I am in the process of building my own K8S cluster out of Raspberry pi 4-8GB and Raspberry pi 3, 5 of each. The K8S cluster has a router at its door, and an internal switch to access them all. I can configure the cluster with VLAN … but should I? My reasoning is as follows: From the outside of the cluster, we need access to the master, not the Nodes, right? So I could make two VLAN … one for the master and one for the nodes … I could lock the access to the node to only allow the master to access them and allow the nodes to access the master. Would that make sense?
The Master could be on 10.13.19.21 on his own address 10.13.19.0/26 The Nodes could be on 10.8.19.21 to 29 on their own VLAN of 10.8.19.0/26 The CIDR could be 10.42.0.0/16 Opening only the port for the outside world to access the Master. Does that make sense?