Fedora 41
Sponsored Link

Kubernetes : Install Kubeadm2024/11/06

 

Install Kubeadm to Configure Multi Nodes Kubernetes Cluster.

This example is based on the environment like follows.

For System requirements, each Node has unique Hostname, MAC address, Product_uuid.
MAC address and Product_uuid are generally already unique one if you installed OS on physical machine or virtual machine with common procedure.
You can see Product_uuid with the command [dmidecode -s system-uuid].

Furthermore, it based on the environment Firewalld is disabled.

-----------+---------------------------+--------------------------+------------
           |                           |                          |
       eth0|10.0.0.30              eth0|10.0.0.51             eth0|10.0.0.52
+----------+-----------+   +-----------+----------+   +-----------+----------+
|   [ dlp.srv.world ]  |   | [ node01.srv.world ] |   | [ node02.srv.world ] |
|     Control Plane    |   |      Worker Node     |   |      Worker Node     |
+----------------------+   +----------------------+   +----------------------+

[1] On all Nodes, Change settings for System requirements.
[root@dlp ~]#
cat > /etc/sysctl.d/99-k8s-cri.conf <<EOF
net.bridge.bridge-nf-call-iptables=1
net.ipv4.ip_forward=1
net.bridge.bridge-nf-call-ip6tables=1
EOF
[root@dlp ~]#
echo -e overlay\\nbr_netfilter > /etc/modules-load.d/k8s.conf
[root@dlp ~]#
dnf -y install iptables-legacy

[root@dlp ~]#
alternatives --config iptables


There are 2 programs which provide 'iptables'.

  Selection    Command
-----------------------------------------------
*+ 1           /usr/sbin/iptables-nft
   2           /usr/sbin/iptables-legacy

# switch to [iptables-legacy]
Enter to keep the current selection[+], or type selection number: 2

# set Swap off setting

[root@dlp ~]#
touch /etc/systemd/zram-generator.conf
# disable [firewalld]

[root@dlp ~]#
systemctl disable --now firewalld
# disable [systemd-resolved] (enabled by default)

[root@dlp ~]#
systemctl disable --now systemd-resolved
[root@dlp ~]#
vi /etc/NetworkManager/NetworkManager.conf
# add into [main] section

[main]
dns=default
[root@dlp ~]#
unlink /etc/resolv.conf

[root@dlp ~]#
touch /etc/resolv.conf
# restart to apply changes

[root@dlp ~]#
reboot

[2] On all Nodes, Install required packages.
This example shows to use CRI-O for container runtime.
[root@dlp ~]#
dnf -y install cri-o
[root@dlp ~]#
systemctl enable --now crio
[root@dlp ~]#
dnf -y install kubernetes-kubeadm kubernetes-node kubernetes-client cri-tools iproute-tc container-selinux
[root@dlp ~]#
systemctl enable kubelet
[3] On all Nodes, if SELinux is enabled, change policy.
[root@dlp ~]#
vi k8s.te
# create new

module k8s 1.0;

require {
        type cgroup_t;
        type iptables_t;
        class dir ioctl;
}

#============= iptables_t ==============
allow iptables_t cgroup_t:dir ioctl;

[root@dlp ~]#
checkmodule -m -M -o k8s.mod k8s.te

[root@dlp ~]#
semodule_package --outfile k8s.pp --module k8s.mod

[root@dlp ~]#
semodule -i k8s.pp

Matched Content