- Uses rke-v1.3.23 and docker 20.10... ((latest and greatest seem to go bust, might be fixed per node add revised method))
- Check for harvester arm releases in the coming future
- Hardware: rpi-4b-8Gbram *X, sd card *X, usb *X, poe capable router, poe-usb-c splitter *X; where X=4 in my case => (4devices * 5volts * 3amps = 20watts total which is a third of your typical filament light bulb at 60watts.
- Network: Home router internal dns is already running with domain to subnet/vlan for all node hostnames ((my-case: 192.168.3.0/24 vlan: X)), (needs dns wildcard setup at some point as well as access from public dns)
- Storage: Using rpi imager to flash 32gb san disk sd with raspbian-os && 32gb san disk usb-3.0 speeds type UHS-I with Ubuntu-22.04.03(64-bit) server. Both storage devices are to be configured with ssh user-pass, locale/timezone (gb) and hostnames pi-sd and pi-X respectively. Now poe power on from router settings page and check the boot priorities with
sudo rpi-eeprom-config --edit
if hostname on jmux connect dont match pi-X formatting.
If in doubt, wipe all storage devices partitions and data to best of ability with zeros before using rpi-imager: ((usb/ssd performance gets obliterated on excessive re-writes and can not defrag either so minimise this))
sudo gdisk /dev/sda ==> o ==> w
sudo dd if=/dev/zero of=/dev/sda bs=4M status=progress
Note, ive installed fibre/raid in the past too, to use with hypervisor from vmware with lvm flags. lvm for /var/lib/docker, /var/lib/rancher, seperate from root. I added the /var/log to have lvm of its own too, cus I noticed it was polluting the vm storage space for root, preventing the install and config of further critical system packages like saltstack...
jmux connect pi@pi-1.junder.uk pi@pi-2.junder.uk pi@pi-3.junder.uk pi@pi-4.junder.uk
sudo apt update
sudo apt upgrade
sudo apt install apt-transport-https ca-certificates curl software-properties-common gnupg sshpass
DOCKER INSTALL SPECIFIC VERSION SEE:
1)=> https://www.suse.com/suse-rke1/support-matrix/all-supported-versions/rke1-v1-25/
2)=> https://docs.docker.com/engine/install/ubuntu/ list versions with => apt-cache madison docker-ce | awk '{ print $3 }'
In my case, 5:20.10.24~3-0:
sudo apt install docker-ce=5:20.10.24~3-0~ubuntu-jammy docker-ce-cli=5:20.10.24~3-0~ubuntu-jammy containerd.io docker-buildx-plugin
==> change between versions by apt removing and reinstall in use with pin file mod method listed below...
sudo nano /etc/apt/preferences.d/docker-pin
Package: docker-ce
Pin: version 5:20.10.24~3-0~ubuntu-jammy
Pin-Priority: 1000
Package: docker-ce-cli
Pin: version 5:20.10.24~3-0~ubuntu-jammy
Pin-Priority: 1000
==> Ctrl+o
==> Ctrl+x
sudo usermod -aG docker pi
su - pi
docker --version
curl -Lo ~/rke https://github.com/rancher/rke/releases/download/v1.5.0/rke_linux-arm64 && chmod +x rke
curl -o ~/cluster.yml https://raw.githubusercontent.com/junder-git/OLD_rke1_arm64_v2/main/jcluster.yml
curl -o ~/jclusterissuer.yml https://raw.githubusercontent.com/junder-git/OLD_rke1_arm64_v2/main/jclusterissuer.yml
curl -o ~/jnginx-configmap.yaml https://raw.githubusercontent.com/junder-git/OLD_rke1_arm64_v2/main/jnginx-configmap.yaml
ssh-keygen -t rsa -b 4096
ssh-copy-id pi@192.168.2.21
ssh-copy-id pi@192.168.2.22
ssh-copy-id pi@192.168.2.23
ssh-copy-id pi@192.168.2.24
for i in {1..4}; do
sshpass -p "CHANGE_HERE_your_password" ssh-copy-id -o StrictHostKeyChecking=no pi@pi-$i.junder.uk <<< "yes"
done
Node race to master:
sed -i "s/PLACE_HOLDER_IP/$(ip a show dev eth0 | grep -oP 'inet \K[\d.]+')/g" cluster.yml
./rke up
(spam run ./rke up if fail <= 3-attempts and use empty passphrase in key-gen command, rke notoriously fails a ton: rancher/rke#2632 (comment)
./rke remove ((make sure all nodes are connected to master)) ((Maybe running rke from remote machine x86_64 yeilds better results...))
=== OR ===
jmux connect pi@pi-1.junder.uk pi@pi-2.junder.uk pi@pi-3.junder.uk pi@pi-4.junder.uk
docker rm -f $(docker ps -qa) && docker rmi -f $(docker images -q) && docker volume rm $(docker volume ls -q)
for mount in $(mount | grep tmpfs | grep '/var/lib/kubelet' | awk '{ print $3 }') /var/lib/kubelet /var/lib/rancher; do umount $mount; done
cleanupdirs="/etc/ceph /etc/cni /etc/kubernetes /opt/cni /opt/rke /run/secrets/kubernetes.io /run/calico /run/flannel /var/lib/calico /var/lib/etcd /var/lib/cni /var/lib/kubelet /var/lib/rancher/rke/log /var/log/containers /var/log/pods /var/run/calico"
rm ~/.kube/config ~/cluster.rkestate ~/kube_config_cluster.yml
sudo apt purge -y docker-engine docker docker.io docker-ce docker-ce-cli docker-compose-plugin
sudo apt-get autoremove
https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/
==> see package manager walk-through then do addtional two steps below:
mkdir -p ~/.kube
cp kube_config_cluster.yml ~/.kube/config
https://helm.sh/docs/intro/install/
https://cert-manager.io/docs/installation/helm/
kubectl apply -f ~/jclusterissuer.yml
helm install rancher rancher-stable/rancher --namespace cattle-system --create-namespace --set hostname=pi-1.junder.uk --set bootstrapPassword=admin --set ingress.tls.source=letsEncrypt --set letsEncrypt.email=j@junder.uk --set letsEncrypt.ingress.class=nginx
kubectl get svc -n cattle-system
- Consider rancher helm install without specifying nginx to begin with
((nginx and gzip config, issues in the past with compression techniques for performance and data security)) - gzip attack nginx
kubectl get pods,svc,configmaps --namespace=ingress-nginx
kubectl delete ingressclass nginx -n default
kubectl delete validatingwebhookconfiguration ingress-nginx-admission -n default
kubectl delete serviceaccount nginx-ingress -n default
kubectl delete clusterrole nginx-ingress -n default
kubectl delete clusterrolebinding nginx-ingress -n default
kubectl apply -f https://raw.githubusercontent.com/junder-git/rke/main/jnginx-configmap.yaml
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install nginx-ingress ingress-nginx/ingress-nginx --namespace default --set controller.configMapName=jnginx-configmap
helm upgrade nginx-ingress ingress-nginx/ingress-nginx --namespace default --set controller.configMapName=jnginx-configmap
=====
Clear dns/curl cache:
sudo systemctl restart systemd-resolved
Restart kubernetes master after reboot if not auto accepted:
docker restart $(docker ps -q)
jmux connect pi@pi-1.junder.uk pi@pi-2.junder.uk pi@pi-3.junder.uk pi@pi-4.junder.uk
curl -o ~/filename.ext -LJO https://raw.githubusercontent.com/junder-git/rke/main/jnginx.conf
docker run --name jnginx-container -v ~/jnginx.conf:/etc/nginx/nginx.conf:ro -d -p 80:80 --cpus 0.5 --memory 512m nginx
kubectl get svc -n
docker stop jnginx-container && docker rm jnginx-container
########## ADDITIONAL commands
docker ps -a -q | awk '{print $1}' | xargs docker stop
docker ps -a
docker ps -a --filter "name=jnginx-container"
((update all pi nodes ubuntu os kernal))- sudo apt upgrade linux-generic
sudo apt remove linux-image-generic
sudo dpkg --remove --force-remove-reinstreq linux-image-6.2.0-31-generic
sudo apt --fix-broken install
sudo apt clean
df -h
du -h myfolder
sudo apt update && sudo apt upgrade
sudo apt-get dist-upgrade
lsb_release -a
##########
jnginx-configmap.yaml
NGINX PLUS FOR max_conns=3;
https://docs.nginx.com/nginx/admin-guide/load-balancer/http-load-balancer/ See NGINX PLUS features
queue 100 timeout=70; NGINX PLUS FOR LIMMITING QUEUE
sticky learn NGINX PLUS FOR SESSIONS
create=$upstream_cookie_examplecookie
lookup=$cookie_examplecookie
zone=client_sessions:1m
timeout=1h
sync;
This allows the ability for the execute shell window to remain open for up to 15 minutes. Without this parameter, the default is 1 minute and will automatically close.
#########CHATGPT
Use Helm Hooks: If you originally installed Nginx Ingress using Helm, you can define a Helm hook to handle the update of the ConfigMap and restart the Controller pods. Here's an example:
yaml
Copy code
apiVersion: batch/v1
kind: Job
metadata:
name: nginx-config-update
namespace: ingress-nginx
spec:
template:
spec:
containers:
- name: nginx-config-update
image: your-image-with-kubectl # An image with kubectl installed
command:
- kubectl
- delete
- pods
- -n
- ingress-nginx
- -l
- app.kubernetes.io/component=controller
restartPolicy: OnFailure
This Helm hook defines a Kubernetes Job that deletes the Nginx Ingress Controller pods when the chart is upgraded or installed.
Make sure to use an image with kubectl installed.
nano /boot/config.txt boot_order=0xf41 nano /boot/cmdline.txt cgroup_memory=1 cgroup_enable=memory ip=LOCAL_IP_ADDRESS::LOCAL_IP_GATEWAY:NET_MASK_255:HOSTNAME:NIC_eth0:off
===
- (pi tip for raspbian os) - sudo rpi-eeprom-config => BOOT_ORDER=0xf14 (1-usb 4-sd f-fallback_boot, saw vid where boot order was from the right not left, but hostname is of type usb so eh?!, jeff here https://youtu.be/UT5UbSJOyog?t=499 has the nvme usb boot figure at the end, but my pi is booting from left to right it seems...)
- (k3s tip for raspbian os) - /boot/cmdline.txt => cgroup_memory=1 cgroup_enable=memory ip=LOCAL_IP_ADDRESS::LOCAL_IP_GATEWAY:NET_MASK_255:HOSTNAME:NIC_eth0:off ((eth0:off is for auto configuration off))