apiserver_endpoint ip not assigned to all masters

[juannicolas]

Expected Behavior

Current Behavior

Per the comment in project, apiserver_endpoint ip should be virtually assigned to all master/ctrl servers (4) but is only been assigned to only 1

Steps to Reproduce

1. Cloned repo and created local inventory folder with configurations (4 nodes master only)
2. Modify all.yml file and set apiserver_endpoint ip value
3. run ansible playbook site.yml
4. monitor process and check ip

Context (variables)

set variable: apiserver_endpoint: "192.168.1.50"

Operating system:
Debian 12
Hardware:
2 proxmox cluster nodes

Variables Used

all.yml

k3s_version: v1.29.2+k3s1
ansible_user: ansible
systemd_dir: /etc/systemd/system
system_timezone: "America/Puerto_Rico"
flannel_iface: "eth0"
calico_ebpf: false # use eBPF dataplane instead of iptables
calico_tag: "v3.27.2" # calico version tag
cilium_mode: "native" # native when nodes on same subnet or using bgp, else set routed
cilium_tag: "v1.15.2" # cilium version tag
cilium_hubble: true # enable hubble observability relay and ui
cluster_cidr: "10.52.0.0/16"
cilium_bgp: false
cilium_bgp_my_asn: "64513"
cilium_bgp_peer_asn: "64512"
cilium_bgp_peer_address: "192.168.30.1"
cilium_bgp_lb_cidr: "192.168.31.0/24" # cidr for cilium loadbalancer ipam
apiserver_endpoint: "192.168.1.50"
k3s_token: "Jxxxxxxxxxxxxx"
k3s_node_ip: "{{ ansible_facts[(cilium_iface | default(calico_iface | default(flannel_iface)))]['ipv4']['address'] }}"
k3s_master_taint: "{{ true if groups['node'] | default([]) | length >= 1 else false }}"
extra_args: >-
{{ '--flannel-iface=' + flannel_iface if calico_iface is not defined and cilium_iface is not defined else '' }}
--node-ip={{ k3s_node_ip }}
extra_server_args: >-
{{ extra_args }}
{{ '--node-taint node-role.kubernetes.io/master=true:NoSchedule' if k3s_master_taint else '' }}
{% if calico_iface is defined or cilium_iface is defined %}
--flannel-backend=none
--disable-network-policy
--cluster-cidr={{ cluster_cidr | default('10.52.0.0/16') }}
{% endif %}
--tls-san {{ apiserver_endpoint }}
--disable servicelb
--disable traefik

extra_agent_args: >-
{{ extra_args }}

kube_vip_tag_version: "v0.7.2"
metal_lb_type: "native"
metal_lb_mode: "layer2"
metal_lb_speaker_tag_version: "v0.14.3"
metal_lb_controller_tag_version: "v0.14.3"
metal_lb_ip_range: "192.168.1.40-192.168.1.49"

proxmox_lxc_configure: false
proxmox_lxc_ssh_user: ansible
proxmox_lxc_ct_ids:

• 100

custom_registries: false
custom_registries_yaml: |
mirrors:
docker.io:
endpoint:
- "https://registry.domain.com/v2/dockerhub"
quay.io:
endpoint:
- "https://registry.domain.com/v2/quayio"
ghcr.io:
endpoint:
- "https://registry.domain.com/v2/ghcrio"
registry.domain.com:
endpoint:
- "https://registry.domain.com"

configs:
"registry.domain.com":
auth:
username: yourusername
password: yourpassword

### Hosts

`host.ini`

```ini
[master]
192.168.1.[51:54] # control plain

[node]

[k3s_cluster:children]
master
node

Possible Solution

• I've checked the General Troubleshooting Guide

[timothystewart6]

How did you test? what are you expectations? I don't see any results. This works in CI, we test a single node, so it seems to be related to your config.

[juannicolas]

Hello @timothystewart6 thanks for replying back.

Well, I have 4 master nodes and I set the ip of 192.168.1.50 for the apiserver_endpoint. Perd the documentation or comment in the ansible k3s script

apiserver_endpoint is virtual ip-address which will be configured on each master

So I expect to have the same 192.1681.50 (besides the assigned ip address on the eth0 configuration of the vm) on all 4 master nodes. This is not happening in my case. I have 2 proxmox nodes in cluster mode and on each node I have 2 k3s master nodes.

Now, my k3s_ctrol02 node had the static vm ip assigned of 192.168.1.52 and below it I can see the 192.168.1.50(apiserver api), this I can see it in the proxmox vm summary information.

Next I started a ping process to the 192.168.1.50 and it was replying back until I disconnected the network card of the node 02 with the 192.168.1.50 ip and lost ping for few seconds and came back up again

Then, I checked all of my nodes and I can see the ip of 192.168.1.50 was associated to the node 04 in my cluster and ping came back up but the ip is still showing up in the 02 node.

Shouldn't the ip of 192.168.1.50 be associated virtually to all 4 master nodes at same time in order to provide real HA when ever one or more nodes goes offline?

Perhaps I'm missing something