I'm exploring ways to extend my Kubernetes cluster and want to add a worker node located at a remote site. My goal is to do this without having to establish a site-to-site VPN. I considered enabling Wireguard with Calico, but it seems that while it adds encryption, it doesn't actually support connecting remote Kubernetes nodes. Has anyone found a reliable method for this situation?
3 Answers
Without a shared L2 network, you’ll need to expose the kube-apiserver with a public IP for the worker nodes to connect. Then you can implement Konnectivity for operations needing return connections like log fetching or executing commands in containers.
Adding a remote node might not be the best approach. Kubernetes is built on Raft, which is optimized for data center environments. High network latency or significant network partitions can lead to complications. But if your worker nodes don’t often communicate with the Kubernetes API, there are possibilities. You could use tools like Talos along with KubeSpan to manage hybrid deployments across regions.
Before diving in, consider why you're doing this. There are often better alternatives to address needs like high availability or reducing latency for clients. Can you share more about your specific goals?
Running workers in diverse regions is achievable! I've seen setups using Debian with K3s across multiple regions, handling tasks like regional DNS and CDN without much hassle.