k8s-fedora.md

Deploy Kubernetes Single Node in Fedora 30 Server

More or less a modification of Kubernetes on CentOS 7 with Firewalld post.

The original install script needs modification:

#!/bin/bash

dnf -y update
dnf -y install net-tools wget telnet yum-utils device-mapper-persistent-data lvm2


### Add Docker repository. https://docs.docker.com/install/linux/docker-ce/fedora/
dnf -y install dnf-plugins-core
dnf config-manager \
    --add-repo \
    https://download.docker.com/linux/fedora/docker-ce.repo

## Install Docker CE.
dnf update && dnf install docker-ce docker-ce-cli containerd.io

## Create /etc/docker directory.
mkdir /etc/docker

# Setup daemon.
cat > /etc/docker/daemon.json <<EOF
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "storage-driver": "overlay2",
  "storage-opts": [
    "overlay2.override_kernel_check=true"
  ]
}
EOF

mkdir -p /etc/systemd/system/docker.service.d

# Restart Docker
systemctl daemon-reload
systemctl enable docker
systemctl restart docker

# Disable swap
swapoff -a
sed -i 's/^\(.*swap.*\)$/#\1/' /etc/fstab 

# load netfilter probe specifically
modprobe br_netfilter

# disable SELinux. If you want this enabled, comment out the next 2 lines. But you may encounter issues with enabling SELinux
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config


# Install kuberentes packages
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF

dnf -y install kubectl kubelet kubeadm
systemctl  restart kubelet && systemctl enable kubelet

# Enable IP Forwarding
echo '1' > /proc/sys/net/bridge/bridge-nf-call-iptables
cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF


# Restarting services
systemctl daemon-reload
systemctl restart kubelet

# Install nfs utils for Kubernetes NFS driver
dnf -y install nfs-utils

The versions installed are:

[root@fedora-server-1 ~]# rpm -qa kubectl kubelet kubeadm docker-ce docker-ce-cli containerd.io

kubelet-1.17.2-0.x86_64
kubectl-1.17.2-0.x86_64
kubeadm-1.17.2-0.x86_64
docker-ce-cli-19.03.5-3.fc30.x86_64
docker-ce-19.03.5-3.fc30.x86_64
containerd.io-1.2.10-3.2.fc30.x86_64

The proposed Calico networking plugin do not work because of this, needs to be v3.8

kubectl apply -f  https://docs.projectcalico.org/v3.8/manifests/calico.yaml

This issue with system.slice will appear kubernetes/kubernetes#56850 This comment fixes it, but the correct env var is KUBELET_EXTRA_ARGS=

The master node will not schedule pods, needs to be tainted

https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

kubectl taint nodes fedora-server-1 node-role.kubernetes.io/master:NoSchedule-

The calico pods will be in a crash loop because of this issue kubernetes-sigs/kind#891 This fixes it

kubectl -n kube-system set env daemonset/calico-node FELIX_IGNORELOOSERPF=true

Firewalld does not play well (look at journalctl --unit firewalld.service) Had to disable firewalld with systemctl disable firewalld