From efedb1db3c48ca8079d38f07cca9d83f1a3e37b3 Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Sun, 6 Oct 2024 12:06:13 +0200 Subject: [PATCH 1/2] k8s: the ipv6 range for nodes must not conflict with cluster/service --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index a318f2f..2851d37 100644 --- a/README.md +++ b/README.md @@ -799,7 +799,7 @@ iface enp5s0 inet6 static #### k8s node -The `10.88.1.5` and `fd01::5` IPs are assigned to the interface with VLAN 4002. +The `10.88.1.5` and `fe88::5` IPs are assigned to the interface with VLAN 4002. ``` auto enp5s0.4002 @@ -808,7 +808,7 @@ iface enp5s0.4002 inet static netmask 255.255.0.0 vlan-raw-device enp5s0 mtu 1400 - up ip addr add fd01::5/48 dev enp5s0.4002 + up ip addr add fe88::5/48 dev enp5s0.4002 ``` ### k8s first server node @@ -827,7 +827,7 @@ disable: ```sh sudo apt-get install curl -curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--write-kubeconfig-mode=644 --cluster-init --node-ip=10.88.1.5,fd01::5" sh - +curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--write-kubeconfig-mode=644 --cluster-init --node-ip=10.88.1.5,fe88::5" sh - curl -fsSL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash - ``` @@ -850,7 +850,7 @@ The token is found on the first node in the `/var/lib/rancher/k3s/server/token` ```sh sudo apt-get install curl master_node_ip=10.88.1.5 -second_server_ip=10.88.1.6,fd01::6 +second_server_ip=10.88.1.6,fe88::6 curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--write-kubeconfig-mode=644 --token $token --server https://$master_node_ip:6443 --node-ip=$second_server_ip" sh - curl -fsSL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash - ``` @@ -863,7 +863,7 @@ The token is found on one of the master nodes in the `/var/lib/rancher/k3s/serve ```sh master_node_ip=10.88.1.5 -etcd_node_ip=10.88.1.3,fd01::3 +etcd_node_ip=10.88.1.3,fe88::3 curl -fL https://get.k3s.io | sh -s - server --token "$token" --server https://$master_node_ip:6443 --cluster-init --disable-apiserver --disable-controller-manager --disable-scheduler --write-kubeconfig-mode=644 --node-ip=$etcd_node_ip --cluster-cidr=10.42.0.0/16,fd01::/48 --service-cidr=10.43.0.0/16,fd02::/112 ``` From f70e35d1e8ff1265dc6b1b041d2029887d591bb5 Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Sun, 6 Oct 2024 12:38:53 +0200 Subject: [PATCH 2/2] k8s: simplify installation instructions --- README.md | 78 +++++++++++++++++++++---------------------------------- 1 file changed, 29 insertions(+), 49 deletions(-) diff --git a/README.md b/README.md index 2851d37..9cefbec 100644 --- a/README.md +++ b/README.md @@ -813,45 +813,23 @@ iface enp5s0.4002 inet static ### k8s first server node -```sh -$ cat /etc/rancher/k3s/config.yaml.d/config.yaml -# https://docs.k3s.io/installation/network-options -# the ipv4-ranges are default in k3s -# the fd-range is a private ipv6-range -cluster-cidr: 10.42.0.0/16,fd01::/48 -service-cidr: 10.43.0.0/16,fd02::/112 - -disable: - - servicelb -``` - ```sh sudo apt-get install curl -curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--write-kubeconfig-mode=644 --cluster-init --node-ip=10.88.1.5,fe88::5" sh - +master_node_ip=10.88.1.5,fe88::5 +curl -fL https://get.k3s.io | sh -s - server --cluster-init --disable=servicelb --write-kubeconfig-mode=644 --node-ip=$master_node_ip --cluster-cidr=10.42.0.0/16,fd01::/48 --service-cidr=10.43.0.0/16,fd02::/112 curl -fsSL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash - ``` ### k8s second server node -```sh -$ cat /etc/rancher/k3s/config.yaml.d/config.yaml -# https://docs.k3s.io/installation/network-options -# the ipv4-ranges are default in k3s -# the fd-range is a private ipv6-range -cluster-cidr: 10.42.0.0/16,fd01::/48 -service-cidr: 10.43.0.0/16,fd02::/112 - -disable: - - servicelb -``` - The token is found on the first node in the `/var/lib/rancher/k3s/server/token` file. ```sh sudo apt-get install curl -master_node_ip=10.88.1.5 -second_server_ip=10.88.1.6,fe88::6 -curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--write-kubeconfig-mode=644 --token $token --server https://$master_node_ip:6443 --node-ip=$second_server_ip" sh - +token=??? +master_ip=10.88.1.5 +second_node_ip=10.88.1.6,fe88::6 +curl -fL https://get.k3s.io | sh -s - server --token $token --server https://$master_ip:6443 --cluster-init --disable=servicelb --write-kubeconfig-mode=644 --node-ip=$second_node_ip --cluster-cidr=10.42.0.0/16,fd01::/48 --service-cidr=10.43.0.0/16,fd02::/112 curl -fsSL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash - ``` @@ -862,9 +840,9 @@ curl -fsSL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | The token is found on one of the master nodes in the `/var/lib/rancher/k3s/server/token` file. ```sh -master_node_ip=10.88.1.5 +master_ip=10.88.1.5 etcd_node_ip=10.88.1.3,fe88::3 -curl -fL https://get.k3s.io | sh -s - server --token "$token" --server https://$master_node_ip:6443 --cluster-init --disable-apiserver --disable-controller-manager --disable-scheduler --write-kubeconfig-mode=644 --node-ip=$etcd_node_ip --cluster-cidr=10.42.0.0/16,fd01::/48 --service-cidr=10.43.0.0/16,fd02::/112 +curl -sfL https://get.k3s.io | sh -s - server --token "$token" --server https://$master_ip:6443 --cluster-init --disable-apiserver --disable-controller-manager --disable-scheduler --write-kubeconfig-mode=644 --node-ip=$etcd_node_ip --cluster-cidr=10.42.0.0/16,fd01::/48 --service-cidr=10.43.0.0/16,fd02::/112 ``` It should not be allowed to schedule pods but for some reason it is. Working around this with: @@ -875,29 +853,11 @@ kubectl taint nodes hetzner03 key1=value1:NoSchedule ### k8s networking -`k3s` is configured to use [metallb](https://metallb.universe.tf) instead of the default load balancer because it does not allow for a public IP different from the `k8s` node IP. - -[metallb](https://metallb.universe.tf). - -``` -helm install metallb metallb/metallb -cat > metallb.yaml < clusterissuer.yml < metallb.yaml <