This message was deleted.

The best thing to do is to create layer 2 VM networks (vlans) and tie those to your virtual machines. Other option if you want your server to continue doing nat and/or routing for some reason, you could setup load balances, potentially.

Hello Mike, thanks for the directions. I assume vlan allows just communication between VMs, right? I would like to make different services available. As a matter of principle I would like to make a webserver, nextcloud, nextcloud talk, gitlab and the gitlab registry available on the VIP of the harvester cluster (hence also ports except https). In the meantime I assume the right way to go is this plugin https://docs.harvesterhci.io/v1.2/advanced/addons/rancher-vcluster/ Seems just one thing missing. I would like to add cert-manager into the game. Currently still looking for a tutorial on how to set these things up

The VIP is specific to Harvester, you can't add additional services to that IP address.

Hello Simon, I just had a look into https://docs.harvesterhci.io/v1.2/advanced/addons/rancher-vcluster seems like it syncs the ingress with the IP. Are you sure about this?

Vlans are what you are looing for. They are not just for inter vm communication. Put yourself a router or a firewall attached to your switch that your servers is connected to. Create a vlan say vlan 100, put your layer 3 ip info on it, and extend that vlan to your VM by creating a layer 2 vlan in harvester.

Hello Mike, I have my server standing at a Hetzner datacenter. Not sure how this should work. They allow me to create a vlan and to connect it with my hosts. HOwever, I cannot set any other options their. When installing harvester with vlan enabled, I did not get internet connectivity in the installer. I therfore disabled it. My assumption is that the vlans I can set up their are only thought to be used for internal traffic routing. So if I understand you correctly I would have to map the vlan to a dns record? How is this normally done?

The VIP address is for Harvester (and Rancher vcluster) access, not for any other services.

You need to create some vlans and tag them on a router in front of your cluster, then tag those to your vms. What you are trying to do is more similar to kubernetes infrastructure, but this is HCI and is not going to work the way you want. You could easily turn up a router or some load balancers or both on your harvester cluster, then use that to do what you want and provide front end services etc.

Is there a way to bootstrap the management node with a DNS SAN on the VIP's server certificate? I entered the IP when the installer prompted for the VIP, and didn't try entering a domain name at that point in the process. I'm looking to use the VIP's domain name to add nodes, if possible, but the server certificate has only the IP SAN, so nodes are unable to verify the server certificate during enrollment and get stuck forever on NotReady.