This guide describe the installation of Kubernetes 1.19 using CRI-O on CentOS 8.
The following steps are required to prepare the CentOS 8 box so it could be controller or worker node.
To use the described stack, the required software packages need to be available.
export VERSION=1.19; export OS=CentOS_8_Stream
curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/devel:kubic:libcontainers:stable.repo
curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$VERSION/$OS/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo
cat >> /etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
dnf -y install dnf-plugins-core
dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
dnf config-manager --set-enabled PowerTools
dnf clean all && dnf -y update
dnf install -y vim
swapoff -a
vim /etc/fstab
cat >> /etc/hosts <<EOF
192.168.0.100 k8s-controller-1.domain.local k8s-controller-1
192.168.0.101 k8s-workernode-1.domain.local k8s-workernode-1
192.168.0.102 k8s-workernode-2.domain.local k8s-workernode-2
192.168.0.103 k8s-workernode-3.domain.local k8s-workernode-3
cat >> /etc/sysctl.d/99-kubernetes-cri.conf <<EOF
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
sysctl --system
cat >> /etc/modules-load.d/containerd.conf <<EOF
overlay
br_netfilter
EOF
firewall-cmd --zone=public --permanent --add-port=2379-2380/tcp
firewall-cmd --zone=public --permanent --add-port=6443/tcp
firewall-cmd --zone=public --permanent --add-port=10250-10255/tcp
systemctl restart firewalld
sed -i s/^SELINUX=.*$/SELINUX=permissive/ /etc/selinux/config
setenforce 0
sestatus
shutdown now -r
dnf install -y cri-o
dnf install -y kubeadm kubelet kubectl
mv /etc/containers/registries.conf /etc/containers/registries.conf.orig
cat >> /etc/containers/registries.conf <<EOF
unqualified-search-registries = ["user.private.repo"]
[[registry]]
prefix = "k8s.gcr.io"
insecure = false
blocked = false
location = "k8s.gcr.io"
[[registry.mirror]]
location = "user.private.repo"
EOF
cat >> /etc/sysconfig/kubelet <<EOF
KUBELET_EXTRA_ARGS=--feature-gates="AllAlpha=false,RunAsGroup=true" --container-runtime=remote --cgroup-driver=systemd --container-runtime-endpoint='unix:///var/run/crio/crio.sock' --runtime-request-timeout=5m
EOF
systemctl enable cri-o.service
systemctl enable kubelet.service
systemctl daemon-reload
shutdown now -r