Skip to content

Preventing LoadBalancer service traffic from flowing through control plane and etcd nodes in a Kubernetes cluster with the AWS Cloud Provider

This document (000020034) is provided subject to the disclaimer at the end of this document.

Environment

  • A Rancher Kubernetes Engine (RKE) CLI or Rancher v2.x provisioned Kubernetes cluster, provisioned on EC2 instances
  • Separate worker nodes from control plane and etcd nodes
  • The AWS Cloud Provider configured

Situation

This article details how to prevent LoadBalancer type service traffic from flowing through control plane and etcd nodes, in a cluster configured with the AWS Cloud Provider.

Resolution

Nodes of a Kubernetes cluster created by Rancher/RKE, that use AWS as the cloud provider, automatically get added to service load balancers (ELB). The behavior results in both controlplane and etcd nodes routing end-user application traffic, breaking the role separations model. To prevent this, label the control plane and etcd nodes with the label node-role.kubernetes.io/master and the cloud-controller will not automatically add them to the service load balancers.

Status

Top Issue

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.