Preventing LoadBalancer service traffic from flowing through control plane and etcd nodes in a Kubernetes cluster with the AWS Cloud Provider

This document (000020034) is provided subject to the disclaimer at the end of this document.

Situation

Task

This article details how to prevent LoadBalancer type service traffic from flowing through control plane and etcd nodes, in a cluster configured with the AWS Cloud Provider.

Pre-requisites

  • A Rancher Kubernetes Engine (RKE) CLI or Rancher v2.x provisioned Kubernetes cluster, provisioned on EC2 instances
  • Separate worker nodes from control plane and etcd nodes
  • The AWS Cloud Provider configured

Making the changes

Nodes of a Kubernetes cluster created by Rancher/RKE, that use AWS as the cloud provider, automatically get added to service load balancers (ELB). The behavior results in both controlplane and etcd nodes routing end-user application traffic, breaking the role separations model. To prevent this, label the control plane and etcd nodes with the label node-role.kubernetes.io/master and the cloud-controller will not automatically add them to the service load balancers.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000020034
  • Creation Date: 06-May-2021
  • Modified Date:06-May-2021
    • SUSE Rancher

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback@suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center