Projects/ Kubernetes/ Kubernetes installation sheet

Fri, 20 Nov. 2020 by Thomas Bendler, approximately 2 min to read.

Kubernetes installation sheet

This guide describe the installation of Kubernetes 1.19 using CRI-O on CentOS 8.

Preparation

The following steps are required to prepare the CentOS 8 box so it could be controller or worker node.

Add CRI-O/ K8S repository

To use the described stack, the required software packages need to be available.

export VERSION=1.19; export OS=CentOS_8_Stream
curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/devel:kubic:libcontainers:stable.repo
curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$VERSION/$OS/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo
cat >> /etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
        https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF

Add PowerTools/ EPEL repository and update system

dnf -y install dnf-plugins-core
dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
dnf config-manager --set-enabled PowerTools
dnf clean all && dnf -y update

Install additional packages

dnf install -y vim

Switch off swap

swapoff -a
vim /etc/fstab

Add K8S hosts to /etc/hosts

cat >> /etc/hosts <<EOF
192.168.0.100 k8s-controller-1.domain.local k8s-controller-1
192.168.0.101 k8s-workernode-1.domain.local k8s-workernode-1
192.168.0.102 k8s-workernode-2.domain.local k8s-workernode-2
192.168.0.103 k8s-workernode-3.domain.local k8s-workernode-3

Set kernel parameters

cat >> /etc/sysctl.d/99-kubernetes-cri.conf <<EOF
net.bridge.bridge-nf-call-iptables  = 1
net.ipv4.ip_forward                 = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
sysctl --system

Load required kernel modules

cat >> /etc/modules-load.d/containerd.conf <<EOF
overlay
br_netfilter
EOF

Add required firewall rules

firewall-cmd --zone=public --permanent --add-port=2379-2380/tcp
firewall-cmd --zone=public --permanent --add-port=6443/tcp
firewall-cmd --zone=public --permanent --add-port=10250-10255/tcp
systemctl restart firewalld

Set SELinux to permissive

sed -i s/^SELINUX=.*$/SELINUX=permissive/ /etc/selinux/config
setenforce 0
sestatus

Reboot 1

shutdown now -r

Installation

dnf install -y cri-o
dnf install -y kubeadm kubelet kubectl

Configuration

Configure registry

mv /etc/containers/registries.conf /etc/containers/registries.conf.orig
cat >> /etc/containers/registries.conf <<EOF
unqualified-search-registries = ["user.private.repo"]

[[registry]]
prefix = "k8s.gcr.io"
insecure = false
blocked = false
location = "k8s.gcr.io"

[[registry.mirror]]
location = "user.private.repo"
EOF

Configure kubelet start parameter

cat >> /etc/sysconfig/kubelet <<EOF
KUBELET_EXTRA_ARGS=--feature-gates="AllAlpha=false,RunAsGroup=true" --container-runtime=remote --cgroup-driver=systemd --container-runtime-endpoint='unix:///var/run/crio/crio.sock' --runtime-request-timeout=5m
EOF

Enable CRI-O/ K8S in systemd

systemctl enable cri-o.service
systemctl enable kubelet.service
systemctl daemon-reload

Reboot 2

shutdown now -r

Share on: