This message was deleted.

Hi, are you using "advertise-address" in your /etc/rancher/rke2/config.yaml?

Hi @alert-potato-16010 Oh, I haven't set this value. According to the documentation, what value should I set it to? It seems to be the API listening address.

That will ensure that your nodes will use an specific IP address for the cluster. In fact I use also "node-ip" on each node to specify which IP address to use on each node. We also have multihomed nodes and we don't have any other communication between nodes that the specific for the cluster.

I'm a bit confused. So, are we currently using the public network interface (eno1) for cross-node communication rather than our internal network interface, eno2? Additionally, if we switch to using the internal network interface for communication between nodes, will the pods still be able to access the internet? I'm concerned because accessing the internet requires going through eno1."

I haven't used node-external-ip

Alright, thank you. I'll go search for answers on GitHub. I used nmap for scanning and found that many components' ports are exposed to the public network😑, such as etcd and kubelet. Could you please check if your RKE cluster is also configured this way?

We use the system firewall to only allow cluster internal communications between Kubernetes components defining a custom zone for Kubernetes.

@alert-potato-16010 @cool-architect-86201 Which one should ı use advertise-address or node-ip ? for internal comminication of cluster ?

I always use advertise-address as the internal IP address for cluster communications.

Thank you so much, I think node-ip is used for agent, not server node.