helm repo add metallb https://metallb.github.io/metallb
helm repo update
helm pull metallb/metallb
tar -zxf metallb-0.15.2.tgz
cd MetalLB/
helm install metallb -n kube-system -f values.yaml .# 查看是否安装
[root@master-11 traefik]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
cilium-4pgzq 1/1 Running 9 (7h51m ago) 11d
cilium-envoy-g7drx 1/1 Running 12 (7h51m ago) 15d
cilium-envoy-kwxvm 1/1 Running 13 (7h51m ago) 15d
cilium-envoy-n84wb 1/1 Running 12 (7h51m ago) 15d
cilium-operator-7d5f888c58-nqqlv 1/1 Running 0 7h45m
cilium-rzg4b 1/1 Running 10 (7h51m ago) 13d
cilium-sgqb7 1/1 Running 10 (7h51m ago) 13d
coredns-66f779496c-fg77q 1/1 Running 0 109m
coredns-66f779496c-h7z6n 1/1 Running 0 110m
docker-registry-7469f85567-c4fhp 1/1 Running 11 (7h51m ago) 14d
etcd-master-11 1/1 Running 14 (7h51m ago) 18d
kube-apiserver-master-11 1/1 Running 14 (7h51m ago) 18d
kube-controller-manager-master-11 1/1 Running 15 (7h51m ago) 18d
kube-proxy-244zx 1/1 Running 13 (7h51m ago) 18d
kube-proxy-cxzdv 1/1 Running 12 (7h51m ago) 15d
kube-proxy-kkbcn 1/1 Running 12 (7h51m ago) 18d
kube-scheduler-master-11 1/1 Running 14 (7h51m ago) 18d
metallb-controller-568f4dc5c-6ztck 1/1 Running 0 30m
metallb-speaker-64zqq 4/4 Running 0 30m
metallb-speaker-hkkr5 4/4 Running 0 30m
metallb-speaker-mgmvb 4/4 Running 0 30m
traefik-84949c7589-srw98 1/1 Running 0 119m
# metallb.yaml
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:name: traefik-poolnamespace: kube-system
spec:addresses:- 10.0.0.200-10.0.0.200 # 只给出单个固定IP
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:name: traefik-advertisenamespace: kube-system
spec:ipAddressPools:- traefik-pool
3、traefik使用LoadBalancer
修改values.yaml文件
....service:enabled: true...type: LoadBalancer...spec:loadBalancerIP: 10.0.0.200# 更新helm
helm upgrade traefik -n kube-system -f values.yaml .# 修改解析
[root@master-11 traefik]# cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 ubt-server# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
10.0.0.11 master-11
10.0.0.12 node-12
10.0.0.13 node-13
10.0.0.200 registry.xwk.local
[root@master-11 traefik]# kubectl get cm -n kube-system coredns -oyaml
apiVersion: v1
data:Corefile: |.:53 {errorshealth {lameduck 5s}readyhosts {10.0.0.200 registry.xwk.local.fallthrough}kubernetes cluster.local in-addr.arpa ip6.arpa {pods insecurefallthrough in-addr.arpa ip6.arpattl 30}prometheus :9153forward . /etc/resolv.conf {max_concurrent 1000}cache 30loopreloadloadbalance}
kind: ConfigMap
metadata:creationTimestamp: "2025-08-12T15:34:59Z"name: corednsnamespace: kube-systemresourceVersion: "421157"uid: bdc9ecf0-1a0d-4c93-ac99-dbf6b2d276cf
4、尝试登录registry镜像仓库
# ingressroute.yaml
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:name: registry-ingressnamespace: kube-systemannotations:traefik.ingress.kubernetes.io/proxy-body-size: "100G" # 允许大镜像推送traefik.ingress.kubernetes.io/backend-protocol: "HTTP" # Registry 服务是 HTTP
spec:entryPoints:- web- websecuretls:secretName: registry-tls-secret # 步骤中创建的 TLS Secretroutes:- kind: Rulematch: Host(`registry.xwk.local`)services:- name: docker-registryport: 5000[root@master-11 registry]# nerdctl login registry.xwk.local -uadmin
Enter Password:
WARNING: Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded此时可以登录成功了,不需要使用nerdctl login registry.xwk.local+nodeport的端口了
