RomanNum3ral
/
kubernetes-arch-install
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update master_node_install.sh

This commit is contained in:
RomanNum3ral 2026-03-27 22:19:34 +00:00
parent fd5987e06e
commit b0d5105378
1 changed files with 27 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
master_node_install.sh
View File

@ -10,6 +10,7 @@ set -Eeuo pipefail
# - Installs required Arch packages
# - Configures kernel modules and sysctl for Kubernetes
# - Configures NetworkManager to ignore CNI interfaces
# - Disables host nftables service to avoid breaking RKE2 service routing
# - Installs RKE2 server
# - Waits for Kubernetes and bundled RKE2 addons to become healthy
# - Installs cert-manager
@ -181,7 +182,7 @@ enable_support_services() {
systemctl enable --now iscsid.service || true
# Do NOT enable nftables.service here.
# On this Arch + RKE2 setup it broke service routing for the cluster IP range.
# On this Arch + RKE2 setup it can break service routing for cluster IPs.
systemctl stop nftables.service >/dev/null 2>&1 || true
systemctl disable nftables.service >/dev/null 2>&1 || true
nft flush ruleset >/dev/null 2>&1 || true
@ -287,15 +288,24 @@ wait_for_system_pods() {
kubectl_rke2 get nodes -o wide || true
kubectl_rke2 get pods -A || true
# Wait for Canal first because service routing depends on it.
log "Waiting for Canal (CNI) to be fully ready"
waited=0
until kubectl_rke2 -n kube-system get pods -l app=rke2-canal -o json 2>/dev/null | jq -e '
.items | length > 0 and all(.[]; .status.phase=="Running")
.items
| length > 0
and all(
.[];
(
(.status.containerStatuses // []) | length
) > 0
and all(.status.containerStatuses[]; .ready == true)
)
' >/dev/null; do
sleep 5
waited=$((waited + 5))
if (( waited % 30 == 0 )); then
warn "Canal not fully ready yet"
warn "Canal is not fully ready yet"
kubectl_rke2 -n kube-system get pods -o wide || true
fi
if (( waited >= 900 )); then
@ -307,11 +317,21 @@ wait_for_system_pods() {
# Give kube-proxy and service routing a moment to settle.
sleep 20
# Wait for bundled addons that Rancher depends on.
log "Waiting for bundled RKE2 addon deployments"
waited=0
until kubectl_rke2 -n kube-system get deploy rke2-ingress-nginx-controller rke2-metrics-server rke2-snapshot-controller >/dev/null 2>&1; do
until kubectl_rke2 -n kube-system get deploy \
rke2-ingress-nginx-controller \
rke2-metrics-server \
rke2-snapshot-controller \
rke2-coredns-rke2-coredns >/dev/null 2>&1; do
sleep 5
waited=$((waited + 5))
if (( waited % 30 == 0 )); then
warn "Bundled addon deployments are not all present yet"
kubectl_rke2 -n kube-system get deploy || true
kubectl_rke2 -n kube-system get pods -o wide || true
fi
if (( waited >= 900 )); then
kubectl_rke2 -n kube-system get pods -o wide || true
die "Timed out waiting for bundled RKE2 addon deployments"
@ -321,9 +341,7 @@ wait_for_system_pods() {
kubectl_rke2 -n kube-system rollout status deploy/rke2-ingress-nginx-controller --timeout=20m
kubectl_rke2 -n kube-system rollout status deploy/rke2-metrics-server --timeout=20m
kubectl_rke2 -n kube-system rollout status deploy/rke2-snapshot-controller --timeout=20m
# CoreDNS can be slightly slower; wait for it too.
kubectl_rke2 -n kube-system rollout status deploy/rke2-coredns-rke2-coredns --timeout=20m || true
kubectl_rke2 -n kube-system rollout status deploy/rke2-coredns-rke2-coredns --timeout=20m
log "System pods are settled"
kubectl_rke2 get pods -A || true