Update worker_node_install.sh

worker_node_install.sh

@@ -4,18 +4,64 @@ set -Eeuo pipefail
 ########################################
 # Arch Linux RKE2 Worker Node Prep
 #
-# What this script does:
+# WHAT THIS SCRIPT DOES:
 # - Disables swap
 # - Installs required Arch packages
 # - Configures kernel modules and sysctl for Kubernetes
 # - Configures NetworkManager to ignore CNI interfaces
-# - Disables host nftables service to avoid breaking RKE2 service routing
+# - Disables host nftables service (required for RKE2 networking)
-# - Installs RKE2 agent pinned to the same version as the master
+# - Installs RKE2 agent (worker)
-# - Prepares the node for a later manual join
+# - Prepares the node for manual join (DOES NOT join automatically)
 #
-# Optional environment variables:
+# ======================================
-#   RKE2_VERSION=v1.34.5+rke2r1
+# HOW TO USE THIS SCRIPT
-#   WORKER_NODE_NAME=arch-kubernetes-worker1
+# ======================================
+#
+# 1. Run this script on the worker node:
+#
+#    chmod +x worker_node_install.sh
+#    sudo ./worker_node_install.sh
+#
+#    (Optional: set a custom node name)
+#    sudo WORKER_NODE_NAME='worker-1' ./worker_node_install.sh
+#
+# --------------------------------------
+# 2. On the MASTER node, get the token:
+#
+#    sudo cat /var/lib/rancher/rke2/server/node-token
+#
+# --------------------------------------
+# 3. On the WORKER node, edit config:
+#
+#    sudo nano /etc/rancher/rke2/config.yaml
+#
+#    Replace with:
+#
+#    server: https://<MASTER_IP>:9345
+#    token: <NODE_TOKEN>
+#    node-name: <OPTIONAL_NAME>
+#
+# --------------------------------------
+# 4. Start the worker:
+#
+#    sudo systemctl enable --now rke2-agent
+#
+# --------------------------------------
+# 5. Verify
+#
+#    On worker:
+#      sudo systemctl status rke2-agent --no-pager
+#      sudo journalctl -u rke2-agent -n 200 --no-pager
+#
+#    On master:
+#      sudo /var/lib/rancher/rke2/bin/kubectl get nodes -o wide
+#
+# ======================================
+# NOTES
+# ======================================
+# - This script does NOT join automatically (by design)
+# - Safe for reuse across multiple worker nodes
+# - Compatible with your working master script
 ########################################
 
 RKE2_VERSION="${RKE2_VERSION:-v1.34.5+rke2r1}"
@@ -146,8 +192,7 @@ enable_support_services() {
 
   systemctl enable --now iscsid.service || true
 
-  # Do NOT enable nftables.service here.
+  # IMPORTANT: nftables must be disabled for RKE2 networking
-  # On this Arch + RKE2 setup it can break service routing for cluster IPs.
   systemctl stop nftables.service >/dev/null 2>&1 || true
   systemctl disable nftables.service >/dev/null 2>&1 || true
   nft flush ruleset >/dev/null 2>&1 || true
@@ -197,22 +242,7 @@ print_summary() {
   echo "Config file:   ${RKE2_CONFIG_FILE}"
   echo "Node name:     ${WORKER_NODE_NAME:-<default hostname>}"
   echo
-  echo "This node has NOT joined the cluster yet."
+  echo "Node is ready. Follow instructions above to join cluster."
-  echo
-  echo "Next steps:"
-  echo "1. Edit ${RKE2_CONFIG_FILE}"
-  echo "2. Set:"
-  echo "     server: https://YOUR_MASTER_IP:9345"
-  echo "     token: YOUR_NODE_TOKEN"
-  if [[ -n "${WORKER_NODE_NAME}" ]]; then
-    echo "     node-name: ${WORKER_NODE_NAME}"
-  fi
-  echo "3. Start the agent:"
-  echo "     sudo systemctl enable --now rke2-agent"
-  echo
-  echo "Check status:"
-  echo "  sudo systemctl status rke2-agent --no-pager"
-  echo "  sudo journalctl -u rke2-agent -n 200 --no-pager"
 }
 
 main() {