To deploy the Flow Collector in a redundant configuration

Purpose

The following procedure is used to deploy the Flow Collector in either a DR or an HA+DR configuration. This is required when NSP is deployed in either of the same configurations.

Steps
 

Perform To install an NSP cluster, stopping at Step 117.

Execute the following command on site-A (active) to identify nodes that can be tainted:

kubectl get nodes --show-labels --selector='!etcd,!storage'

Add the taint to the desired nodes listed in the output of Step 2 by executing:

kubectl taint nodes <site-A-nodeName-A> fc=present:NoSchedule

kubectl taint nodes <site-A-nodeName-B> fc=present:NoSchedule

Note: The replica number determines the number of nodes to be tainted in this step. In a DR configuration, the replica number is 1. In an HA+DR configuration, the replica number is 2. The above example would be used in an HA+DR configuration to add the taint to 2 nodes.

Perform Step 118 from To install an NSP cluster.

Note: The flow collector pods will remain in a ‘pending’ state.

Ensure the NSP cluster can be accessed from the deployer VM. On the NSP deployer host, enter the following: 

export KUBECONFIG=/opt/nsp/nsp-configurator/kubeconfig/nsp_kubeconfig

Verify that the FC pod(s) is in a ‘pending’ state. Execute:

kubectl get pods -A

Perform the following to add tolerations:

  1. On site-A (active), execute:

    kubectl edit daemonsets.apps -n nsp-psa-restricted nspos-fluentd-belk-fluentd-daemonset

  2. Add the following under the Tolerations section. If the Tolerations section is not present, add it under terminationGracePeriodSeconds, as shown below:

          terminationGracePeriodSeconds: 30

          tolerations:

          - effect: NoSchedule

            operator: Exists

          volumes:

  3. Perform one of the following:

    • When using Kubernetes releases older than 25.4, execute:

      kubectl edit daemonsets.apps -n metallb-system speaker

    • When using Kubernetes release 25.4 or later, execute:

      kubectl edit daemonsets.apps -n metallb-system metallb-speaker

  4. Add the following under the Tolerations section:

          terminationGracePeriodSeconds: 0

          tolerations:

          - effect: NoSchedule

            operator: Exists

          - effect: NoSchedule

            key: node-role.kubernetes.io/control-plane

            operator: Exists

          volumes:

  5. Execute:

    kubectl edit statefulsets.apps -n nsp-psa-restricted flow-collector-sys

  6. Add the following under the Tolerations section:

          terminationGracePeriodSeconds: 0

          tolerations:

          - effect: NoSchedule

            key: fc

            operator: Equal

            value: present

Execute:

kubectl rollout restart daemonset -n nsp-psa-restricted nspos-fluentd-belk-fluentd-daemonset

kubectl rollout restart daemonset -n metallb-system metallb-speaker

kubectl rollout restart statefulset -n nsp-psa-restricted flow-collector-sys

Verify that the FC pod starts in the cluster. Execute:

kubectl get pods -A

10 

Repeat Step 1 through Step 9, specifying site-B (standby) instead of site-A (active) throughout.

Note: In the case of an upgrade or patch that requires the nspdeployer to be re-run to re-configure NSP, the pod level tolerations must be re-applied by executing Step 7 through Step 9 on both site-A (active) and site-B (standby).

11 

If the nspdeployer is re-run to uninstall the NSP, the taints must be removed. Execute:

kubectl taint nodes <site-A-nodeName-A> fc=present:NoSchedule-

kubectl taint nodes <site-A-nodeName-B> fc=present:NoSchedule-

These commands must also be executed on site-B (standby).

End of steps