feat: bgp metallb (remove elected-node bottleneck)

90dy · 90dy · commit 33ae17bbc4fc · 2025-03-18T21:46:22.000+01:00
Signed-off-by: 90DY &lt;forward@90dy.ltd&gt;
diff --git a/README.md b/README.md
@@ -37,7 +37,7 @@ A High Availability, frugal Kubernetes cluster using [Kubespray](https://github.
 
 - **Kubernetes Core**: v1.31.4, containerd runtime, secret encryption at rest
 - **Networking**: Calico CNI, IPVS proxy mode with strict ARP, NodeLocal DNS cache
-- **High Availability**: MetalLB (Layer 2 mode), Kube-VIP (ARP mode), supplementary addresses in SSL keys
+- **High Availability**: MetalLB (BGP Layer 3 mode), Kube-VIP (ARP mode), supplementary addresses in SSL keys
 - **Enterprise Features**: Gateway API CRDs, secure communication
 
 ## Quick Start
@@ -104,4 +104,3 @@ Email: contact@ctnr.io
 ## License
 
 MIT License - see [LICENSE](LICENSE) file
-
diff --git a/group_vars/k8s_cluster/addons.yml.ts b/group_vars/k8s_cluster/addons.yml.ts
@@ -192,8 +192,8 @@ metallb_enabled: true
 metallb_speaker_enabled: "{{ metallb_enabled }}"
 metallb_namespace: "metallb-system"
 metallb_version: v0.13.9
-# If your VPS provider does not support BGP (like Contabo), you should use MetalLB in Layer 2 mode, which relies on ARP/NDP for IP assignment
-metallb_protocol: "layer2"
+# Using BGP Layer 3 mode to prevent node elected bottleneck and distribute traffic more efficiently
+metallb_protocol: "layer3"
 metallb_port: "7472"
 metallb_memberlist_port: "7946"
 metallb_config:
@@ -225,34 +225,30 @@ metallb_config:
     # external:
     #   ip_range: ${externalIpRanges}
     #   auto_assign: true
-  layer2:
-    # internal ip is for all services, external ip is for ingresses like nginx ingress controller
-    - internal 
-    # - external 
-  # layer3:
-  #   defaults:
-  #     peer_port: 179
-  #     hold_time: 120s
-  #   communities:
-  #     vpn-only: "1234:1"
-  #     NO_ADVERTISE: "65535:65282"
-  #   metallb_peers:
-  #       peer1:
-  #         peer_address: 10.6.0.1
-  #         peer_asn: 64512
-  #         my_asn: 4200000000
-  #         communities:
-  #           - vpn-only
-  #         address_pool:
-  #           - pool1
-  #       peer2:
-  #         peer_address: 10.10.0.1
-  #         peer_asn: 64513
-  #         my_asn: 4200000000
-  #         communities:
-  #           - NO_ADVERTISE
-  #         address_pool:
-  #           - pool2
+  # layer2:
+  #   # internal ip is for all services, external ip is for ingresses like nginx ingress controller
+  #   - internal 
+  #   # - external 
+  layer3:
+    defaults:
+      peer_port: 179
+      hold_time: 120s
+    communities:
+      internal-only: "65535:65281"
+      NO_ADVERTISE: "65535:65282"
+    metallb_peers:
+      # Configure BGP peers for each worker node to distribute traffic
+      ${workers
+        .map(
+          (worker) => yaml`
+              ${worker.name}:
+                peer_address: ${worker.privateIp}
+                peer_asn: 64512
+                my_asn: 4200000000
+                address_pool:
+                  - internal
+        `)
+        .join("\n")}
 
 argocd_enabled: false
 # argocd_version: v2.11.0
