[Request]: Static IP LoadBalancer

[zainal-abidin-assegaf]

Dear loxilb team,

We would like to request static ip LoadBalancer from ippool , due to some application which exposed via LoadBalancer is being used by third party direct ip connection and not used domain, so if ip LoadBalancer changed it will take a long time to sync with third party caused by administration process that will take place just to change the ip LoadBalancer,

If it's possible we want some configuration used by cilium:

annotations:
    "io.cilium/lb-ipam-ips": "172.24.25.211"

With this annotation cilium can directly assign static ip 172.24.25.211 from the ippool,

loxilb team are awesome and mind blowing,

Thank you

[UltraInstinct14]

Thanks for the query. Currently this feature is already supported since this feature request . You need to use a similar yaml structure.

apiVersion: v1
kind: Service
metadata:
  name: sctp-lb2
  annotations:
   loxilb.io/liveness: "yes"
   loxilb.io/lbmode: "fullnat"
spec:
  loadBalancerClass: loxilb.io/loxilb
  externalTrafficPolicy: Local
  selector:
    what: sctp-test2
  ports:
    - port: 55004
      protocol: SCTP
      targetPort: 9999
  type: LoadBalancer
  externalIPs:
    - 192.168.10.1

As you can see, there is no need to use annotation in case of loxilb. Just use standard field "externalIPs". The staticIP provided can be part of LB IPAM subnet or completely different.

[zainal-abidin-assegaf]

not working,

apiVersion: v1
kind: Service
metadata:
  annotations:
   # If there is a need to do liveness check from loxilb
   loxilb.io/liveness: "yes"
   # Specify LB mode - one of default, onearm or fullnat 
   loxilb.io/lbmode: "fullnat"
   # Specify loxilb IPAM mode - one of ipv4, ipv6 or ipv6to4 
   loxilb.io/ipam: "ipv4"
   # Specify number of secondary networks for multi-homing
   # Only valid for SCTP currently
   # loxilb.io/num-secondary-networks: "2
  labels:
    app.kubernetes.io/name: production-rabbitmqcluster
  name: production-rabbitmqcluster-lb1
  namespace: default
spec:
  externalTrafficPolicy: Local
  ports:
  - appProtocol: amqp
    name: amqp
    port: 5672
    protocol: TCP
    targetPort: 5672
  - appProtocol: http
    name: management
    port: 15672
    protocol: TCP
    targetPort: 15672
  - appProtocol: prometheus.io/metrics
    name: prometheus
    port: 15692
    protocol: TCP
    targetPort: 15692
  selector:
    app.kubernetes.io/name: production-rabbitmqcluster
  sessionAffinity: None
  type: LoadBalancer
  loadBalancerClass: loxilb.io/loxilb
  externalIPs:
    - 172.22.4.25

But for this svc working,

core@dr-manager-01 ~ $ curl 172.22.4.0:15672
<!DOCTYPE html>
<html>
  <head>
    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>RabbitMQ Management</title>
    <script src="js/ejs-1.0.min.js" type="text/javascript"></script>
    <script src="js/jquery-3.5.1.min.js"></script>
    <script src="js/jquery.flot-0.8.1.min.js" type="text/javascript"></script>
    <script src="js/jquery.flot-0.8.1.time.min.js" type="text/javascript"></script>
    <script src="js/sammy-0.7.6.min.js" type="text/javascript"></script>
    <script src="js/json2-2016.10.28.js" type="text/javascript"></script>
    <script src="js/base64.js" type="text/javascript"></script>
    <script src="js/global.js" type="text/javascript"></script>
    <script src="js/main.js" type="text/javascript"></script>
    <script src="js/prefs.js" type="text/javascript"></script>
    <script src="js/formatters.js" type="text/javascript"></script>
    <script src="js/charts.js" type="text/javascript"></script>
    <script src="js/oidc-oauth/helper.js"></script>
    <script src="js/oidc-oauth/oidc-client-ts.js" type="text/javascript"></script>
    <script src="js/oidc-oauth/bootstrap.js"></script>

    <link href="css/main.css" rel="stylesheet" type="text/css"/>
    <link href="favicon.ico" rel="shortcut icon" type="image/x-icon"/>

    <script type="application/javascript">
      var oauth = oauth_initialize_if_required();

      if (oauth.enabled) {
        if (!oauth.sp_initiated) {
            oauth.logged_in = has_auth_credentials();
            oauth.access_token = get_auth_credentials(); // DEPRECATED
        } else {
          oauth_is_logged_in().then( status => {
            if (status.loggedIn && !has_auth_credentials()) {
              oauth.logged_in = false;
              oauth_initiateLogout();
            } else {
              if (!status.loggedIn) {
                replace_content('outer', format('login_oauth', {}));
                clear_auth();
              } else {
                oauth.logged_in = true;
                oauth.access_token = status.user.access_token;  // DEPRECATED
                oauth.expiryDate = new Date(status.user.expires_at * 1000);  // it is epoch in seconds
                let current = new Date();
                _management_logger.debug('token expires in ', (oauth.expiryDate-current)/1000,
                  'secs at : ', oauth.expiryDate );
                oauth.user_name = status.user.profile['user_name'];
                if (!oauth.user_name || oauth.user_name == '') {
                  oauth.user_name = status.user.profile['sub'];
                }
                oauth.scopes = status.user.scope;
              }
            }
          });
        }
      }

    </script>

<!--[if lte IE 8]>
    <script src="js/excanvas.min.js" type="text/javascript"></script>
    <link href="css/evil.css" rel="stylesheet" type="text/css"/>
<![endif]-->
  </head>

  <body>
    <div id="outer"></div>
    <div id="debug"></div>
    <div id="scratch"></div>
  </body>
</html>

apiVersion: v1
kind: Service
metadata:
  annotations:
   # If there is a need to do liveness check from loxilb
   loxilb.io/liveness: "yes"
   # Specify LB mode - one of default, onearm or fullnat 
   loxilb.io/lbmode: "fullnat"
   # Specify loxilb IPAM mode - one of ipv4, ipv6 or ipv6to4 
   loxilb.io/ipam: "ipv4"
   # Specify number of secondary networks for multi-homing
   # Only valid for SCTP currently
   # loxilb.io/num-secondary-networks: "2
  labels:
    app.kubernetes.io/name: production-rabbitmqcluster
  name: production-rabbitmqcluster-lb1
  namespace: default
spec:
  externalTrafficPolicy: Local
  ports:
  - appProtocol: amqp
    name: amqp
    port: 5672
    protocol: TCP
    targetPort: 5672
  - appProtocol: http
    name: management
    port: 15672
    protocol: TCP
    targetPort: 15672
  - appProtocol: prometheus.io/metrics
    name: prometheus
    port: 15692
    protocol: TCP
    targetPort: 15692
  selector:
    app.kubernetes.io/name: production-rabbitmqcluster
  sessionAffinity: None
  type: LoadBalancer
  loadBalancerClass: loxilb.io/loxilb

[UltraInstinct14]

Due to a known issue of kube-proxy(ipvs), static IP does not work with loxilb.io/lbmode: "fullnat" mode.

But it should work fine for loxilb.io/lbmode: "onearm". As per your topology explained in other issue, one arm should work fine.

This issue is fixed for non static IP but for static IP, it is better to use one-arm mode.

[zainal-abidin-assegaf]

Yes onearm is working properly,

Thank you.