Load Balancer

A load balancer is required if you have multiple control nodes, this is to ensure nodes and users can connect to the control plane if one of the host nodes becomes inactive. This document will outline using a fresh Debian or Alpine based host using HAProxy. Any TLS load-balancer will work.

Install HAProxy

OS:

sudo apk update             # Update apk cache
sudo apk add haproxy        # Install HAProxy
sudo rc-update add haproxy  # Start HAProxy on boot

sudo apt update                      # Update apt cache
sudo apt install -y haproxy          # Install HAProxy server
sudo systemctl enable --now haproxy  # Start and enable HAProxy on boot

Configure HAProxy

Set the configuration file for HAProxy as below - this is a base configuration and will need changes in the backend configuration at the bottom.

/etc/haproxy/haproxy.cfg

# Global config
global
  log /dev/log  local0
  log /dev/log  local1 notice
  chroot /var/lib/haproxy
  stats timeout 30s
  user haproxy
  group haproxy
  daemon

# Default options
defaults
  log  global
  mode  tcp
  option  tcplog
  option  dontlognull
  timeout connect 5000
  timeout client  50000
  timeout server  50000

# stats page to check load balancer health, you can access from http://hostname:8404/stats
frontend stats
   bind *:8404
   mode http
   stats enable
   stats uri /stats
   stats refresh 10s

# frontend/load balancer port to use
frontend kubernetes
  # ip address and port on the load balancer machine to bind to (0.0.0.0 = all ip's)
  bind 0.0.0.0:6443
  option tcplog
  # tcp mode set, this will pass all packets to the backend server - certificates managed by backend hosts.
  mode tcp
  # set backend group to use
  default_backend kubernetes-control-nodes

# backend for the kubernetes group frontend
backend kubernetes-control-nodes
  # routerobin balancing as host preference isn't a problem in this case.
  balance roundrobin
  mode tcp
  option tcplog
  option tcp-check
  default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
  ##### change these lines as required to suit your control nodes - format is server declaration, host alias (can be anything) - change, hostname:port (can be dnsname or ip) - change, check port/host is accessible
  server controler-1 controler-1.domain:6443 check
  server controler-2 controler-2.domain:6443 check
  server controler-3 10.10.1.1:6443 check

Apply changes

Once the required changes have been made run the following command:

OS:

sudo service haproxy reload

sudo systemctl reload haproxy