Data Flow: Control-Plane HA (kube-vip)
Purpose: For platform engineers, explains how kube-vip provides a stable virtual IP for the Kubernetes API server across control-plane nodes.
Flow Summary
Components
| Component | Namespace | Role |
|---|---|---|
| kube-vip | kube-system | Runs as static pod on each control-plane node, elects leader, advertises VIP |
| Kubernetes API Server | kube-system | Serves the API on each control-plane node |
Sequence
- kube-vip runs as a static pod on every control-plane node.
- Instances participate in leader election (using Kubernetes lease or Raft).
- The elected leader binds the virtual IP to its node's network interface.
- Leader advertises the VIP via ARP (L2 mode) or BGP (L3 mode).
- All cluster nodes, kubectl clients, and Headlamp connect to the API server through this VIP.
- If the leader node fails, a new leader is elected and the VIP migrates within seconds.
Why It Matters
Without kube-vip, clients would need to know individual control-plane node IPs. The VIP provides:
- A single stable endpoint for the kubeconfig
serverfield - Automatic failover if a control-plane node goes down
- No external load balancer dependency for the API server
Related
- Logical Diagram — full cluster architecture