I'm trying to configure networking for load balancers like MetalLB or KubeVIP on a bare metal setup. My first go involved using a single NIC with two routing rules, but it turned out to be quite complicated and not really best practice. Then I tried setting up two separate NICs—one for private networking covering the 172.16.0.0/12 range and another public one with default routing. The challenge I'm facing is that I need to initialize the public NIC with all the routes and broadcast settings without assigning an IP upfront. The idea is that the LB will assign this IP later (I haven't tackled MetalLB yet, just started with KubeVIP). Most of the examples I see have LB configured on a single NIC with host networking using DHCP, which isn't applicable to my situation. Any advice or recommendations would be greatly appreciated!
2 Answers
Avoid having multiple VLANs on your NICs without tagging. I've been dealing with some frustrating rp_filter issues when trying to manage pod to host traffic. It's a mess!
You definitely need a CNI in your setup. The way you expose services with MetalLB really depends on your needs; you could look into layer2 or layer3 setups. Generally, you want a solid LB in front of your HA control plane and consider a service type: LoadBalancer for workloads needing external access. Hope this clears things up a bit!
Reverse DNS load balancing is great for control-plane setups—no single point of failure and easy to manage!
I'm also leaning towards untagged host networking with a VLAN for public access, but I haven’t quite nailed it yet either.