问题描述 #

我搭建了一个单节点K8s集群，现在遇到了一个问题：MetalLB分配的IP地址无法被同子网内的其他主机访问，只有集群节点本地能正常连接。

集群环境信息 #

• CRI: Containerd 1.6
• CNI: Flannel
• 控制平面污点已禁用
• Pod CIDR: 10.244.0.0/16
• Cluster CIDR: 10.105.107.0/24
• Kube-proxy模式: IPVS，strictArp设置为"true"

MetalLB配置清单 #

IPAddressPool配置 #

apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: first-pool
namespace: metallb-system
spec:
addresses:
- 10.105.107.224/27

L2Advertisement配置 #

apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: first-advertisement
namespace: metallb-system
spec:
ipAddressPools:
- first-pool

具体现象 #

• 创建Service（比如ingress-nginx）时，MetalLB能正常分配IP，节点本地通过curl 10.105.107.224可以正常访问服务
• 执行kubectl describe svc查看时，仅能看到IP Assigned事件，完全没有IP宣告（announced）相关的事件记录
• 同子网内的其他主机无法访问该MetalLB分配的IP，甚至arping也无法获取到对应IP的MAC地址
• MetalLB Controller日志为空，Speaker日志仅输出正常的reconcile操作信息，没有任何警告或错误日志

MetalLB Speaker日志 #

{"caller":"config_controller.go:150","controller":"ConfigReconciler","end reconcile":"/default","level":"info","ts":"2024-03-17T18:40:17Z"}
{"caller":"config_controller.go:58","controller":"ConfigReconciler","level":"info","start reconcile":"/ingress-nginx","ts":"2024-03-17T18:40:17Z"}
{"caller":"config_controller.go:150","controller":"ConfigReconciler","end reconcile":"/ingress-nginx","level":"info","ts":"2024-03-17T18:40:17Z"}
{"caller":"config_controller.go:58","controller":"ConfigReconciler","level":"info","start reconcile":"/kube-flannel","ts":"2024-03-17T18:40:17Z"}
{"caller":"config_controller.go:150","controller":"ConfigReconciler","end reconcile":"/kube-flannel","level":"info","ts":"2024-03-17T18:40:17Z"}
{"caller":"config_controller.go:58","controller":"ConfigReconciler","level":"info","start reconcile":"/kube-node-lease","ts":"2024-03-17T18:40:17Z"}
{"caller":"config_controller.go:150","controller":"ConfigReconciler","end reconcile":"/kube-node-lease","level":"info","ts":"2024-03-17T18:40:17Z"}
{"caller":"config_controller.go:58","controller":"ConfigReconciler","level":"info","start reconcile":"/kube-public","ts":"2024-03-17T18:40:17Z"}
{"caller":"config_controller.go:150","controller":"ConfigReconciler","end reconcile":"/kube-public","level":"info","ts":"2024-03-17T18:40:17Z"}
{"caller":"service_controller.go:64","controller":"ServiceReconciler","level":"info","start reconcile":"metallb-system/webhook-service","ts":"2024-03-17T18:40:26Z"}
{"caller":"service_controller.go:115","controller":"ServiceReconciler","end reconcile":"metallb-system/webhook-service","level":"info","ts":"2024-03-17T18:40:26Z"}
{"caller":"config_controller.go:58","controller":"ConfigReconciler","level":"info","start reconcile":"metallb-system/first-pool","ts":"2024-03-17T18:40:33Z"}
{"caller":"config_controller.go:167","controller":"ConfigReconciler","event":"force service reload","level":"info","ts":"2024-03-17T18:40:33Z"}
{"caller":"config_controller.go:178","controller":"ConfigReconciler","event":"config reloaded","level":"info","ts":"2024-03-17T18:40:33Z"}
{"caller":"config_controller.go:179","controller":"ConfigReconciler","end reconcile":"metallb-system/first-pool","level":"info","ts":"2024-03-17T18:40:33Z"}
{"caller":"service_controller_reload.go:63","controller":"ServiceReconciler - reprocessAll","level":"info","start reconcile":"metallbreload/reload","ts":"2024-03-17T18:40:33Z"}
{"caller":"service_controller_reload.go:119","controller":"ServiceReconciler - reprocessAll","end reconcile":"metallbreload/reload","level":"info","ts":"2024-03-17T18:40:33Z"}
{"caller":"service_controller.go:64","controller":"ServiceReconciler","level":"info","start reconcile":"ingress-nginx/ingress-nginx-controller","ts":"2024-03-17T18:40:33Z"}
{"caller":"service_controller.go:115","controller":"ServiceReconciler","end reconcile":"ingress-nginx/ingress-nginx-controller","level":"info","ts":"2024-03-17T18:40:33Z"}
{"caller":"config_controller.go:58","controller":"ConfigReconciler","level":"info","start reconcile":"metallb-system/first-advertisement","ts":"2024-03-17T18:40:33Z"}
{"caller":"config_controller.go:167","controller":"ConfigReconciler","event":"force service reload","level":"info","ts":"2024-03-17T18:40:33Z"}
{"caller":"config_controller.go:178","controller":"ConfigReconciler","event":"config reloaded","level":"info","ts":"2024-03-17T18:40:33Z"}
{"caller":"config_controller.go:179","controller":"ConfigReconciler","end reconcile":"metallb-system/first-advertisement","level":"info","ts":"2024-03-17T18:40:33Z"}
{"caller":"service_controller_reload.go:63","controller":"ServiceReconciler - reprocessAll","level":"info","start reconcile":"metallbreload/reload","ts":"2024-03-17T18:40:33Z"}
{"caller":"service_controller_reload.go:119","controller":"ServiceReconciler - reprocessAll","end reconcile":"metallbreload/reload","level":"info","ts":"2024-03-17T18:40:33Z"}
{"caller":"node_controller.go:46","controller":"NodeReconciler","level":"info","start reconcile":"/k8s-1","ts":"2024-03-17T18:44:32Z"}
{"caller":"speakerlist.go:274","level":"info","msg":"triggering discovery","op":"memberDiscovery","ts":"2024-03-17T18:44:32Z"}
{"caller":"node_controller.go:69","controller":"NodeReconciler","end reconcile":"/k8s-1","level":"info","ts":"2024-03-17T18:44:32Z"}
{"caller":"node_controller.go:46","controller":"NodeReconciler","level":"info","start reconcile":"/k8s-1","ts":"2024-03-17T18:49:39Z"}
{"caller":"speakerlist.go:274","level":"info","msg":"triggering discovery","op":"memberDiscovery","ts":"2024-03-17T18:49:39Z"}
{"caller":"node_controller.go:69","controller":"NodeReconciler","end reconcile":"/k8s-1","level":"info","ts":"2024-03-17T18:49:39Z"}
{"caller":"node_controller.go:46","controller":"NodeReconciler","level":"info","start reconcile":"/k8s-1","ts":"2024-03-17T18:54:45Z"}
{"caller":"speakerlist.go:274","level":"info","msg":"triggering discovery","op":"memberDiscovery","ts":"2024-03-17T18:54:45Z"}
{"caller":"node_controller.go:69","controller":"NodeReconciler","end reconcile":"/k8s-1","level":"info","ts":"2024-03-17T18:54:45Z"}

备注：内容来源于stack exchange，提问作者SeanCooper