https://github.com/jenting/rke2-ha
HA rke2 cluster
https://github.com/jenting/rke2-ha
Last synced: 3 months ago
JSON representation
HA rke2 cluster
- Host: GitHub
- URL: https://github.com/jenting/rke2-ha
- Owner: jenting
- License: apache-2.0
- Created: 2020-12-08T06:50:24.000Z (over 5 years ago)
- Default Branch: main
- Last Pushed: 2021-03-23T04:38:55.000Z (about 5 years ago)
- Last Synced: 2025-04-13T12:40:12.948Z (about 1 year ago)
- Homepage:
- Size: 10.7 KB
- Stars: 1
- Watchers: 1
- Forks: 5
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# RKE2-HA
The control plane nodes _must be_ odd number.
```shell
# 1st control plane node
sudo su -
systemctl disable firewalld
systemctl stop firewalld
curl -sfL https://get.rke2.io | sh -
systemctl enable rke2-server.service
mkdir -p /etc/rancher/rke2/
cat << EOF > /etc/rancher/rke2/config.yaml
kube-apiserver-arg: "kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname"
EOF
systemctl start rke2-server.service
SERVER_NODE_TOKEN=`cat /var/lib/rancher/rke2/server/node-token`
# 2nd, 3rd control plane nodes
sudo su -
systemctl disable firewalld
systemctl stop firewalld
curl -sfL https://get.rke2.io | sh -
systemctl enable rke2-server.service
mkdir -p /etc/rancher/rke2/
vim /etc/rancher/rke2/config.yaml
server: https://:9345
token: $SERVER_NODE_TOKEN
systemctl start rke2-server.service
# worker nodes
sudo su -
systemctl disable firewalld
systemctl stop firewalld
curl -sfL https://get.rke2.io | INSTALL_RKE2_TYPE="agent" sh -
systemctl enable rke2-agent.service
mkdir -p /etc/rancher/rke2/
cat << EOF > /etc/rancher/rke2/config.yaml
server: https://:9345
token: $SERVER_NODE_TOKEN
EOF
systemctl start rke2-agent.service
```
# RKE2-HA with CIS-1.5 profile
The control plane nodes _must be_ odd number.
```shell
# 1st control plane node
sudo su -
systemctl disable firewalld
systemctl stop firewalld
curl -sfL https://get.rke2.io | sh -
systemctl enable rke2-server.service
cat << EOF > /etc/sysctl.d/60-rke2-cis.conf
vm.panic_on_oom=0
vm.overcommit_memory=1
kernel.panic=10
kernel.panic_on_oops=1
EOF
sudo systemctl restart systemd-sysctl
useradd -r -c "etcd user" -s /sbin/nologin -M etcd
mkdir -p /etc/rancher/rke2/
cat << EOF > /etc/rancher/rke2/config.yaml
kube-apiserver-arg: "kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname"
profile: "cis-1.5"
EOF
systemctl start rke2-server.service
SERVER_NODE_TOKEN=`cat /var/lib/rancher/rke2/server/node-token`
# 2nd, 3rd control plane nodes
sudo su -
systemctl disable firewalld
systemctl stop firewalld
curl -sfL https://get.rke2.io | sh -
systemctl enable rke2-server.service
cat << EOF > /etc/sysctl.d/60-rke2-cis.conf
vm.panic_on_oom=0
vm.overcommit_memory=1
kernel.panic=10
kernel.panic_on_oops=1
EOF
sudo systemctl restart systemd-sysctl
useradd -r -c "etcd user" -s /sbin/nologin -M etcd
mkdir -p /etc/rancher/rke2/
cat << EOF > /etc/rancher/rke2/config.yaml
server: https://:9345
token: $SERVER_NODE_TOKEN
profile: "cis-1.5"
EOF
systemctl start rke2-server.service
# worker nodes
sudo su -
systemctl disable firewalld
systemctl stop firewalld
curl -sfL https://get.rke2.io | INSTALL_RKE2_TYPE="agent" sh -
systemctl enable rke2-agent.service
cat << EOF > /etc/sysctl.d/60-rke2-cis.conf
vm.panic_on_oom=0
vm.overcommit_memory=1
kernel.panic=10
kernel.panic_on_oops=1
EOF
sudo systemctl restart systemd-sysctl
mkdir -p /etc/rancher/rke2/
cat << EOF > /etc/rancher/rke2/config.yaml
server: https://:9345
token: $SERVER_NODE_TOKEN
profile: "cis-1.5"
EOF
systemctl start rke2-agent.service
```
## Install system-upgrade-controller
Install the system-upgrade-controller.
```shell
kubectl apply -f https://github.com/rancher/system-upgrade-controller/releases/download/v0.6.2/system-upgrade-controller.yaml
cat <