Highly-available control plane #348
Description
This is more a question/comment, but I'm happy to raise a PR if required...
I've historically run my k8s control planes behind a load balancer to provide truly HA control planes. With such a project, I'd expect to have an option to enable a control plane load balancer (probably enabled by default if more than 1 control plane node).
However, it's not very hard to implement so I can see the argument to not add it in to reduce things you have to maintain (example code below). Question - would you like this in?
Example
If you don't want to add this to the project, here's my implementation that future users can use.
locals {
control_plane_labels = {
cluster = "cluster"
role = "control-plane"
}
kube_api_port = 6443
}
module "talos" {
source = "hcloud-talos/talos/hcloud"
version = ">= 2.20.6, <3.0.0"
cluster_name = "cluster"
...
}
resource "hcloud_load_balancer" "control_plane" {
name = local.control_plane_labels.cluster
load_balancer_type = var.control_plane_lb_type # eg, lb11
network_zone = var.control_plane_network_zone # eg, eu-central. Use location if you want to use a single location rather than whole region
}
resource "hcloud_load_balancer_target" "control_plane" {
type = "label_selector"
load_balancer_id = hcloud_load_balancer.control_plane.id
label_selector = join(",", [for key, value in local.control_plane_labels : "${key}=${value}"])
use_private_ip = true
depends_on = [
hcloud_load_balancer_network.control_plane
]
}
resource "hcloud_load_balancer_service" "control_plane" {
load_balancer_id = hcloud_load_balancer.control_plane.id
protocol = "tcp"
listen_port = local.kube_api_port
destination_port = local.kube_api_port
}NB. This does make port 6443 accessible from anywhere which good enough for my purposes, but you may wish to not expose.