Help enabling controlPlaneLoadBalancing

All about k0s
#1

I’ve been using k0sctl to run a 7 node cluster with nodeLocalLoadBalancing enabled and it’s been working great.

I was excited to enable keepalived with the controlPlaneLoadBalancing option, but have not been able to get it to work.

Here is my config:

  k0s:
    version: v1.30.1+k0s.0
    versionChannel: stable
    dynamicConfig: false
    config:
      apiVersion: k0s.k0sproject.io/v1beta1
      kind: Cluster
      metadata:
        name: k0s
      spec:
        api:
          k0sApiPort: 9443
          port: 6443
          sans:
          - 10.10.10.0
        installConfig:
          users:
            etcdUser: etcd
            kineUser: kube-apiserver
            konnectivityUser: konnectivity-server
            kubeAPIserverUser: kube-apiserver
            kubeSchedulerUser: kube-scheduler
        konnectivity:
          adminPort: 8133
          agentPort: 8132
        network:
          provider: kuberouter
          podCIDR: 10.244.0.0/16
          serviceCIDR: 10.96.0.0/12
          dualStack:
            enabled: false
          nodeLocalLoadBalancing:
            enabled: true
            type: EnvoyProxy
          controlPlaneLoadBalancing:
            enabled: true
            type: Keepalived
            keepalived:
              vrrpInstances:
              - virtualIPs: ["10.10.10.0/19"]
                authPass: Example
              virtualServers:
              - ipAddress: 10.10.10.0
          kubeProxy:
            disabled: false
            mode: iptables
        podSecurityPolicy:
          defaultPolicy: 00-k0s-privileged
        storage:
          type: etcd
        telemetry:
          enabled: false

The controller addresses are 10.10.10.1-3

The cluster is still working and I can use kubctl when connected to 10.10.10.1, but I can not get 10.10.10.0 to work even though looking at ip addr everything looks to be working.

Any advice?

#2

Actually playing with this some more it is working perfectly when I’m on the same network. But, somehow when going through the firewall the host change for the 10.10.10.0 address is not being seen.