Hetzner LB service high available?

[codeagencybe]

@mysticaltech

Just some thoughts I have about the Hetzner LB service and high availability.
I could not find any answer on this anywhere, not here nor on Hetzner docs, but what happens if the LB service at Hetzner has a technical issue?

In this terraform script, we have to pick 1 location only, but what if that service goes down?
Does Hetzner automatically handle the traffic from/to a different location from their LB service? I can only assume they already apply HA themselves, but I don't know if this is based in same location or include the other DC locations as well.

If the above statement is not true, that means everything to access the cluster will down?
Is there a way (if possible with this terraform script) to have some kind of PoC that also turns the LB service high available?
In case a problem with LB happens in Falkenstein, we get routed via another LB service in Nuremberg or Helsinki?

I think the LB service is basically just some Haproxy cluster that Hetzner is running, but would it be a better solution by not using the LB service and instead spin up 3 separate VM's, 1 in each location, to run Haproxy with KeepaliveD and then find some solution which can re-map the IP to the same entrypoint so we can always access the cluster, even if a complete DC location would be unreachable?

Maybe I'm overthinking things, maybe not, but I like the practical ideas about how and what could happen, what kind of impact can such problem have on my applications, my clients, availability etc...
I have had some issue in the past with Hetzner (lucky it's extremely rare) where some switch problems caused 50+ servers to just jump offline and it took them nearly 4 hours to get the problem resolved.
At that point, it's killing because there is nothing at all possible anymore, even if I would try some emergency migration for clients with business-critical operations.
It gives me more satisfaction if I would still be able to route from another way back into my machines because I designed an alternative route / LB myself.

What's your thoughts on this? Does your terraform solution already include such HA LB/routing solution?
I read a little bit about MetalLB but not enough to fully understand. Maybe a possible solution from above would be possible with this or at least partially?
Would be it a good idea if the terraform script would also install eg Haproxy or something on each control plane (which is already 1 on each location) so we get like a "self hosted" LB coming from the controlplane node?

Looking forward to some more insights and ideas about this.

Thanks everybody!

[mysticaltech]

@codeagencybe Just saw that, next time do not hesitate to tag me for a fast answer. Yes the Hetzner LBs are HA, see in the features here.

However, we also support an equivalent to MetalLB that ships with k3s called klipper, which you can enable with in the kube.tf.example, just search for "klipper", and if that is enabled, you should be able to use your own custom made lb that will point to all the node IPs given by klipper, and still be able to your your favorite ingress controller. It works with both Traefik and Nginx.