1.0.0
Community License

K8s Cluster Setup

Work in progress

Introduction

The following guide uses RKE2 to set up the Kubernetes (K8s) cluster.

Prerequisites

  • The requirements for setting up the cluster are met as given here.

  • The following tools are installed on all the nodes and the client machine.

    • ufw , wget , curl , kubectl , istioctl , helm , jq

Firewall setup

  • Set up firewall rules on each node. The following uses ufw to setup firewall.

    • SSH into each node, and change to superuser.

    • Run the following command for each rule in the following table

    ufw allow from <from-ip-range-allowed> to any port <port/range> proto <tcp/udp>

    • Example

    ufw allow from any to any port 22 proto tcp
ufw allow from 10.3.4.0/24 to any port 9345 proto tcp

    • Enable ufw.

    ufw enable
ufw default deny incoming

K8s setup

  • The following setup has to be done for each cluster node.

  • Choose odd number of server nodes. Example if there are 3 nodes, choose 1 server node and two agent nodes. If there are 7 nodes, choose 3 server nodes and 4 agent nodes.

  • Clone the https://github.com/OpenG2P/openg2p-packaging and go to infra directory.

  • For the first server node:

    • Configure rke2-server.conf.primary.template,

    • SSH into the node. Place the file to this path: /etc/rancher/rke2/config.yaml. Create the directory if not present already. mkdir -p /etc/rancher/rke2 .

    • Run this to download rke2.

      curl -sfL https://get.rke2.io | sh -

    • Run this to start rke2 server:

      systemctl enable rke2-server
systemctl start rke2-server

  • For subsequent server and agent nodes:

    • Configure rke2-server.conf.subsequent.template or rke2-agent.conf.template, with relevant ips for each node.

    • SSH into each node place the relevant file to this path: /etc/rancher/rke2/config.yaml, based on whether its a worker node, or control-plane node. (If worker use agent file. If control-plane use server file).

    • Run this to get download rke2.

      curl -sfL https://get.rke2.io | sh -

    • To start rke2, use this

      systemctl enable rke2-server
systemctl start rke2-server

      or, based on server or agent.

      systemctl enable rke2-agent
systemctl start rke2-agent

  • Execute these commands on a server node.

    • echo -e 'export PATH="$PATH:/var/lib/rancher/rke2/bin"\nexport KUBECONFIG="/etc/rancher/rke2/rke2.yaml"' >> ~/.bashrc
source ~/.bashrc
    • kubectl get nodes

  • Additional Reference: RKE2 High Availabilty Installation

Cluster import into Rancher.

  • This section assumes a Rancher server has already been setup and operational. Rancher Server Setup in case not already done.

  • Navigate to Cluster Management section in Rancher.

  • Click on Import Existing cluster. And follow the steps to import the newly created cluster.

  • After Rancher import, do not use the the kubeconfig from server anymore. Use it only via downloading kubeconfig from rancher.

Longhorn setup

Istio setup

  • The following setup can be done from the client machine. This install Istio Operator, Istio Service Mesh, Istio Ingressgateway components.

  • From infra directory, configure the istio-operator.yaml, and run;

    istioctl operator init
kubectl apply -f istio-operator.yaml

  • Gather Wildcard TLS certificate and key and run;

    kubectl create secret tls tls-openg2p-ingress -n istio-system \
    --cert=<CERTIFICATE PATH> \
    --key=<KEY PATH>

  • Create istio gateway for all hosts using this command:

    kubectl apply -f istio-gateway.yaml

Adding new nodes

  • From infra directory, take either the rke2-server.conf.subsequent.template or rke2-agent.conf.template based on whether the new node is control plane node or Worker node. Copy this file to /etc/rancher/rke2/config.yaml in the new node.

  • Configure the the config.yaml with relevant values.

  • Run this to download rke2.

    curl -sfL https://get.rke2.io | sh -

  • Run this to start rke2 node:

    systemctl enable rke2-server
systemctl start rke2-server

PreviousK8s Cluster RequirementsNextRancher Server Setup

Last updated