Oi! Almost all the time I’m working with clusters provided by AWS EKS and there are many things don’t need to be configured manually the configuration is already done by the cloud provider. But when it comes to deploying a bare-metal cluster, you may have lots of problems to be solved.
I’ve created several clusters where each node had a public IP. The main idea was that Kubernetes lives in the private network, but nodes could access the internet directly.
Each node has 2 interfaces
It was working fine, but there were several problems
So I’ve decided that I should implement another scheme
Kubernetes behind the bastion host, where 10.43.83.0/24 is a private network
In this scheme, only one node (bastion) can access the Internet directly. All the others need to send traffic through the bastion.
Several steps need to be done to make this scheme work. Let’s assume that our **public IP is x.x.x.x andour private network is 10.43.83.0/24, **we have 5 nodes (1 — k8s master, 3 — k8s workers, 1 — bastion host), a private interface ens20 on all nodes,and a public interface ens19 only onthe bastion host.
I am using **Ubuntu 20.04 **as the main OS on all servers so I’m not sure that configuration will be the same on all others.