Some issues with my current configuration

All the points are in chronological order, the oldest point is on top and the newest at the bottom.

Enable etcd for better performance

Earlier this month, my cluster was so slow. I only have 2 worker nodes and a master.

To me something was wrongly configured. After looking some people complains on Github and forums, I decided to move from the default database (SQLite) to etcd.

K3s is offering the possibility to convert the single node cluster to something more larger. Thanks to the High Availability documentation page, I simply added the --cluster-init argument in the systemd service, but before that I have carefully backuped my VPS, in case of a error.

To edit the service file, execute:

$ vi /etc/systemd/system/k3s.service

Then at the end of the file, you need to add '--cluster-init' \, I am sure that there is an automatable way to do this, I just don’t want to take the risk.

After modifying the file, reload daemons (systemctl daemon-reload) and restart K3s.

HCP Vault

I taught I will not have as much as secrets to keep secret in HCP Vault. I had to setup a Vault inside the Kubernetes cluster to keep everything safe and to be able to have more than 20 secrets.

The PR on GitHub.

The boring part of self-hosting Vault is to unseal it. I manage this part by putting the keys in HCP and creating a cronjob to unseal the vault. The vault unseal tokens are not in the cluster for obvious security reason, even if by doing my method the security is an unknown word.

Multipasspath

Sometimes, the volume can’t remount, which is annoying. To avoid this problem, you have to add:

blacklist {
    devnode "^sd[a-z0-9]+"
}

in the /etc/multipath.conf file, and restart multipath service: sudo systemctl restart multipathd.service.