Skip to content

Instantly share code, notes, and snippets.

@bouroo

bouroo/rke2-debian.md

Last active October 15, 2023 06:02
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save bouroo/021ca2b5da25c4c3fb2abe7215679f4c to your computer and use it in GitHub Desktop.
Save bouroo/021ca2b5da25c4c3fb2abe7215679f4c to your computer and use it in GitHub Desktop.
Download ZIP
RKE2 on Debian
Raw
rke2-debian.md

RKE2 on Debian

install Debain with openssh-server

config server as root

install package

apt -y install fail2ban nano sudo vlan ifupdown2 ipvsadm ipset wget curl mtr-tiny net-tools tmux unattended-upgrades open-iscsi glances btop htop

tuning linux kernel

wget -O /etc/sysctl.d/65-k8s.conf https://gist.github.com/bouroo/bc52ad58a6e75d44e5235b229e9ca988/raw/8d299c486eb5689f045f25e3619cbc91ffc2de86/65-k8s.conf
wget -O /etc/sysctl.d/90-k8s.conf https://gist.github.com/bouroo/bc52ad58a6e75d44e5235b229e9ca988/raw/8d299c486eb5689f045f25e3619cbc91ffc2de86/90-k8s.conf
sysctl --system

set sudo for debian

usermod -aG sudo debian

enable ipvs module

nano /etc/modules-load.d/ipvs.conf
ip_vs_lc
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack

set mtu 8996 for internal perfomance

nano /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback
        dns-nameservers 1.1.1.2 8.8.8.8
        dns-search ${DOMAIN}

# The primary network interface
allow-hotplug eno1
iface eno1 inet static
        address ${PUBLIC_IP/CIDR}
        gateway ${PUBLIC_GW}

# Private network interface 
allow-hotplug enp0s0f1
iface enp4s0f1 inet manual
        mtu 8996

# Private network interface 
auto vlan255
iface vlan255 inet static
        mtu 8996
        address ${PRIVATE_IP/CIDR}
        vlan-raw-device enp0s0f1
        up ip route add ${PRIVATE_NET/CIDR} via ${PUBLIC_GW}
        down ip route del ${PRIVATE_NET/CIDR} via ${PUBLIC_GW}

make rke2 config dir

mkdir -p /etc/rancher/rke2/

config rke2

nano /etc/rancher/rke2/config.yaml
server: https://${SERVER_IP}:9345
token: ${SERVER_TOKEN}
node-ip: ${PRIVATE_IP}
node-external-ip: ${PUBLIC_IP}
tls-san:
  - "rke2.${DOMAIN}"
  - "${PRIVATE_IP}"
#disable:
#  - "rke2-ingress-nginx"
kube-proxy-arg:
  - "ipvs-scheduler=lc"
  - "proxy-mode=ipvs"
  - "ipvs-strict-arp=true"
kube-proxy-extra-mount:
  - "/lib/modules:/lib/modules:ro"
#kubelet-arg:
#  - "max-pods=220"

config registry

nano /etc/rancher/rke2/registries.yaml
mirrors:
  registry.${DOMAIN}:
    endpoint:
      - "https://registry.${DOMAIN}"
configs:
  "registry.${DOMAIN}":
    auth:
      username: ${REGISTRY_USER}
      password: ${REGISTRY_PASSWD}

get rke2

curl -sfL https://get.rke2.io | sh -
systemctl enable rke2-server
systemctl start rke2-server

Enable autopath in CoreDNS helm

Edit helm kube-system/rke2-coredns

...
      servers:
        - plugins:
            - name: autopath
              parameters: '@kubernetes'
            - name: errors
            - configBlock: lameduck 5s
              name: health
            - name: ready
            - configBlock: |-
                pods verified
                fallthrough in-addr.arpa ip6.arpa
                ttl 30
              name: kubernetes
              parameters: cluster.local in-addr.arpa ip6.arpa
            - name: prometheus
              parameters: 0.0.0.0:9153
            - name: forward
              parameters: . /etc/resolv.conf
            - name: cache
              parameters: 30
            - name: loop
            - name: reload
            - name: loadbalance
          port: 53
          zones:
            - zone: .
...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment