[solved] Rke2 network segmentation

Hello everybody,
this is my first post (hope that I got the right section).

I am learning rke2 and in general, the kubernates ecosystem, so I have created 2 vm (master and agent).
Then I successfully installed rke2 on both and everything is running.

What I want to achieve is to separate services using different ingress (and different NIC), so some services can “live” and be “used” only on the iot network and the others will been accessible only by the main network.

I have already installed metallb and calico and I have applyed a default deny rule, but I think I miss something on the metallb/rke2-configuration side because each exposed services get a right address for the vlan, but are not reachable even by ping.

Also I want to install rancher and assign to its GUI an address on the main network.
Can it work or do I have to add the main network even on the master node?


It works, it was my fault…

I miss this step on the install guide:Network Options | RKE2

Basically I had to install iptables on each nodes