This is how I assign a public IP to my k3s cluster. It is mainly designed for my needs, but it may be useful for you too - feel free to use it, or take inspiration for your work.
Simply put, I create a VM that gets a public IP address from a VPS through wireguard and then forwards 80/443 to traefik, as well as whatever other port to one arbitrary service.
The public IP transfer uses a wireguard feature called "arp proxy" in order to fully assign a VPS's secondary ip to the VPN client, which will then have it as a real interface address it can bind daemons to.
In order to use this repository as-is, you will need:
- K3S (other flavours of k8s will probably work, but will likely need some tweaking - e.g. the traefik namespace)
- Kubevirt
- A VPS with one extra ipv4
- The IP must be "owned" by the vps, but not assigned to an interface
- The provder must support ARP proxying, not all providers do. Of those I have tried:
- OVH and Aruba don't
- Hetzner and AlphaVPS do
- I recommend AlphaVPS because of their pricing and service. I am not paid to promote them, but the link is an affiliate. Feel free to use it or not.
- Generate key sets for the client and the server
wg genkey | tee secret.key | wg pubkey | tee public.key
- Configure the VPS
- This is out of scope for this README, but see for example here
- Create a VM definition using
vm_example.ymlas reference. - Make sure to properly edit the line that invokes
ansible-playbookwith your variables kubectl create -f vm_example.yml- You can follow the VM creation with
virtctl console your_vm - Done!