u/Keta_Thunberg

- for both application and kube-api traffic.

I run a K8s cluster at home, within an UniFi ecosystem. While I patched the CopyFail vulnerability, I rebooted one of the control planes. My kubeconfig was pinned to that node's IP and (of course) k9s went away, because I don't have a loadbalancer in front.
  
So yeah.. that was the final push my ADHD needed. :-) I already had Cilium BGP advertising LoadBalancer IPs to my UniFi gateway for application traffic. So I extended the same pattern to the Kubernetes API itself: a floating /32 advertised via BGP, fronted by cilium-envoy with active TCP health checks. A single node going down is now transparent to kubectl.

https://dixken.de/blog/bare-metal-kubernetes-ha-floating-ips-bgp-cilium

- for both application and kube-api traffic.

I run a K8s cluster at home, within an UniFi ecosystem. While I patched the CopyFail vulnerability, I rebooted one of the control planes. My kubeconfig was pinned to that node's IP and (of course) k9s went away, because I don't have a loadbalancer in front.
  
So yeah.. that was the final push my ADHD needed. :-) I already had Cilium BGP advertising LoadBalancer IPs to my UniFi gateway for application traffic. So I extended the same pattern to the Kubernetes API itself: a floating /32 advertised via BGP, fronted by cilium-envoy with active TCP health checks. A single node going down is now transparent to kubectl.

https://dixken.de/blog/bare-metal-kubernetes-ha-floating-ips-bgp-cilium