dkeightley

Exec into the etcd container

RKE1

docker exec -it etcd sh

RKE2

Using pv-migrate, prometheus monitoring data can be migrated between PV/PVCs when migrating to monitoring v2

This assumes persistent storage is used with monitoring (ie, a PV/PVC exists) and is intended only for cluster monitoring (not project monitoring).

Pre-work

Monitoring v1 apps (in Cluster Manager) should be disabled (Tools > Monitoring)
Ensure the monitoring v1 apps are uninstalled, more details here
Monitoring v2 (in Cluster Explorer) should be installed
Install pv-migrate, steps available here
Configure a kubeconfig for the cluster

Install

curl -sfL https://get.rke2.io | sh -
systemctl enable rke2-server.service
systemctl start rke2-server.service

Env setup

Install the ALB controller

I installed it via helm without IAM roles for Service Accounts (IRSA) configured for the EKS cluster, so the controller pods used the policy's attached to the underlying instance profile of the worker nodes.

https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.3/deploy/installation/#summary

Install Rancher

To deploy Rancher, I used the following helm install command, note using a values file can make this syntax clearer and easier.

	for i in $(kubectl get namespaces -o custom-columns=":metadata.name" --no-headers)
	do
	echo "------ $i"
	kubectl get -n $i configmaps --no-headers > /dev/null \| wc -l
	done

	for clusterId in $(kubectl get clusters.management.cattle.io -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}');
	do
	# empty recipients for cluster alert groups
	for clusterAlertGroup in $(kubectl -n $clusterId get clusteralertgroups -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}');
	do
	kubectl -n $clusterId patch clusteralertgroup $clusterAlertGroup --type merge --patch '{"spec": {"recipients": []}}'
	done
	# disable cluster monitoring
	kubectl patch clusters.management.cattle.io $clusterId --type merge --patch '{"spec": {"enableClusterMonitoring": false}}'
	for projectId in $(kubectl -n $clusterId get projects.management.cattle.io -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}')

	#!/bin/sh

	PUBLIC_IP=$(curl ifconfig.io)

	# export INSTALL_RKE2_VERSION="v1.20.5+rke2r1"

	curl -sfL https://get.rke2.io \| sh -
	mkdir -p /etc/rancher/rke2
	cat > /etc/rancher/rke2/config.yaml <<EOF
	write-kubeconfig-mode: "0640"

	#!/bin/sh

	PUBLIC_IP=$(curl ifconfig.io)

	echo "Installing K3S"
	# export INSTALL_K3S_VERSION="v1.19.5+k3s2"
	curl -sfL https://get.k3s.io \| sh -s - --tls-san ${PUBLIC_IP}

	echo "Downlading cert-manager CRDs"
	wget -q -P /var/lib/rancher/k3s/server/manifests/ https://github.com/jetstack/cert-manager/releases/download/v1.5.1/cert-manager.crds.yaml

	SERVICE=my-nginx
	NAMESPACE=default
	PORT=80

	for ingresspod in $(kubectl -n ingress-nginx get pods -l app=ingress-nginx --template '{{range.items}}{{.metadata.name}}{{"\n"}}{{end}}')
	do
	echo $ingresspod
	for svcep in $(kubectl -n $NAMESPACE get ep $SERVICE -o json \| jq -r '.subsets[].addresses[].ip')
	do
	echo "=> ${svcep}"

	# Calico Version v3.20.0
	# https://docs.projectcalico.org/releases#v3.20.0
	# This manifest includes the following component versions:
	# calico/ctl:v3.20.0

	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: calicoctl
	namespace: kube-system