Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Title
a
agreeable-art-61329
12/14/2022, 11:46 PMhas anyone played with Kube-VIP as of late and have that example functioning with rke2? It works fine for a single node and my kubectl traffic - but I cannot join additional nodes following that example due to receiving a
connection refusedMaybe I am mistaken in that 9345 is not strictly required for HA - and that I can establish a single static reference to the first server node?
I understood that gist to be describing the join server url as being the VIP
c
creamy-pencil-82913
12/15/2022, 12:01 AM9345 is the RKE2 supervisor port. It exists outside of Kubernetes, and is used to bootstrap the various components, including etcd and the apiserver. It would not be handled by kube-vip, even if you asked kube-vip to expose a LoadBalancer service for the apiserver.
👍 1
It is safe to point additional servers directly at the first server by hostname. For HA purposes, you should put a DNS alias or load-balancer in front of the servers, forwarding traffic on 6443 and 9345.
a
agreeable-art-61329
12/15/2022, 12:07 AMThat aligns with my current understanding at a high level - thanks for the feedback. That gist lead me to assume that it could play a role in enabling a virtual IP to establish high-availability in some aspects of the word through a leader election process. This would likely be the case if it could handle the 9345 traffic?
c
creamy-pencil-82913
12/15/2022, 12:10 AMThat gist is just for exposing the apiserver. It does not handle the supervisor port, which is required for bootstrapping nodes.
at least that’s how I read it
@breezy-painter-38605 could better speak as to how he was using it. It’s not something that I’ve personally used before.
It does look like he’s using the vip hostname as the server address to add additional nodes so idk
a
agreeable-art-61329
12/15/2022, 12:12 AMYeah that’s what was tripping me up
c
creamy-pencil-82913
12/15/2022, 12:14 AMif I look at the file at
<http://kube-vip.io/k3s|kube-vip.io/k3s>a
agreeable-art-61329
12/15/2022, 1:13 AMThat makes sense and looking through environment variables of Kube-VIP, I don’t see any additional capability to target other additional ports - so this may just be a known gap
Out of curiosity - does the supervisor handle anything other than nodes joining the cluster?
I’m trying to think through what would happen if I added another kube-VIP daemonset for port 9345
c
creamy-pencil-82913
12/20/2022, 5:57 PMit is used for node join, and there is also a websocket tunnel between agents and apiservers that they use to facilitate reverse connections from the apiserver to kubelets
👍 1
w
wonderful-pizza-30919
01/25/2023, 2:34 AMWhen deploying kube-vip can you use a subnet that is not the same as the nodes subnets to establish HA for nodes?