Simple bare metal install using metallb but source IP is NATed

I have one master and one worker. When my application gets a request the source IP has been changed to the Node IP. My application needs to have the sourceIP. In my application yaml I’m using exteranlTrafficPolicy = Local.

I did a quick install using the docker method and Rancher comes up everytime and works fine.

I used the docker install method because this is an air-gapped lab. I figure if I can create a worker node and use kubectl to create my application things are great.

There must be something I’m missing. Any suggetsions?

Hello @brianb,

Can you give us more detail about your setup ?
Did you use an ingress or a nodeport after the metallb ?

Sure! No I did not use an ingress or noteport after metallb.
FYI - we have another lab where my application yaml works. This does not mean a lot but it does show my application works with k8s and metallb.
My understanding is that metallb “handles” the ingress so I should not need any more setup. By “handles” I mean what I think happens is that metallb configures the kube-cproxy and other k8s pieces to handle the ingress and note port functions.

Can you share some deployment/stateful/pods definitions ?
What’s the difference between your lab & prod ?

I let Rancher do everything. I added metallb using docker load, kubectl apply -f metallb.yaml, kubectl apply -f metallb-layer2.yaml.
Then I docker load my application tar.ball and kubectl apply -f application.yaml
There where a few steps I probably skipped but that’s the gist.
So I can’t share the pod definitions. I don’t know what stateful definitions are?
I can scrub my application.yaml and put that in if that will help.

Not to be rude but my thinking was that if I could find someone who has seen this it would be a simple solution. My concern is that very few have has such a simple setup and have run into this issue. So I’m just not finding answers on the internet. The other issue that I’m running into is the air-gap lab. A lot of tutorials assume you have access to the internet an grab things/ packages, files, etc. without telling “you”/“me” they are grabbing them so details I need to debug this are hard to come by.

I appreciate your willingness to help and I will keep trying your solutions. I’m in the middle of changing OSs and hand building a new cluster because that is how the “working” lab was done. I like Rancher but it’s hiding details I don’t understand. Like everyone else I don’t have time to learn every detail and given time I will get the details but right now I’m under the gun to deploy to the customer.

Thanks again.

1 Like

Dear @brianb,

I understand what is it to be under the gun of a customer.
I will help you as much as i can from my knowledge.
If you are such in a hurry the better approach might be to reach out directly Rancher about your issue and seeking for support.

I’m not from Rancher, i’m just another user of Rancher/Kubernetes so at least have a good week-end. :slight_smile:

@brianb you solve your issues? We have a non-gaped environment using MetalLB + NGINX-Ingress with traffic Local, but no matter what the client IP is NATed.
Any light?
Best