SUSE Support

Here When You Need Us

Preventing LoadBalancer service traffic from flowing through control plane and etcd nodes in a Kubernetes cluster with the AWS Cloud Provider

This document (000020034) is provided subject to the disclaimer at the end of this document.



This article details how to prevent LoadBalancer type service traffic from flowing through control plane and etcd nodes, in a cluster configured with the AWS Cloud Provider.


  • A Rancher Kubernetes Engine (RKE) CLI or Rancher v2.x provisioned Kubernetes cluster, provisioned on EC2 instances
  • Separate worker nodes from control plane and etcd nodes
  • The AWS Cloud Provider configured

Making the changes

Nodes of a Kubernetes cluster created by Rancher/RKE, that use AWS as the cloud provider, automatically get added to service load balancers (ELB). The behavior results in both controlplane and etcd nodes routing end-user application traffic, breaking the role separations model. To prevent this, label the control plane and etcd nodes with the label and the cloud-controller will not automatically add them to the service load balancers.


This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000020034
  • Creation Date: 06-May-2021
  • Modified Date:06-May-2021
    • SUSE Rancher

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.