Hi Everyone, I have a HA rke2 custom cluster which i deployed via Rancher (Downstream). This has 3 Master nodes and 3 workers. So far i see, my

kubeconfig

for this new cluster has my rancher-server as the server endpoint so I suppose the rancher is balancing the connections between me and the masters nodes, is that correct? Additionally, I did not see any configuration on the worker nodes for the

kubelet

to talk to the masters in HA. So it seems to me that e.g

worker-1

can talk only to

master-1

. I have seen people who setup a

ha-proxy

on the worker nodes so they are able to communicate to any of the masters, but here i do not see any setup like that by default.

Agents run a client load-balancer that can connect them to any of the servers. The registration endpoint (--server flag/config value) is only used for the initial connection to the cluster. Once it’s joined it monitors the apiserver endpoint list and maintains connections to all of the servers. You can see this occurring in the agent logs.

What about loadbalancing external access to the kube-apiserver, say from a non-rancher gitops mgmt server like argocd or fluxcd running in a separate mgmt cluster?

the same thing would work fine with a round-robin DNS record pointing at the control plane. The load-balancer provides very little value.

the only thing is that with DNS you cannot know if one of the masters is down. But yeah now i understand more, thank you very much! Do you know where I can find more info on how the rke2-agent keeps track of the master nodes, I suppose if one master is not available the rke2-agent will also notice it right? Is the registration endpoint then after the node is added into the cluster not used anymore then? or it is also used to keep track of the masters?