https://rancher.com/ logo
Title
a

agreeable-art-61329

12/14/2022, 11:46 PM
has anyone played with Kube-VIP as of late and have that example functioning with rke2? It works fine for a single node and my kubectl traffic - but I cannot join additional nodes following that example due to receiving a
connection refused
on port 9345 of the VIP. Any thoughts?
Maybe I am mistaken in that 9345 is not strictly required for HA - and that I can establish a single static reference to the first server node?
I understood that gist to be describing the join server url as being the VIP
c

creamy-pencil-82913

12/15/2022, 12:01 AM
9345 is the RKE2 supervisor port. It exists outside of Kubernetes, and is used to bootstrap the various components, including etcd and the apiserver. It would not be handled by kube-vip, even if you asked kube-vip to expose a LoadBalancer service for the apiserver.
👍 1
It is safe to point additional servers directly at the first server by hostname. For HA purposes, you should put a DNS alias or load-balancer in front of the servers, forwarding traffic on 6443 and 9345.
a

agreeable-art-61329

12/15/2022, 12:07 AM
That aligns with my current understanding at a high level - thanks for the feedback. That gist lead me to assume that it could play a role in enabling a virtual IP to establish high-availability in some aspects of the word through a leader election process. This would likely be the case if it could handle the 9345 traffic?
c

creamy-pencil-82913

12/15/2022, 12:10 AM
That gist is just for exposing the apiserver. It does not handle the supervisor port, which is required for bootstrapping nodes.
at least that’s how I read it
@breezy-painter-38605 could better speak as to how he was using it. It’s not something that I’ve personally used before.
It does look like he’s using the vip hostname as the server address to add additional nodes so idk
a

agreeable-art-61329

12/15/2022, 12:12 AM
Yeah that’s what was tripping me up
c

creamy-pencil-82913

12/15/2022, 12:14 AM
if I look at the file at
<http://kube-vip.io/k3s|kube-vip.io/k3s>
which that gist references it appears to only be handling port 6443, which is fine for k3s (where the supervisor and apiserver are on the same port) but I would not expect that to work on RKE2 without adding the supervisor port.
a

agreeable-art-61329

12/15/2022, 1:13 AM
That makes sense and looking through environment variables of Kube-VIP, I don’t see any additional capability to target other additional ports - so this may just be a known gap
Out of curiosity - does the supervisor handle anything other than nodes joining the cluster?
I’m trying to think through what would happen if I added another kube-VIP daemonset for port 9345
c

creamy-pencil-82913

12/20/2022, 5:57 PM
it is used for node join, and there is also a websocket tunnel between agents and apiservers that they use to facilitate reverse connections from the apiserver to kubelets
👍 1
w

wonderful-pizza-30919

01/25/2023, 2:34 AM
When deploying kube-vip can you use a subnet that is not the same as the nodes subnets to establish HA for nodes?