How to Install Kubernetes (k8s) 1.7 on CentOS 7 / RHEL 7

73 Responses

  1. Danil says:

    Thank you, very useful!

  2. Nitin Pawar says:

    Thank you very much Pradeep. I followed your guide and I am successfully able to make K8s network

  3. Rama says:

    Agreed, thanks for taking the time to put this out there.

  4. bodhi says:

    Thank you very much for your sharing! Please let me ask one question, could baseurl in Kubernetes Repositories file be changed to other URL which can be accessed from china? since domain google.com isn’t available from china.

  5. Lucky says:

    Hi Would you know what would cause this error on Kubelet?
    Oct 04 08:09:19 kube1 kubelet[5811]: error: failed to run Kubelet: failed to create kubelet: misconfiguration: kubelet cgroup driver: “systemd” is different from docker cgroup driver:
    Oct 04 08:09:19 kube1 systemd[1]: kubelet.service: main process exited, code=exited, status=1/FAILURE
    Oct 04 08:09:19 kube1 systemd[1]: Unit kubelet.service entered failed state.
    Oct 04 08:09:19 kube1 systemd[1]: kubelet.service failed.

  6. Eugene says:

    I did not have this, /proc/sys/net/bridge/, so ran the following to get that folder:

    modprobe br_netfilter

    • Eugene says:

      Also, `firewall-cmd –reload` should be changed to `firewall-cmd –reload` and it must be noted that this particular command must be run with sudo.

    • cf says:

      @paradeep I think you should also add this step.

      • Gaurav says:

        Same step has to be added in the worker nodes.
        modprobe br_netfilter

        Also all these are temporary and goes away on reboot.

        To make modprobe br_netfilter permanent execute the below command.
        # echo “br_netfilter” > /etc/modules-load.d/br_netfilter.conf

        To make # echo ‘1’ > /proc/sys/net/bridge/bridge-nf-call-iptables execute the below command.
        # echo “net.bridge.bridge-nf-call-iptables = 1” >> /etc/sysctl.conf

  7. vijay says:

    I see when i reboot my master k8s server, im not able to get any pods details and keep getting error

    The connection to the server 10.0.0.29:6443 was refused – did you specify the right host or port?

    I see etcd deosnt support server reboot and master server always should be up and running. if this the case then how can we support it. it may possible that our servers get down for any reason. please help. this is really bothering me. I see document is missing very important steps. i have been strugling with server reboot option and nothing helps me.
    my env is centos 7
    i have already done with following steps

    mkdir -p $HOME/.kube
    sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
    sudo chown $(id -u):$(id -g) $HOME/.kube/config

    i see only option i have after server reboot to run kubeadm reset and then kubeadm init. If this is the case then it is very disappointing because in DC env, there are several servers and they get down on and off.
    please help me how to resolve failure after server reboot.

    • kimvm says:

      Hi,
      We’re running into the same issue. After a restart the master k8s server did’t start, all the k8s docker containers are stopped (Exit code 255).
      Thanks for the tip for using the kubeadm resett and init commands as a temp fix. Did you find any other permanent solutions?

      P.S. We’re running on Ubuntu 16.04.4

  8. Alex says:

    Works fine with 1.8.0 but doesn’t work with 1.8.1

  9. Alex says:

    heh, my fault
    I configured KUBELET_SWAP_ARGS=–fail-swap-on=false on master node, but missed to do it on worker

  10. Chris says:

    Great article.

    One comment / question, this will only work for CentOS 7 and not for RHEL . . or . . ?
    The newest docker CE versions (17.06 and above) won’t install on redhat, only docker EE.

    yum install docker -> No package docker available.

    Or did I mis something . . .?

  11. Egor says:

    When I installed packages on Amazon. I get an error:
    Error: Package: kubelet-1.8.1-0.x86_64 (kubernetes)
    Requires: iptables >= 1.4.21
    Installed: iptables-1.4.18-1.22.amzn1.x86_64 (installed)
    iptables = 1.4.18-1.22.amzn1

    I solved this problem:
    yum install ftp://fr2.rpmfind.net/linux/centos/7.3.1611/os/x86_64/Packages/iptables-1.4.21-17.el7.x86_64.rpm

  12. Alex says:

    The file /etc/sysconfig/selinux as supplied by CentOS is a symlink to /etc/selinux/config but running your sed command will _break_ that link and result in two separate files. You would need to use ‘–follow-symlinks’ on the sed command to preserve the symlink.

    • Alex says:

      so “sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/g’ /etc/sysconfig/selinux” will not work and once you restart machine, you will get selinux enabled
      you need to use “sed -i –follow-symlinks ‘s/SELINUX=enforcing/SELINUX=disabled/g’ /etc/sysconfig/selinux”

  13. Ganesh says:

    Hi Pradeep,

    I followed your instruction and my Cluster is up and Running on CentOS 7, but while I deploy any container I see below errors.

    Error on /var/log/messages
    failed to read pod IP from plugin/docker: NetworkPlugin cni failed on the status hook for pod Unexpected command output Device “eth0”

    Error from kubelet log
    pod_workers.go:182] Error syncing pod 978265f7-b
    helpers.go:468] PercpuUsage had 0 cpus, but the
    remote_runtime.go:115] StopPodSandbox “94f7ad2e4
    kuberuntime_manager.go:780] Failed to stop sandb
    kuberuntime_manager.go:580] killPodWithSyncResul
    pod_workers.go:182] Error syncing pod 978265f7-b

    ContainerCreating from Long time
    tomcat tomcat-7cc899d96f-59zcd 0/1 ContainerCreating 0 9h

    Tried to deploy Dashboard but that too fails
    kube-system kubernetes-dashboard-747c4f7cf-cv6np 0/1 Init:0/1 0 4h

    Please advise what is issue here

    Best Regards
    Ganesh Kumar

  14. Harry says:

    Hi, Can we use the kubeadm join command to make master node join as worker . mean to say can I make master/worker on the same node?

  15. KubeNoob says:

    Hi, I keep getting some http failures while doing “kubeadm init”:
    [kubelet-check] It seems like the kubelet isn’t running or healthy.
    [kubelet-check] The HTTP call equal to ‘curl -sSL http://localhost:10255/healthz‘ failed with error: Get http://localhost:10255/healthz: dial tcp [::1]:10255: getsockopt: connection refused.
    [kubelet-check] It seems like the kubelet isn’t running or healthy.
    [kubelet-check] The HTTP call equal to ‘curl -sSL http://localhost:10255/healthz‘ failed with error: Get http://localhost:10255/healthz: dial tcp [::1]:10255: getsockopt: connection refused.

    Any idea?

  16. Ganesh says:

    Hi

    Did anyone setup HA Master Setup for Baremetal Centos, please guide step by step instruction if anyone did it

    Best Regards
    Ganesh

  17. Stan says:

    Hi,

    I followed this tutorial to setup kubernetes on CentOS. I have set the cluster to be able to schedule pods on master to make a single node cluster. I have also created a custom namespace ‘test’ and deployed a busybox pod on it. I can lookup the busybox pod in the test namespace from a busybox pod in the default namespace but not vice versa.

    $ kubectl exec -ti busybox — nslookup busybox.test [OK]

    $ kubectl -n smartvend exec busybox — nslookup kubernetes.default

    Name: kubernetes.default
    Address 1: 10.96.0.1 kubernetes.default.svc.cluster.local
    nslookup: can’t resolve ‘(null)’: Name does not resolve

    $ kubectl -n test exec -ti busybox — nslookup busybox.default [NOT OK]

    nslookup: can’t resolve ‘(null)’: Name does not resolve

    $ kubectl -n test exec -ti busybox — nslookup busybox2.test [NOT OK]

    nslookup: can’t resolve ‘(null)’: Name does not resolve

    Seems there might be a problem in dealing with a custom namespace? Is there anything I should do to make this work?

  18. Asher says:

    Great manual. Is something missing in configuring the nodes? configure the network?

  19. Balamurugan says:

    [[email protected] net]# systemctl restart kubelet && systemctl enable kubelet
    Failed to restart kubelet.service: Unit not found.

  20. Balamurugan says:

    Hi Pradeep,

    Pls assist me on my below errors,

    [[email protected] net]# kubeadm init
    [kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
    [init] Using Kubernetes version: v1.8.4
    [init] Using Authorization modes: [Node RBAC]
    [preflight] Running pre-flight checks
    [preflight] WARNING: firewalld is active, please ensure ports [6443 10250] are open or your cluster may not function correctly
    [preflight] Some fatal errors occurred:
    running with swap on is not supported. Please disable swap
    [preflight] If you know what you are doing, you can skip pre-flight checks with `–skip-preflight-checks`

  21. Sundeep says:

    Can someone tell me how to determine the cluster CIDR of the master node which I have initialized using `kubeadm init` as detailed in this article? My master node is on CentOS 7 and I am trying to join a Windows node to the cluster and it requires me to pass the Cluster CIDR to the script.

  22. Rajinikamu says:

    Hi

    I am getting Node status is “Not Ready” when it connected to master node for the first time.

    # kubectl get nodes
    NAME STATUS ROLES AGE VERSION
    labserver NotReady 1h v1.9.0
    rhel74 Ready master 3h v1.9.0

  23. vishal says:

    thank so much for your blog.
    i am getting this error on https://10.0.1.166:6443/

    {
    “kind”: “Status”,
    “apiVersion”: “v1”,
    “metadata”: {

    },
    “status”: “Failure”,
    “message”: “forbidden: User \”system:anonymous\” cannot get path \”/\””,
    “reason”: “Forbidden”,
    “details”: {

    },
    “code”: 403
    }

    please help me

  24. yafeng says:

    Hi,

    After “kubeadm join” is executed on the node, weave-net fails to start.

    On the node, “journalctl -xe” shows:
    reflector.go:205] github.com/weaveworks/weave/prog/weave-npc/main.go:229: Failed to list *v1.Pod: Get https://10.96.0.1:443/api/v1/pods?resourceVersion=0: dial tcp 10.96.0.1:443: i/o timeout

    But the kube-apiserver is https://192.168.56.109:6443.

    And I tried with curl -k https://192.168.56.109:6443//api/v1/pods on the node:
    {
    “kind”: “Status”,
    “apiVersion”: “v1”,
    “metadata”: {

    },
    “status”: “Failure”,
    “message”: “pods is forbidden: User \”system:anonymous\” cannot list pods at the cluster scope”,
    “reason”: “Forbidden”,
    “details”: {
    “kind”: “pods”
    },
    “code”: 403

    but no response with curl -k https://10.96.0.1:443/api/v1/pods.

    Any help is appreciated.
    Thanks.

  25. ugender says:

    Could you share steps if the master server is restarted will the services come itself or what is the procedure you recommend to start and ensure node(minions) sync together.
    Also where does the etcd,kube-apiserver,scheduler,controller-manager,flannel/weave, configuration available.
    How to start individually

  26. ugender says:

    While i setup using your tutorial i got value as null in kubectl config view

  27. Marcin says:

    Hey Pradeep

    Thanks for very useful tutorial
    I just successfully completed a cluster build, using k8s 1.9.3 and docker 1.12.6 (centos 7)

    Only two comments:
    1. When setting up the MASTER:
    no need to do `systemctl restart kubelet` before running the `kubeadm init`.
    Just do the `systemctl enable kublet` and then run `kubeadm init` which will set everything up and start the kublet service.

    If you try to start it before the init part – it will error out, complaining about being unable to load some CA certs.

    2. When adding the firewall rules for the worker nodes:
    the bridge config `echo ‘1’ > /proc/sys/net/bridge/bridge-nf-call-iptables` will fail, as the file does not exist yet.

    do the first step would be to:
    – install kubeadm and docker
    – enable and start docker service
    – enable kubelet service
    – join the node to cluster, which will automatically start kublet service

    ALSO:
    if you are using a minimal install from ISO (like I was – on virtual machines, with just default install settings). Make sure you disable swap !
    None of the kubeadm stuff will work if your machines have active swap (it will error out, complaining about it, asking you to disable it).

  28. Ritesh says:

    I have made a cluseter , in which master is not in ready state , how master can be bring up to ready state and how to assign role of worker nodes?

    [[email protected] tmp]# kubectl get nodes
    NAME STATUS ROLES AGE VERSION
    k8s-master NotReady master 38m v1.9.3
    worker-node1 Ready 35m v1.9.3
    worker-node2 Ready 37m v1.9.3

  29. Swagat says:

    Hi Pradeep,

    Thank you very much for sharing this. I was struggling to set kubernetes for a period of time. Your article helped a lot and I configured kubernetes cluster successfully. Thanks again.

  30. Ansari says:

    I successfully installed kubernetes cluster but getting error once i tried to access Web UI :

    {
    “kind”: “Status”,
    “apiVersion”: “v1”,
    “metadata”: {

    },
    “status”: “Failure”,
    “message”: “services \”kube-dns:dns\” is forbidden: User \”system:anonymous\” cannot get services/proxy in the namespace \”kube-system\””,
    “reason”: “Forbidden”,
    “details”: {
    “name”: “kube-dns:dns”,
    “kind”: “services”
    },
    “code”: 403
    }

  31. Ansari says:

    can someone help me out on this issue

  32. dgarc7 says:

    This manual also serves to install 1.9 kubernetes without problems, thank you very much

  33. Nil says:

    Hi Pradeep, Thanks for this article. I am using flannel instead of weave for network overlay. When I do an ifconfig on my master and worker node, my docker0(172.17.xx.xx) and flannel1(10.244.xx.xx) interfaces have different IP subnets. It is not clear to me(maybe due to lack of understanding) whether I need explicitly install and configure =flanneld (using yum install flanneld) on the master and worker nodes. Or does the kubectl apply -f ..flannel.yml does that for me?

  34. Jeyson Junior Ventura Aguilar says:

    The best tutorial how install kubernetes thank you!!

  35. Mateus M. Côrtes says:

    “Disable selinux”…

    • Ray Morris says:

      Yeah disable security on the whole machine – great idea.

      The right way to handle a security (selinux) error in software is:
      sealert -a /var/log/audit/audit.log

  36. Vijay Thakur says:

    Hi Pradeep thanks for article. can you suggest me fix for this is error “modprobe: FATAL: Module br_netfilter not found.non-zero return code” i am stuck at initial point.

    Thanks in Advance !

  37. Vitaly says:

    Thank you. The best tutorial. Please add about situation with two ethernet interfaces. Wen I try it with first – HostOnly and second bridge^ I can not start master correctrly

  38. steven says:

    While good for Centos 7.5, these notes do not transfer to RHEL7.5 and its pretty obvious its not even tested as the differences are not highlighted.

  39. Ahsan says:

    awesome work man nice explanation

    thanks

  40. Sal Sclafani says:

    Hi. Setting up the k8s cluster worked great but after installing the kubernetes Dashboard it is not accessible. We come up with an error:’dial tcp 10.x.x.6:8443: connect: no route to host’. We’ve tried a ton of fixes but still cannot access the Dashboard. Any ideas?

  41. Sam says:

    Hi
    Thanks for this article. I now have Kubernetes master and the nodes connected. However, I had some issues doing so when I ran the ‘join’ step. I was getting the reply that the certificate is not yet ready and is not valid.

    Bringing up ntpd on all the master and nodes helped. I think that is an important step that should be added. While bringing up docker and kubeadm, ntpd can also be added.

    thanks
    Sam

  42. Phani Mullapudi says:

    One also has to turn the swapoff to start kub8

  43. Alexandre says:

    Hi, now is octuber, 2018 but I decide follow this tutorial, but get a error when I run:
    >> kubeadmin init
    “preflight] Some fatal errors occurred:
    [ERROR SystemVerification]: unsupported docker version: 18.09.0
    [preflight] If you know what you are doing, you can make a check non-fatal with `–ignore-preflight-errors=…`”

    My distro is a Red Hat Enterprise Linux Server 7.6

    How i can solve this?

    • Ashish Shukla says:

      Hi Alexandre,
      It seems docker(18.09 version) is already installed on the Red had distro.
      Kubeadm wont support this version currently.So you need to remove the existing docker and install the appropriate one.

  44. prem says:

    Hi, I am getting the below error when i run kubeadm init in master node. Your help / suggestion will be valuable.

    kubeadm init
    [init] Using Kubernetes version: v1.13.0
    [preflight] Running pre-flight checks
    error execution phase preflight: [preflight] Some fatal errors occurred:
    [ERROR NumCPU]: the number of available CPUs 1 is less than the required 2
    [preflight] If you know what you are doing, you can make a check non-fatal with `–ignore-preflight-errors=…

  45. Jack says:

    I followed the instruct and the master come up no problem. But I install the node and ran the join command I got NotReady for the node machine.
    [[email protected] ~]$ kubectl get nodes –all-namespaces
    NAME STATUS ROLES AGE VERSION
    dev01 Ready master 68m v1.13.0
    dev02 NotReady 59m v1.13.0

  46. Ravikiran says:

    Really very helpful info…… thanks for step by step information in detailed

  47. Dhananjay Lambe says:

    i have reboot the master then kubeadm init command will work

  48. Mike says:

    I never heard about kubernet but was able to install following this tutorial. Had a few struggles with join the nodes but that was because was my first time, but I couldn’t do it without and neither have found a better tutorial. Simply the best

  49. Satya says:

    wonderful documentation, Thank you so much!

  50. Ezequiel Tolnay says:

    Installing kubeadm in my machine failed:
    Public key for 53edc739a0e51a4c17794de26b13ee5df939bd3161b37f503fe2af8980b41a89-cri-tools-1.12.0-0.x86_64.rpm is not installed

    Installing the GPG keys manually did the trick:
    rpm –import https://packages.cloud.google.com/yum/doc/yum-key.gpg
    rpm –import https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg

  51. BALAJI POTHULA says:

    I searched / read many websites to setup K8S setup. None of them not explained clear. You are the best best best one.

  52. karan says:

    getting below error message, while i am trying to fetch nodes.. what should i do:
    [[email protected] docker]# kubectl get nodes
    The connection to the server 192.168.2.133:6443 was refused – did you specify the right host or port?
    [[email protected] docker]#

  53. Gaurav says:

    Hi,

    Can you kindly share how to install the Dashboard and access it on a browser which is not on the k8s master

    Regards,
    Gaurav

  54. hasanuddin says:

    nice work for me

  55. kadal says:

    In RHEL7.4 Master, After i configured repo, docket didnt install, do i need to install it in separate steps. Because of this, not able to setup k8s clauster

Leave a Reply to vijay Cancel reply

Your email address will not be published. Required fields are marked *