Installing node-sitter

node-sitter is a tool for implementing application fault tolerance in a node group with preemptible VMs.

The node-sitter features include:

• Pod eviction when cluster nodes on preemptible VMs shut down.
• Installation of additional trusted root certificates.
• Configuring container image downloads via a proxy.
• Advanced kubelet launch settings.

Getting startedGetting started

1. Create a node group with the following parameters:

   • Computing resources: Select Custom.
   • Under Additional, enable Preemptible.
   • Under Additional, add a custom taint policy for the application, e.g., node-sitter: 1.

2. Make sure the security groups for the Managed Service for Kubernetes cluster and its node groups are configured correctly. If a rule is missing, add it.

   Warning

   The configuration of security groups determines performance and availability of the cluster and the services and applications running in it.

Installation from Yandex Cloud MarketplaceInstallation from Yandex Cloud Marketplace

1. Navigate to the folder dashboard and select Managed Service for Kubernetes.

2. Click the name of the Kubernetes cluster you need and select the Marketplace tab.

3. Under Application available for installation, select node-sitter and click Go to install.

4. Configure the application:

   • Namespace: Create a new namespace, e.g., node-sitter. If you leave the default namespace, node-sitter may work incorrectly.
   • Application name: Specify the application name.
   • Install node-drainer: Leave this option enabled so the integrated node-drainer script prevents pods in the Error or Completed state from appearing on the nodes of the preemptible VM group.
   • Tolerations key name: Specify the key name of the taint policy you set previously. node-sitter pods will configure new nodes in the preemptible VM group before user load is distributed to them. After the nodes are successfully configured, node-sitter will remove the taint policy so user applications can run on these nodes. If you skip this setting, the system will configure the nodes while starting user applications.
   • (Optional) Trusted certificates: Copy the contents of the x.509 certificate file in PEM format for installation into the trusted certificate storage on the nodes of the preemptible VM group. When recreating nodes, the certificates will be reinstalled.
   • (Optional) Parameters for kubelet: Specify additional parameters for running kubelet on the nodes of the preemptible VM group.
   • (Optional) Proxy settings: Specify proxy settings for downloading container images on the nodes of the preemptible VM group. The settings are provided via the HTTP_PROXY and HTTPS_PROXY environment variables.

5. Click Install.

6. Wait for the application status to change to Deployed.

Installation using a Helm chartInstallation using a Helm chart

1. Install Helm v3.8.0 or higher.

2. Install kubect and configure it to work with the new cluster.

3. To install a Helm chart with node-sitter, run the following command, specifying the parameters of the resources you created earlier:

   helm pull oci://cr.yandex/yc-marketplace/yandex-cloud/node-sitter/node-sitter/chart/node-sitter \
      --version 0.1.6 \
      --untar && \
   helm install \
      --namespace <namespace_for_node_sitter> \
      --create-namespace \
      --set node_drainer_enabled='true' \
      --set toleration_name='<taint_policy_name>' \
      --set custom_certs='<PEM_trusted_certificates>' \
      --set custom_kubelet_flags='<additional_kubelet_launch_options>' \
      --set containerd_proxy='<proxy_settings_for_downloading_images>' \
     node-sitter ./node-sitter
   

   Installation parameters:

   • --namespace: Namespace where the application will be deployed.

     If you set the default namespace, node-sitter may work incorrectly. We recommend specifying a value different from all the existing namespaces, e.g., node-sitter-space.

   • node_drainer_enabled: When set to true, the integrated node-drainer script prevents pods in the Error or Completed state from appearing on the nodes of the preemptible VM group.

   • toleration_name: Key name of the taint policy key you set previously. node-sitter pods will configure new nodes in the preemptible VM group before user load is distributed to them. After the nodes are successfully configured, node-sitter will remove the taint policy so user applications can run on these nodes. If you skip this setting, the system will configure the nodes while starting user applications.

   • custom_certs: Contents of the X.509 certificate file in PEM format for installation into the trusted certificate storage on the nodes of the preemptible VM group. When recreating nodes, the certificates will be reinstalled.

   • custom_kubelet_flags: Advanced settings for running kubelet on nodes in the preemptible VM group.

   • containerd_proxy: Proxy settings for downloading container images on the nodes of the preemptible VM group. The settings are provided via the HTTP_PROXY and HTTPS_PROXY environment variables.

   Note

   If you are using a Helm version below 3.8.0, add the export HELM_EXPERIMENTAL_OCI=1 && \ string at the beginning of the command to enable Open Container Initiative (OCI) support in the Helm client.