam: "ipv4"
# Specify number of secondary networks for multi-homing
# Only valid for SCTP currently
# loxilb.io/num-secondary-networks: "2
labels:
app.kubernetes.io/name: production-rabbitmqcluster
name: production-rabbitmqcluster-lb1
namespace: default
spec:
externalTrafficPolicy: Local
ports:
- appProtocol: amqp
name: amqp
port: 5672
protocol: TCP
targetPort: 5672
- appProtocol: http
name: management
port: 15672
protocol: TCP
targetPort: 15672
- appProtocol: prometheus.io/metrics
name: prometheus
port: 15692
protocol: TCP
targetPort: 15692
selector:
app.kubernetes.io/name: production-rabbitmqcluster
sessionAffinity: None
type: LoadBalancer
loadBalancerClass: loxilb.io/loxilb
externalIPs:
- 172.22.4.25
But for this svc working,
core@dr-manager-01 ~ $ curl 172.22.4.0:15672
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>RabbitMQ Management</title>
<script src="js/ejs-1.0.min.js" type="text/javascript"></script>
<script src="js/jquery-3.5.1.min.js"></script>
<script src="js/jquery.flot-0.8.1.min.js" type="text/javascript"></script>
<script src="js/jquery.flot-0.8.1.time.min.js" type="text/javascript"></script>
<script src="js/sammy-0.7.6.min.js" type="text/javascript"></script>
<script src="js/json2-2016.10.28.js" type="text/javascript"></script>
<script src="js/base64.js" type="text/javascript"></script>
<script src="js/global.js" type="text/javascript"></script>
<script src="js/main.js" type="text/javascript"></script>
<script src="js/prefs.js" type="text/javascript"></script>
<script src="js/formatters.js" type="text/javascript"></script>
<script src="js/charts.js" type="text/javascript"></script>
<script src="js/oidc-oauth/helper.js"></script>
<script src="js/oidc-oauth/oidc-client-ts.js" type="text/javascript"></script>
<script src="js/oidc-oauth/bootstrap.js"></script>
<link href="css/main.css" rel="stylesheet" type="text/css"/>
<link href="favicon.ico" rel="shortcut icon" type="image/x-icon"/>
<script type="application/javascript">
var oauth = oauth_initialize_if_required();
if (oauth.enabled) {
if (!oauth.sp_initiated) {
oauth.logged_in = has_auth_credentials();
oauth.access_token = get_auth_credentials(); // DEPRECATED
} else {
oauth_is_logged_in().then( status => {
if (status.loggedIn && !has_auth_credentials()) {
oauth.logged_in = false;
oauth_initiateLogout();
} else {
if (!status.loggedIn) {
replace_content('outer', format('login_oauth', {}));
clear_auth();
} else {
oauth.logged_in = true;
oauth.access_token = status.user.access_token; // DEPRECATED
oauth.expiryDate = new Date(status.user.expires_at * 1000); // it is epoch in seconds
let current = new Date();
_management_logger.debug('token expires in ', (oauth.expiryDate-current)/1000,
'secs at : ', oauth.expiryDate );
oauth.user_name = status.user.profile['user_name'];
if (!oauth.user_name || oauth.user_name == '') {
oauth.user_name = status.user.profile['sub'];
}
oauth.scopes = status.user.scope;
}
}
});
}
}
</script>
<!--[if lte IE 8]>
<script src="js/excanvas.min.js" type="text/javascript"></script>
<link href="css/evil.css" rel="stylesheet" type="text/css"/>
<![endif]-->
</head>
<body>
<div id="outer"></div>
<div id="debug"></div>
<div id="scratch"></div>
</body>
</html>
apiVersion: v1
kind: Service
metadata:
annotations:
# If there is a need to do liveness check from loxilb
loxilb.io/liveness: "yes"
# Specify LB mode - one of default, onearm or fullnat
loxilb.io/lbmode: "fullnat"
# Specify loxilb IPAM mode - one of ipv4, ipv6 or ipv6to4
loxilb.io/ipam: "ipv4"
# Specify number of secondary networks for multi-homing
# Only valid for SCTP currently
# loxilb.io/num-secondary-networks: "2
labels:
app.kubernetes.io/name: production-rabbitmqcluster
name: production-rabbitmqcluster-lb1
namespace: default
spec:
externalTrafficPolicy: Local
ports:
- appProtocol: amqp
name: amqp
port: 5672
protocol: TCP
targetPort: 5672
- appProtocol: http
name: management
port: 15672
protocol: TCP
targetPort: 15672
- appProtocol: prometheus.io/metrics
name: prometheus
port: 15692
protocol: TCP
targetPort: 15692
selector:
app.kubernetes.io/name: production-rabbitmqcluster
sessionAffinity: None
type: LoadBalancer
loadBalancerClass: loxilb.io/loxilb
Due to a known issue of kube-proxy(ipvs), static IP does not work with loxilb.io/lbmode: "fullnat" mode.
But it should work fine for loxilb.io/lbmode: "onearm". As per your topology explained in other issue, one arm should work fine.
This issue is fixed for non static IP but for static IP, it is better to use one-arm mode.
Yes onearm is working properly,
Thank you.
Dear loxilb team,
We would like to request static ip LoadBalancer from ippool , due to some application which exposed via LoadBalancer is being used by third party direct ip connection and not used domain, so if ip LoadBalancer changed it will take a long time to sync with third party caused by administration process that will take place just to change the ip LoadBalancer,
If it's possible we want some configuration used by cilium:
With this annotation cilium can directly assign static ip 172.24.25.211 from the ippool,
loxilb team are awesome and mind blowing,
Thank you