⎈ Kubernetes HA Cluster

High-Availability Multi-Master Infrastructure · Atena Cloud

⚠ LABORATORY ENVIRONMENT For professional demonstration purposes only.
Not a production deployment.
This environment is a controlled lab setup built for professional training and architecture demonstration. All IP addresses and configurations are specific to this isolated network segment. This cluster is not exposed to production workloads.
Stack Versions
Kubernetes v1.32
Calico v3.29.3
MetalLB v0.14.9
Gateway API v1.2.1
Contour / Envoy latest
cert-manager v1.16.3
HAProxy + Keepalived HA active/passive
containerd latest
Architecture Diagram
🌐 Internet  →  VIP 177.54.151.49  ports 80 · 443 · 6443
DNAT / forward
⚖ Load Balancer Tier — HAProxy + Keepalived HA ACTIVE / PASSIVE
lb-1 MASTER
192.168.100.117
HAProxy :80/:443/:6443 Keepalived
lb-2 BACKUP
192.168.100.118
HAProxy :80/:443/:6443 Keepalived
192.168.100.100
177.54.151.49
anti-asymmetric via ens19
:6443 → masters · :80/:443 → MetalLB
🧠 Control Plane — 3 Masters (etcd HA) HA STACKED etcd
master-1 CP
192.168.100.110
kube-apiserver etcd scheduler controller-mgr
master-2 CP
192.168.100.111
kube-apiserver etcd scheduler controller-mgr
master-3 CP
192.168.100.112
kube-apiserver etcd scheduler controller-mgr
workload scheduling
⚙ Worker Nodes — 4 Nodes Calico CNI · containerd
📦
worker-1 NODE
192.168.100.113
📦
worker-2 NODE
192.168.100.114
📦
worker-3 NODE
192.168.100.115
📦
worker-4 NODE
192.168.100.116
🔀 Networking & Ingress Layer
MetalLB
v0.14.9 · ARP mode
Pool: 192.168.100.200–220
Envoy VIP: 192.168.100.200
Contour / Envoy
Gateway API v1.2.1
TLS per-app (HTTP-01)
HTTPRoute matching
cert-manager
v1.16.3
Let's Encrypt (prod/staging)
ClusterIssuer HTTP-01
Calico CNI
v3.29.3
Pod network overlay
NetworkPolicy support
Traffic Flow
HTTP/HTTPS 🌐 Internet VIP 177.54.151.49 HAProxy (lb-1 or lb-2) MetalLB 192.168.100.200 Contour Envoy App Pod (workers)
kubectl API 🌐 Internet VIP 177.54.151.49:6443 HAProxy (lb-1 or lb-2) master-1 / master-2 / master-3 :6443
Internal API VIP 192.168.100.100:6443 HAProxy (lb-1 or lb-2) master-1 / master-2 / master-3 :6443
Node Inventory
Host IP Address Role Details
lb-1 192.168.100.117 LB MASTER HAProxy + Keepalived — holds VIP in active state
lb-2 192.168.100.118 LB BACKUP HAProxy + Keepalived — standby, promotes on lb-1 failure
master-1 192.168.100.110 CONTROL PLANE kube-apiserver · etcd · scheduler · controller-manager
master-2 192.168.100.111 CONTROL PLANE kube-apiserver · etcd · scheduler · controller-manager
master-3 192.168.100.112 CONTROL PLANE kube-apiserver · etcd · scheduler · controller-manager
worker-1 192.168.100.113 WORKER kubelet · containerd · Calico node
worker-2 192.168.100.114 WORKER kubelet · containerd · Calico node
worker-3 192.168.100.115 WORKER kubelet · containerd · Calico node
worker-4 192.168.100.116 WORKER kubelet · containerd · Calico node
VIP (private) 192.168.100.100 KEEPALIVED VI_1 K8s API endpoint · floats between lb-1 and lb-2
VIP (public) 177.54.151.49 KEEPALIVED VI_2 HTTP/HTTPS/kubectl external · floats between lb-1 and lb-2
MetalLB / Envoy 192.168.100.200 METALLB VIP Contour Envoy LoadBalancer service · Gateway API entry point