1.7 KiB
Executable File
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME dogbox Ready control-plane 3h31m v1.34.6+k3s1 10.0.1.2 Fedora Linux 40 (Server Edition) 6.9.6-200.fc40.x86_64 containerd://2.2.2-bd1.34 mac-worker Ready 3h13m v1.34.6+k3s1 192.168.139.12 Ubuntu 25.10 6.17.8-orbstack-00308-g8f9c941121b1 containerd://2.2.2-bd1.34
The mac-worker is running inside orbstack linux VM if that matters.
I have a DNS rewrite pointing *.internal to 10.0.1.250 which is traefik-internal.
/dogstore/ is a NFS path that's available to all nodes
secrets are managed by sops
Load balancers
Two LB implementations coexist: k3s klipper (servicelb) and MetalLB. They are
separated by loadBalancerClass so they don't conflict.
- klipper handles services with NO
loadBalancerClass. It creates svclb DaemonSet pods that bind host ports directly on every node. - MetalLB handles services with
loadBalancerClass: metallb. Its pool hasautoAssign: false, so it only assigns IPs to services that explicitly request a pool via themetallb.io/address-poolannotation.
| Service | loadBalancerClass | LB | External IPs |
|---|---|---|---|
| traefik | (none) | klipper | node IPs (10.0.1.2 etc) |
| traefik-internal | metallb | MetalLB | 10.0.1.250 |
loadBalancerClass is immutable on k8s Services. Changing it requires deleting
the Service first, then redeploying (kubectl delete svc … && helm upgrade).