More or less a modification of Kubernetes on CentOS 7 with Firewalld post.
The original install script needs modification:
#!/bin/bash
dnf -y update
dnf -y install net-tools wget telnet yum-utils device-mapper-persistent-data lvm2
### Add Docker repository. https://docs.docker.com/install/linux/docker-ce/fedora/
dnf -y install dnf-plugins-core
dnf config-manager \
--add-repo \
https://download.docker.com/linux/fedora/docker-ce.repo
## Install Docker CE.
dnf update && dnf install docker-ce docker-ce-cli containerd.io
## Create /etc/docker directory.
mkdir /etc/docker
# Setup daemon.
cat > /etc/docker/daemon.json <<EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}
EOF
mkdir -p /etc/systemd/system/docker.service.d
# Restart Docker
systemctl daemon-reload
systemctl enable docker
systemctl restart docker
# Disable swap
swapoff -a
sed -i 's/^\(.*swap.*\)$/#\1/' /etc/fstab
# load netfilter probe specifically
modprobe br_netfilter
# disable SELinux. If you want this enabled, comment out the next 2 lines. But you may encounter issues with enabling SELinux
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
# Install kuberentes packages
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
dnf -y install kubectl kubelet kubeadm
systemctl restart kubelet && systemctl enable kubelet
# Enable IP Forwarding
echo '1' > /proc/sys/net/bridge/bridge-nf-call-iptables
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
# Restarting services
systemctl daemon-reload
systemctl restart kubelet
# Install nfs utils for Kubernetes NFS driver
dnf -y install nfs-utils
The versions installed are:
[root@fedora-server-1 ~]# rpm -qa kubectl kubelet kubeadm docker-ce docker-ce-cli containerd.io
kubelet-1.17.2-0.x86_64
kubectl-1.17.2-0.x86_64
kubeadm-1.17.2-0.x86_64
docker-ce-cli-19.03.5-3.fc30.x86_64
docker-ce-19.03.5-3.fc30.x86_64
containerd.io-1.2.10-3.2.fc30.x86_64
The proposed Calico networking plugin do not work because of this, needs to be v3.8
kubectl apply -f https://docs.projectcalico.org/v3.8/manifests/calico.yaml
This issue with system.slice
will appear kubernetes/kubernetes#56850
This comment fixes it, but the correct env var is KUBELET_EXTRA_ARGS=
The master node will not schedule pods, needs to be tainted
https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
kubectl taint nodes fedora-server-1 node-role.kubernetes.io/master:NoSchedule-
The calico pods will be in a crash loop because of this issue kubernetes-sigs/kind#891 This fixes it
kubectl -n kube-system set env daemonset/calico-node FELIX_IGNORELOOSERPF=true
Firewalld does not play well (look at journalctl --unit firewalld.service
)
Had to disable firewalld with systemctl disable firewalld