Skip to content

Changes

Page history
Create Management and Configuration of the K3S Cluster authored by Alessandro Caetano Beltrao's avatar Alessandro Caetano Beltrao
Hide whitespace changes
Inline Side-by-side
Management-and-Configuration-of-the-K3S-Cluster.md 0 → 100644
View page @ 2676004b
Since we decided to keep K3S as the cluster for the LENS/ESE lab it is fundamental to relay instructions on how to operate the cluster. K3S is distributed as a single binary file, this way, the installation and update of the cluster and its components can be easily done by downloading and replacing the files in the respective folders. The K3S binary is in the path `/usr/local/bin/k3s`. Usually, K3S can be updated by using and automated script as:
```
curl -sfL https://get.k3s.io | sh -
```
However, it is not recommend updating this way since the wrong parameters can overwrite the already existing configuration of the cluster. The second way to update install or update K3S is to replace the binary file on the corresponding path, which is the best way in the current cluster configuration. The current service file for K3S is:
```
[Unit]
Description=Lightweight Kubernetes
Documentation=https://k3s.io
Wants=network-online.target
After=network-online.target
[Install]
WantedBy=multi-user.target
[Service]
Type=notify
EnvironmentFile=-/etc/default/%N
EnvironmentFile=-/etc/sysconfig/%N
EnvironmentFile=-/etc/systemd/system/k3s.service.env
KillMode=process
Delegate=yes
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=1048576
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
TimeoutStartSec=0
Restart=always
RestartSec=5s
ExecStartPre=/bin/sh -xc '! /usr/bin/systemctl is-enabled --quiet nm-cloud-setup.service'
ExecStartPre=-/sbin/modprobe br_netfilter
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/k3s \
server \
'--write-kubeconfig-mode=644' \
'--node-ip=146.164.34.22' \
'--flannel-backend=wireguard-native' \
'--token=fxKENhXQ3ARJc6KfeWPJ6RoeTL9pAUWgExiNd2ks' \
'--datastore-endpoint=postgres://k3s_user:CmMXCpaQJoE3*Xb.rRHN@146.164.34.21:5432/k3s'
```
Currently, the K3S cluster installed is using the same PostgreSQL database on the Gitlab Server VM on PESC. The current configuration for K3S service file specifies the connection string to the database and the encryption token to join new nodes to the cluster. To join new nodes, the only command needed is:
```
curl -fsL https://get.k3s.io | K3S_URL=https://146.164.34.22:6443 K3S_TOKEN=fxKENhXQ3ARJc6KfeWPJ6RoeTL9pAUWgExiNd2ks sh –
```
In our case, the command to join nodes on K3S is:
```
curl -fsL https://get.k3s.io | K3S_URL=https://SERVER_URL:6443 K3S_TOKEN=ENCRYPTION_TOKEN sh –
```
This command will allow the new host to join the cluster, and no other tools are necessary to run the cluster services.
After the installation and setup of the master and worker nodes, the binary kubectl is available for the root user to allow the configuration and management of the cluster but it can be only used in the master node. The K3S installation comes, by default, with the following components:
- [**Kubernetes Metrics Server**](https://github.com/kubernetes-sigs/metrics-server): Collects container resource metrics for Kubernetes.
- [**Flannel**](https://github.com/flannel-io/flannel): Container network fabric for Kubernetes, it provides a layer 3 IPv4 network between the nodes in a cluster.
- [**Traefik**](https://doc.traefik.io/traefik/): A open-source edge router for Kubernetes, it is the main Ingress component of the cluster, receiving incoming traffic in a specified DNS and routing them to the appropriate component.
- [**CoreDNS**](https://coredns.io/manual/toc/): It's a DNS Server and Service Discovery tool that allows containers to communicate with each other based on internal service names on Kubernetes.
These services should not be removed manually, instead, you can remove them by updating the K3S service file with the flags `--disable` and `--flannel-backend`, as follows:
```
[Unit]
Description=Lightweight Kubernetes
Documentation=https://k3s.io
Wants=network-online.target
After=network-online.target
[Install]
WantedBy=multi-user.target
[Service]
Type=notify
EnvironmentFile=-/etc/default/%N
EnvironmentFile=-/etc/sysconfig/%N
EnvironmentFile=-/etc/systemd/system/k3s.service.env
KillMode=process
Delegate=yes
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=1048576
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
TimeoutStartSec=0
Restart=always
RestartSec=5s
ExecStartPre=/bin/sh -xc '! /usr/bin/systemctl is-enabled --quiet nm-cloud-setup.service'
ExecStartPre=-/sbin/modprobe br_netfilter
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/k3s \
server \
'--write-kubeconfig-mode=644' \
'--node-ip=146.164.34.22' \
'--flannel-backend=wireguard-native' \
'--token=fxKENhXQ3ARJc6KfeWPJ6RoeTL9pAUWgExiNd2ks' \
'--disable=traefik' \
'--flannel-backend=none' \
'--datastore-endpoint=postgres://k3s_user:CmMXCpaQJoE3*Xb.rRHN@146.164.34.21:5432/k3s'
```
The valid arguments for `--disable` are `coredns, servicelb, traefik,local-storage, metrics-server`, and the valid backends for flannel are `vxlan, ipsec, gw, wireguard, wireguard-native`. For more configuration options on the service file of K3S, the documentation is [**here**](https://docs.k3s.io/reference/server-config).