Installing Kubernetes on CentOS 7 with kubeadm

Kubernetes on CentOS 7

Prepare CentOS 7 for Kubernetes for Master and Worker

Disable SELinux Enforcement

Update the file /etc/selinux/config:


To avoid rebooting to have that become effective, execute:

setenforce 0

Disable swap

Swap must be disabled for the kubeadm init process to complete. Edit the /etc/fstab file and comment out the swap entry. For example:

In the file /etc/fstab comment out the line(s) containing swap:
#/dev/sda5 swap                    swap    defaults        0 0

To avoid rebooting to have that become effective, execute:

swapoff -a

Configure the firewall services

Create the k8s-master.xml and k8s-worker.xml files

cd /etc/firewalld/services

wget \

wget \

Reload the firewall 

To make the new services available for use, the firewall must be reloaded. Execute the following to avoid rebooting:

firewall-cmd --reload

Apply the firewall rules

On the master execute:

firewall-cmd --add-service k8s-master 
firewall-cmd --add-service k8s-master --permanent

On worker nodes execute:
firewall-cmd --add-service k8s-worker
firewall-cmd --add-service k8s-worker --permanent

Create Kubernetes Yum Repository

cat << EOF > /etc/yum.repos.d/kubernetes.repo

Install the packages

yum install -y docker kubelet kubeadm kubectl 

Configure the Kubelet service

Add to the /etc/systemd/system/kubelet.service.d/10-kubeadm.conf file $KUBELET_KUBECONFIG_ARGS:

--runtime-cgroups=/systemd/system.slice --kubelet-cgroups=/systemd/system.slice

Reload systemd
For the updated kubelet configuration to be recognized, systemd must be reloaded.

systemctl daemon-reload
systemctl enable kubelet
systemctl restart kubelet

Enable the Docker service

systemctl enable docker --now

Create the needed sysctl rules

cat  > /etc/sysctl.d/k8s.conf <
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1

Apply the sysctl rules

sysctl --system

Installing Kubernetes on CentOS 7 on Master

Initialize the Master Node

Since the flannel network will be used with the kubernetes cluster, the --pod-network-cidr option is used to specify the network that will be used, which will match the network in the kube-flannel.yml file applied later.

kubeadm init --pod-network-cidr

Configure kubectl for user

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

Verify node is Ready

kubectl get nodes

NAME           STATUS    ROLES     AGE       VERSION
kate.lf.test   Ready     master    2m        v1.8.3

Verfify kube-system Pods are Ready

kubectl get pods --all-namespaces

NAMESPACE     NAME                                   READY     STATUS    RESTARTS   AGE
default       website-7cd5577444-xfp6s               1/1       Running   0          8m
kube-system   etcd-kate.lf.test                      1/1       Running   4          2d
kube-system   kube-apiserver-kate.lf.test            1/1       Running   5          2d
kube-system   kube-controller-manager-kate.lf.test   1/1       Running   7          2d
kube-system   kube-dns-545bc4bfd4-9tgcv              3/3       Running   14         2d
kube-system   kube-flannel-ds-gbzhp                  1/1       Running   2          1d
kube-system   kube-proxy-l9fts                       1/1       Running   3          2d
kube-system   kube-scheduler-kate.lf.test            1/1       Running   6          2d

Retrieve the Configuration for Flannel

wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

Apply the Flannel Network 

kubectl apply -f kube-flannel

Installing Kubernetes on CentOS 7 on a Worker

Retrieve the Token

On the Master node, retrieve the token that was generated during the installation.

kubeadm token list


If no token is shown , then a new token can be generated. The original installation token expires after one day, but the option --ttl 0 can be used with kubeadm token create to create a token that never expires.

kubeadm token create --ttl 0

Join the Cluster

On the Worker node, join the cluster. Use the token from the previous step and the IP address of your master node.

kubeadm join --token 33d628.3d1c0bf58ab1a68a

Install the flannel package

yum -y install flannel

This package is installed after the flannel network so that the flanneld and docker services will start correctly.

Configure flannel

The etcd prefix value in the file /etc/sysconfig/flanneld is not correct, so the flanneld will fail to start as it is not able to retrieve the prefix given. The value of FLANNEL_ETCD_PREFIX must changed to the following:


Enable and start flanneld

systemctl enable flanneld --now

This enables and starts flanneld. Since docker has a dependency on flanneld, it will also be restarted, so it may take a while.

Configure kubectl for user

mkdir -p $HOME/.kube

sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

Verify Nodes are Ready

It may take several minutes for all the nodes to get to "Ready" status.

kubectl get nodes

NAME           STATUS    ROLES     AGE       VERSION
kate.lf.test   Ready     master    10d       v1.8.3
kave.lf.test   Ready         4d        v1.8.3

No comments:

About Me - WrightRocket

My photo

I've worked with computers for over 30 years, programming, administering, using and building them from scratch.

I'm an instructor for technical computer courses, an editor and developer of training manuals, and an Android developer.