In the installation guide for the HA Rancher server setup it’s necessary to setup a load balancer in front of the Kubernetes cluster.
I’m now setting up a new Kubernetes cluster on Rancher (no cloud provider) and I’m debating if I should use the same architecture. The advantage I see with a load balancer in front of my cluster is that I have a single external entry point for all my applications running on the cluster.
Actually, I don’t understand how this can be achieved without a load balancer. Setting up the DNS to point to all nodes in the cluster doesn’t seem like a good option…?
This is how currently my setup looks like:
Is a setup like this recommended?
Now, what I don’t understand yet is how I can limit access to services in the NGINX Ingress controller. In our current Rancher 1.6 cluster all traffic is routed through one host where we can limit the incoming traffic for some domains to certain IP addresses in the HAProxy configuration. With this new setup this wouldn’t be possible anymore because all traffic would come from the IP address of the load balancer. Or do I understand something wrong here? The load balancer itself also can’t block traffic because it’s on layer 4 and doesn’t know anything about the domain.
Also, it’s still very unclear to me where MetalLB comes into play? What advantages would it bring in this scenario?
Thanks in advance for any help!