一、执行以下命令,在我的私有仓库里拉取两个metallb的镜像文件,然后拷贝到本地k8s集群中
#集群任一一台客户端执行
docker pull 192.168.6.11/metallb/controller
docker pull 192.168.6.11/metallb/speaker
#集群任每台客户端执行
docker save -o controller.tar 192.168.6.11/metallb/controller
docker save -o speaker.tar 192.168.6.11/metallb/speaker
#集群任每台客户端执行
docker load -i 192.168.6.11/metallb/controller
docker load -i 192.168.6.11/metallb/speaker
docker image list
确保集群每台客户端都包含metallb的controller和speaker镜像文件
二、在master上创建一个 metallb.yaml 文件,写入以下内容
apiVersion: v1
kind: Namespace
metadata:
labels:
app: metallb
name: metallb-system
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
labels:
app: metallb
name: speaker
namespace: metallb-system
spec:
allowPrivilegeEscalation: false
allowedCapabilities:
- NET_ADMIN
- NET_RAW
- SYS_ADMIN
fsGroup:
rule: RunAsAny
hostNetwork: true
hostPorts:
- max: 7472
min: 7472
privileged: true
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- '*'
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: metallb
name: controller
namespace: metallb-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: metallb
name: speaker
namespace: metallb-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: metallb