Background
MetalLB has support for a BGP based routing protocol that is more flexible and scalable than its layer 2 IP Failover protocol. It also does not require port security to be disabled on OpenStack. However, the implementation of BGP in MetaLB is homegrown, and not fully proven. There is work upstream to allow MetalLB to use FRR which is a proven linux standard library for routing protocols. Once those pieces are in place, it should be safe to support in OpenShift.

Goals

• Support the Metallb Operator in BGP mode for OpenShift on OpenStack for IPI and UPI

Points of Contact

• Russel Bryant: tech lead
• #forum-bgp

Non-Goals
Replacing the built-in API load balancer solution that uses keepalived/haproxy and is included with on-prem IPI installs for bare metal, vsphere, openstack

User Stories
As an administrator, I want to use a service type LB in OpenShift installed on an OpenStack cloud without Octavia.

As an administrator, I want to use MetalLB, but I don't want to disable port security on my nodes.

As an administrator, I want to deploy an IPI cluster using MetalLB.

Definition of Done

1. MetalLB is in a condition upstream that we are comfortable supporting in OpenShift
2. the MetalLB operator can be installed on OpenShift on OpenStack in BGP mode
3. apps in OpenShift can use service type lb or ingress controllers with publish strategy lb in OpenShift on OpenStack to expose their apps using MetalLB with BGP with a comparable user experience to other platforms
4. CCM is not trying to manage the same load-balancers when Metal LB is in use
5. Installation Docs IPI & UPI - similar to Kuryr docs for LB, but for non-kuryr OSP on OCP
6. Stretch: blog