How to install and configure Kubernetes on RedHat/CentOS 7 with Best Example

In this tutorial, I will take you through the steps to install and configure Kubernetes on CentOS 7. Kubernetes is an open-source container-orchestration system for automating application deployment, scaling, and management. It was originally designed by Google, and is now maintained by the Cloud Native Computing Foundation.

Kubernetes can be installed and deployed using following methods:-

Minikube ( It is a single node kubernetes cluster)
Kops ( Multi node kubernetes setup into AWS )
Kubeadm ( Multi Node Cluster in our own premises)

On the Master Node following components will be installed
API Server – It provides kubernetes API using Jason / Yaml over http, states of API objects are stored in etcd

Scheduler – It is a program on master node which performs the scheduling tasks like launching containers in worker nodes based on resource availability

Controller Manager – Main Job of Controller manager is to monitor replication controllers and create pods to maintain desired state.

etcd – It is a Key value pair database. It stores configuration data of cluster and cluster state.

Advertisements

Kubectl  – It is a command line tool which connects to API Server on port 6443. It is used by administrators to create pods, services etc.

On Worker Nodes following components will be installed
Kubelet – It is an agent which runs on every worker node, it connects to docker and takes care of creating, starting, deleting containers.

Kube-Proxy – It routes the traffic to appropriate containers based on ip address and port number of the incoming request. In other words we can say it is used for port translation.

Pod – Pod can be defined as a multi-tier or group of containers that are deployed on a single worker node or docker host.

How to install and configure Kubernetes on RedHat/CentOS 7 with Best Example 1

Configure Kubernetes Cluster

On Master Node

1)Change the hostname and disable SELinux

You need to set up the hostname  using hostnamectl command and disable SELinux using setenforce command.

[root@localhost ~]# hostnamectl set-hostname 'kuber-master'
[root@localhost ~]# exec bash
exec bash
[root@kuber-master ~]# setenforce 0
[root@kuber-master ~]# sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux

2) Enable ports from the firewall

You need to enable the ports from your firewall for smooth communication between master and worker nodes.

[root@kuber-master ~]# firewall-cmd --permanent --add-port=6443/tcp
success
[root@kuber-master ~]# firewall-cmd --permanent --add-port=2379-2380/tcp
success
[root@kuber-master ~]# firewall-cmd --permanent --add-port=10250/tcp
success
[root@kuber-master ~]# firewall-cmd --permanent --add-port=10251/tcp
success
[root@kuber-master ~]# firewall-cmd --permanent --add-port=10252/tcp
success
[root@kuber-master ~]# firewall-cmd --permanent --add-port=10255/tcp
success
[root@kuber-master ~]# firewall-cmd --reload
success
[root@kuber-master ~]# modprobe br_netfilter
[root@kuber-master ~]# echo '1' > /proc/sys/net/bridge/bridge-nf-call-iptables
[root@kuber-master ~]#

In some cases, firewall rules does not work and throws below error, in that case you need to disable your firewall.

[WARNING Firewalld]: firewalld is active, please ensure ports [6443 10250] are open or your cluster may not function correctly

[root@kuber-master ~]# systemctl stop firewalld

Please make sure to put an entry of master and worker node in /etc/hosts in case it is not published in your DNS.

[root@kuber-master ~]# cat /etc/hosts | grep 192.168
192.168.0.105 kuber-master
192.168.0.106 kuber-worker1

3)Set up your Kubernetes Repo

Now set up the Kubernetes repo as mentioned below from where you will be able to download all the kubernetes and docker packages needed for the set up.

[root@kuber-master ~]# cat /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg

4)Install Kubeadm and docker package

Once repo is set, you can use yum command to install kubeadm and docker packages.

[root@kuber-master ~]# yum install kubeadm docker -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos.excellmedia.net
* extras: centos.excellmedia.net
* updates: centos.excellmedia.net
kubernetes/signature | 454 B 00:00
Retrieving key from https://packages.cloud.google.com/yum/doc/yum-key.gpg
Importing GPG key 0xA7317B0F:
Userid : "Google Cloud Packages Automatic Signing Key <gc-team@google.com>"
Fingerprint: d0bc 747f d8ca f711 7500 d6fa 3746 c208 a731 7b0f
From : https://packages.cloud.google.com/yum/doc/yum-key.gpg
Retrieving key from https://packages.cloud.google.com/yum/doc/rpm-package-key.gp g
kubernetes/signature | 1.4 kB 00:00 !!!
kubernetes/primary | 59 kB 00:01
kubernetes 430/430
Resolving Dependencies
--> Running transaction check
---> Package docker.x86_64 2:1.13.1-103.git7f2769b.el7.centos will be installed
--> Processing Dependency: docker-common = 2:1.13.1-103.git7f2769b.el7.centos fo r package: 2:docker-1.13.1-103.git7f2769b.el7.centos.x86_64
--> Processing Dependency: docker-client = 2:1.13.1-103.git7f2769b.el7.centos fo r package: 2:docker-1.13.1-103.git7f2769b.el7.centos.x86_64
--> Processing Dependency: subscription-manager-rhsm-certificates for package: 2 :docker-1.13.1-103.git7f2769b.el7.centos.x86_64
---> Package kubeadm.x86_64 0:1.16.3-0 will be installed
--> Processing Dependency: kubernetes-cni >= 0.7.5 for package: kubeadm-1.16.3-0 .x86_64
--> Processing Dependency: kubelet >= 1.13.0 for package: kubeadm-1.16.3-0.x86_6 4
--> Processing Dependency: kubectl >= 1.13.0 for package: kubeadm-1.16.3-0.x86_6 4
--> Processing Dependency: cri-tools >= 1.13.0 for package: kubeadm-1.16.3-0.x86 _64
--> Running transaction check
---> Package cri-tools.x86_64 0:1.13.0-0 will be installed
---> Package docker-client.x86_64 2:1.13.1-103.git7f2769b.el7.centos will be ins talled
---> Package docker-common.x86_64 2:1.13.1-103.git7f2769b.el7.centos will be ins talled
--> Processing Dependency: skopeo-containers >= 1:0.1.26-2 for package: 2:docker -common-1.13.1-103.git7f2769b.el7.centos.x86_64
--> Processing Dependency: oci-umount >= 2:2.3.3-3 for package: 2:docker-common- 1.13.1-103.git7f2769b.el7.centos.x86_64
--> Processing Dependency: oci-systemd-hook >= 1:0.1.4-9 for package: 2:docker-c ommon-1.13.1-103.git7f2769b.el7.centos.x86_64
--> Processing Dependency: oci-register-machine >= 1:0-5.13 for package: 2:docke r-common-1.13.1-103.git7f2769b.el7.centos.x86_64
--> Processing Dependency: container-storage-setup >= 0.9.0-1 for package: 2:doc ker-common-1.13.1-103.git7f2769b.el7.centos.x86_64
--> Processing Dependency: container-selinux >= 2:2.51-1 for package: 2:docker-c ommon-1.13.1-103.git7f2769b.el7.centos.x86_64
--> Processing Dependency: atomic-registries for package: 2:docker-common-1.13.1 -103.git7f2769b.el7.centos.x86_64
---> Package kubectl.x86_64 0:1.16.3-0 will be installed
---> Package kubelet.x86_64 0:1.16.3-0 will be installed
--> Processing Dependency: socat for package: kubelet-1.16.3-0.x86_64
--> Processing Dependency: conntrack for package: kubelet-1.16.3-0.x86_64
---> Package kubernetes-cni.x86_64 0:0.7.5-0 will be installed
---> Package subscription-manager-rhsm-certificates.x86_64 0:1.24.13-3.el7.cento s will be installed
--> Running transaction check
---> Package atomic-registries.x86_64 1:1.22.1-29.gitb507039.el7 will be install ed
--> Processing Dependency: python-yaml for package: 1:atomic-registries-1.22.1-2 9.gitb507039.el7.x86_64
--> Processing Dependency: python-setuptools for package: 1:atomic-registries-1. 22.1-29.gitb507039.el7.x86_64
--> Processing Dependency: python-pytoml for package: 1:atomic-registries-1.22.1 -29.gitb507039.el7.x86_64
---> Package conntrack-tools.x86_64 0:1.4.4-5.el7_7.2 will be installed
--> Processing Dependency: libnetfilter_cttimeout.so.1(LIBNETFILTER_CTTIMEOUT_1. 1)(64bit) for package: conntrack-tools-1.4.4-5.el7_7.2.x86_64
--> Processing Dependency: libnetfilter_cttimeout.so.1(LIBNETFILTER_CTTIMEOUT_1. 0)(64bit) for package: conntrack-tools-1.4.4-5.el7_7.2.x86_64
--> Processing Dependency: libnetfilter_cthelper.so.0(LIBNETFILTER_CTHELPER_1.0) (64bit) for package: conntrack-tools-1.4.4-5.el7_7.2.x86_64
--> Processing Dependency: libnetfilter_queue.so.1()(64bit) for package: conntra ck-tools-1.4.4-5.el7_7.2.x86_64
--> Processing Dependency: libnetfilter_cttimeout.so.1()(64bit) for package: con ntrack-tools-1.4.4-5.el7_7.2.x86_64
--> Processing Dependency: libnetfilter_cthelper.so.0()(64bit) for package: conn track-tools-1.4.4-5.el7_7.2.x86_64
---> Package container-selinux.noarch 2:2.107-3.el7 will be installed
--> Processing Dependency: policycoreutils-python for package: 2:container-selin ux-2.107-3.el7.noarch
---> Package container-storage-setup.noarch 0:0.11.0-2.git5eaf76c.el7 will be in stalled
---> Package containers-common.x86_64 1:0.1.37-3.el7.centos will be installed
---> Package oci-register-machine.x86_64 1:0-6.git2b44233.el7 will be installed
---> Package oci-systemd-hook.x86_64 1:0.2.0-1.git05e6923.el7_6 will be installe d
--> Processing Dependency: libyajl.so.2()(64bit) for package: 1:oci-systemd-hook -0.2.0-1.git05e6923.el7_6.x86_64
---> Package oci-umount.x86_64 2:2.5-3.el7 will be installed
---> Package socat.x86_64 0:1.7.3.2-2.el7 will be installed
--> Running transaction check
---> Package PyYAML.x86_64 0:3.10-11.el7 will be installed
--> Processing Dependency: libyaml-0.so.2()(64bit) for package: PyYAML-3.10-11.e l7.x86_64
---> Package libnetfilter_cthelper.x86_64 0:1.0.0-10.el7_7.1 will be installed
---> Package libnetfilter_cttimeout.x86_64 0:1.0.0-6.el7_7.1 will be installed
---> Package libnetfilter_queue.x86_64 0:1.0.2-2.el7_2 will be installed
---> Package policycoreutils-python.x86_64 0:2.5-33.el7 will be installed
--> Processing Dependency: setools-libs >= 3.3.8-4 for package: policycoreutils- python-2.5-33.el7.x86_64
--> Processing Dependency: libsemanage-python >= 2.5-14 for package: policycoreu tils-python-2.5-33.el7.x86_64
--> Processing Dependency: audit-libs-python >= 2.1.3-4 for package: policycoreu tils-python-2.5-33.el7.x86_64
--> Processing Dependency: python-IPy for package: policycoreutils-python-2.5-33 .el7.x86_64
--> Processing Dependency: libqpol.so.1(VERS_1.4)(64bit) for package: policycore utils-python-2.5-33.el7.x86_64
--> Processing Dependency: libqpol.so.1(VERS_1.2)(64bit) for package: policycore utils-python-2.5-33.el7.x86_64
--> Processing Dependency: libcgroup for package: policycoreutils-python-2.5-33. el7.x86_64
--> Processing Dependency: libapol.so.4(VERS_4.0)(64bit) for package: policycore utils-python-2.5-33.el7.x86_64
--> Processing Dependency: checkpolicy for package: policycoreutils-python-2.5-3 3.el7.x86_64
--> Processing Dependency: libqpol.so.1()(64bit) for package: policycoreutils-py thon-2.5-33.el7.x86_64
--> Processing Dependency: libapol.so.4()(64bit) for package: policycoreutils-py thon-2.5-33.el7.x86_64
---> Package python-pytoml.noarch 0:0.1.14-1.git7dea353.el7 will be installed
---> Package python-setuptools.noarch 0:0.9.8-7.el7 will be installed
--> Processing Dependency: python-backports-ssl_match_hostname for package: pyth on-setuptools-0.9.8-7.el7.noarch
---> Package yajl.x86_64 0:2.0.4-4.el7 will be installed
--> Running transaction check
---> Package audit-libs-python.x86_64 0:2.8.5-4.el7 will be installed
---> Package checkpolicy.x86_64 0:2.5-8.el7 will be installed
---> Package libcgroup.x86_64 0:0.41-21.el7 will be installed
---> Package libsemanage-python.x86_64 0:2.5-14.el7 will be installed
---> Package libyaml.x86_64 0:0.1.4-11.el7_0 will be installed
---> Package python-IPy.noarch 0:0.75-6.el7 will be installed
---> Package python-backports-ssl_match_hostname.noarch 0:3.5.0.1-1.el7 will be installed
--> Processing Dependency: python-ipaddress for package: python-backports-ssl_ma tch_hostname-3.5.0.1-1.el7.noarch
--> Processing Dependency: python-backports for package: python-backports-ssl_ma tch_hostname-3.5.0.1-1.el7.noarch
---> Package setools-libs.x86_64 0:3.3.8-4.el7 will be installed
--> Running transaction check
---> Package python-backports.x86_64 0:1.0-8.el7 will be installed
---> Package python-ipaddress.noarch 0:1.0.16-2.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
docker x86_64 2:1.13.1-103.git7f2769b.el7.centos
extras 18 M
kubeadm x86_64 1.16.3-0 kubernetes 9.5 M
Installing for dependencies:
PyYAML x86_64 3.10-11.el7 base 153 k
atomic-registries x86_64 1:1.22.1-29.gitb507039.el7 extras 35 k
audit-libs-python x86_64 2.8.5-4.el7 base 76 k
checkpolicy x86_64 2.5-8.el7 base 295 k
conntrack-tools x86_64 1.4.4-5.el7_7.2 updates 187 k
container-selinux noarch 2:2.107-3.el7 extras 39 k
container-storage-setup noarch 0.11.0-2.git5eaf76c.el7 extras 35 k
containers-common x86_64 1:0.1.37-3.el7.centos extras 21 k
cri-tools x86_64 1.13.0-0 kubernetes 5.1 M
docker-client x86_64 2:1.13.1-103.git7f2769b.el7.centos
extras 3.9 M
docker-common x86_64 2:1.13.1-103.git7f2769b.el7.centos
extras 97 k
kubectl x86_64 1.16.3-0 kubernetes 10 M
kubelet x86_64 1.16.3-0 kubernetes 22 M
kubernetes-cni x86_64 0.7.5-0 kubernetes 10 M
libcgroup x86_64 0.41-21.el7 base 66 k
libnetfilter_cthelper x86_64 1.0.0-10.el7_7.1 updates 18 k
libnetfilter_cttimeout x86_64 1.0.0-6.el7_7.1 updates 18 k
libnetfilter_queue x86_64 1.0.2-2.el7_2 base 23 k
libsemanage-python x86_64 2.5-14.el7 base 113 k
libyaml x86_64 0.1.4-11.el7_0 base 55 k
oci-register-machine x86_64 1:0-6.git2b44233.el7 extras 1.1 M
oci-systemd-hook x86_64 1:0.2.0-1.git05e6923.el7_6 extras 34 k
oci-umount x86_64 2:2.5-3.el7 extras 33 k
policycoreutils-python x86_64 2.5-33.el7 base 457 k
python-IPy noarch 0.75-6.el7 base 32 k
python-backports x86_64 1.0-8.el7 base 5.8 k
python-backports-ssl_match_hostname
noarch 3.5.0.1-1.el7 base 13 k
python-ipaddress noarch 1.0.16-2.el7 base 34 k
python-pytoml noarch 0.1.14-1.git7dea353.el7 extras 18 k
python-setuptools noarch 0.9.8-7.el7 base 397 k
setools-libs x86_64 3.3.8-4.el7 base 620 k
socat x86_64 1.7.3.2-2.el7 base 290 k
subscription-manager-rhsm-certificates
x86_64 1.24.13-3.el7.centos updates 228 k
yajl x86_64 2.0.4-4.el7 base 39 k

Transaction Summary
================================================================================
Install 2 Packages (+34 Dependent packages)

Total download size: 83 M
Installed size: 351 M
Downloading packages:

5)Start and enable docker and kubectl

After successfully installing the packages, you need to start and enable the docker and kubelet services for your cluster to work using systemctl command.

[root@kuber-master ~]# systemctl restart docker && systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@kuber-master ~]# systemctl restart kubelet && systemctl enable kubelet
Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.

6)Initialize Kubernetes Master

Once services are enabled, you can initialize the Master using kubeadm init command. This will initialize your Kubernetes control-plane.

[root@kuber-master ~]# kubeadm init
[init] Using Kubernetes version: v1.16.3
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Activating the kubelet service
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [kuber-master kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.0.105]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [kuber-master localhost] and IPs [192.168.0.105 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [kuber-master localhost] and IPs [192.168.0.105 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[kubelet-check] Initial timeout of 40s passed.
[apiclient] All control plane components are healthy after 40.039585 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.16" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node kuber-master as control-plane by adding the label "node-role.kubernetes.io/master=''"
[mark-control-plane] Marking the node kuber-master as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: yntngg.jxtdgslmkvhy4leb
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.0.105:6443 --token yntngg.jxtdgslmkvhy4leb \
--discovery-token-ca-cert-hash sha256:327ccc6c8e0044b48e92242afe02753756d6bf9ab431fd1356e308b9d12d0c38

Please note in some cases you can get below swap error, in that case you need to switch off your swap .

[ERROR Swap]: running with swap on is not supported. Please disable swap

[root@kuber-master ~]# swapoff -a

Run command as mentioned in the output

[root@kuber-master ~]# mkdir -p $HOME/.kube
[root@kuber-master ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@kuber-master ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
[root@kuber-master ~]# export kubever=$(kubectl version | base64 | tr -d '\n')
[root@kuber-master ~]# kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$kubever"
serviceaccount/weave-net created
clusterrole.rbac.authorization.k8s.io/weave-net created
clusterrolebinding.rbac.authorization.k8s.io/weave-net created
role.rbac.authorization.k8s.io/weave-net created
rolebinding.rbac.authorization.k8s.io/weave-net created
daemonset.apps/weave-net created
[root@kuber-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
kuber-master Ready master 20m v1.16.3

[root@kuber-master ~]# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-5644d7b6d9-gfljf 1/1 Running 0 20m
kube-system coredns-5644d7b6d9-ldh6j 1/1 Running 0 20m
kube-system etcd-kuber-master 1/1 Running 0 20m
kube-system kube-apiserver-kuber-master 1/1 Running 0 19m
kube-system kube-controller-manager-kuber-master 1/1 Running 0 19m
kube-system kube-proxy-j86cd 1/1 Running 0 20m
kube-system kube-scheduler-kuber-master 1/1 Running 0 20m
kube-system weave-net-pwlfc 2/2 Running 0 2m8s

On Worker Node

1)Set the hostname and disable SELinux

In the worker node also, you need to first setup the hostname and disable SELinux for smooth communication between worker and master node.

[root@localhost ~]# hostnamectl set-hostname 'kuber-worker1'
[root@localhost ~]# exec bash
[root@kuber-worker1 ~]# setenforce 0
[root@kuber-worker1 ~]# sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux

2) Enable ports from the firewall

Enable ports from the firewall to allow the communication between master and worker nodes.

[root@kuber-worker1 ~]# firewall-cmd --permanent --add-port=6443/tcp
success
[root@kuber-worker1 ~]# firewall-cmd --permanent --add-port=2379-2380/tcp
success
[root@kuber-worker1 ~]# firewall-cmd --permanent --add-port=10250/tcp
success
[root@kuber-worker1 ~]# firewall-cmd --permanent --add-port=10251/tcp
success
[root@kuber-worker1 ~]# firewall-cmd --permanent --add-port=10252/tcp
success
[root@kuber-worker1 ~]# firewall-cmd --permanent --add-port=10255/tcp
success
[root@kuber-worker1 ~]# firewall-cmd --reload
success
[root@kuber-worker1 ~]# modprobe br_netfilter
[root@kuber-worker1 ~]# echo '1' > /proc/sys/net/bridge/bridge-nf-call-iptables
[root@kuber-worker1 ~]#

In some cases, firewall rules does not work and throws below error, in that case you need to disable your firewall.

[WARNING Firewalld]: firewalld is active, please ensure ports [6443 10250] are open or your cluster may not function correctly

[root@kuber-worker1 ~]# systemctl stop firewalld

Please make sure to put an entry of master and worker node in /etc/hosts in case it is not published in your DNS.

[root@kuber-worker1 ~]# cat /etc/hosts | grep 192.168
192.168.0.105 kuber-master
192.168.0.106 kuber-worker1

3)Set up your Kubernetes Repo

Here also you need to set up the Kubernetes repo to download all the necessary packages.

[root@kuber-worker1 ~]# cat /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
       https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg

4)Install docker and kubeadm

Once repo is set, you can install docker and kubeadm packages using yum command.

[root@kuber-worker1 ~]# yum install kubeadm docker -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos.excellmedia.net
* extras: centos.excellmedia.net
* updates: centos.excellmedia.net
kubernetes/signature | 454 B 00:00:00
Retrieving key from https://packages.cloud.google.com/yum/doc/yum-key.gpg
Importing GPG key 0xA7317B0F:
Userid : "Google Cloud Packages Automatic Signing Key <gc-team@google.com>"
Fingerprint: d0bc 747f d8ca f711 7500 d6fa 3746 c208 a731 7b0f
From : https://packages.cloud.google.com/yum/doc/yum-key.gpg
Retrieving key from https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
kubernetes/signature | 1.4 kB 00:00:00 !!!
kubernetes/primary | 59 kB 00:00:02
kubernetes 430/430
Resolving Dependencies
--> Running transaction check
---> Package docker.x86_64 2:1.13.1-103.git7f2769b.el7.centos will be installed
--> Processing Dependency: docker-common = 2:1.13.1-103.git7f2769b.el7.centos for package: 2:docker-1.13.1-103.git7f2769b.el7.centos.x86_64
--> Processing Dependency: docker-client = 2:1.13.1-103.git7f2769b.el7.centos for package: 2:docker-1.13.1-103.git7f2769b.el7.centos.x86_64
--> Processing Dependency: subscription-manager-rhsm-certificates for package: 2:docker-1.13.1-103.git7f2769b.el7.centos.x86_64
---> Package kubeadm.x86_64 0:1.16.3-0 will be installed
--> Processing Dependency: kubernetes-cni >= 0.7.5 for package: kubeadm-1.16.3-0.x86_64
--> Processing Dependency: kubelet >= 1.13.0 for package: kubeadm-1.16.3-0.x86_64
--> Processing Dependency: kubectl >= 1.13.0 for package: kubeadm-1.16.3-0.x86_64
--> Processing Dependency: cri-tools >= 1.13.0 for package: kubeadm-1.16.3-0.x86_64
--> Running transaction check
---> Package cri-tools.x86_64 0:1.13.0-0 will be installed
---> Package docker-client.x86_64 2:1.13.1-103.git7f2769b.el7.centos will be installed
---> Package docker-common.x86_64 2:1.13.1-103.git7f2769b.el7.centos will be installed
--> Processing Dependency: skopeo-containers >= 1:0.1.26-2 for package: 2:docker-common-1.13.1-103.git7f2769b.el7.centos.x86_64
--> Processing Dependency: oci-umount >= 2:2.3.3-3 for package: 2:docker-common-1.13.1-103.git7f2769b.el7.centos.x86_64
--> Processing Dependency: oci-systemd-hook >= 1:0.1.4-9 for package: 2:docker-common-1.13.1-103.git7f2769b.el7.centos.x86_64
--> Processing Dependency: oci-register-machine >= 1:0-5.13 for package: 2:docker-common-1.13.1-103.git7f2769b.el7.centos.x86_64
--> Processing Dependency: container-storage-setup >= 0.9.0-1 for package: 2:docker-common-1.13.1-103.git7f2769b.el7.centos.x86_64
--> Processing Dependency: container-selinux >= 2:2.51-1 for package: 2:docker-common-1.13.1-103.git7f2769b.el7.centos.x86_64
--> Processing Dependency: atomic-registries for package: 2:docker-common-1.13.1-103.git7f2769b.el7.centos.x86_64
---> Package kubectl.x86_64 0:1.16.3-0 will be installed
---> Package kubelet.x86_64 0:1.16.3-0 will be installed
--> Processing Dependency: socat for package: kubelet-1.16.3-0.x86_64
--> Processing Dependency: conntrack for package: kubelet-1.16.3-0.x86_64
---> Package kubernetes-cni.x86_64 0:0.7.5-0 will be installed
---> Package subscription-manager-rhsm-certificates.x86_64 0:1.24.13-3.el7.centos will be installed
--> Running transaction check
---> Package atomic-registries.x86_64 1:1.22.1-29.gitb507039.el7 will be installed
--> Processing Dependency: python-yaml for package: 1:atomic-registries-1.22.1-29.gitb507039.el7.x86_64
--> Processing Dependency: python-setuptools for package: 1:atomic-registries-1.22.1-29.gitb507039.el7.x86_64
--> Processing Dependency: python-pytoml for package: 1:atomic-registries-1.22.1-29.gitb507039.el7.x86_64
---> Package conntrack-tools.x86_64 0:1.4.4-5.el7_7.2 will be installed
--> Processing Dependency: libnetfilter_cttimeout.so.1(LIBNETFILTER_CTTIMEOUT_1.1)(64bit) for package: conntrack-tools-1.4.4-5.el7_7.2.x86_64
--> Processing Dependency: libnetfilter_cttimeout.so.1(LIBNETFILTER_CTTIMEOUT_1.0)(64bit) for package: conntrack-tools-1.4.4-5.el7_7.2.x86_64
--> Processing Dependency: libnetfilter_cthelper.so.0(LIBNETFILTER_CTHELPER_1.0)(64bit) for package: conntrack-tools-1.4.4-5.el7_7.2.x86_64
--> Processing Dependency: libnetfilter_queue.so.1()(64bit) for package: conntrack-tools-1.4.4-5.el7_7.2.x86_64
--> Processing Dependency: libnetfilter_cttimeout.so.1()(64bit) for package: conntrack-tools-1.4.4-5.el7_7.2.x86_64
--> Processing Dependency: libnetfilter_cthelper.so.0()(64bit) for package: conntrack-tools-1.4.4-5.el7_7.2.x86_64
---> Package container-selinux.noarch 2:2.107-3.el7 will be installed
--> Processing Dependency: policycoreutils-python for package: 2:container-selinux-2.107-3.el7.noarch
---> Package container-storage-setup.noarch 0:0.11.0-2.git5eaf76c.el7 will be installed
---> Package containers-common.x86_64 1:0.1.37-3.el7.centos will be installed
---> Package oci-register-machine.x86_64 1:0-6.git2b44233.el7 will be installed
---> Package oci-systemd-hook.x86_64 1:0.2.0-1.git05e6923.el7_6 will be installed
--> Processing Dependency: libyajl.so.2()(64bit) for package: 1:oci-systemd-hook-0.2.0-1.git05e6923.el7_6.x86_64
---> Package oci-umount.x86_64 2:2.5-3.el7 will be installed
---> Package socat.x86_64 0:1.7.3.2-2.el7 will be installed
--> Running transaction check
---> Package PyYAML.x86_64 0:3.10-11.el7 will be installed
--> Processing Dependency: libyaml-0.so.2()(64bit) for package: PyYAML-3.10-11.el7.x86_64
---> Package libnetfilter_cthelper.x86_64 0:1.0.0-10.el7_7.1 will be installed
---> Package libnetfilter_cttimeout.x86_64 0:1.0.0-6.el7_7.1 will be installed
---> Package libnetfilter_queue.x86_64 0:1.0.2-2.el7_2 will be installed
---> Package policycoreutils-python.x86_64 0:2.5-33.el7 will be installed
--> Processing Dependency: setools-libs >= 3.3.8-4 for package: policycoreutils-python-2.5-33.el7.x86_64
--> Processing Dependency: libsemanage-python >= 2.5-14 for package: policycoreutils-python-2.5-33.el7.x86_64
--> Processing Dependency: audit-libs-python >= 2.1.3-4 for package: policycoreutils-python-2.5-33.el7.x86_64

5)Start and Enable

After successful installation of all of the required packages, start the docker and Kubelet service and enable it.

[root@kuber-worker1 ~]# systemctl restart docker && systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.

[root@kuber-worker1 ~]# systemctl enable kubelet.service

6)Run the below command to join the master

You can get the below command from master to join the cluster. Once run in worker node, you will be able to see this worker node joined the cluster in master node.

[root@kuber-worker1 ~]# kubeadm join 192.168.0.105:6443 --token yntngg.jxtdgslmkvhy4leb \
> --discovery-token-ca-cert-hash sha256:327ccc6c8e0044b48e92242afe02753756d6bf9ab431fd1356e308b9d12d0c38
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.16" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Activating the kubelet service
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster

Some times you might see below swap error,

[ERROR Swap]: running with swap on is not supported. Please disable swap

[root@kuber-worker1 ~]# swapoff -a

Check the master if the worker joined the cluster or not

[root@kuber-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
kuber-master Ready master 29m v1.16.3
kuber-worker1 Ready <none> 3m42s v1.16.3

Also Read: Kubectl and Kubeadm commands

For more Info: https://kubernetes.io/

Advertisements

Leave a Reply