talos icon indicating copy to clipboard operation
talos copied to clipboard

Published 20 hours ago verified publisher icon siderolabs

K8s VIP using BGP

Open buroa opened this issue 1 year ago • 1 comments

Feature Request

K8s VIP using BGP instead of ARP

Description

Would be nice to have this so there is no downtime when the control plane is upgraded

buroa avatar Mar 18 '24 16:03 buroa

@buroa Possibly you're already aware of this, but if you're using CIlium and its BGP control plane, you can do this today. Here's the manifest I apply to accomplish this, while also using port 443 for the external API endpoint:

apiVersion: v1
kind: Service
metadata:
  annotations:
    io.cilium/lb-ipam-ips: <vip-goes-here>
  name: kubernetes-external
  namespace: kube-system
spec:
  externalTrafficPolicy: Local
  type: LoadBalancer
  loadBalancerClass: io.cilium/bgp-control-plane
  selector:
    k8s-app: kube-apiserver
    tier: control-plane
  ports:
    - name: https
      port: 443
      protocol: TCP
      targetPort: 6443

dhess avatar Mar 22 '24 22:03 dhess