Is load balancer unnecessary for k3s embeded etcd HA solution

Question

I have a same discussion in k3s github repository, but no one reply. Hope someone can give an answer here.

There are articles talking about the embedded etcd HA solution of k3s like this. One of the key behavior is adding a load balancer solution (EIP like this article or LB from the clound provider) between the agents and masters:

k3s agent --> load balancer --> master

And the architecture of k3s also show that a Fixed Registration Address is necessary.

While, after some research I found that k3s (at least v1.21.5+k3s2) have a internal agent load balancer (config at /var/lib/rancher/k3s/agent/etc/k3s-agent-load-balancer.yaml) which will auto update the master k8s api server list in it. So the out side load balancer is unnecessary?

Answer 1

I got a response from the k3s discussion:

https://github.com/k3s-io/k3s/discussions/4488#discussioncomment-1719009

Our documentation lists a requirement for a "fixed registration endpoint" so that nodes do not rely on a single server being online in order to join the cluster. This endpoint could be a load-balancer or a DNS alias, it's up to you. This is only needed when nodes are registering to the cluster; once they have successfully joined, they use the client load-balancer to communicate directly with the servers without going through the registration endpoint.

I think this is good enough to answer this question.

Answer 2

Yes, an external load balancer is still required to achieve a highly available setup with more than one master node.

Whenever you start a worker node or use the API, you should connect to the external load balancer to ensure you can connect to a running master node if one master is currently down.

The internal load balancer you mentioned above distributes any load within your cluster.