icecheng/freeleaps-ops
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3e8e02bf15
freeleaps-ops/cluster/ansible
History
zhenyus 3e8e02bf15 doc(readme): add instructions for cluster scaling and anonymous auth enabling 
Signed-off-by: zhenyus <zhenyus@mathmast.com>
2025-02-19 13:55:53 +08:00
..
manifests fix(inventory): comment out unused worker nodes for clarity 2025-02-19 12:31:32 +08:00
patch/kube-apiserver feat(k8s): add security hardening instructions for kube-apiserver and service account configuration 2025-01-14 06:58:52 +08:00
activate.sh fix(pipeline): change file permissions to executable for Ansible and script files 2025-02-10 15:39:49 +08:00
check.sh fix(pipeline): change file permissions to executable for Ansible and script files 2025-02-10 15:39:49 +08:00
deploy.sh fix(pipeline): change file permissions to executable for Ansible and script files 2025-02-10 15:39:49 +08:00
init.sh fix(pipeline): change file permissions to executable for Ansible and script files 2025-02-10 15:39:49 +08:00
README.md doc(readme): add instructions for cluster scaling and anonymous auth enabling 2025-02-19 13:55:53 +08:00
reset.sh fix(pipeline): change file permissions to executable for Ansible and script files 2025-02-10 15:39:49 +08:00
upgrade-cluster.sh fix: command error when upgrade cluster 2025-02-18 13:55:16 +08:00
upgrade-control-plane.sh fix(pipeline): change file permissions to executable for Ansible and script files 2025-02-10 15:39:49 +08:00

README.md

Freeleaps Cluster Maintain Ansible

This folder used to Freeleaps Kubernetes Cluster maintaining.

Pre-settings for each node

Enable br_netfilter module for Kernel

We need enable br_netfilter module for each node's kernel.

Using command modprobe br_netfilter on each nodes to enable it.

Enable HugePage on node's kernel


# Check nodes HugePage params if not 1024
sudo grep HugePages /proc/meminfo

# Add HugePage params into kernel settings
echo 1024 | sudo tee /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages
echo vm.nr_hugepages = 1024 | sudo tee -a /etc/sysctl.conf

Change Kernel Params

You need ensure kernel params (/etc/sysctl.conf) like belows:


net.ipv4.ip_forward=1
kernel.keys.root_maxbytes=25000000
kernel.keys.root_maxkeys=1000000
kernel.panic=10
kernel.panic_on_oops=1
vm.overcommit_memory=1
vm.panic_on_oom=0
net.ipv4.ip_local_reserved_ports=30000-32767
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-arptables=1
net.bridge.bridge-nf-call-ip6tables=1
vm.nr_hugepages = 1024

Using sysctl -p to make kernel params effect.

How to use ?

Cluster Scaling

If you want to scale nodes in cluster, you can execute script upgrade-cluster.sh after environment initialized.

Tips - ANONYMOUS AUTH ENABLING BEFORE SCALE

kubeadm using bootstrap token to join newly added nodes into cluster, which means we need enable anonymous authentication for kube-apiserver temporally.

You need edit /etc/kubernetes/manifests/kube-apiserver.yaml on master-01 node and set --anonymous-auth=true and you must recovery it to false when cluster has been scaled.