Configuring a load balancer in front of your control plane allows your cluster to stay responsive during both unplanned (node crashes) and planned (node restarts during upgrades) outages.
While following the creating a cluster on SSH Nodes instructions you can provide the public IP Address of your load balancer in the
wksConfig.controlPlaneLbAddress field. The load balancer should route all
:6443 traffic to the internal IPs of the
master nodes specified in
One setup is to use HA Proxy as the load balancer on a machine external to the cluster itself but still on the same network. We'll go through how to install and setup haproxy on a CentOS 7 machine.
Given we're following the creating a cluster on SSH Nodes instructions and have specified the IPs of a 3 master and 2 worker cluster like so:
and we have another machine that will run haproxy and be our load balancer.
ssh to the load balancer machine to install haproxyssh 220.127.116.11
Install haproxy withyum install haproxy
backend kubernetesIP addresses to your masters' private IPs.frontend kubernetes *:6443default_backend kubernetesmode tcpoption tcplogbackend kubernetesbalance roundrobinmode tcpoption tcplogoption tcp-checkdefault-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100server master1 10.132.0.10:6443 checkserver master2 10.132.0.11:6443 checkserver master3 10.132.0.12:6443 check# OPTIONAL - UI that allows you to see which masters have joined the LB roundrobinfrontend statsbind *:8404stats enablestats uri /statsstats refresh 10sstats admin if LOCALHOST
Restart haproxy withsystemctl restart haproxy
Check that its running with
ps aux | grep haproxy, if its not running see if its complaining about anything in particular
journalctl -u haproxy. If its having trouble binding to a socket you might have to relax the SE restrictions with
sudo setsebool -P haproxy_connect_any=1
Monitor the load balancer using the stats UI at the load balancer's public IP, in this case: http://18.104.22.168:8404/stats (Note the
/will give you a 503)
Your new load balancer should be ready for action.
Continue following the creating a cluster on SSH Nodes instructions, updating your
config.yaml with the load balancer's public IP: