feat: optimize server/agent workload and shorten kube-vip lease

zifeo · Jun 19, 2024 · cda7cf1 · cda7cf1
1 parent 2a7f723
commit cda7cf1
Show file tree

Hide file tree

Showing 9 changed files with 13 additions and 46 deletions.
diff --git a/README.md b/README.md
@@ -73,7 +73,7 @@ yourself `/etc/rancher/rke2/rke2.yaml` on server nodes.
 
 ```
 # remove server url from rke2 config
-vim /etc/rancher/rke2/config.yaml
+sudo vim /etc/rancher/rke2/config.yaml
 # ssh into one of the server nodes (see terraform output -json)
 # restore s3 snapshot (see restore_cmd output of the terraform module):
 sudo systemctl stop rke2-server

diff --git a/agent.log.zip b/agent.log.zip
diff --git a/manifests/velero.yaml.tpl b/manifests/velero.yaml.tpl
@@ -26,8 +26,6 @@ spec:
         volumeMounts:
           - mountPath: /target
             name: plugins
-    nodeSelector:
-      node-role.kubernetes.io/master: "true"
     tolerations:
       - effect: NoExecute
         key: CriticalAddonsOnly
@@ -38,7 +36,7 @@ spec:
         memory: 128Mi
       limits:
         cpu: null
-        memory: null
+        memory: 256Mi
     kubectl:
       image:
         repository: docker.io/bitnami/kubectl
@@ -53,7 +51,7 @@ spec:
           bucket: ${bucket_velero}
           config:
             cloud: self
-            region: ${region}    
+            region: ${region}
       volumeSnapshotLocation:
         - name: default
           provider: csi
@@ -64,7 +62,6 @@ spec:
         OS_APPLICATION_CREDENTIAL_SECRET: ${app_secret}
         # for community.openstack.org/openstack (env vars do not work and take precedence over clouds.yaml unless cloud set)
         OS_CLOUD: self
-
     credentials:
       # for community.openstack.org/openstack
       secretContents:
@@ -89,10 +86,8 @@ spec:
         mountPath: /etc/openstack/clouds.yaml
         readOnly: true
         subPath: clouds.yaml
-
     backupsEnabled: true
     snapshotsEnabled: true
-
     deployNodeAgent: true
     nodeAgent:
       podVolumePath: /var/lib/kubelet/pods

diff --git a/node/cloud-init.yaml.tpl b/node/cloud-init.yaml.tpl
@@ -87,7 +87,6 @@ write_files:
       curl -sfL https://get.rke2.io | sh -
     fi
 %{ if is_server ~}
-  %{~ if is_first ~}
     %{~ for k, v in manifests_files ~}
 - path: /opt/rke2/manifests/${k}
   permissions: "0600"
@@ -129,7 +128,6 @@ write_files:
         /usr/local/bin/customize-chart.sh "$CHARTS_DIR/$patch_name" "$patch"
       fi
     done
-  %{~ endif ~}
 - path: /etc/modules-load.d/ipvs.conf
   permissions: "0644"
   owner: root:root
@@ -175,11 +173,11 @@ write_files:
         - name: vip_leasename
           value: plndr-cp-lock
         - name: vip_leaseduration
-          value: "15"
+          value: "5"
         - name: vip_renewdeadline
-          value: "10"
+          value: "3"
         - name: vip_retryperiod
-          value: "2"
+          value: "1"
         - name: enable_node_labeling
           value: "true"
         - name: lb_enable
@@ -292,17 +290,13 @@ runcmd:
   - until [ -d /var/lib/rancher/rke2/agent/pod-manifests/ ]; do echo "Waiting for $(hostname) static pods"; sleep 1; done
   - mv -v /opt/rke2/kube-vip.yaml /var/lib/rancher/rke2/agent/pod-manifests/kube-vip.yaml
   - ls /var/lib/rancher/rke2/agent/pod-manifests
-    %{~ if is_first ~}
   - wget https://github.com/mikefarah/yq/releases/download/v4.40.5/yq_linux_amd64.tar.gz -O - | tar xz && mv yq_linux_amd64 /usr/bin/yq
   - until [ -d /var/lib/rancher/rke2/data/v*/charts ]; do echo "Waiting for $(hostname) charts data"; sleep 1; done
   - /usr/local/bin/customize-charts.sh $(realpath /var/lib/rancher/rke2/data/v*/charts)
   - until [ -d /var/lib/rancher/rke2/server/manifests ]; do echo "Waiting for $(hostname) manifests"; sleep 1; done
   - /usr/local/bin/customize-charts.sh /var/lib/rancher/rke2/server/manifests
   - mv -v /opt/rke2/manifests/*.yaml /var/lib/rancher/rke2/server/manifests
   - ls /var/lib/rancher/rke2/server/manifests
-    %{~ else ~}
-  - for i in $(find /var/lib/rancher/rke2/server/manifests -type f); do cp -v $i $i.skip; done
-    %{~ endif ~}
   - until systemctl is-active -q rke2-server.service; do echo "Waiting for $(hostname) rke2 to start"; sleep 3; journalctl -u rke2-server.service --since "3 second ago"; done
   %{~ else ~}
   - systemctl enable rke2-agent.service

diff --git a/node/main.tf b/node/main.tf
@@ -39,10 +39,6 @@ resource "openstack_compute_instance_v2" "instance" {
   key_pair     = var.keypair_name
   config_drive = true
 
-  connection {
-    user = var.system_user
-  }
-
   network {
     port = openstack_networking_port_v2.port[count.index].id
   }

diff --git a/patches/rke2-coredns.yaml.tpl b/patches/rke2-coredns.yaml.tpl
@@ -1,7 +1,3 @@
-
-%{ if operator_replica > 1 }
-nodeSelector:
-  node-role.kubernetes.io/master: "true"
 resources:
   requests:
     cpu: "100m"
@@ -10,5 +6,10 @@ resources:
     cpu: "100m" # because of autoscaler
     memory: "128Mi"
 autoscaler:
-  enabled: false
-%{ endif }
+  min: ${operator_replica}
+  resources:
+    requests:
+      cpu: "20m"
+      memory: "10Mi"
+    limits:
+      memory: "10Mi"
diff --git a/patches/rke2-metrics-server.yaml.tpl b/patches/rke2-metrics-server.yaml.tpl
@@ -1,7 +0,0 @@
-
-nodeSelector:
-  node-role.kubernetes.io/master: "true"
-tolerations:
-  - effect: NoExecute
-    key: CriticalAddonsOnly
-    operator: "Exists"

diff --git a/patches/rke2-snapshot-controller.yaml.tpl b/patches/rke2-snapshot-controller.yaml.tpl
@@ -1,7 +1 @@
 
-nodeSelector:
-  node-role.kubernetes.io/master: "true"
-tolerations:
-  - effect: NoExecute
-    key: CriticalAddonsOnly
-    operator: "Exists"
diff --git a/patches/rke2-snapshot-validation-webhook.yaml.tpl b/patches/rke2-snapshot-validation-webhook.yaml.tpl
@@ -1,7 +1 @@
 
-nodeSelector:
-  node-role.kubernetes.io/master: "true"
-tolerations:
-  - effect: NoExecute
-    key: CriticalAddonsOnly
-    operator: "Exists"