I'm working with a private node pool in Managed Kubernetes on Ionos Cloud, and I've encountered some challenges with load balancing. I have several subdomains pointing to a reserved IP, and I'm using a Traefik controller to manage routing to applications like GitLab. I've switched to private node pools for a fixed IP for outgoing traffic and added security, but I've hit a couple of constraints: 1) It's not possible to use an ingress controller with type LoadBalancer for a private node pool, and 2) Mixing private and public node pools in the same cluster isn't allowed. I've thought about some solutions, such as using an Ionos-managed load balancer, but that comes with issues when nodes are recreated. I considered setting up a separate public cluster for Traefik, but I'm unsure how to connect it to my private cluster effectively. Does anyone have suggestions for a good design? While I'm familiar with Kubernetes, I'm not extremely experienced, and I don't want to change IPs since the domains aren't under my control. For info, authentication is managed by Keycloak, and certificates by Cert-Manager, with infrastructure managed by Terraform and clusters using Helm.
3 Answers
Honestly, I'd steer clear of Ionos if possible. Their Kubernetes 'Load Balancer' doesn't function like a true load balancer—it's just a floating public IP. It's tough to achieve HA or secure IAM with them. If you can transition to another provider or manage a setup with Hetzner, you could see fewer problems in the long run.
Your setup sounds really tricky! If you're stuck with private nodes and no LoadBalancer, maybe the easiest workaround is to establish a small public-facing cluster for ingress. Then you can route traffic from there to your private cluster. It seems like a more straightforward fix.
Using MetalLB for load balancing in your private cluster could be a solid solution. I faced similar issues, and that's the approach I found to work best while sticking to private nodes. But honestly, if you can, I would consider looking for alternatives to Ionos entirely; many users have reported issues with their Kubernetes setup.
Thanks for the tip! I'll definitely check out MetalLB.
That’s unfortunate! We have to stick with our service provider that uses Ionos, but I get where you're coming from.