This message was deleted.

Is this a downstream cluster?

Thanks @bland-article-62755 for you reply. Yes, downstream cluster. This is true for solution like rke2, but for custom cluster from rancher you are not able to change kube-api IP for workers - you can provide only rancher server for system-agent-install tool. Regarding first point yes, but I want to split workers and CP. Metallb will be for LB service. For external haproxy solution you need to provide somehow during installation that haproxy IP for workers to connect via haproxy to kube-api, Still I'm talking here only to provide HA for workers, so any CP will be down workers should still works without any issues. Even entire Rancher will be down still downstream k8s should work as well as workers when any of CP in downstream k8s will be down. Now it seems that HA works thanks to Rancher, so all downstream k8s connections are going through Rancher and Rancher has all information about all CP in particular cluster and thanks to that workers can works in HA mode, but what will happen when Rancher will be down?

Metallb will be for LB service

If you already can set up metalLB then you're done? That'll make sure the services for the workers stay in HA.

If you’re provisioning via Rancher, Rancher manages that.

@creamy-pencil-82913 cool, thank you. This is what I was looking for, probably this https://ranchermanager.docs.rancher.com/reference-guides/rancher-manager-architecture/communicating-with-downstream-user-clusters was the answer for that but it wasn't clear for me 🙂 You've pasted link to k3s but for rke2 (custom deployment via rancher) it works the same way right? @bland-article-62755 Thank you for your answer. But still it wasn't about HA for user access but for workers. For example when you set up bare k8s via let say kube-admin you need at first setup for example kube-vip on control planes. Then workers (different nodes) should point on floating IP to ensure HA (when one CP will fail), right? Until @creamy-pencil-82913 explained how it works in Rancher still I was convinced that this was the way it had to be but haven't seen where to provide floating IP for workers during installation (via rancher-agent) Generally as far as I understand now, workers have HA because of solution with local load-balancer. Now I need kube-vip anyway to provide HA for user access (for example one CP will fail so user still has one point of access (floating ip)), right? For that Rancher doesn't provide any solution - did I understand it correctly?

What are you looking for? As the docs say, this is talking about agents, which run a local loadbalancer.

@creamy-pencil-82913 Not sure what I'm looking for. I'd like to verify and understand how it works, so for example check/go thru a path how workers are connecting to CP (to ensure HA). I thought I should see any service on worker side that is LB for kubelet which connects to kube-api and other k8s components , instead of connecting directly to kube-api/scheduler etc..