-
Notifications
You must be signed in to change notification settings - Fork 471
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Build-in load balancer #5134
Comments
by the way Talos runs Kubernetes control plane components pointed to the localhost:6443 for the API server endpoint, so they don't require load-balancer to be up |
I'm interested in this as well. Mostly for HA control plane without an external LB. |
I just noticed the https://github.com/siderolabs/talos/releases/tag/v1.5.0-alpha.1 patch notes. Some exiting news in the |
This feature is in-cluster exclusively, it makes sure the cluster can run even if the external load-balancer is down (or it might prefer local traffic if the external load-balancer has higher latency). |
This issue is stale because it has been open 180 days with no activity. Remove stale label or comment or this will be closed in 7 days. |
I'd still be very much interested in a build in load balancer to replace our bespoke haproxy static pod setup. |
Talos supports KubePrism for internal load-balancing. |
Yes, and KubePrism is excellent. I thoroughly enjoyed reading about its motivation and design. However, we are still left with all the tradeoffs on the load balancer for our external kubernetes API access. For us this means we need to maintain a bespoke haproxy setup (implemented as static pods that run before the cluster is online) on our otherwise rather feature complete Talos cluster. |
It just feels that external access is much more complicated, and it shouldn't be solved this way. Talos Linux and Kubernetes itself with KubePrism enabled doesn't depend on the load-balancer anymore. External access can be provided by running load-balancers outside the cluster, using simple round-robin DNS, using a direct endpoint of the controlplane node, etc. There are many options and all of them work equally well. I don't quite see how running haproxy on the machine itself might help here, as anyways if the machine goes down, the access will no longer be possible. |
Feature Request
Description
Load balancers are ubiquitous in cloud environments but not standardized and manual work in on-premise setups. Hence letting Talos handle this requirement internally would relieve a significant burden in setting up on premise clusters with Talos. See #2711 for a partial rationale.
Current solutions
Currently (v0.14) the available solutions in Talos are:
MetalLB
orkube-vip
and some dedication.Suggested additional solution
A better solution would be to add Talos native load balancing on the node side. This would:
MetalLB
orkube-vip
Possible implementation
Possible usage
Instead of running
One would specify three
<cluster endpoints>
.Instead of running
This would result in the actual
cluster.controlPlane.endpoint
to be set tohttps://127.0.0.1:someport
with a native local load balancer behind it balancing all requests to all three actual endpoints.All three endpoints would of course still be DNS names so that no worker config would need to be changed if a control plane ever changes its IP.
Ecosystem
Not accidentally more people have run into this speedbump setting up an on premise cluster. In fact, there is a large thread for just this: don't require a load balancer between cluster and control plane and still be HA and some partial fixes: KEP-3037: client-go alternative services.
However, as there are many moving parts it will probably take a long time to get support for multiple API endpoints natively. Furthermore it will taken even more years before all components of all CNI's have support for this. Hence it would be better to build it into Talos now and, as a feature of Talos, remove the load balancer requirement.
As an example solution there is Rancer's RKE implementation. Their solution by default:
kubelet
to127.0.0.1:6443
.kube-proxy
to127.0.0.1:6443
.nginx-proxy
container on port 6443.Some related thoughts
Current workaround
For anybody who wants a similar solution right now you can:
Click to expand!
Instructions
https://kube.mycluster.mydomain.com:6444
.The text was updated successfully, but these errors were encountered: