Update to latest version (#325)

* Build now functional * Use ssh option to reduce questions * Use IPVS * Further e2e observations * Tidy up * RAM and CPU adjustments
2025-12-15 17:28:58 +03:00 · 2023-11-23 19:52:14 +00:00
parent 24d0565f89
commit 2dd8f64d31
22 changed files with 344 additions and 215 deletions
--- a/vagrant/Vagrantfile
+++ b/vagrant/Vagrantfile
@@ -1,15 +1,42 @@
 # -*- mode: ruby -*-
 # vi:set ft=ruby sw=2 ts=2 sts=2:

-# Define the number of master and worker nodes
-# If this number is changed, remember to update setup-hosts.sh script with the new hosts IP details in /etc/hosts of each VM.
-NUM_MASTER_NODE = 2
-NUM_WORKER_NODE = 2
+# Define how much memory your computer has in GB (e.g. 8, 16)
+# Larger nodes will be created if you have more.
+RAM_SIZE = 16

+# Define how mnay CPU cores you have.
+# More powerful workers will be created if you have more
+CPU_CORES = 8
+
+# Internal network prefix for the VM network
+# See the documentation before changing this
 IP_NW = "192.168.56."
-MASTER_IP_START = 10
-NODE_IP_START = 20
-LB_IP_START = 30
+
+# Calculate resource amounts
+# based on RAM/CPU
+ram_selector = (RAM_SIZE / 4) * 4
+if ram_selector < 8
+  raise "Unsufficient memory #{RAM_SIZE}GB. min 8GB"
+end
+RESOURCES = {
+  "master" => {
+    1 => {
+      # master-1 bigger since it may run e2e tests.
+      "ram" => [ram_selector * 128, 2048].max(),
+      "cpu" => CPU_CORES >= 12 ? 4 : 2,
+    },
+    2 => {
+      # All additional masters get this
+      "ram" => [ram_selector * 128, 2048].min(),
+      "cpu" => CPU_CORES > 8 ? 2 : 1,
+    },
+  },
+  "worker" => {
+    "ram" => [ram_selector * 128, 4096].min(),
+    "cpu" => (((CPU_CORES / 4) * 4) - 4) / 4,
+  },
+}

 # Sets up hosts file and DNS
 def setup_dns(node)
@@ -25,18 +52,23 @@ end
 def provision_kubernetes_node(node)
  # Set up kernel parameters, modules and tunables
  node.vm.provision "setup-kernel", :type => "shell", :path => "ubuntu/setup-kernel.sh"
-  # Restart
-  node.vm.provision :shell do |shell|
-    shell.privileged = true
-    shell.inline = "echo Rebooting"
-    shell.reboot = true
-  end
+  # Set up ssh
+  node.vm.provision "setup-ssh", :type => "shell", :path => "ubuntu/ssh.sh"
  # Set up DNS
  setup_dns node
  # Install cert verification script
  node.vm.provision "shell", inline: "ln -s /vagrant/ubuntu/cert_verify.sh /home/vagrant/cert_verify.sh"
 end

+# Define the number of master and worker nodes. You should not change this
+NUM_MASTER_NODE = 2
+NUM_WORKER_NODE = 2
+
+# Host address start points
+MASTER_IP_START = 10
+NODE_IP_START = 20
+LB_IP_START = 30
+
 # All Vagrant configuration is done below. The "2" in Vagrant.configure
 # configures the configuration version (we support older styles for
 # backwards compatibility). Please don't change it unless you know what
@@ -50,6 +82,7 @@ Vagrant.configure("2") do |config|
  # boxes at https://vagrantcloud.com/search.
  # config.vm.box = "base"
  config.vm.box = "ubuntu/jammy64"
+  config.vm.boot_timeout = 900

  # Disable automatic box update checking. If you disable this, then
  # boxes will only be checked for updates when the user runs
@@ -62,12 +95,8 @@ Vagrant.configure("2") do |config|
      # Name shown in the GUI
      node.vm.provider "virtualbox" do |vb|
        vb.name = "kubernetes-ha-master-#{i}"
-        if i == 1
-          vb.memory = 2048    # More needed to run e2e tests at end
-        else
-          vb.memory = 1024
-        end
-        vb.cpus = 2
+        vb.memory = RESOURCES["master"][i > 2 ? 2 : i]["ram"]
+        vb.cpus = RESOURCES["master"][i > 2 ? 2 : i]["cpu"]
      end
      node.vm.hostname = "master-#{i}"
      node.vm.network :private_network, ip: IP_NW + "#{MASTER_IP_START + i}"
@@ -91,6 +120,8 @@ Vagrant.configure("2") do |config|
    node.vm.hostname = "loadbalancer"
    node.vm.network :private_network, ip: IP_NW + "#{LB_IP_START}"
    node.vm.network "forwarded_port", guest: 22, host: 2730
+    # Set up ssh
+    node.vm.provision "setup-ssh", :type => "shell", :path => "ubuntu/ssh.sh"
    setup_dns node
  end

@@ -99,8 +130,8 @@ Vagrant.configure("2") do |config|
    config.vm.define "worker-#{i}" do |node|
      node.vm.provider "virtualbox" do |vb|
        vb.name = "kubernetes-ha-worker-#{i}"
-        vb.memory = 1024
-        vb.cpus = 1
+        vb.memory = RESOURCES["worker"]["ram"]
+        vb.cpus = RESOURCES["worker"]["cpu"]
      end
      node.vm.hostname = "worker-#{i}"
      node.vm.network :private_network, ip: IP_NW + "#{NODE_IP_START + i}"
--- a/vagrant/ubuntu/cert_verify.sh
+++ b/vagrant/ubuntu/cert_verify.sh
@@ -157,8 +157,14 @@ check_cert_only()
                        exit 1
                fi
            else
-                printf "${FAILED}${cert} missing. More details: https://github.com/mmumshad/kubernetes-the-hard-way/blob/master/docs/04-certificate-authority.md#certificate-authority\n${NC}"
-                echo "These should be in ${CERT_LOCATION}${NC}"
+                if [[ $cert == *kubelet-client-current* ]]
+                then
+                    printf "${FAILED}${cert} missing. This probably means that kubelet failed to start.${NC}\n"
+                    echo -e "Check logs with\n\n  sudo journalctl -u kubelet\n"
+                else
+                    printf "${FAILED}${cert} missing. More details: https://github.com/mmumshad/kubernetes-the-hard-way/blob/master/docs/04-certificate-authority.md#certificate-authority\n${NC}"
+                    echo "These should be in ${CERT_LOCATION}"
+                fi
                exit 1
    fi
 }
@@ -425,17 +431,27 @@ check_systemd_ks()

 # END OF Function - Master node #

+if [ ! -z "$1" ]
+then
+    choice=$1
+else
+    echo "This script will validate the certificates in master as well as worker-1 nodes. Before proceeding, make sure you ssh into the respective node [ Master or Worker-1 ] for certificate validation"
+    while true
+    do
+        echo
+        echo "  1. Verify certificates on Master Nodes after step 4"
+        echo "  2. Verify kubeconfigs on Master Nodes after step 5"
+        echo "  3. Verify kubeconfigs and PKI on Master Nodes after step 8"
+        echo "  4. Verify kubeconfigs and PKI on worker-1 Node after step 10"
+        echo "  5. Verify kubeconfigs and PKI on worker-2 Node after step 11"
+        echo
+        echo -n "Please select one of the above options: "
+        read choice

-echo "This script will validate the certificates in master as well as worker-1 nodes. Before proceeding, make sure you ssh into the respective node [ Master or Worker-1 ] for certificate validation"
-echo
-echo "  1. Verify certificates on Master Nodes after step 4"
-echo "  2. Verify kubeconfigs on Master Nodes after step 5"
-echo "  3. Verify kubeconfigs and PKI on Master Nodes after step 8"
-echo "  4. Verify kubeconfigs and PKI on worker-1 Node after step 10"
-echo "  5. Verify kubeconfigs and PKI on worker-2 Node after step 11"
-echo
-echo -n "Please select one of the above options: "
-read value
+        [ -z "$choice" ] && continue
+        [ $choice -gt 0 -a $choice -lt 6 ] && break
+    done
+fi

 HOST=$(hostname -s)

@@ -450,7 +466,7 @@ SUBJ_SA="Subject:CN=service-accounts,O=Kubernetes"
 SUBJ_ETCD="Subject:CN=etcd-server,O=Kubernetes"
 SUBJ_APIKC="Subject:CN=kube-apiserver-kubelet-client,O=system:masters"

-case $value in
+case $choice in

  1)
    if ! [ "${HOST}" = "master-1" -o "${HOST}" = "master-2" ]
@@ -459,7 +475,7 @@ case $value in
        exit 1
    fi

-    echo -e "The selected option is $value, proceeding the certificate verification of Master node"
+    echo -e "The selected option is $choice, proceeding the certificate verification of Master node"

    CERT_LOCATION=$HOME
    check_cert_and_key "ca" $SUBJ_CA $CERT_ISSUER
--- a/vagrant/ubuntu/setup-kernel.sh
+++ b/vagrant/ubuntu/setup-kernel.sh
@@ -1,19 +1,27 @@
 #!/bin/bash
 #
 # Sets up the kernel with the requirements for running Kubernetes
-# Requires a reboot, which is carried out by the vagrant provisioner.
-set -ex
-
-# Disable cgroups v2 (kernel command line parameter)
-sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="/GRUB_CMDLINE_LINUX_DEFAULT="systemd.unified_cgroup_hierarchy=0 ipv6.disable=1 /' /etc/default/grub
-update-grub
+set -e

 # Add br_netfilter kernel module
-echo "br_netfilter" >> /etc/modules
+cat <<EOF >> /etc/modules
+ip_vs
+ip_vs_rr
+ip_vs_wrr
+ip_vs_sh
+br_netfilter
+nf_conntrack
+EOF
+systemctl restart systemd-modules-load.service

 # Set network tunables
 cat <<EOF >> /etc/sysctl.d/10-kubernetes.conf
+net.ipv6.conf.all.disable_ipv6 = 1
+net.ipv6.conf.default.disable_ipv6 = 1
+net.ipv6.conf.lo.disable_ipv6 = 1
 net.bridge.bridge-nf-call-iptables=1
 net.ipv4.ip_forward=1
 EOF

+sysctl --system
+
--- a/vagrant/ubuntu/ssh.sh
+++ b/vagrant/ubuntu/ssh.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+# Enable password auth in sshd so we can use ssh-copy-id
+sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
+systemctl restart sshd