Merge pull request #77 from galexrt/fix_net_mtusupport

Makefile

@@ -59,6 +59,8 @@ HTTP_PROXY_PASSWORD ?=
 NO_PROXY ?=
 INSTALL_ADDITIONAL_PACKAGES ?=
 PARALLEL_VM_START ?= false
+NETWORK_VM_MTU ?=
+KUBE_NETWORK_MTU ?=
 # === END USER OPTIONS ===
 
 VAGRANT_LOG ?=

README.md

@@ -21,6 +21,9 @@ A demo of the start and destroy of a cluster can be found here: [README.md Demo
  - [Data inside VM](#data-inside-vm)
  - [Show `make` targets](#show-make-targets)
 - [Variables](#variables)
+- [Troubleshooting](#troubleshooting)
+ - [When usign Virtualbox as the provider `make up` hangs after it is done](#when-usign-virtualbox-as-the-provider-make-up-hangs-after-it-is-done)
+ - ["I have a VPN running on my host machine, what should I look out for?"](#i-have-a-vpn-running-on-my-host-machine-what-should-i-look-out-for)
 - [Demo](#demo)
  - [Start Cluster](#start-cluster)
  - [Destroy Cluster](#destroy-cluster)
@@ -233,8 +236,8 @@ versions Print the "imporant" tools versions out for easie
 | `VAGRANT_DEFAULT_PROVIDER` | `virtualbox` | Which Vagrant provider to use. Available are `virtualbox` and `libvirt`. |
 | `BOX_OS` | `fedora` | Which set of Vagrantfiles to use to start the VMs, see [Different OS / Vagrantfiles](#different-os--vagrantfiles) section. |
 | `BOX_IMAGE` | `""` (empty) | Override the VM box image used (only use for override purposes as the image is set based on the `BOX_OS` variable). |
-| `DISK_COUNT` | `1` | Set how many additional disks will be added to the VMs. |
-| `DISK_SIZE_GB` | `25` GB | Size of additional disks added to the VMs. |
+| `DISK_COUNT` | `2` | Set how many additional disks will be added to the VMs. |
+| `DISK_SIZE_GB` | `20` GB | Size of additional disks added to the VMs. |
 | `MASTER_CPUS` | `2` Core | Amount of cores to use for the master VM. |
 | `MASTER_MEMORY_SIZE_GB` | `2` GB | Size of memory (in GB) to be allocated for the master VM. |
 | `NODE_CPUS` | `1` | Amount of cores to use for each node VM. |
@@ -266,6 +269,23 @@ versions Print the "imporant" tools versions out for easie
 | `VAGRANT` | `vagrant` | Path to `vagrant` binary (only needed when `vagrant` is no in your `PATH`) |
 | `KUBECTL` | `kubectl` | Path to `kubectl` binary (only needed when `kubectl` is no in your `PATH`) |
 | `PARALLEL_VM_START` | `false` | (Only use if you know what the effects can be) If master and nodes should be started in parallel, this does not affect the nodes creation + startup. This is normally controlled by passing `-j JOBS` to the `make` command. |
+| `NETWORK_VM_MTU` | `1500` | Set to, e.g., `1350`, to have the VMs interfaces MTU be set to `1350`. This can be used to prevent issues with VPNs running on the host machine (e.g., OpenVPN, Wireguard, etc). |
+| `KUBE_NETWORK_MTU` | `1450` | Use in combination with the `NETWORK_VM_MTU` parameter, this should be set to the value of `NETWORK_VM_MTU - 50`. |
+
+
+## Troubleshooting
+
+### When usign Virtualbox as the provider `make up` hangs after it is done
+
+For unknown reasons the makefile is not exiting after it has printed the "cluster creation successful" message.
+The issue is being looked into it, till then just do `CTRL+C` to exit the `make up` command.
+
+### "I have a VPN running on my host machine, what should I look out for?"
+
+> **TL;DR** Set the following variables on your `make up` run as follows: `NETWORK_VM_MTU=1350` and `KUBE_NETWORK_MTU=1300`.
+
+Set the `NETWORK_VM_MTU` and `KUBE_NETWORK_MTU` according to the MTU of your VPN interface(s) - "overhead" (`50`).
+Using the values in the `TL;DR` should work for "99% percent" of common VPNs.
 
 ## Demo
 

tests/cluster-tests.sh

@@ -15,7 +15,7 @@ oneTimeTearDown() {
 testClusterUpFirst() {
  echo "=== BEGIN COMMAND OUTPUT ==="
  exec 5>&1
- CMD_OUTPUT="$(set -o pipefail; unbuffer make -d -j3 NODE_COUNT=1 KUBE_NETWORK="none" up 2>&1 | tee >(cat - >&5))"
+ CMD_OUTPUT="$(set -o pipefail; unbuffer make -j3 NODE_COUNT=1 KUBE_NETWORK="none" up 2>&1 | tee >(cat - >&5))"
  rtrn=$?
  echo "=== END COMMAND OUTPUT ==="
 

vagrantfiles/Vagrantfile_scripts

@@ -29,20 +29,23 @@ nf_conntrack_ipv4
 nf_conntrack_ipv6
 EOF
 
-# Set mtu of eth0 and eth1 devices to 1300, otherwise there may be issues when using a VPN on the host system.
-cat <<EOF > /etc/systemd/system/ip-set-mtu.service
+if [ #{NETWORK_VM_MTU} -ne 1500 ]; then
+ # Set mtu of eth0 and eth1 devices to 1300, otherwise there may be issues when using a VPN on the host system.
+ cat <<EOF > /etc/systemd/system/ip-set-mtu.service
 [Unit]
-After=network-online.target
+After=network.target
+Before=docker.service
 [Service]
 Type=oneshot
 ExecStart=/bin/bash -c 'ip link set mtu 1300 dev eth0'
 ExecStart=/bin/bash -c 'ip link set mtu 1300 dev eth1'
 [Install]
-WantedBy=default.target
+WantedBy=multi-user.target
 EOF
-systemctl daemon-reload
-systemctl enable ip-set-mtu.service
-systemctl start ip-set-mtu.service
+ systemctl daemon-reload
+ systemctl enable ip-set-mtu.service
+ systemctl start ip-set-mtu.service
+fi
 SCRIPT
 
 $containerRuntimeConfigScript = <<SCRIPT
@@ -153,7 +156,9 @@ canal)
  fi
  curl --retry 5 --fail -s https://docs.projectcalico.org/v3.14/getting-started/kubernetes/installation/hosted/canal/canal.yaml
  ) | \
- sed -e 's/canal_iface:.*/canal_iface: "eth1"/' | \
+ sed \
+ -e 's/canal_iface:.*/canal_iface: "eth1"/' \
+ -e 's/veth_mtu:.*/veth_mtu: "#{KUBE_NETWORK_MTU}"/g' | \
  kubectl apply -f -
  ;;
 # calico network: https://docs.projectcalico.org/v3.13/getting-started/kubernetes/installation/calico
@@ -165,7 +170,9 @@ calico)
  fi
  curl --retry 5 --fail -s https://docs.projectcalico.org/v3.14/manifests/calico.yaml
  ) | \
- sed -e 's?192.168.0.0/16?#{POD_NW_CIDR}?g' | \
+ sed \
+ -e 's?192.168.0.0/16?#{POD_NW_CIDR}?g' \
+ -e 's/veth_mtu:.*/veth_mtu: "#{KUBE_NETWORK_MTU}"/g' | \
  kubectl apply -f -
  ;;
 # flannel network

vagrantfiles/Vagrantfile_vars

@@ -4,7 +4,7 @@
 
 # Disk setup
 DISK_COUNT = ENV['DISK_COUNT'].to_s.strip.empty? ? 2 : ENV['DISK_COUNT'].to_i
-DISK_SIZE_GB = ENV['DISK_SIZE_GB'].to_s.strip.empty? ? 10 : ENV['DISK_SIZE_GB'].to_i
+DISK_SIZE_GB = ENV['DISK_SIZE_GB'].to_s.strip.empty? ? 20 : ENV['DISK_SIZE_GB'].to_i
 
 # Resources
 MASTER_CPUS = ENV['MASTER_CPUS'].to_s.strip.empty? ? 2 : ENV['MASTER_CPUS'].to_i
@@ -56,6 +56,9 @@ NO_PROXY = ENV['NO_PROXY'].to_s.strip.empty? ? '' : ENV['NO_PROXY']
 
 INSTALL_ADDITIONAL_PACKAGES = ENV['INSTALL_ADDITIONAL_PACKAGES'].to_s.strip.empty? ? '' : ENV['INSTALL_ADDITIONAL_PACKAGES']
 
+NETWORK_VM_MTU = ENV['NETWORK_VM_MTU'].to_s.strip.empty? ? 1500 : ENV['NETWORK_VM_MTU'].to_i
+KUBE_NETWORK_MTU = ENV['KUBE_NETWORK_MTU'].to_s.strip.empty? ? 1450 : ENV['KUBE_NETWORK_MTU'].to_i
+
 # Generate new using steps in README
 KUBETOKEN = ENV['KUBETOKEN'] || 'b029ee.968a33e8d8e6bb0d'
 

vagrantfiles/centos8/common

@@ -67,7 +67,7 @@ set -x
 
 cat << 'EOF' > /etc/systemd/system/iptables-forward-accept.service
 [Unit]
-After=network.target
+After=network.target docker.service
 Before=kubelet.service
 
 [Service]
@@ -76,7 +76,7 @@ ExecStart=/usr/sbin/iptables -P FORWARD ACCEPT
 TimeoutStartSec=0
 
 [Install]
-WantedBy=default.target
+WantedBy=multi-user.target
 EOF
 systemctl daemon-reload
 systemctl enable iptables-forward-accept.service