Don't do that. If you have a LB in front of the rke2 control plane, it must use the same ports, and pass through tcp directly. Kubernetes makes extensive use of client certificate auth, and offloading tls to the load-balancer breaks that.
a
adventurous-vr-13726
02/22/2023, 9:49 AM
okay so I should set passthru
c
creamy-pencil-82913
02/22/2023, 9:49 AM
You don't even really need an expensive external load-balancer in front of the servers, a DNS alias is just fine. The registration endpoint is only used when joining the cluster, after that the client pulls endpoints from the cluster so the external LB is completely unused.
a
adventurous-vr-13726
02/22/2023, 9:49 AM
its possible its already setup like this. we have stoodup 3 other rancher clusters and the install went fine