Install KubeLB Manager and setup Management Cluster

Requirements

  • Service type LoadBalancer implementation. This can be a cloud solution or a self-managed implementation like MetalLB.
  • Network access to the tenant cluster nodes with node port range (default: 30000-32767). This is required for the envoy proxy to be able to connect to the tenant cluster nodes.

Installation for KubeLB manager

Prerequisites

  • Create a namespace kubelb for the CCM to be deployed in.
  • Create imagePullSecrets for the chart to pull the image from the registry in kubelb namespace.

At this point a minimal values.yaml should look like this:

imagePullSecrets:
  - name: <imagePullSecretName>

Install the helm chart

helm pull oci://quay.io/kubermatic/helm-charts/kubelb-manager-ee --version=v1.0.0 --untardir "kubelb-manager" --untar
## Create and update values.yaml with the required values.
helm install kubelb-manager kubelb-manager/kubelb-manager-ee --namespace kubelb -f values.yaml

KubeLB Manager EE Values

Key Type Default Description
affinity object {}
autoscaling.enabled bool false
autoscaling.maxReplicas int 10
autoscaling.minReplicas int 1
autoscaling.targetCPUUtilizationPercentage int 80
autoscaling.targetMemoryUtilizationPercentage int 80
fullnameOverride string ""
image.pullPolicy string "IfNotPresent"
image.repository string "quay.io/kubermatic/kubelb-manager-ee"
image.tag string "v1.0.0"
imagePullSecrets list []
kubelb.debug bool false
kubelb.enableLeaderElection bool true
kubelb.envoyProxy.affinity object {}
kubelb.envoyProxy.nodeSelector object {}
kubelb.envoyProxy.replicas int 3 The number of replicas for the Envoy Proxy deployment.
kubelb.envoyProxy.resources object {}
kubelb.envoyProxy.singlePodPerNode bool true Deploy single pod per node.
kubelb.envoyProxy.tolerations list []
kubelb.envoyProxy.topology string "shared" Topology defines the deployment topology for Envoy Proxy. Valid values are: shared, dedicated, and global.
kubelb.envoyProxy.useDaemonset bool false Use DaemonSet for Envoy Proxy deployment instead of Deployment.
kubelb.propagateAllAnnotations bool false Propagate all annotations from the LB resource to the LB service.
kubelb.propagatedAnnotations object {} Allowed annotations that will be propagated from the LB resource to the LB service.
kubelb.skipConfigGeneration bool false Set to true to skip the generation of the Config CR. Useful when the config CR needs to be managed manually.
nameOverride string ""
nodeSelector object {}
podAnnotations object {}
podLabels object {}
podSecurityContext.runAsNonRoot bool true
podSecurityContext.seccompProfile.type string "RuntimeDefault"
rbac.allowLeaderElectionRole bool true
rbac.allowMetricsReaderRole bool true
rbac.allowProxyRole bool true
rbac.enabled bool true
replicaCount int 1
resources.limits.cpu string "100m"
resources.limits.memory string "128Mi"
resources.requests.cpu string "100m"
resources.requests.memory string "128Mi"
securityContext.allowPrivilegeEscalation bool false
securityContext.capabilities.drop[0] string "ALL"
securityContext.runAsUser int 65532
service.port int 8001
service.protocol string "TCP"
service.type string "ClusterIP"
serviceAccount.annotations object {}
serviceAccount.create bool true
serviceAccount.name string ""
serviceMonitor.enabled bool false
tolerations list []

Install the helm chart

helm pull oci://quay.io/kubermatic/helm-charts/kubelb-manager --version=v1.0.0 --untardir "kubelb-manager" --untar
## Create and update values.yaml with the required values.
helm install kubelb-manager kubelb-manager/kubelb-manager --namespace kubelb -f values.yaml --create-namespace

KubeLB Manager CE Values

Key Type Default Description
affinity object {}
autoscaling.enabled bool false
autoscaling.maxReplicas int 10
autoscaling.minReplicas int 1
autoscaling.targetCPUUtilizationPercentage int 80
autoscaling.targetMemoryUtilizationPercentage int 80
fullnameOverride string ""
image.pullPolicy string "IfNotPresent"
image.repository string "quay.io/kubermatic/kubelb-manager"
image.tag string "v1.0.0"
imagePullSecrets list []
kubelb.debug bool false
kubelb.enableLeaderElection bool true
kubelb.envoyProxy.affinity object {}
kubelb.envoyProxy.nodeSelector object {}
kubelb.envoyProxy.replicas int 3 The number of replicas for the Envoy Proxy deployment.
kubelb.envoyProxy.resources object {}
kubelb.envoyProxy.singlePodPerNode bool true Deploy single pod per node.
kubelb.envoyProxy.tolerations list []
kubelb.envoyProxy.topology string "shared" Topology defines the deployment topology for Envoy Proxy. Valid values are: shared, dedicated, and global.
kubelb.envoyProxy.useDaemonset bool false Use DaemonSet for Envoy Proxy deployment instead of Deployment.
kubelb.propagateAllAnnotations bool false Propagate all annotations from the LB resource to the LB service.
kubelb.propagatedAnnotations object {} Allowed annotations that will be propagated from the LB resource to the LB service.
kubelb.skipConfigGeneration bool false Set to true to skip the generation of the Config CR. Useful when the config CR needs to be managed manually.
nameOverride string ""
nodeSelector object {}
podAnnotations object {}
podLabels object {}
podSecurityContext.runAsNonRoot bool true
podSecurityContext.seccompProfile.type string "RuntimeDefault"
rbac.allowLeaderElectionRole bool true
rbac.allowMetricsReaderRole bool true
rbac.allowProxyRole bool true
rbac.enabled bool true
replicaCount int 1
resources.limits.cpu string "100m"
resources.limits.memory string "128Mi"
resources.requests.cpu string "100m"
resources.requests.memory string "128Mi"
securityContext.allowPrivilegeEscalation bool false
securityContext.capabilities.drop[0] string "ALL"
securityContext.runAsUser int 65532
service.port int 8001
service.protocol string "TCP"
service.type string "ClusterIP"
serviceAccount.annotations object {}
serviceAccount.create bool true
serviceAccount.name string ""
serviceMonitor.enabled bool false
tolerations list []