It is possible to use a second control plane load balancer within a CAPA cluster. This secondary control plane load balancer is primarily meant to be used for internal cluster traffic, for use cases where traffic between nodes and pods should be kept internal to the VPC network. This adds a layer of privacy to traffic, as well as potentially saving on egress costs for traffic to the Kubernetes API server.
A dual load balancer topology is not used as a default in order to maintain backward compatibility with existing CAPA clusters.
- A secondary control plane load balancer is not created by default.
- The secondary control plane load balancer must be a Network Load Balancer, and will default to this type.
- The secondary control plane load balancer must also be provided a name.
- The secondary control plane’s
internal, and must be different from the
The secondary load balancer will use the same Security Group information as the primary control plane load balancer.
To create a secondary load balancer, add the
secondaryControlPlaneLoadBalancer stanza to your
scheme: internal # optional