https://rancher.com/ logo
#general
Title
# general
a

adamant-kite-43734

08/16/2022, 11:17 PM
This message was deleted.
b

bland-account-99790

08/17/2022, 12:13 PM
As far as I know, CNI plugins expect nodes to be in the same L2 network. Therefore, if you want to connect nodes that are not in the same L2 network, I suggest using a VPN solution that would make the CNI plugin believe that it is working in a L2 network
The concept of external ip in kubernetes is very constrained
b

brainy-postman-1566

08/17/2022, 1:56 PM
hmm, I can probably make an IPsec tunnel and test I guess, thanks for the tip.
s

square-engine-61315

08/18/2022, 7:12 AM
VPN is a good idea. I'm using tinc VPN. My cluster is all over the internet. But even with a VPN, you need to tell K3s which interface to use. In config.yaml on my server / control plane node, I have something like:
Copy code
tls-san:
  - "server1.tincvpn"
advertise-address: 10.x.y.z  # The tinc VPN IP
node-ip: 10.x.y.z  # The tinc VPN IP
node-external-ip: 156.x.y.z  # The public IP
flannel-iface: tun1  # The tinc VPN interface
on my worker node, I have something like:
Copy code
node-ip: 10.x.y.zz  # The tinc VPN IP
flannel-iface: tun1  # The tinc VPN interface
token: asdf::server:foo
server: <https://server1.tincvpn:6443>
I hope this helps.
5 Views