Hi, I have installed RKE2 with 3 server nodes and 3 agent nodes on baremetal machines spawned off from VMWare and Openstack. The cluster is up and working properly. Now I want to configure an external load balancer right before the 3 server nodes. I have found a document to configure nginx on a baremetal machine but could not able to find the exact steps to configure it. https://rancher.com/docs/rancher/v2.5/en/installation/resources/k8s-tutorials/infrastructure-tutorials/infra-for-rke2-ha/ Please share any documentation links for reference or let me know if these steps are enough to configure a loadbalancer on a baremetal machine.

Nginx is an ingress, not a load balancer. If you want load-balancer you should be looking at metallb or kube-vip.

we are looking for a standalone external load balancer where we want to enable firewall and iptable services in that external load balancer since we are using calico network. Can you please suggest me any tools for configuring external load balancer in RKE2?

metallb or kube-vip?

If I use them there won't be a separate machine where I can enable firewall or iptable services

Yes that's correct. The nodes themselves act as the load-balancer, via arp or bgp. You're looking for something where the load balancer itself runs and is deployed separate from the cluster?

Yes I need a load balancer deployed separate from the cluster. Actually the problem is I need to enable firewalld service in the server nodes for security reasons but rke2 is not coming up with calico network when firewalld or iptable services are enabled. can you please suggest me if there is anyway to setup load balancer and enable firewalld service? Also am not aware of the f5 appliance that you mentioned...Please share me some reference links about this.

You might look at haproxy, but I just don't see many people doing what you're trying to do unless they already have a dedicated load balancer appliance that they want to use.

I think it would be great if your team support rke2 installation with firewall and iptables services enabled or support an external load balancer where we can turn those services on.

on openstack you can use octavia.

if you find any standalone bare-metal projects doing that (other than haproxy’s somewhat janky external mode), please let me know

Here hijack the talks but if I'm using metallb I have to deploy the servers without the nginx ingress right? After that I deploy it as a loadbalancer?