Kubernetes : Install Kubeadm2024/11/06 |
Install Kubeadm to Configure Multi Nodes Kubernetes Cluster. This example is based on the environment like follows.
For System requirements, each Node has unique Hostname, MAC address, Product_uuid. Furthermore, it based on the environment Firewalld is disabled. -----------+---------------------------+--------------------------+------------ | | | eth0|10.0.0.30 eth0|10.0.0.51 eth0|10.0.0.52 +----------+-----------+ +-----------+----------+ +-----------+----------+ | [ dlp.srv.world ] | | [ node01.srv.world ] | | [ node02.srv.world ] | | Control Plane | | Worker Node | | Worker Node | +----------------------+ +----------------------+ +----------------------+ |
[1] | On all Nodes, Change settings for System requirements. |
[root@dlp ~]#
cat > /etc/sysctl.d/99-k8s-cri.conf <<EOF
net.bridge.bridge-nf-call-iptables=1 net.ipv4.ip_forward=1 net.bridge.bridge-nf-call-ip6tables=1 EOF
[root@dlp ~]#
[root@dlp ~]# echo -e overlay\\nbr_netfilter > /etc/modules-load.d/k8s.conf
dnf -y install iptables-legacy [root@dlp ~]# alternatives --config iptables There are 2 programs which provide 'iptables'. Selection Command ----------------------------------------------- *+ 1 /usr/sbin/iptables-nft 2 /usr/sbin/iptables-legacy # switch to [iptables-legacy] Enter to keep the current selection[+], or type selection number: 2 # disable [systemd-resolved] (enabled by default) [root@dlp ~]# systemctl disable --now systemd-resolved
[root@dlp ~]#
vi /etc/NetworkManager/NetworkManager.conf # add into [main] section [main] dns=default
# restart to apply changes [root@dlp ~]# reboot |
[2] | On all Nodes, Install required packages. This example shows to use CRI-O for container runtime. |
[root@dlp ~]#
dnf -y install cri-o
[root@dlp ~]#
systemctl enable --now crio
[root@dlp ~]#
[root@dlp ~]# dnf -y install kubernetes-kubeadm kubernetes-node kubernetes-client cri-tools iproute-tc container-selinux systemctl enable kubelet
|
[3] | On all Nodes, if SELinux is enabled, change policy. |
[root@dlp ~]#
vi k8s.te # create new module k8s 1.0; require { type cgroup_t; type iptables_t; class dir ioctl; } #============= iptables_t ============== allow iptables_t cgroup_t:dir ioctl; checkmodule -m -M -o k8s.mod k8s.te [root@dlp ~]# semodule_package --outfile k8s.pp --module k8s.mod [root@dlp ~]# semodule -i k8s.pp |
Sponsored Link |