From 71225152ce204a6076224895ed4968decb2d4229 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Mon, 20 Jan 2025 21:18:10 -0800 Subject: [PATCH] Switch to newer bigger Hetzner machine --- config/hetzner-2i2c.yaml | 2 +- docs/source/deployment/k3s.md | 30 +++++++++++++++++++++++----- secrets/hetzner-2i2c-kubeconfig.yml | Bin 0 -> 2988 bytes secrets/hetzner-2i2c.yml | Bin 2985 -> 0 bytes 4 files changed, 26 insertions(+), 6 deletions(-) create mode 100644 secrets/hetzner-2i2c-kubeconfig.yml delete mode 100644 secrets/hetzner-2i2c.yml diff --git a/config/hetzner-2i2c.yaml b/config/hetzner-2i2c.yaml index cc8e8a2c0..379e9081a 100644 --- a/config/hetzner-2i2c.yaml +++ b/config/hetzner-2i2c.yaml @@ -127,7 +127,7 @@ ingress-nginx: scope: enabled: true service: - loadBalancerIP: 138.199.149.127 + loadBalancerIP: 116.203.245.43 static: ingress: diff --git a/docs/source/deployment/k3s.md b/docs/source/deployment/k3s.md index 01e507dcc..53a307d2c 100644 --- a/docs/source/deployment/k3s.md +++ b/docs/source/deployment/k3s.md @@ -26,12 +26,32 @@ We can use the [quickstart](https://docs.k3s.io/quick-start) on the `k3s` websit config of _disabling traefik_ that comes built in. We deploy nginx as part of our deployment, so we do not need traefik. -```bash -curl -sfL https://get.k3s.io | sh -s - --disable-traefik -``` +1. Create a Kubelet Config file in `/etc/kubelet.yaml` so we can + tweak various kubelet options, including maximum number of pods on a single + node: -This runs for a minute, but should set up latest `k3s` on that node! You can verify that by running -`kubectl get node` and `kubectl version`. + ```yaml + apiVersion: kubelet.config.k8s.io/v1beta1 + kind: KubeletConfiguration + maxPods: 300 + ``` + + We will need to develop better intuition for how many pods per node, but given we offer about + 450M of RAM per user, and RAM is the limiting factor (not CPU), let's roughly start with the + following formula to determine this: + + maxPods = 1.75 * amount of ram in GB + + This adds a good amount of margin. We can tweak this later + +2. Install `k3s`! + + ```bash + curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="server --kubelet-arg=config=/etc/kubelet.yaml" sh -s - --disable=traefik + ``` + + This runs for a minute, but should set up latest `k3s` on that node! You can verify that by running + `kubectl get node` and `kubectl version`. ## Extracting authentication information via a `KUBECONFIG` file diff --git a/secrets/hetzner-2i2c-kubeconfig.yml b/secrets/hetzner-2i2c-kubeconfig.yml new file mode 100644 index 0000000000000000000000000000000000000000..57cbdd47c757838fce4a73f2dc2f0254e38bb33f GIT binary patch literal 2988 zcmV;d3sdv}M@dveQdv+`0Jaiz58zK@Na zzcfA0`?{>x*(Dsu+_RMf0Lhcz<^*umG{s6%hLM9k#1MvtjGi^x<(M51XB95xk}kpK zrni(xBaG#rcr7P7+2|^7I6BlYa^w1E>5Dw5;LAC?z%1{t$#W+wR29s}C>0xDX!by+ z1wYCuVMm*Qy}zoNrlZmH_mC zC$N+T*k$k{@w)wv`EJ)oU$M`k4*uGcf-4hBOd<&Lu(IG?KZ6^=7KGsRlAB}VDvre}`Yd$J5lLUR6t8OFT`_nB8q!0~TgEcrWC zyK|U;8=KprpRT1N^M0p6)v74bGP2sWy z(uB7x2Mm+4%##vl?!s9GO&oY^2F%Zbv21iCwRf#iz8c~gNhZAvItYrR{xNvhu+S-+ zcSng6)`lq>rvr++XQDwP)s? zb0=9p{X4Tf5RJWJ={;MV##cJVKZQ_E{RqMV`WkjPUHC`%;n|+dO(Z2|N3SQQ)$#vj zUDsY`$rnc8(N(7$?}Ho#Xf)`<7*+YaMuKXwFeH1~LrrP&#DseCt(Im6$nzbe&EI7# zaCo*pOXpH>+X0ws3RBU}vr#_>#%kJHB*_RCQ!1u8*uEe*mMibg-DIuH^1;DW7W%j+ zY#SQYmw<)14qE2}Ew#NlplC#iYn3>yE6N12*XL}i$z|>mZKOL%I7ReF`yzr;eE&(s7Jf58AbaGI-3DM!l9IgVoAG*Kg zH_H4m4BE0^gV4RCV;(ceDE*OeQ`aLH z*D!np>H)eO;WMLibmtD}-%l>h%C4gly<@xTP@ul@bz#;{wF=9KSWtQ=tn_U=jyE!@z0Z&Vr%ELWripdPpEC4 z+)Q=fu{OVrh1kvyWGd(ML7LjlNtD?h^%F6LZ#Q}&iYn|G=>$q;n#kPu%QYnhv}htC z&wzqQX@ON9V|+kisLwPRV3;KrpQ6=gf01c@Pa3(mn0dltPtLn#2sF(9+aqHS%#dSR z#>QTzJdF?9$so{;fIs>-C0U+QX#vli3Jtvjv^s{e*#Na>tS)3P zpfdod-hNgXOK2oQQtMb&3tE1OIe3ue1*?{6vO00yujPj1=I~=2<&9O0YxIMVH1k>z z1&0!eVaixG&rsOM@7K$j}Ykhy&G1HW$mi9SYy!JT!;-glh=Yz zd649MHK|b+^i_9{Jy=M4KmcWI8yiVMg@w>`89S^?vZi#!eh>?S+~f|usV4% zxdIbQ8@MAUrQf^0e1bUG$R1xH)l;`k(R}L=TR2RWDkygSG9CipI+=2miAXt=@uuF= z{bYIXk81{y)?lWwd%M7~TB4B28Ujz%1?C*z1NM!nHT=-Sa{2)CEUd99X~pLaU?xV3Apno&t{Nab%K zn>le&dy0J8ywB@1_%dImT?hvD#(2DZrWvh!YNbqeUTRu`#y+8szp%9T+nEsa+Sjx# z|A#%}>1i;S&7^&7P|JrsQ}w1qD=3u`fksdbzsfg0+;{{+B{J%cHy|O!Ffg4}p979b zI%$8k7cn_nm^X5R2~f-OcP)1~zJBjN=m*yG&4IRux8HGmhpYwAK>Le(&$x~ z>0`$nTPc|Z+y4C=cr!AhEroSiuEkT-vX;^@C9?-U=vi@=Bzmmc#5bsO&sR6pZNnm-jrT_WQtX?72q zYf^txwBF}C1b7d8si;xn3o7ZAj`12GSNu-%L%hdNsT zW=aw6|MbD{N1|8rBY#u5lf&G)v|89ZpEVRw@3UTRn)an$7{T0tet-Y@LT<+&wdfv=mT3WjVgE)626~r^z;?Er%7d|{*OC1ONjovWnD)Q zBvo#T1wb7%E_0|2A2SZ_Q^Lk$f4aO7Pimy-jX|CuX&ZCy!2^+fixsstKb{`rE%dC(*7AQpfKv6lAl~`u7xS#IeyK`Z9vRlN|<`_(+Y9OTs i@ilQtBbDt~5ft8hNb2O>n1LB0mn7AO3o7!Z@Jt0et-Q|w literal 0 HcmV?d00001 diff --git a/secrets/hetzner-2i2c.yml b/secrets/hetzner-2i2c.yml deleted file mode 100644 index 45fcc734910376a9c6dd65a882bd445b22c054a8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2985 zcmV;a3s&?1M@dveQdv+`0OtE|^8kak5)d+%%oC%%aMLCEU_;?y8!E~4WcCrQ;aA*8 zHlp~R+gZ($JI_nGk}$N@*>(Jc&LgMq6VF^9CzWYwK>GbbAYp5V%3j6}qFE=cjT>tB zaxWAH;w_%9yw^0V{&~=FLyPUCtg5{Xrz?y^V~J#C(pUD@4qZryO`T%1#S`+%+@x!x zzDLHFhZ-qkRKd(2A6w;s0T^YcNs70ubvID!Cf@mlT8=zd_o;VJ|8;qdNH-|0_l($}K0Zj(wd0gp{Y9 zTu7uBj>hO!+n~`ZWX#w=o2gnJCS{^MX4HN55LiQxUK@{Fi$GSAwF@6OG zr4TT1mJjpKN|ZMtkBBYGmO*E=pr#@B<(U~aZ1Tdi>nlP8ca{zgw;Cik%4zfZ9s^l+ z2s}jMtDyI41{~LvGqFmIVNk6Fv*x-$n{Ur=_OXA=lk1puDK-$WKDJMEgXGGxmw%DM z@weBM#;7`t>n^SRRklpRMs6Evl$L}k&AU(+bnD`!QXFLOrw(`F1su_PlbPo>4$5S< zwb~c-I zUjyey4q;ZIxyb|J;C2AhYVLyt*9NT;Q;*6$$v4N|5p3jf+*jt$Ko7!7xe0#v)@?R( z*wo)se6q;=nZ9a#WYsA)74nOdkdRf+*z}SsWs9SkzvXE>0U=Q7DBPDNNp?N~8z_2a zX82%>bESC1QTqWc2uLXIH;^W7VW#kwO9v8312=XG1X6|IDSP`M1c1OJe{yv>It|cU z$`!8ZhtO;rmFJdapGS%3eyRciCJPl2wY^M^W^V{evK)esQ)V+1iYDxtNjE0r+BRkv z{2l8>enuMWL7yR|Gn!&l$ zE!2i)nAu)V&3$<|pRer?C$CjOf_BuR*mA4&sa%WN3cy*n)dGS_miJJ)_Q)FW4ClvH z=So#|S`9YaC0P3Q<5SeQFu}@L#|DOD>Iwc6fLfLK;@PQWl5+v>7wC<|wwmaLh@+@2 z6M2>_*j^*gj_j|Di42>v&%S?T6Jzt3Nl-~6`}a zXOLzo!p4}h`Aw%FTc7ct^k{=`RfkiN=d$HU#km| zqsDt3Lk@{;a3cLUWDfwna<7;*fEi-H0bi)?RV#Qbu=sx|{Ub8o)yGRJmjI>midTOF z!?i_;Mxre&yZv`-n^4-lR`%lWggzMwQdpk;O#A8=)B`4{0IQbsoR%PnFFgTV=>sz! z!7v*j$oBnPX~ZwMVQV<_!@q{xVJb zcW~6k$+8(^mwZ}IWKYVMyu5U>kQFyQe^ip=6`>}*sanAwtx~ExEYLR6vN1&2X+XiY z1jVX?iC1>A_BOY5C?E{}3avB>vI*$3Z=B+>dJj+WrMYX2U`0&{YJ$B2g3TefrZR;x zEz-Hneo4x>r&nhIi1qro1kfiN4eSWTDHZam#sa~eLA{Hl(8HfAN~7Nap@dqoE!tl9f{=PCv0 zZ(}0qJpDhFAg>Jg+(pl!b1J+;caIw#`5EhxkQ}asGa!fEw{jz_;Hv9waP1^jT};^7 z>NOoCC?VFpT+nDew$J{UJ%HpBV=vt?R}4oab=1Aw*}kT!TVJ89jLrda3a@FE-|wo5 zl~Wp!C1g&FL*bEP;2Yz?9aoA-CFk&wafnejt2o@zq)|3J9ej|nb@Zw=C0O14a>KSD zK)OZ==7T9uHr3?PTCh+*zoV^oj5}C%^oq3qCh0=Y+_>wJY0d?*|Fnj9lxFemv$Nt$ zzyiw2JWi$Hz@a>~G9N&RDHqDxX{v2L_u0u^fXeA>(Zp}4f(2Q5wJV08$Y!l2vA~|6 zb|T8`;djUapw_;J1O;~+p~q*Z=UFpAFwZs1WID~MS1F4}&* zQ%4)dzd;ga{1O{sqv78x5^p2`vz>ZqQe?xVk!2PrdhQnPiPU>;Q7W8G6Wz9+ZH^N~ zHsSVEx`c5_s=lND{;xQ;6w`UGOq=5>YZ^?#sBIedMHzm>HN1_OBPq_epNF93(Y@gg z;0>V=$tR$5;d}P-^$5%Nvmt1jYTIoY@u)(8XGGs+S%u8eevXQiEe-~8yzGC7$g*H* z7_$J3e<_ohH92S9O@B(dg>Ma#{1@hirWwebK8`I0TrD5R?0+J&$35%3va+{&hcpXS zmiVj#EODu%*(_e&@t{E8Avb&4q~KKy))Rm%3L-(iRd(3QqmmDlvMOb#%cf;zV3Z*5 z_pEkK)G!6yl%8k?)E1`ML>Radqv)K47 zV;Z4CRPmh2Gg~?Kg%3zTGW$vRy4p(h_N=RxE|Uf(WE=cHFK{}AJS?tWTGsB6P3jStE&tvhNisF?L=K?uGJ_HaDL*&EyF`tQ#a~`rV&c;l2;Y% zd9DwQVR10?5gA!Rs6^Eip(08O3U@C-GR>_3`LwJ!Kh(^B?$AL)&`aXvNG{&NTrLm8 z|J=(K-4D0u*Y-aI62-OM^eHW*_X+}6W0UR&&~-b&r?YH-sZ%$*S@~=1)n7ZJ1L5Ex zxj@KnZ3J^K+I0)XDIX*IQNIyw@Hpe_xsBh26;kv9j7V$|Dt61d3i%|ZZk1I{S1a9g zJRfJ0@^&Hl8J9CKi+GKRo-vBoxs1j$3T;4w&0W3Ed#O4$?%UiTp;HR8@=E6#paYOF zZ61z$S+S=GWDjO#ERsI(#Fg%k+TkV{bB(;+4RNUMIozrO=p-Q zmuiSQ`0lE!!f}=G1!^u8ju=02I#Q)#@%%!|F$ko^HFYxelicB<4l=U$rbSLEq}E`D z*UUQuUjQ+IlJD*9irw7Q?Fh+3ge&W%%){byP>xHUusW{CxhkcGeK@z`39)xC0p%P{`t+@^8S25b#?rU_shOy_X+-XWDR<~0<@1C6gOy*TK&6K flEau5TCt#miE2%+2txnyg3V>v-8wod^E!s+k`T|Z