Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Title
n
narrow-noon-75604
08/16/2022, 1:22 PMHi,
I have installed RKE2 with 3 server nodes and 3 agent nodes on baremetal machines spawned off from VMWare and Openstack. The cluster is up and working properly.
Now I want to configure an external load balancer right before the 3 server nodes. I have found a document to configure nginx on a baremetal machine but could not able to find the exact steps to configure it.
https://rancher.com/docs/rancher/v2.5/en/installation/resources/k8s-tutorials/infrastructure-tutorials/infra-for-rke2-ha/
Please share any documentation links for reference or let me know if these steps are enough to configure a loadbalancer on a baremetal machine.
c
creamy-pencil-82913
08/16/2022, 4:51 PMNginx is an ingress, not a load balancer. If you want load-balancer you should be looking at metallb or kube-vip.
n
narrow-noon-75604
08/17/2022, 4:50 AMwe are looking for a standalone external load balancer where we want to enable firewall and iptable services in that external load balancer since we are using calico network.
Can you please suggest me any tools for configuring external load balancer in RKE2?
c
creamy-pencil-82913
08/17/2022, 5:01 AMmetallb or kube-vip?
n
narrow-noon-75604
08/17/2022, 5:02 AMIf I use them there won't be a separate machine where I can enable firewall or iptable services
I think they work as a virtual load balancers
c
creamy-pencil-82913
08/17/2022, 5:23 AMYes that's correct. The nodes themselves act as the load-balancer, via arp or bgp. You're looking for something where the load balancer itself runs and is deployed separate from the cluster?
I'm not sure that's a very popular option, unless you have an existing appliance like a f5 or something.
n
narrow-noon-75604
08/17/2022, 5:31 AMYes I need a load balancer deployed separate from the cluster.
Actually the problem is I need to enable firewalld service in the server nodes for security reasons but rke2 is not coming up with calico network when firewalld or iptable services are enabled.
can you please suggest me if there is anyway to setup load balancer and enable firewalld service?
Also am not aware of the f5 appliance that you mentioned...Please share me some reference links about this.
c
creamy-pencil-82913
08/17/2022, 5:50 AMYou might look at haproxy, but I just don't see many people doing what you're trying to do unless they already have a dedicated load balancer appliance that they want to use.
n
narrow-noon-75604
08/17/2022, 5:55 AMI think it would be great if your team support rke2 installation with firewall and iptables services enabled or support an external load balancer where we can turn those services on.
v
victorious-ambulance-564
08/17/2022, 7:22 AMon openstack you can use octavia.
c
creamy-pencil-82913
08/17/2022, 9:03 AMif you find any standalone bare-metal projects doing that (other than haproxy’s somewhat janky external mode), please let me know
s
shy-megabyte-75492
08/17/2022, 8:52 PMHere hijack the talks but if I'm using metallb I have to deploy the servers without the nginx ingress right? After that I deploy it as a loadbalancer?