controller not ready #2918
Description
MetalLB Version
0.13.12
Deployment method
Charts
Main CNI
cilium
Kubernetes Version
1.34.1
Cluster Distribution
No response
Describe the bug
1、当前controller节点总是无法ready
[root@master01 Metallb]# kubectl get pods -n metallb-system
NAME READY STATUS RESTARTS AGE
controller-5f55d64ddb-sjjzp 0/1 CrashLoopBackOff 7 (3m48s ago) 14m
controller-7875699dbb-d2czf 0/1 CrashLoopBackOff 8 (39s ago) 14m
speaker-5njjt 1/1 Running 0 4h27m
speaker-9g6nv 1/1 Running 0 4h27m
speaker-cvpg5 1/1 Running 0 4h27m
speaker-j825c 1/1 Running 0 4h27m
speaker-js4r6 1/1 Running 0 4h27m
speaker-ld8t2 1/1 Running 0 4h27m
speaker-ttlqr 1/1 Running 0 4h27m
speaker-zdp49 1/1 Running 0 4h27m
2、当前日志如下,没有信息
[root@master01 Metallb]# kubectl logs -n metallb-system -l component=controller --tail=100
flag provided but not defined: -controller-mode
Usage of /controller:
-cert-dir string
The directory where certs are stored (default "/tmp/k8s-webhook-server/serving-certs")
-cert-service-name string
The service name used to generate the TLS cert's hostname (default "webhook-service")
-deployment string
name of the MetalLB controller Deployment (default "controller")
-disable-cert-rotation
disable automatic generation and rotation of webhook TLS certificates/keys
-disable-epslices
Disable the usage of EndpointSlices and default to Endpoints instead of relying on the autodiscovery mechanism
-enable-pprof
Enable pprof profiling
-kubeconfig string
Paths to a kubeconfig. Only required if out-of-cluster.
-lb-class string
load balancer class. When enabled, metallb will handle only services whose spec.loadBalancerClass matches the given lb class
-log-level string
log level. must be one of: [all, debug, info, warn, error, none] (default "info")
-ml-secret-name string
name of the memberlist secret to create (default "memberlist")
-namespace string
config / memberlist secret namespace
-port int
HTTP listening port for Prometheus metrics (default 7472)
-webhook-http2
enables http2 for the webhook endpoint
-webhook-mode string
webhook mode: can be enabled, disabled or only webhook if we want the controller to act as webhook endpoint only (default "enabled")
{"branch":"dev","caller":"main.go:156","commit":"dev","goversion":"gc / go1.20.10 / amd64","level":"info","msg":"MetalLB controller starting version 0.13.12 (commit dev, branch dev)","ts":"2026-01-07T04:52:06Z","version":"0.13.12"}
{"level":"error","ts":"2026-01-07T04:52:36Z","logger":"setup","msg":"unable to start manager","error":"failed to determine if *v1beta2.BGPPeer is namespaced: failed to get restmapping: failed to get server groups: Get "https://10.96.0.1:443/api\": dial tcp 10.96.0.1:443: i/o timeout","stacktrace":"go.universe.tf/metallb/internal/k8s.New\n\t/go/go.universe.tf/metallb/internal/k8s/k8s.go:153\nmain.main\n\t/go/go.universe.tf/metallb/main.go:209\nruntime.main\n\t/usr/local/go/src/runtime/proc.go:250"}
3、描述信息如下
[root@master01 Metallb]# kubectl describe deployment -n metallb-system
Name: controller
Namespace: metallb-system
CreationTimestamp: Wed, 07 Jan 2026 08:26:12 +0800
Labels: app=metallb
component=controller
Annotations: deployment.kubernetes.io/revision: 6
Selector: app=metallb,component=controller
Replicas: 1 desired | 1 updated | 2 total | 0 available | 2 unavailable
StrategyType: RollingUpdate
MinReadySeconds: 0
RollingUpdateStrategy: 25% max unavailable, 25% max surge
Pod Template:
Labels: app=metallb
component=controller
Annotations: kubectl.kubernetes.io/restartedAt: 2026-01-07T12:14:50+08:00
prometheus.io/port: 7472
prometheus.io/scrape: true
Service Account: controller
Containers:
controller:
Image: quay.io/metallb/controller:v0.13.12
Ports: 7472/TCP (monitoring), 9443/TCP (webhook-server)
Host Ports: 0/TCP (monitoring), 0/TCP (webhook-server)
Args:
--port=7472
--log-level=info
Liveness: http-get http://:monitoring/metrics delay=10s timeout=1s period=10s #success=1 #failure=3
Readiness: http-get http://:monitoring/metrics delay=10s timeout=1s period=10s #success=1 #failure=3
Environment:
METALLB_ML_SECRET_NAME: memberlist
METALLB_DEPLOYMENT: controller
Mounts:
/tmp/k8s-webhook-server/serving-certs from cert (ro)
Volumes:
cert:
Type: Secret (a volume populated by a Secret)
SecretName: webhook-server-cert
Optional: false
Node-Selectors: kubernetes.io/os=linux
Tolerations:
Conditions:
Type Status Reason
Available False MinimumReplicasUnavailable
Progressing True ReplicaSetUpdated
OldReplicaSets: controller-b54cf66d8 (0/0 replicas created), controller-678c56675c (0/0 replicas created), controller-5f55d64ddb (1/1 replicas created)
NewReplicaSet: controller-7875699dbb (1/1 replicas created)
Events:
Type Reason Age From Message
Normal ScalingReplicaSet 41m deployment-controller Scaled down replica set controller-7dbf649dcc from 1 to 0
Normal ScalingReplicaSet 32m (x2 over 41m) deployment-controller Scaled up replica set controller-9f97cb944 from 0 to 1
Normal ScalingReplicaSet 31m deployment-controller Scaled down replica set controller-b54cf66d8 from 1 to 0
Normal ScalingReplicaSet 31m deployment-controller Scaled up replica set controller-678c56675c from 0 to 1
Normal ScalingReplicaSet 26m deployment-controller Scaled up replica set controller-5f55d64ddb from 0 to 1
Normal ScalingReplicaSet 18m deployment-controller Scaled down replica set controller-678c56675c from 1 to 0
Normal ScalingReplicaSet 18m deployment-controller Scaled up replica set controller-7875699dbb from 0 to 1
4、使用的版本信息
[root@master01 Metallb]# crictl images | grep metallb
quay.io/metallb/controller v0.13.12 2991becceb029 66MB
quay.io/metallb/speaker v0.13.12 94c5f9675e593 119MB
[root@master01 Metallb]#
[root@master01 Metallb]#
[root@master01 Metallb]# podman images | grep metallb
quay.io/metallb/speaker v0.13.12 94c5f9675e59 2 years ago 119 MB
quay.io/metallb/controller v0.13.12 2991becceb02 2 years ago 66 MB
To Reproduce
无
Expected Behavior
没办法正常用, 怎么解决问题呢?
Additional Context
无
I've read and agree with the following
- I've checked all open and closed issues and my request is not there.
- I've checked all open and closed pull requests and my request is not there.
I've read and agree with the following
- I've checked all open and closed issues and my issue is not there.
- This bug is reproducible when deploying MetalLB from the main branch
- I have read the troubleshooting guide and I am still not able to make it work
- I checked the logs and MetalLB is not discarding the configuration as not valid
- I enabled the debug logs, collected the information required from the cluster using the collect script and will attach them to the issue
- I will provide the definition of my service and the related endpoint slices and attach them to this issue