This message was deleted.
# rke2
a
This message was deleted.
a
Maybe I am mistaken in that 9345 is not strictly required for HA - and that I can establish a single static reference to the first server node?
I understood that gist to be describing the join server url as being the VIP
c
9345 is the RKE2 supervisor port. It exists outside of Kubernetes, and is used to bootstrap the various components, including etcd and the apiserver. It would not be handled by kube-vip, even if you asked kube-vip to expose a LoadBalancer service for the apiserver.
👍 1
It is safe to point additional servers directly at the first server by hostname. For HA purposes, you should put a DNS alias or load-balancer in front of the servers, forwarding traffic on 6443 and 9345.
a
That aligns with my current understanding at a high level - thanks for the feedback. That gist lead me to assume that it could play a role in enabling a virtual IP to establish high-availability in some aspects of the word through a leader election process. This would likely be the case if it could handle the 9345 traffic?
c
That gist is just for exposing the apiserver. It does not handle the supervisor port, which is required for bootstrapping nodes.
at least that’s how I read it
@breezy-painter-38605 could better speak as to how he was using it. It’s not something that I’ve personally used before.
It does look like he’s using the vip hostname as the server address to add additional nodes so idk
a
Yeah that’s what was tripping me up
c
if I look at the file at
<http://kube-vip.io/k3s|kube-vip.io/k3s>
which that gist references it appears to only be handling port 6443, which is fine for k3s (where the supervisor and apiserver are on the same port) but I would not expect that to work on RKE2 without adding the supervisor port.
a
That makes sense and looking through environment variables of Kube-VIP, I don’t see any additional capability to target other additional ports - so this may just be a known gap
Out of curiosity - does the supervisor handle anything other than nodes joining the cluster?
I’m trying to think through what would happen if I added another kube-VIP daemonset for port 9345
c
it is used for node join, and there is also a websocket tunnel between agents and apiservers that they use to facilitate reverse connections from the apiserver to kubelets
👍 1
w
When deploying kube-vip can you use a subnet that is not the same as the nodes subnets to establish HA for nodes?