33 lines
1.7 KiB
Markdown
33 lines
1.7 KiB
Markdown
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
|
|
dogbox Ready control-plane 3h31m v1.34.6+k3s1 10.0.1.2 <none> Fedora Linux 40 (Server Edition) 6.9.6-200.fc40.x86_64 containerd://2.2.2-bd1.34
|
|
mac-worker Ready <none> 3h13m v1.34.6+k3s1 192.168.139.12 <none> Ubuntu 25.10 6.17.8-orbstack-00308-g8f9c941121b1 containerd://2.2.2-bd1.34
|
|
|
|
|
|
The mac-worker is running inside orbstack linux VM if that matters.
|
|
|
|
|
|
I have a DNS rewrite pointing *.internal to 10.0.1.250 which is traefik-internal.
|
|
|
|
/dogstore/ is a NFS path that's available to all nodes
|
|
|
|
secrets are managed by sops
|
|
|
|
## Load balancers
|
|
|
|
Two LB implementations coexist: k3s klipper (servicelb) and MetalLB. They are
|
|
separated by `loadBalancerClass` so they don't conflict.
|
|
|
|
- **klipper** handles services with NO `loadBalancerClass`. It creates svclb
|
|
DaemonSet pods that bind host ports directly on every node.
|
|
- **MetalLB** handles services with `loadBalancerClass: metallb`. Its pool has
|
|
`autoAssign: false`, so it only assigns IPs to services that explicitly
|
|
request a pool via the `metallb.io/address-pool` annotation.
|
|
|
|
| Service | loadBalancerClass | LB | External IPs |
|
|
|------------------|-------------------|----------|-------------------------|
|
|
| traefik | (none) | klipper | node IPs (10.0.1.2 etc) |
|
|
| traefik-internal | metallb | MetalLB | 10.0.1.250 |
|
|
|
|
`loadBalancerClass` is immutable on k8s Services. Changing it requires deleting
|
|
the Service first, then redeploying (`kubectl delete svc … && helm upgrade`).
|