the utility or performance of the technology Authors Jason Greathouse Bill Maxwell 1.1 - Rancher HA Kubernetes cluster host configuration 1.1.1 - Configure default sysctl settings on all hosts Profile the encryption provider is set to aescbc (Scored) Audit On the control plane hosts for the Rancher HA cluster run: stat /etc/kubernetes/encryption.yaml Ensure that: The file is present The file mode io/v1alpha1 kind: Configuration limits: - type: Server qps: 500 burst: 5000 2.1 - Rancher HA Kubernetes Cluster Configuration via RKE (See Appendix A. for full RKE cluster.yml example) 2.1.1

runtime, reducing resource overhead and improving performance. RKE2 also supports high availability (HA) deployments to ensure reliability and application redundancy. Rancher and RKE2 provide a robust range the option of installing Contrail Analytics with a single instance of Prometheus or with HA Prometheus support. HA Prometheus for Contrail Analytics is a Tech Preview feature. NOTE: We use Helm charts to running Contrail Analytics. By default, the port to use is 30443. 3. To install Contrail Analytics with HA Prometheus support (Tech Preview): NOTE: This feature is classified as a Juniper CN2 Technology Preview

infrastructure DEV DATA CENTER CLOUD BRANCH 5G / EDGE ✔ Common API & Packaging ✔ Health Checks/HA ✔ Load Balancing ✔ Overlay Networking ✔ Network Security Policies ✔ Backup and Recovery ✔ Autoscaling Access Control DEV DATA CENTER CLOUD BRANCH 5G / EDGE ✔ Common API & Packaging ✔ Health Checks/HA ✔ Load Balancing ✔ Overlay Networking ✔ Network Security Policies ✔ Backup and Recovery ✔ Autoscaling Service Discovery ✔ Networking ✔ RBAC & Access Control ✔ Common API & Packaging ✔ Health Checks/HA ✔ Load Balancing ✔ Overlay Networking ✔ Network Security Policies ✔ Backup and Recovery ✔ Autoscaling

change this to an S3-compatible endpoint. Clusters can be restored to any snapshot from the UI or CLI. HA deployments of the SUSE Rancher server require manual configuration of the RKE cluster to perform perform backups. These can also write to local storage or an S3-compatible endpoint. Restoring an HA cluster requires deploying a new Kubernetes cluster, restoring the backup, and performing a new SUSE Rancher

rights Reserved. 8 DEPLOYING AND SCALING KUBERNETES WITH RANCHER The master can be run in HA mode with a multi-master setup. Apart from components listed for master as shown in the above diagram clusters and takes actions if needed to bring it to the desired state. • etcd is a highly available (HA) key-value pair store for all persistent data for the cluster. The etcd server should only be accessible

i s s e t t o etcd:etcd . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. 1 - R an c h e r HA K u b e r n e t e s C l u s t e r C on fi gu r at i on v i a R K E . . . . . 5 2. 1. 1 - C on fi gu