Which node should I map the external (public) IP to?

hinewwin · May 15, 2019, 11:32pm

Hello, I am planning on deploying Kubernetes cluster on to our vsphere environment using Kubespray.

I have not deployed yet and I am currently in the process of architecting the network.

Due to the type of business I am in, I need isolation between networks and I have created 3 VLANs for this purpose.

VLAN100 (public, internet access)
- purpose : use to serve containers that are consumer facing (i.e. web frontend, api frontend)
- Internet is allowed (both IN/OUT) and can map external public IP address to computers in this VLAN
VLAN101 (private, no internet access)
- purpose : database. computer’s in VLAN100 (i.e. frontend) can get data from VLAN101.
- No internet is allowed
VLAN102 (private, no internet access)
- purpose : management - use to serve all management related (i.e. puppet server, backup solution, etc…)
- No internet is allowed. VLAN100 and VLAN101 can talk to VLAN102

In this case, where should I put Kubernetes-Master and Nodes? Does external traffic goes directly to Nodes? or Master?

Thank you very much

Topic		Replies	Views
Network isolation requirement General Discussions	4	521	August 13, 2020
Ip address of kubernetes cluster for firewall General Discussions	2	1142	November 11, 2018
Kubernetes behind pfSense General Discussions	9	8574	May 7, 2020
Vip for multiple nodes? General Discussions	2	1116	November 5, 2019
Should I create VLAN on the router of the Kubernetes cluster made of Raspberry Pi 4-8GB? General Discussions	14	2520	May 6, 2021