techno-tim / k3s-ansible

The easiest way to bootstrap a self-hosted High Availability Kubernetes cluster. A fully automated HA k3s etcd install with kube-vip, MetalLB, and more. Build. Destroy. Repeat.

https://technotim.live/posts/k3s-etcd-ansible/

Apache License 2.0

2.41k stars 1.05k forks source link

fix(cilium): k3s has an API server proxy at `127.0.0.1:6444` #442

Closed onedr0p closed 9 months ago

onedr0p commented 9 months ago

Proposed Changes

There is no need to use kube-vip LB for this Cilium config, k3s has an API server proxy listening in 127.0.0.1:6444 on all nodes in the cluster. I run with this setup in the https://github.com/onedr0p/cluster-template so just sharing some knowledge to here.

Checklist

[x] Tested locally
[ ] Ran site.yml playbook
[ ] Ran reset.yml playbook
[ ] Did not add any unnecessary changes
[ ] Ran pre-commit install at least once before committing
[x] 🚀

onedr0p commented 9 months ago

Pinging @sholdee as you initially PRed this.

onedr0p commented 9 months ago

Not sure why the ipv6 test is failing...

sholdee commented 9 months ago

LGTM. CI issue with IPv6 appears unrelated.

timothystewart6 commented 9 months ago

If that's the case, shouldn't we also clean up the references to apiserver_endpoint that were in this PR?

https://github.com/techno-tim/k3s-ansible/pull/435/files

onedr0p commented 9 months ago

If that's the case, shouldn't we also clean up the references to apiserver_endpoint that were in this PR?

#435 (files)

Kube vip is still needed to provide external access to the Kube API.

sholdee commented 9 months ago

Essentially, the worker API server proxies are still dependent on registration with the VIP, so we still need to wait for this connectivity to be established before proceeding.

timothystewart6 commented 9 months ago

Thank you both! The ipv6 test has always been kind of flaky, I will revisit this at some point