Kubernetes : Install Kubeadm2022/05/24 |
Install Kubeadm to Configure Multi Nodes Kubernetes Cluster.
This example is based on the environment like follows.
For System requirements, each Node has uniq Hostname, MAC address, Product_uuid.
MAC address and Product_uuid are generally already uniq one if you installed OS on physical machine or virtual machine with common procedure. You can see Product_uuid with the command [dmidecode -s system-uuid].
Furthermore, it based on the environment Firewalld is disabled.
-----------+---------------------------+--------------------------+------------ | | | eth0|10.0.0.30 eth0|10.0.0.51 eth0|10.0.0.52 +----------+-----------+ +-----------+----------+ +-----------+----------+ | [ dlp.srv.world ] | | [ node01.srv.world ] | | [ node02.srv.world ] | | Master Node | | Worker Node | | Worker Node | +----------------------+ +----------------------+ +----------------------+ |
[1] | On all Nodes, Change settings for System requirements. |
[root@dlp ~]#
cat > /etc/sysctl.d/99-k8s-cri.conf <<EOF
net.bridge.bridge-nf-call-iptables=1 net.ipv4.ip_forward=1 net.bridge.bridge-nf-call-ip6tables=1 EOF
[root@dlp ~]#
[root@dlp ~]# echo -e overlay\\nbr_netfilter > /etc/modules-load.d/k8s.conf
dnf -y install iptables-legacy [root@dlp ~]# alternatives --config iptables There are 2 programs which provide 'iptables'. Selection Command ----------------------------------------------- *+ 1 /usr/sbin/iptables-nft 2 /usr/sbin/iptables-legacy # switch to [iptables-legacy] Enter to keep the current selection[+], or type selection number: 2 # switch to Cgroup v1 (default is v2) [root@dlp ~]# grubby --update-kernel ALL --args systemd.unified_cgroup_hierarchy=0
# disable [systemd-resolved] (enabled by default) [root@dlp ~]# systemctl disable --now systemd-resolved
[root@dlp ~]#
vi /etc/NetworkManager/NetworkManager.conf # add into [main] section [main] dns=default
# restart to apply changes [root@dlp ~]# reboot |
[2] | On all Nodes, Install required packages. This example shows to use CRI-O for container runtime. |
[root@dlp ~]#
dnf module -y install cri-o:1.23/default
[root@dlp ~]#
systemctl enable --now crio
[root@dlp ~]#
dnf -y install kubernetes-kubeadm kubernetes-node kubernetes-client cri-tools iproute-tc container-selinux
[root@dlp ~]#
vi /etc/kubernetes/kubelet # line 5 : change KUBELET_ADDRESS="--address= 0.0.0.0 "
# line 8 : uncomment KUBELET_PORT="--port=10250" # line 11 : change to your hostname KUBELET_HOSTNAME="--hostname-override= dlp.srv.world "
[root@dlp ~]#
vi /etc/systemd/system/kubelet.service.d/kubeadm.conf # line 7 : add Environment="KUBELET_EXTRA_ARGS=--cgroup-driver=systemd --container-runtime=remote --container-runtime-endpoint=unix:///var/run/crio/crio.sock "
systemctl enable kubelet
|
[3] | On all Nodes, if SELinux is enabled, change policy. |
[root@dlp ~]#
vi k8s.te # create new module k8s 1.0; require { type cgroup_t; type iptables_t; class dir ioctl; } #============= iptables_t ============== allow iptables_t cgroup_t:dir ioctl; checkmodule -m -M -o k8s.mod k8s.te [root@dlp ~]# semodule_package --outfile k8s.pp --module k8s.mod [root@dlp ~]# semodule -i k8s.pp |
Sponsored Link |
|