helm repo add metallb https://metallb.github.io/metallb
helm repo update
helm pull metallb/metallb
tar -zxf metallb-0.15.2.tgz
cd MetalLB/
helm install metallb -n kube-system -f values.yaml .
# 查看是否安装
[root@master-11 traefik]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
cilium-4pgzq 1/1 Running 9 (7h51m ago) 11d
cilium-envoy-g7drx 1/1 Running 12 (7h51m ago) 15d
cilium-envoy-kwxvm 1/1 Running 13 (7h51m ago) 15d
cilium-envoy-n84wb 1/1 Running 12 (7h51m ago) 15d
cilium-operator-7d5f888c58-nqqlv 1/1 Running 0 7h45m
cilium-rzg4b 1/1 Running 10 (7h51m ago) 13d
cilium-sgqb7 1/1 Running 10 (7h51m ago) 13d
coredns-66f779496c-fg77q 1/1 Running 0 109m
coredns-66f779496c-h7z6n 1/1 Running 0 110m
docker-registry-7469f85567-c4fhp 1/1 Running 11 (7h51m ago) 14d
etcd-master-11 1/1 Running 14 (7h51m ago) 18d
kube-apiserver-master-11 1/1 Running 14 (7h51m ago) 18d
kube-controller-manager-master-11 1/1 Running 15 (7h51m ago) 18d
kube-proxy-244zx 1/1 Running 13 (7h51m ago) 18d
kube-proxy-cxzdv 1/1 Running 12 (7h51m ago) 15d
kube-proxy-kkbcn 1/1 Running 12 (7h51m ago) 18d
kube-scheduler-master-11 1/1 Running 14 (7h51m ago) 18d
metallb-controller-568f4dc5c-6ztck 1/1 Running 0 30m
metallb-speaker-64zqq 4/4 Running 0 30m
metallb-speaker-hkkr5 4/4 Running 0 30m
metallb-speaker-mgmvb 4/4 Running 0 30m
traefik-84949c7589-srw98 1/1 Running 0 119m
# metallb.yaml
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: traefik-pool
namespace: kube-system
spec:
addresses:
- 10.0.0.200-10.0.0.200 # 只给出单个固定IP
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: traefik-advertise
namespace: kube-system
spec:
ipAddressPools:
- traefik-pool
3、traefik使用LoadBalancer
修改values.yaml文件
....
service:
enabled: true
...
type: LoadBalancer
...
spec:
loadBalancerIP: 10.0.0.200
# 更新helm
helm upgrade traefik -n kube-system -f values.yaml .
# 修改解析
[root@master-11 traefik]# cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 ubt-server
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
10.0.0.11 master-11
10.0.0.12 node-12
10.0.0.13 node-13
10.0.0.200 registry.xwk.local
[root@master-11 traefik]# kubectl get cm -n kube-system coredns -oyaml
apiVersion: v1
data:
Corefile: |
.:53 {
errors
health {
lameduck 5s
}
ready
hosts {
10.0.0.200 registry.xwk.local.
fallthrough
}
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
}
prometheus :9153
forward . /etc/resolv.conf {
max_concurrent 1000
}
cache 30
loop
reload
loadbalance
}
kind: ConfigMap
metadata:
creationTimestamp: "2025-08-12T15:34:59Z"
name: coredns
namespace: kube-system
resourceVersion: "421157"
uid: bdc9ecf0-1a0d-4c93-ac99-dbf6b2d276cf
4、尝试登录registry镜像仓库
# ingressroute.yaml
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: registry-ingress
namespace: kube-system
annotations:
traefik.ingress.kubernetes.io/proxy-body-size: "100G" # 允许大镜像推送
traefik.ingress.kubernetes.io/backend-protocol: "HTTP" # Registry 服务是 HTTP
spec:
entryPoints:
- web
- websecure
tls:
secretName: registry-tls-secret # 步骤中创建的 TLS Secret
routes:
- kind: Rule
match: Host(`registry.xwk.local`)
services:
- name: docker-registry
port: 5000
[root@master-11 registry]# nerdctl login registry.xwk.local -uadmin
Enter Password:
WARNING: Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
此时可以登录成功了,不需要使用nerdctl login registry.xwk.local+nodeport的端口了
浙公网安备 33010602011771号