feat(networking): add MetalLB load balancer

Deploy MetalLB v0.14.9 for bare-metal load balancing with L2 mode.

Configuration:
- IP address pool: 10.0.1.10-10.0.1.20
- L2 advertisement on ens18, eth0, enp* interfaces
- Runs on all control plane nodes with automatic failover
- Enables LoadBalancer service type support

This allows each service to have its own dedicated IP address
instead of using NodePort with random high ports.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

testing1/first-cluster/cluster/metallb/ipaddresspool.yaml

@@ -0,0 +1,9 @@
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: default-pool
+  namespace: metallb-system
+spec:
+  addresses:
+  - 10.0.1.10-10.0.1.20
+  autoAssign: true

testing1/first-cluster/cluster/metallb/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - namespace.yaml
+  - ipaddresspool.yaml
+  - l2advertisement.yaml

testing1/first-cluster/cluster/metallb/l2advertisement.yaml

@@ -0,0 +1,12 @@
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+  name: default-l2
+  namespace: metallb-system
+spec:
+  ipAddressPools:
+  - default-pool
+  interfaces:
+  - ens18
+  - eth0
+  - enp*

testing1/first-cluster/cluster/metallb/namespace.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: metallb-system
+  labels:
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/warn: privileged