Diagram
Here's a text-based network diagram for your k3s cluster across two VMs on separate physical machines:
Network Diagram
+-----------------------------------------------------------------------------------------+
| Home Lab Network |
| (LAN/WAN, e.g., 192.168.1.0/24) |
| |
| +-----------------------------+ +-----------------------------+ |
| | Physical Machine 1 | | Physical Machine 2 | |
| | +-------------------------+ | | +-------------------------+ | |
| | | VM 1 (Master Node) | | | | VM 2 (Worker Node) | | |
| | | - IP: 192.168.1.10 | | | | - IP: 192.168.1.11 | | |
| | | - k3s Control Plane | | | | - k3s Agent | | |
| | | - kube-apiserver | | | | - kubelet | | |
| | | - etcd (embedded) | | | | - containerd | | |
| | | - Longhorn Manager | | | | - Longhorn Replica | | |
| | | - MetalLB Controller | | | | - MetalLB Speaker | | |
| | +------------|-------------+ | | +------------|-------------+ | |
| +--------------|---------------+ +---------------|--------------+ |
| | | |
| | Router/Gateway | |
| | (e.g., 192.168.1.1) | |
| +----------------------------------------+ |
+-----------------------------------------------------------------------------------------+Key Components & Flow
-
Physical Machines:
- Each runs a VM with static IPs (
192.168.1.10for master,192.168.1.11for worker). - Connected via the same LAN/WAN subnet for inter-VM communication.
- Each runs a VM with static IPs (
-
k3s Control Plane (Master):
- Hosts the Kubernetes API server (
kube-apiserver), scheduler, and embedded etcd (for storage). - Manages cluster state and worker node coordination.
- Critical ports:
6443(API),8472(Flannel VXLAN),10250(kubelet).
- Hosts the Kubernetes API server (
-
k3s Worker Node:
- Runs pods/deployments via
containerdruntime. - Connects to the master via
K3S_URL(API server on6443).
- Runs pods/deployments via
-
Networking:
- Flannel: Provides pod-to-pod networking (VXLAN over
8472). - MetalLB: Assigns external IPs to services (Layer 2 mode, e.g.,
192.168.1.100-192.168.1.150).
- Flannel: Provides pod-to-pod networking (VXLAN over
-
Storage:
- Longhorn: Replicates persistent volumes across both nodes (syncs data between
longhorn-managerandlonghorn-replica).
- Longhorn: Replicates persistent volumes across both nodes (syncs data between
-
External Access:
- Ingress traffic (e.g.,
HTTP/80,HTTPS/443) routed via MetalLB to Traefik/Nginx Ingress Controller.
- Ingress traffic (e.g.,
Traffic Flow Example
+----------------+ +----------------+ +----------------+ +----------------+
| External User | ----> | MetalLB VIP | ----> | Ingress (Traefik) | ----> | App Pod (Worker) |
+----------------+ +----------------+ +----------------+ +----------------+
↑
| Service IP: 192.168.1.100Critical Connections
-
Master ↔ Worker:
- Kubernetes API (
6443): Worker polls master for instructions. - Flannel VXLAN (
8472): Pod-to-pod cross-node networking. - Longhorn Sync: Replicates storage volumes between nodes.
- Kubernetes API (
-
External ↔ Cluster:
- MetalLB assigns external IPs to
LoadBalancer-type services. - Ingress controllers (Traefik/Nginx) route HTTP(S) traffic to pods.
- MetalLB assigns external IPs to
Security Notes
- Firewall rules should allow bidirectional traffic on ports
6443,8472, and10250. - Use SSH key authentication for VM access.
- Restrict MetalLB IP pool to unused addresses in your subnet.
Tools to Visualize
For an actual diagram, use tools like:
- Draw.io (free, browser-based)
- Lucidchart
- Excalidraw (hand-drawn style)
Let me know if you'd like a step-by-step config for any specific component!