HA Kubernetes RKE2 with Kube-VIP and Rancher

192.168.10.71  rke-node-1.rke.domain.com
192.168.10.72 rke-node-2.rke.domain.com
192.168.10.73 rke-node-3.rke.domain.com
192.168.10.74 rancher.rke.domain.com
mkdir -p /etc/rancher/rke2
vi /etc/rancher/rke2/config.yaml
tls-san:
- rke-node-1
- rke-node-1.rke.domain.com
- rancher.rke.domain.com
- 192.168.10.71
export VIP=192.168.10.74
export TAG=v0.4.2
export INTERFACE=ens160
export CONTAINER_RUNTIME_ENDPOINT=unix:///run/k3s/containerd/containerd.sock
export CONTAINERD_ADDRESS=/run/k3s/containerd/containerd.sock
export PATH=/var/lib/rancher/rke2/bin:$PATH
export KUBECONFIG=/etc/rancher/rke2/rke2.yaml
alias k=kubectl
curl -sfL https://get.rke2.io | sh -
systemctl enable rke2-server
systemctl start rke2-server
journalctl -u rke2-server -f
export KUBECONFIG=/etc/rancher/rke2/rke2.yaml
k get nodes

Output:
NAME STATUS ROLES AGE VERSION
rke2 Ready control-plane,etcd,master 12d v1.22.7+rke2r2
curl -s https://kube-vip.io/manifests/rbac.yaml > /var/lib/rancher/rke2/server/manifests/kube-vip-rbac.yamlcrictl pull docker.io/plndr/kube-vip:$TAGalias kube-vip="ctr --namespace k8s.io run --rm --net-host docker.io/plndr/kube-vip:$TAG vip /kube-vip"

kube-vip manifest daemonset \
--arp \
--interface $INTERFACE \
--address $VIP \
--controlplane \
--leaderElection \
--taint \
--services \
--inCluster | tee /var/lib/rancher/rke2/server/manifests/kube-vip.yaml
k logs $(k get po -n kube-system | grep kube-vip | awk '{print $1}') -n kube-system --tail 1Output:
time="2022-04-11T20:33:48Z" level=info msg="Broadcasting ARP update for 192.168.10.74 (00:50:56:9b:3a:cb) via ens160"
ip a list $INTERFACEOutput:
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:50:56:9b:3a:cb brd ff:ff:ff:ff:ff:ff
inet 192.168.10.71/24 brd 192.168.10.255 scope global ens160
valid_lft forever preferred_lft forever
inet 192.168.10.74/32 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fe9b:3acb/64 scope link
valid_lft forever preferred_lft forever
kubectl create namespace cattle-system

helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
helm repo update

kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.5.4/cert-manager.yaml

helm install rancher rancher-stable/rancher \
--namespace cattle-system \
--version 2.6.3 \
--set hostname=rancher.rke.domain.com \
--set replicas=1
kubectl create namespace cattle-systemhelm repo add rancher-stable https://releases.rancher.com/server-charts/stablehelm repo updateexport CERTDIR=/root/rke/certificateskubectl -n cattle-system create secret tls tls-rancher-ingress --cert=${CERTDIR}/fullchain.pem --key=${CERTDIR}/key.pem

helm install rancher rancher-stable/rancher \
--namespace cattle-system \
--set hostname=rancher.rke.domain.com \
--set replicas=1 \
--set ingress.tls.source=secret
root@rke-node-1:~/certificates# kubectl -n cattle-system rollout status deploy/rancherOutput:
Waiting for deployment "rancher" rollout to finish: 0 of 1 updated replicas are available...
kubectl get  pods -n cattle-systemOutput:
NAME READY STATUS RESTARTS AGE
rancher-78f6794ccb-wh54w 1/1 Running 0 7m42s
kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}{{"\n"}}'
cat /var/lib/rancher/rke2/server/token
Output:
K10e53bdb27060ebc74cd2c25184fd8b14a94934898a7a91a48a613fb33ec310032::server:1c18fe2068bc4561260b2764858d7402
mkdir -p /etc/rancher/rke2
vi /etc/rancher/rke2/config.yaml
token: K10e53bdb27060ebc74cd2c25184fd8b14a94934898a7a91a48a613fb33ec310032::server:1c18fe2068bc4561260b2764858d7402
server: https://rancher.rke.domain.com:9345
tls-san:
- rke-node-2
- rke-node-2.rke.domain.com
- rancher.rke.domain.com
- 192.168.10.72
curl -sfL https://get.rke2.io | sh -
systemctl enable rke2-server
systemctl start rke2-server
kubectl get nodes
kubectl scale --replicas 3 deployment/rancher -n cattle-system
kubectl get  pods -n cattle-systemOutput:
rancher-78f6794ccb-jm5tm 1/1 Running 0 4m10s
rancher-78f6794ccb-pqzbd 1/1 Running 0 4m47s
rancher-78f6794ccb-wh54w 1/1 Running 0 64m

Adding Agent ( Worker) Node

mkdir -p /etc/rancher/rke2
vi /etc/rancher/rke2/config.yaml
token: K10e53bdb27060ebc74cd2c25184fd8b14a94934898a7a91a48a613fb33ec310032::server:1c18fe2068bc4561260b2764858d7402
server: https://rancher.rke.domain.com:9345
curl -sfL https://get.rke2.io | sh -
systemctl enable rke2-agent
systemctl start rke2-agent
export KUBECONFIG=/etc/rancher/rke2/rke2.yaml
kubectl get nodes
journalctl -u rke2-agent -f

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store