zackbradys/rke2-kubevip.md

## rke2-kubevip.md

      
    Raw
  

              rke2-kubevip.md
            
          
    view the upstream gist by bgulla -> https://gist.github.com/bgulla/7a6a72bdc5df6febb1e22dbc32f0ca4f

additional docs from bcdurden -> https://github.com/bcdurden/rke2-kube-vip

cat << EOF >> /etc/sysctl.conf
### Modified System Settings
vm.swappiness=0
vm.panic_on_oom=0
vm.overcommit_memory=1
kernel.panic=10
kernel.panic_on_oops=1
vm.max_map_count = 262144
net.ipv4.ip_local_port_range=1024 65000
net.core.somaxconn=10000
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_fin_timeout=15
net.core.somaxconn=4096
net.core.netdev_max_backlog=4096
net.core.rmem_max=16777216
net.core.wmem_max=16777216
net.ipv4.tcp_max_syn_backlog=20480
net.ipv4.tcp_max_tw_buckets=400000
net.ipv4.tcp_no_metrics_save=1
net.ipv4.tcp_rmem=4096 87380 16777216
net.ipv4.tcp_syn_retries=2
net.ipv4.tcp_synack_retries=2
net.ipv4.tcp_wmem=4096 65536 16777216
net.ipv4.neigh.default.gc_thresh1=8096
net.ipv4.neigh.default.gc_thresh2=12288
net.ipv4.neigh.default.gc_thresh3=16384
net.ipv4.tcp_keepalive_time=600
net.ipv4.ip_forward=1
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=1048576
EOF
sysctl -p > /dev/null 2>&1
systemctl stop firewalld; systemctl disable firewalld; systemctl stop nm-cloud-setup; systemctl disable nm-cloud-setup; 
systemctl stop nm-cloud-setup.timer; systemctl disable nm-cloud-setup.timer

echo -e "[keyfile]\nunmanaged-devices=interface-name:cali*;interface-name:flannel*" > /etc/NetworkManager/conf.d/rke2-canal.conf
export RKE2_VIP_IP=10.0.1.5
export RKE2_VIP_INTERFACE=eth0

mkdir -p /var/lib/rancher/rke2/server/manifests/

curl -sL https://kube-vip.io/manifests/rbac.yaml > /var/lib/rancher/rke2/server/manifests/vip-rbac.yaml

curl -sL https://kube-vip.io/k3s |  vipAddress=${RKE2_VIP_IP} vipInterface=${RKE2_VIP_INTERFACE} sh | sudo tee /var/lib/rancher/rke2/server/manifests/vip.yaml
mkdir -p /etc/rancher/rke2

cat << EOF >> /etc/rancher/rke2/config.yaml
token: rke2tokenforkubevipdemo
tls-san:
  - ${HOSTNAME}.local
  - ${HOSTNAME}
  - rke2master.local
  - rke2master
  - ${RKE2_VIP_IP}
EOF
cat << EOF >> /etc/hosts
127.0.0.1 localhost
10.0.1.2 rke2a
10.0.1.3 rke2b 
10.0.1.4 rke2c 
10.0.1.5 rke2master
10.0.1.5 rke2master.local
EOF
sudo ln -s /var/lib/rancher/rke2/data/v1*/bin/kubectl /usr/bin/kubectl
sudo ln -s /var/run/k3s/containerd/containerd.sock /var/run/containerd/containerd.sock

cat << EOF >> ~/.bashrc
export PATH=$PATH:/var/lib/rancher/rke2/bin:/usr/local/bin/
export KUBECONFIG=/etc/rancher/rke2/rke2.yaml
export CRI_CONFIG_FILE=/var/lib/rancher/rke2/agent/etc/crictl.yaml
alias k=kubectl
EOF
source ~/.bashrc
curl -sfL https://get.rke2.io | sh -
systemctl enable rke2-server.service && systemctl start rke2-server.service

sleep 60 && kubectl get nodes -o wide
mkdir -p /etc/rancher/rke2

cat << EOF >> /etc/rancher/rke2/config.yaml
token: rke2tokenforkubevipdemo
server: https://rke2master.local:9345
tls-san:
  - ${HOSTNAME}.local
  - ${HOSTNAME}
  - rke2master.local
  - rke2master
EOF
cat << EOF >> /etc/hosts
127.0.0.1 localhost
10.0.1.2 rke2a
10.0.1.3 rke2b 
10.0.1.4 rke2c 
10.0.1.5 rke2master
10.0.1.5 rke2master.local
EOF
curl -sfL https://get.rke2.io | sh -
systemctl enable rke2-server.service && systemctl start rke2-server.service