We had a customer who did a high availability installation of an embedded cluster, but at the time did not proxy an external load balancer for traffic for the API Server, and so instead haproxy was added a static pod, and the kubeconfig on all three of the master nodes were setup to utilize the haproxy port on local host to handle load balancing internally.
Is it possible to convert this to using an external load balancer to remove the necessity for the extra open port (6444)?
Thanks for the reply - though this is similar to the other question. We’re wondering if this can be changed after the install is complete.
Our customer has a requirement that port 6444 not be available between the nodes, nor from any traffic coming in from outside of the nodes.
For the moment, we’ve told them that it doesn’t actually need to be open between the nodes, nor from outside of the nodes, as it looks like config file is setup so the server is server: https://localhost:6444, which then basically just load balances to port 6443 across the nodes within the cluster (so traffic never actually occurs on 6444 between the nodes).