I have a working HA distributed hybrid Kubernetes (K3S) cluster with three masters running on VPS nodes. They have public IPs and no private network (nodes spread across regions and cloud providers).
Now I want to add several agent nodes (workers) located on-pemises without public IP address.
Existing cluster uses embedded ETCD and a native wireguard to establish a VPN mesh for cluster traffic via public IPs. Nodes have been started with following parameters (see documentation):
--node-external-ip=<SERVER_EXTERNAL_IP> --flannel-backend=wireguard-native --flannel-external-ip
That means, they use default interface (e.g. eth0) and public IPs for VPN mesh network.
Now, I'd like to use Tailscale network to add K3s agents to that running setup.
Tailscale is installed on all master and agent nodes and all joined a Tailscale's network.
Tailscale's network interface is called tailscale0.
Native K3S Integration with the Tailscale VPN provider can't be used due to embedded ETCD used in the cluster.
Level 1 question: how do I add agents to above mentioned existing setup via tailscale network? Level 2 question: is it possible to do that without interrupting control-plane that uses embedded ETCD?
So far, I found following example in Internet (not sure it is relevant to K3s):
- configure master(s) with following parameters:
--node-external-ip <PUBLIC_IP> --advertise-address <TAILSCALE_IP_NODE_1> --flannel-iface tailscale0
- install K3S agent node with
K3S_URL=https://<TAILSCALE_IP_NODE_1>:6443 \
K3S_TOKEN="<replaced>" \
sh -s - \
--node-ip <TAILSCALE_IP_NODE_2> \
--flannel-iface tailscale0
I've not tested it yet and I don't know how to apply this correctly on an existing HA cluster without interrupting running ETCD. Just don't want to kill a running cluster.
