https://rancher.com/ logo
Join Slack
Powered by
ok probably an ignorant question…but for clusters ...
# rke2
w
ok probably an ignorant question…but for clusters I deploy with rancher…do I need to perform the HA configuration myself or is there a config screen for it? Like do i need to configure kube-vip myself directly on the cluster?
b
It depends™️
The downstream provider and how it's configured makes that automagic or not.
w
So if it’s self hosted (e.g. just nodes) not cloud
b
If you're doing vanilla RKE2 and not using the provider driver, yeah, you'll need to configure that yourself.
we're self hosted, but it depends on if I'm deploying baremetal nodes via elemental vs harvester nodes.
And if I have the LB features working properly in Harvester, then there's no additional config needed.
But if LB from harvester isn't working then it requires manual setups.
w
got it
b
Not to mention if you have public nodes vs natted private nodes and need an external LB like HAProxy.
w
this is completely all internal
b
rancher will actually proxy traffic for 
kubectl
for you
but not for services and the like.
Harvester might. Again. depends on where you're deploying to.
You said self hosted, but there's lost of ways you can self host downstream clusters.
w
yeah understandable, it’s just bare metal nodes with an OS on them
b
Via elemental? Or are you manually provisioning and joining them?
w
manually provisioning
b
Yeah you're probably gonna have to set it up then.
You might be able to auto config some of it via fleet, but it won't work out of box afaik.
w
got it. yeah, i almost feel more comfortable just deploying the cluster by hand and importing it
b
¯\_(ツ)_/¯
The script to init it all was pretty good fwiw
w
i don’t know why…but i feel like i’m closer to the “source” and when you have to debug something you aren’t trying to understand 5 layers
b
And you can add all required helm repos automagically then it's just a matter of plopping in the VIP address under the Apps tab.
w
which init script?
b
When you create custom:
the curl stuff sets it all up for you
w
ohh, yeah…been fighting with it for 2 hours lol
trying to reset nodes atm
c
As long as you have at least 3 control-plane+etcd nodes you are HA. You do not need an external LB for any of the Kubernetes components, Rancher manages that for you.
w
oh, interesting. I guess because it’s just proxying through to the servers?
c
No. Because all you need it for is joining the cluster, and rancher ensures that all nodes join against a current cluster member. Once a node has joined the cluster it uses a client side LB to connect to all cluster members and doesn't need a HA registration address any longer.
w
Got it, but like without rancher you would use the LB ip/hostname to interact with the cluster, but rancher is doing that for you is more of what I mean
c
oh when interacting with it remotely, yes. that is correct. You’re proxying through rancher to the cluster apiserver via the cattle-cluster-agent running in the downstream cluster
👍 1
w
So is it recommended to install things like the ceph-csi driver or the nvidia operator directly on the cluster? Or through Rancher?
b
It doesn't matter, but through rancher is more reliable.
rancher is just a proxy and reads the downstream kubeapi
Good to note that
You do not need an external LB for any of the Kubernetes components
Is specific to the those components not 80/443/tcp traffic outside those components.
w
yeah, i assume you would still need like metalLB to utilize a Service external IP
b
We use HAProxy, but yeah, that's the idea.
You can also use KubeVIP for that too
that's more what I was driving at before
w
gotcha
b
HA config to me is the whole stack and not just the kubeapi/internal HA stuff.
w
yeah i used KubeVIP to deploy the RKE2 k8s that’s hosting the Rancher UI
b
Yeah we use it for small downstream clusters where workers/cp are shared
just makes everything easier.
anyways
good luck
w
yup! thanks!
4 Views
Open in Slack
PreviousNext
Powered by