Channels
extensions
rancher-extensions
supermicro-sixsq
ozt
os
one-point-x
rio
onlinemeetup
v16-v21-migration
events
onlinetraining
training-1220
training-0110
training-0124
k3s-contributor
submariner
storage
k3os
windows
ci-cd
theranchcast
rfed_ara
nederlands
ukranian
danish
training-0131
masterclass
training-0207
training-0214
terraform-controller
epinio
phillydotnet
swarm
rancher-wrangler
deutsch
russian
chinese
mesos
français
japanese
arm
longhorn-dev
terraform-provider-rke
service-mesh
azure
gcp
academy
random
elemental
espanol
lima
harvester-dev
portugues
kubernetes
kim
hypper
kubewarden
opni
logging
neuvector-security
rancher-setup
developer
office-hours
mexico
cabpr
rke
vsphere
longhorn-storage
k3s
k3d
terraform-provider-rancher2
fleet
amazon
harvester
rke2
s3gw
hobbyfarm
rancher-desktop
general
Title
l
loud-helmet-97067
02/15/2023, 12:01 PMHi Team,
We have setup provision x2 master nodes (with etcd datastore - https://docs.k3s.io/installation/ha-embedded*)* and x4 worker nodes for our cluster and the k3s were provision using Rancher UI > Custom cluster settings.
At the moment all the servers are up running, but when we try check HA availability by shutting down we get following errors when we issue kubectl commands;
• Error from server (ServiceUnavailable): apiserver not ready
• Error from server (Timeout): the server was unable to return a response in the time allotted, but may still be processing the request (get nodes)
Our requirement is to setup HA for control plane (master node). I.e: if one control plane server goes down / not available, Kubenetes API /CLI commands should run from other (available) node(s). If we are to achieve our requirement;
• Via etcd datastote,
Do we need setup x3 master nodes - enabling control plane and etcd in all 3 ?
• If not use external datastore : https://docs.k3s.io/installation/ha
If enabling external db, is it sufficient to pass --datastore-endpoint when provisioning master node via rancher
Below state k3s configuration for master nodes;
Master Node 0 [Sample ip: x.x.x.0]:
cat /etc/rancher/k3s/config.yaml.d/50-rancher.yaml
{
"agent-token": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"disable-apiserver": false,
"disable-cloud-controller": false,
"disable-controller-manager": false,
"disable-etcd": false,
"disable-kube-proxy": false,
"disable-network-policy": false,
"disable-scheduler": false,
"docker": false,
"etcd-expose-metrics": false,
"etcd-snapshot-retention": 5,
"etcd-snapshot-schedule-cron": "0 */5 * * *",
"kube-controller-manager-arg": [
"cert-dir=/var/lib/rancher/k3s/server/tls/kube-controller-manager",
"secure-port=10257"
],
"kube-scheduler-arg": [
"cert-dir=/var/lib/rancher/k3s/server/tls/kube-scheduler",
"secure-port=10259"
],
"node-label": [
"<http://cattle.io/os=linux|cattle.io/os=linux>",
"<http://rke.cattle.io/machine=b89290bb-5f82-47e7-96bc-9cc16f126a5c|rke.cattle.io/machine=b89290bb-5f82-47e7-96bc-9cc16f126a5c>"
],
"node-taint": [
"<http://node-role.kubernetes.io/control-plane:NoSchedule|node-role.kubernetes.io/control-plane:NoSchedule>",
"<http://node-role.kubernetes.io/etcd:NoExecute|node-role.kubernetes.io/etcd:NoExecute>"
],
"private-registry": "/etc/rancher/k3s/registries.yaml",
"protect-kernel-defaults": false,
"secrets-encryption": false,
"selinux": false,
"server": "<https://x.x.x.1:6443>",
"token": "YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY"cat /etc/rancher/k3s/config.yaml.d/50-rancher.yaml
{
"agent-token": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"cluster-init": true,
"disable-apiserver": false,
"disable-cloud-controller": false,
"disable-controller-manager": false,
"disable-etcd": false,
"disable-kube-proxy": false,
"disable-network-policy": false,
"disable-scheduler": false,
"docker": false,
"etcd-expose-metrics": false,
"etcd-snapshot-retention": 5,
"etcd-snapshot-schedule-cron": "0 */5 * * *",
"kube-controller-manager-arg": [
"cert-dir=/var/lib/rancher/k3s/server/tls/kube-controller-manager",
"secure-port=10257"
],
"kube-scheduler-arg": [
"cert-dir=/var/lib/rancher/k3s/server/tls/kube-scheduler",
"secure-port=10259"
],
"node-label": [
"<http://cattle.io/os=linux|cattle.io/os=linux>",
"<http://rke.cattle.io/machine=77f5f3c6-a380-48b0-8b74-c7c3da330ff6|rke.cattle.io/machine=77f5f3c6-a380-48b0-8b74-c7c3da330ff6>"
],
"node-taint": [
"<http://node-role.kubernetes.io/control-plane:NoSchedule|node-role.kubernetes.io/control-plane:NoSchedule>",
"<http://node-role.kubernetes.io/etcd:NoExecute|node-role.kubernetes.io/etcd:NoExecute>"
],
"private-registry": "/etc/rancher/k3s/registries.yaml",
"protect-kernel-defaults": false,
"secrets-encryption": false,
"selinux": false,
"token": "YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY"
}r
rich-cartoon-70161
02/15/2023, 1:29 PMTo run K3s in this mode, you must have an odd number of server nodes. We recommend starting with three nodes.Because the majority has to still be available, otherwise it’ll do what it’s doing in your setup.
With 3 control-plane nodes you can have 1 offline
l
loud-helmet-97067
02/15/2023, 2:20 PMThanks @rich-cartoon-70161 for the insights.
So i assume that setting 3rd master node with --etcd and --controlplane is enough to set and trigger HA behaviour with service up when 1 master node goes down.
Will check and confirm on this
r
rich-cartoon-70161
02/15/2023, 5:26 PMYes that should work.
l
loud-helmet-97067
02/16/2023, 1:17 AMNoted with thanks.
If we are to to use external datastore ( https://docs.k3s.io/installation/ha) , is appending --etcd --controlplane with --datastore-endpoint is enough? or external-datastore need to set separately
h
handsome-jewelry-34280
03/18/2023, 3:46 AMHi @loud-helmet-97067, where you able to resolver the correct way to pass the external datastore to a Rancher created K3S cluster?