Skip to content

Instantly share code, notes, and snippets.

@jasonbrooks

jasonbrooks/kubeadm-cah.md

Last active May 29, 2021 00:18
Show Gist options
  • Save jasonbrooks/5d25118fa64d52af067b8fc14453c8bc to your computer and use it in GitHub Desktop.
Save jasonbrooks/5d25118fa64d52af067b8fc14453c8bc to your computer and use it in GitHub Desktop.
Download ZIP
trying out kubeadm on centos atomic host or fedora atomic host
Raw
kubeadm-cah.md

kubeadm on atomic host

http://kubernetes.io/docs/getting-started-guides/kubeadm/

https://jebpages.com/2016/11/01/installing-kubernetes-on-centos-atomic-host-with-kubeadm/

for CentOS 7

# cat <<EOF > /etc/yum.repos.d/jasonbrooks-kube-release-epel-7.repo
[jasonbrooks-kube-release]
name=Copr repo for kube-release owned by jasonbrooks
baseurl=https://copr-be.cloud.fedoraproject.org/results/jasonbrooks/kube-release/epel-7-x86_64/
type=rpm-md
skip_if_unavailable=True
gpgcheck=1
gpgkey=https://copr-be.cloud.fedoraproject.org/results/jasonbrooks/kube-release/pubkey.gpg
repo_gpgcheck=0
enabled=1
enabled_metadata=1
EOF

for Fedora 25

# cat <<EOF > /etc/yum.repos.d/jasonbrooks-kube-release-fedora-25.repo
[jasonbrooks-kube-release]
name=Copr repo for kube-release owned by jasonbrooks
baseurl=https://copr-be.cloud.fedoraproject.org/results/jasonbrooks/kube-release/fedora-25-x86_64/
type=rpm-md
skip_if_unavailable=True
gpgcheck=1
gpgkey=https://copr-be.cloud.fedoraproject.org/results/jasonbrooks/kube-release/pubkey.gpg
repo_gpgcheck=0
enabled=1
enabled_metadata=1
EOF

install pkgs using package layering

# rpm-ostree pkg-add --reboot kubelet kubeadm kubectl kubernetes-cni

start the kubelet

# systemctl enable kubelet.service --now

# kubeadm init --use-kubernetes-version "v1.4.5"

In another console:

# sed -i 's/unconfined_t/spc_t/g' /etc/kubernetes/manifests/etcd.json

And once the kube-discovery pod tries to start:

# kubectl get deployment -n kube-system kube-discovery -o yaml | \
sed 's/unconfined_t/spc_t/g' | kubectl replace -f -

kube-dns also has selinux issues:

# kubectl get -n kube-system deployment kube-dns -o yaml | \
sed 's/securityContext: {}/securityContext:\n        seLinuxOptions:\n          type: spc_t/g' | kubectl replace -f -

for etcd, kube-discovery, and kube-dns, we're adding the spc_t selinux type to run these containers unconfined by selinux. It'd be better to confine them appropriately, but the current workaround tends to be disabling selinux all together, which is worse. see: http://danwalsh.livejournal.com/2016/10/03/ and kubernetes/kubernetes#37327

# kubectl taint nodes --all dedicated-

# kubectl apply -f https://git.io/weave-kube

# kubectl get pods --all-namespaces
@franzem
Copy link

franzem commented Feb 1, 2017
edited

Hi Jason, managed to get this working before but now I get this when running kubeadm:

failed to parse kernel config: unable to load kernel module "configs": output - "modprobe: FATAL: Module configs not found.\n"

Any idea if it's Centos Atomic upstream? Kubeadm version? Patched version in Repo?

@mrceresa
Copy link

Hi Jason, I also cannot use it anymore:
Writing rpmdb... error: Error running transaction: file /usr/bin/kubelet from install of kubelet-1.5.2-2.x86_64 conflicts with file from kubernetes-node-1.5.2-2.fc25.x86_64

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment