In very large environments, we may worry about having enough resources to serve all of our agents. We start building more compile masters and our agents need to connect to them. There are only a few key additional concerns when placing our compile masters behind a load balancer: certificate management and load balancing strategy.
Puppet builds trusted SSL connections between agents and masters at compile time using self-signed certificates. The FQDN of both the master and the agent are recorded in their respective certs by default. During each connection, the agent inspects the certificate to ensure that the requested domain name is in the certificate. If our agent uses DNS or a VIP from load balancing to connect to a master ...