http://kubernetes.io/docs/getting-started-guides/kubeadm/
https://jebpages.com/2016/11/01/installing-kubernetes-on-centos-atomic-host-with-kubeadm/
# cat <<EOF > /etc/yum.repos.d/jasonbrooks-kube-release-epel-7.repo
[jasonbrooks-kube-release]
name=Copr repo for kube-release owned by jasonbrooks
baseurl=https://copr-be.cloud.fedoraproject.org/results/jasonbrooks/kube-release/epel-7-x86_64/
type=rpm-md
skip_if_unavailable=True
gpgcheck=1
gpgkey=https://copr-be.cloud.fedoraproject.org/results/jasonbrooks/kube-release/pubkey.gpg
repo_gpgcheck=0
enabled=1
enabled_metadata=1
EOF
# cat <<EOF > /etc/yum.repos.d/jasonbrooks-kube-release-fedora-25.repo
[jasonbrooks-kube-release]
name=Copr repo for kube-release owned by jasonbrooks
baseurl=https://copr-be.cloud.fedoraproject.org/results/jasonbrooks/kube-release/fedora-25-x86_64/
type=rpm-md
skip_if_unavailable=True
gpgcheck=1
gpgkey=https://copr-be.cloud.fedoraproject.org/results/jasonbrooks/kube-release/pubkey.gpg
repo_gpgcheck=0
enabled=1
enabled_metadata=1
EOF
# rpm-ostree pkg-add --reboot kubelet kubeadm kubectl kubernetes-cni
# systemctl enable kubelet.service --now
# kubeadm init --use-kubernetes-version "v1.4.5"
In another console:
# sed -i 's/unconfined_t/spc_t/g' /etc/kubernetes/manifests/etcd.json
And once the kube-discovery pod tries to start:
# kubectl get deployment -n kube-system kube-discovery -o yaml | \
sed 's/unconfined_t/spc_t/g' | kubectl replace -f -
kube-dns also has selinux issues:
# kubectl get -n kube-system deployment kube-dns -o yaml | \
sed 's/securityContext: {}/securityContext:\n seLinuxOptions:\n type: spc_t/g' | kubectl replace -f -
for etcd, kube-discovery, and kube-dns, we're adding the spc_t selinux type to run these containers unconfined by selinux. It'd be better to confine them appropriately, but the current workaround tends to be disabling selinux all together, which is worse. see: http://danwalsh.livejournal.com/2016/10/03/ and kubernetes/kubernetes#37327
# kubectl taint nodes --all dedicated-
# kubectl apply -f https://git.io/weave-kube
# kubectl get pods --all-namespaces
Hi Jason, managed to get this working before but now I get this when running kubeadm:
failed to parse kernel config: unable to load kernel module "configs": output - "modprobe: FATAL: Module configs not found.\n"
Any idea if it's Centos Atomic upstream? Kubeadm version? Patched version in Repo?