Persiapan
Saya menggunakan tiga node VM untuk proyek ini dengan 8 Core, 8GB Memori, dan 80GB untuk penyimpanan container dengan sistem operasi Rocky Linux 9.6 menggunakan RKE2 v1.32.5+rke2r1 dan Cilium v1.17.3
| Hostname Node | vCPU | Memori | Storage | PrivateNet | Peran Node |
|---|---|---|---|---|---|
| knode01master01 | 8 Core | 8GB | 80GB | 172.16.0.211 | Control-plane |
| knode01master02 | 8 Core | 8GB | 80GB | 172.16.0.212 | Control-plane |
| knode01master03 | 8 Core | 8GB | 80GB | 172.16.0.213 | Control-plane |
| knode01worker01 | 8 Core | 8GB | 80GB | 172.16.0.211 | Worker |
| knode01worker02 | 8 Core | 8GB | 80GB | 172.16.0.212 | Worker |
| knode01worker03 | 8 Core | 8GB | 80GB | 172.16.0.213 | Worker |
Semua operasi menggunakan user
root, harap berhati-hati saat menjalankan perintah!
Pada langkah ini, eksekusi dilakukan di semua node
Setel hostname statis
Siapkan environment
NODE_01=knode01master01
NODE_02=knode01master02
NODE_03=knode01master03
NODE_04=knode01worker01
NODE_05=knode01worker02
NODE_06=knode01worker03
NODE_IP01=172.16.0.211
NODE_IP02=172.16.0.212
NODE_IP03=172.16.0.213
NODE_IP04=172.16.0.214
NODE_IP05=172.16.0.215
NODE_IP06=172.16.0.216
Kemudian tambahkan hostname statis di /etc/hosts untuk semua node.
cat <<EOF >> /etc/hosts
$NODE_IP01 $NODE_01
$NODE_IP02 $NODE_02
$NODE_IP03 $NODE_03
$NODE_IP04 $NODE_04
$NODE_IP05 $NODE_05
$NODE_IP06 $NODE_06
EOF
Instalasi paket & dependensi
dnf install -y epel-release
dnf install bash-color-prompt bash-completion \
nano htop iftop iotop net-tools dnsutils \
wget curl jq traceroute mtr tcpdump nmap setroubleshoot policycoreutils
Buat direktori konfigurasi
mkdir -p /etc/rancher/rke2
Inisialisasi Cluster
Pada langkah ini, eksekusi di semua node master
cat <<EOF | tee /etc/rancher/rke2/config.yaml
node-ip: $(hostname -I | awk '{print $1}')
write-kubeconfig-mode: "0600"
tls-san:
- "localhost"
- "127.0.0.1"
cluster-cidr: 10.42.0.0/16
service-cidr: 10.43.0.0/16
# Snapshot etcd setiap 6 jam
etcd-snapshot-schedule-cron: " */6 * * *"
# Simpan 56 snapshot etcd (setara 2 minggu dengan 6 snapshot per hari)
etcd-snapshot-retention: 56
enable-servicelb: false
disable-kube-proxy: true
disable:
- rke2-ingress
cni: cilium
selinux: true
EOF
Unduh RKE2 dari repository resmi
curl -sfL https://get.rke2.io | \
INSTALL_RKE2_CHANNEL="v1.32.5+rke2r1" \
RKE2_NODE_NAME=$(hostname -s) \
INSTALL_RKE2_TYPE="server" \
sh -
Konfigurasi Cilium
Buat file helm values untuk cilium
cat <<EOF | tee /var/lib/rancher/rke2/server/manifests/rke2-cilium-config.yaml
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: rke2-cilium
namespace: kube-system
spec:
valuesContent: |-
k8sServiceHost: 127.0.0.1
k8sServicePort: 6443
kubeProxyReplacement: true
cni:
chainingMode: portmap
localRedirectPolicy: true
bandwidthManager:
enabled: true
bbr: true
l2announcements:
enabled: true
leaseDuration: 15s
leaseRenewDeadline: 5s
easeRetryPeriod: 3s
bpf:
hostLegacyRouting: false
masquerade: true
hubble:
enabled: false
ipam:
mode: kubernetes
nodeIPAM:
enabled: true
enableLBIPAM: true
EOF
Untuk saat ini, Hubble dinonaktifkan untuk menghemat resource.
Aktifkan Node Local DNS Cache
NodeLocal DNS Cache dengan Cilium pada mode kube-proxy replacement
cat <<EOF | tee /var/lib/rancher/rke2/server/manifests/rke2-coredns-config.yaml
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: rke2-coredns
namespace: kube-system
spec:
valuesContent: |-
nodelocal:
enabled: true
use_cilium_lrp: true
EOF
Jika semua persiapan sudah siap, mulai dan aktifkan service rke2-server agar berjalan saat boot.
systemctl enable --now rke2-server.service
Debug/troubleshoot dengan journalctl -xefu rke2-server
Join node control-plane lainnya
Ambil token join dari node master pertama di cat /var/lib/rancher/rke2/server/agent-token
cat <<EOF | tee -a /etc/rancher/rke2/config.yaml
node-ip: $(hostname -I | awk '{print $1}')
server: https://$NODE_IP01:9345
token: K10e6528a04f97734c36d94c9b70e699d5f1df3b254c69c2e91bfa896fa03b468c5::server:aae38fe9abdb13aacf5754e4ba40574c
selinux: true
EOF
Kemudian aktifkan service rke2-server:
systemctl enable --now rke2-server.service
Debug/troubleshoot dengan journalctl -xefu rke2-server
Join node worker
Unduh RKE2 dari repository resmi
curl -sfL https://get.rke2.io | \
INSTALL_RKE2_CHANNEL="v1.32.5+rke2r1" \
RKE2_NODE_NAME=$(hostname -s) \
INSTALL_RKE2_TYPE="agent" \
sh -
Ambil token join dari node master pertama di cat /var/lib/rancher/rke2/server/agent-token
cat <<EOF | tee -a /etc/rancher/rke2/config.yaml
node-ip: $(hostname -I | awk '{print $1}')
server: https://$NODE_IP01:9345
token: K10e6528a04f97734c36d94c9b70e699d5f1df3b254c69c2e91bfa896fa03b468c5::server:aae38fe9abdb13aacf5754e4ba40574c
selinux: true
EOF
Kemudian aktifkan service rke2-agent:
systemctl enable --now rke2-agent.service
Debug/troubleshoot dengan journalctl -xefu rke2-agent
Akses cluster dan instalasi utilitas
Buat direktori .kube di home dan copy/link kredensial cluster, juga set endpoint containerd di /etc/crictl.yaml.
mkdir ~/.kube
ln -s /etc/rancher/rke2/rke2.yaml ~/.kube/config
ln -s /var/lib/rancher/rke2/agent/etc/crictl.yaml /etc/crictl.yaml
Instalasi kubectl, crictl, helm, dan cilium binary.
install /var/lib/rancher/rke2/bin/kubectl /usr/bin/kubectl
install /var/lib/rancher/rke2/bin/crictl /usr/bin/crictl
HELM_VER=$(curl -sL https://get.helm.sh/helm-latest-version)
HELM_FILE=helm-$HELM_VER-linux-amd64.tar.gz
curl -sSL https://get.helm.sh/helm-$HELM_VER-linux-amd64.tar.gz -o $HELM_FILE; tar -zxf $HELM_FILE
install linux-amd64/helm /usr/bin/helm
CILIUM_CLI_VER=$(curl -sL https://raw.githubusercontent.com/cilium/cilium-cli/refs/heads/main/stable.txt)
curl -sSL https://github.com/cilium/cilium-cli/releases/download/$CILIUM_CLI_VER/cilium-linux-amd64.tar.gz -O; tar -zxf cilium-linux-amd64.tar.gz
install cilium /usr/bin/cilium
Aktifkan bash completion untuk memudahkan administrasi.
for i in kubectl crictl helm cilium; do
$i completion bash | tee /etc/bash_completion.d/$i > /dev/null;
done
source /usr/share/bash-completion/bash_completion
Semua node sudah join ke cluster, cek dengan kubectl get node,pod -A -o wide.
Status Cilium CNI.
Referensi
- https://docs.rke2.io/reference/server_config
- https://docs.rke2.io/reference/linux_agent_config
- https://docs.cilium.io/en/stable/installation/cni-chaining-portmap
- https://docs.cilium.io/en/stable/network/l2-announcements/
- https://docs.cilium.io/en/stable/network/node-ipam/
- https://docs.cilium.io/en/stable/network/lb-ipam/
- https://docs.cilium.io/en/stable/network/kubernetes/bandwidth-manager/
- https://docs.cilium.io/en/stable/network/kubernetes/local-redirect-policy/#node-local-dns-cache
- https://cilium.io/blog/2020/06/22/cilium-18/#kubeproxy-removal