In order to reliably run Kubernetes and connect to the SLATE federation, a few changes are needed to the base CentOS install. The following prerequisite steps will need to be applied to all SLATE nodes in your cluster.
First, you will need to disable SELinux as this generally conflicts with Kubernetes:
setenforce 0
sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
If you wish to retain the SELinux logging, you can alternatively use ‘permissive’ mode rather than enforcing.
Swap must be disabled for Kubernetes to run effectively. Swap is typically enabled in a default CentOS installation where automatic partitioning has been selected. To disable swap:
swapoff -a
sed -e '/swap/s/^/#/g' -i /etc/fstab
In order to properly communicate with other devices within the cluster, firewalld
must be disabled:
systemctl disable --now firewalld
While optional, we strongly recommend disabling root login over SSH for security reasons.
sed -i --follow-symlinks 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
Ensure that bridged network traffic goes through iptables.
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system