Preventing LoadBalancer service traffic from flowing through control plane and etcd nodes in a Kubernetes cluster with the AWS Cloud Provider
This document (000020034) is provided subject to the disclaimer at the end of this document.
Situation
Task
This article details how to prevent LoadBalancer type service traffic from flowing through control plane and etcd nodes, in a cluster configured with the AWS Cloud Provider.
Pre-requisites
- A Rancher Kubernetes Engine (RKE) CLI or Rancher v2.x provisioned Kubernetes cluster, provisioned on EC2 instances
- Separate worker nodes from control plane and etcd nodes
- The AWS Cloud Provider configured
Making the changes
Nodes of a Kubernetes cluster created by Rancher/RKE, that use AWS as the cloud provider, automatically get added to service load balancers (ELB). The behavior results in both controlplane and etcd nodes routing end-user application traffic, breaking the role separations model. To prevent this, label the control plane and etcd nodes with the label node-role.kubernetes.io/master
and the cloud-controller will not automatically add them to the service load balancers.
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000020034
- Creation Date: 06-May-2021
- Modified Date:06-May-2021
-
- SUSE Rancher
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com