https://rancher.com/ logo
Title
b

brainy-postman-1566

08/16/2022, 11:17 PM
regarding K3s, if i want to add a new agent located in WAN/Cloud, while master and other workers are on LAN, which flag should I be using to ensure new workers use the correct Hostname/IP. I had hoped to be able to specify the location of the K3s Server at the agent config side, but this doesn't seem to be the case? I have a dynamic DNS record configured to point to a resolvable IP/Port combination. I tried setting the "advertise-address" or node external IP values, but I still see see:
Aug 16 18:12:49 Kube-0 k3s[3070]: I0816 18:12:49.519375    3070 server.go:576] external host was not specified, using 192.168.0.83
In journal conf:
kubes@Kube-0:/etc/rancher/k3s$ cat config.yaml
write-kubeconfig-mode: 644
token: "<removed>"
advertise-address: <https://conallogribin.dyns.cx:6443>
node-external-ip: <https://conallogribin.dyns.cx:6443>
b

bland-account-99790

08/17/2022, 12:13 PM
As far as I know, CNI plugins expect nodes to be in the same L2 network. Therefore, if you want to connect nodes that are not in the same L2 network, I suggest using a VPN solution that would make the CNI plugin believe that it is working in a L2 network
The concept of external ip in kubernetes is very constrained
b

brainy-postman-1566

08/17/2022, 1:56 PM
hmm, I can probably make an IPsec tunnel and test I guess, thanks for the tip.
s

square-engine-61315

08/18/2022, 7:12 AM
VPN is a good idea. I'm using tinc VPN. My cluster is all over the internet. But even with a VPN, you need to tell K3s which interface to use. In config.yaml on my server / control plane node, I have something like:
tls-san:
  - "server1.tincvpn"
advertise-address: 10.x.y.z  # The tinc VPN IP
node-ip: 10.x.y.z  # The tinc VPN IP
node-external-ip: 156.x.y.z  # The public IP
flannel-iface: tun1  # The tinc VPN interface
on my worker node, I have something like:
node-ip: 10.x.y.zz  # The tinc VPN IP
flannel-iface: tun1  # The tinc VPN interface
token: asdf::server:foo
server: <https://server1.tincvpn:6443>
I hope this helps.