Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Title
c
cool-sunset-23736
07/17/2022, 4:46 PMWhat I don't get is how the configs get written into the
/etc/confd/values.yamlw
wide-garage-9465
07/17/2022, 7:25 PMHeyho 👋
The serverlb doesn't react to anything dynamically.
k3d writes the confd values file on your command.
There's nothing watching ingress or service objects etc.
c
cool-sunset-23736
07/17/2022, 8:21 PMThanks for the answer! I got to that point already. Now I'm going down the klipper-lb rabbit hole. 🙂
w
wide-garage-9465
07/17/2022, 8:25 PMKlipper is inside K3s.
It reacts to services with
type: LoadBalancerhostPortexternalIPc
cool-sunset-23736
07/17/2022, 8:27 PMYeah I got to that as well 🙂. What I don't get is how it differs from a nodePort service.
Because as far as I understood it's practically the same with the difference that it'l be on every node with the help of its DaemonSet. Which will then forward all traffic to the clusterIp of the service.
w
wide-garage-9465
07/17/2022, 8:29 PMNodePort is exposed on all nodes simultaneously and only offers a specific port range (e.g. no privileged ports), though that can be configured.
Klipper is only something that tries to emulate the behavior of real LoadBalancers that you get from cloud providers.
c
cool-sunset-23736
07/17/2022, 8:31 PMThat is the part that still didn't click for me. I don't see how that emulation is supposed to work.
The premise of both, NodePort and klipper-lb seems the same to me.
Both expose a port on the nodes, NodePort does that without extra pods, while klipper-lb does so with the help of a daemonSet.
In both cases you'll use the same IP's to reach the service.
Klipper allows you to use privileged ports. In terms of K3D I won't be able to bind those ports to the host as only the first pod would block the port while all other pods will error out because the port wouldn't be available anymore.
Would that be correct or is there still more to the klipper-lb?
w
wide-garage-9465
07/17/2022, 8:44 PMI might be wrong.. but Klipper does use single pods, not DaemonSets, right?
It exposes the port on only a single node, not all of them, right?
You're example on k3d is only valid if you have only a single node. But in that case it would be valid everywhere.
From the Klipper repo
This works by using a host port for each service load balancer and setting up iptables to forward the request to the cluster IP. The regular k8s scheduler will find a free host port. If there are no free host ports, the service load balancer will stay in pending.
c
cool-sunset-23736
07/17/2022, 8:51 PMYou're example on k3d is only valid if you have only a single node. But in that case it would be valid everywhere.Isn't that the premise of k3d, that you have a single docker host which can than run multiple k3s nodes in docker? Or is it possible to run k3d on multiple machines? Regarding Klipper. https://rancher.com/docs/k3s/latest/en/networking/#how-the-service-lb-works
K3s creates a controller that creates a Pod for the service load balancer, which is a Kubernetes object of kind Service.
For each service load balancer, a DaemonSet is created. The DaemonSet creates a pod with theprefix on each node.svc
...
...
w
wide-garage-9465
07/17/2022, 9:34 PMYes, but in k3d, you're Kubernetes (K3s) nodes are containers, which you can have multiple on. In that case the external IP of a node is the IP of the K3s' container.
Regarding the docs... This seems off to me.
Maybe we can cross post this somewhere else to get clarification, as the last paragraph says
If you try to create a Service LB that listens on port 80, the Service LB will try to find a free host in the cluster for port 80. If no host with that port is available, the LB will stay in Pending.
which wouldn't make sense it the proxies would be DaemonSets, which would cover all hosts.
I'm on my phone right now, but maybe you can just give it a try and see if it creates a DaemonSet?
I could totally be wrong there..