cleanstart/metallb-speaker

Verified Publisher

By CleanStart

•Updated about 14 hours ago

Secure by Design, Built for Speed, Hardened Container Images on a minimal base CleanStart OS.

Image
0

10K+

cleanstart/metallb-speaker repository overview

Container Documentation for Metallb-Speaker

MetalLB Speaker container provides Layer 2 and BGP-based load balancing functionality for bare metal Kubernetes clusters. It enables LoadBalancer service types by announcing service IPs via ARP/NDP (Layer 2) or BGP protocols, making it essential for on-premises Kubernetes deployments that need external load balancing capabilities without cloud provider integration.

šŸ“Œ Base Foundation: Security-hardened, minimal base OS designed for enterprise containerized environments from Cleanstart Registry.

Image Path: Cleanstart/metallb-speaker Registry: Cleanstart Registry

Key Features Core capabilities and strengths of this container

  • Layer 2 (ARP/NDP) address announcement
  • BGP protocol support for service advertisement
  • Kubernetes LoadBalancer service implementation
  • High availability and failover capabilities

Common Use Cases Typical scenarios where this container excels

  • Bare metal Kubernetes cluster load balancing
  • On-premises Kubernetes service exposure
  • BGP-based service advertisement in enterprise networks
  • High-availability service IP management

Pull Latest Image Download the container image from the registry

docker pull cleanstart/metallb-speaker:latest
docker pull cleanstart/metallb-speaker:latest-dev

Basic Run Run the container with basic configuration

docker run -it --name metallb-speaker-test --network host --cap-add NET_ADMIN --cap-add NET_RAW cleanstart/metallb-speaker:latest

Production Deployment Deploy with production security settings

docker run -d --name metallb-speaker-prod \
  --network host \
  --cap-add NET_ADMIN \
  --cap-add NET_RAW \
  --security-opt=no-new-privileges \
  -e NODE_NAME=node1 \
  cleanstart/metallb-speaker:latest

Volume Mount Mount local directory for persistent data

docker run -v /etc/metallb:/etc/metallb:ro cleanstart/metallb-speaker:latest

Port Forwarding Run with custom port mappings

docker run -p 7472:7472 cleanstart/metallb-speaker:latest

Environment Variables Configuration options available through environment variables

VariableDefaultDescription
NODE_NAMEKubernetes node name
METALLB_HOSTHost to listen on
METALLB_PORT7472Port to listen on
METALLB_ML_BIND_ADDRAddress to bind MetalLB to
METALLB_ML_LABELSLabels to apply to metrics

Security Best Practices Recommended security configurations and practices

  • Use specific image tags for production deployments
  • Implement proper network security policies
  • Configure minimal required capabilities
  • Regular security updates and patches
  • Monitor BGP sessions and announcements
  • Implement proper RBAC policies
  • Use secure BGP authentication when possible
  • Regular audit of announced IP addresses

Kubernetes Security Context Recommended security context for Kubernetes deployments

securityContext:
  capabilities:
    add:
    - NET_ADMIN
    - NET_RAW
    drop:
    - ALL
  readOnlyRootFilesystem: true
  allowPrivilegeEscalation: false

⁠Documentation Resources

Essential links and resources for further information

CleanStart Images: https://images.cleanstart.com/⁠

Community Images:
Docker Hub: https://hub.docker.com/u/cleanstart⁠
GitHub: https://github.com/cleanstart-containers⁠
AWS ECR Public Gallery: https://gallery.ecr.aws/cleanstart/⁠

Presence on Social Media:
Community: https://www.linkedin.com/groups/18324021/⁠
YouTube: https://www.youtube.com/@CleanStartOfficial⁠

Contribute to Container Use Cases: https://github.com/cleanstart-dev/cleanstart-use-cases/⁠


Vulnerability Disclaimer

CleanStart offers Docker images that include third-party open-source libraries and packages maintained by independent contributors. While CleanStart maintains these images and applies industry-standard security practices, it cannot guarantee the security or integrity of upstream components beyond its control.

Users acknowledge and agree that open-source software may contain undiscovered vulnerabilities or introduce new risks through updates. CleanStart shall not be liable for security issues originating from third-party libraries, including but not limited to zero-day exploits, supply chain attacks, or contributor-introduced risks.

Security remains a shared responsibility: CleanStart provides updated images and guidance where possible, while users are responsible for evaluating deployments and implementing appropriate controls.

Tag summary

Content type

Image

Digest

sha256:18db88339…

Size

147 MB

Last updated

about 14 hours ago

docker pull cleanstart/metallb-speaker:0.16.1-amd64-dev