L2 Announcements in Cilium: Access to Load Balancer in Bare-Metal Kubernetes

Providing external access to Load Balancer-type services in Kubernetes clusters running on bare-metal remains a pressing challenge for engineering teams. Standard mechanisms such as NodePort and hostNetwork are often inconvenient and limited in their functionality, while introducing third-party solutions like MetalLB or kube-vip increases operational overhead and complicates the architecture. In this talk, I will provide a detailed overview of Cilium’s built-in L2 announcement feature, which enables a native Load Balancer solution at the CNI plugin level without the need for external components.

We’ll dive into the solution’s architecture, the operating principles of L2 announcements, and the technical nuances of configuring them via Kubernetes CRD objects. Special attention will be paid to how Cilium leverages eBPF to efficiently intercept and handle ARP requests, ensuring proper traffic routing to the desired services. I’ll demonstrate a practical integration workflow, monitoring and diagnostic techniques, and key aspects of operating this feature in the real world.

In conclusion, we’ll compare this approach to alternatives in terms of reliability, performance, and ease of deployment, and discuss limitations and practical implementation tips. This session will be valuable for DevOps engineers, architects, and anyone interested in modern, native networking solutions for Kubernetes on bare-metal. Join us to learn how to make your Kubernetes services accessible from outside the cluster simply and elegantly!