CentOS 7 (Worker Node)

CentOS 7 Kubernetes Worker Node Setup - Validation & Corrections

1. Repository Configuration

# Backup existing repo files
sudo cp -r /etc/yum.repos.d /etc/yum.repos.d.backup

# Update all CentOS repo files to use vault
sudo sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
sudo sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*

# Clean yum cache
sudo yum clean all
sudo yum makecache

Status: - CentOS 7 is EOL, so vault repositories are necessary.

2. System Package Installation

# Install required system packages
sudo yum install -y yum-utils device-mapper-persistent-data lvm2

Status: - These are required for container runtime.

3. Kubernetes Repository Setup

cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.32/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.32/rpm/repodata/repomd.xml.key
exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
EOF

Status: - Uses the new Kubernetes repository format.

⚠️ Issues Found & Corrections

1. Container Runtime Configuration

Issue: Script installs containerd.io but doesn't configure it properly for Kubernetes.

Correction:

# Install containerd
sudo yum install -y containerd.io

# Configure containerd for Kubernetes
sudo mkdir -p /etc/containerd
containerd config default | sudo tee /etc/containerd/config.toml

# Enable SystemdCgroup (CRITICAL for Kubernetes)
sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml

# Restart and enable containerd
sudo systemctl restart containerd
sudo systemctl enable containerd

2. Kubernetes Package Installation

Issue: Version pinning may cause issues if exact version isn't available.

Correction:

# Install Kubernetes components (use --nogpgcheck if GPG issues occur)
sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes

# Enable kubelet (don't start yet - will fail until joined)
sudo systemctl enable kubelet

3. System Configuration Issues

Issue: Several sysctl parameters are duplicated and kernel modules aren't properly configured.

Correction:

# Load required kernel modules
sudo modprobe overlay
sudo modprobe br_netfilter

# Make modules persistent
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF

# Set sysctl parameters
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF

sudo sysctl --system

4. CNI Configuration Issues

Issue: CNI version might be outdated, and worker nodes don't need manual CNI configuration.

Correction:

# CNI will be configured automatically by the CNI plugin (Flannel/Calico)
# Only ensure CNI directories exist
sudo mkdir -p /etc/cni/net.d
sudo mkdir -p /opt/cni/bin

5. Kubelet Configuration

Issue: Manual kubelet configuration is unnecessary and potentially problematic.

Correction:

# Remove manual kubelet configuration - kubeadm will handle this
# The kubelet will be configured automatically during join

🔧 Recommended Complete Setup Script

#!/bin/bash

# 1. Configure CentOS 7 repositories (EOL)
sudo cp -r /etc/yum.repos.d /etc/yum.repos.d.backup
sudo sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
sudo sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
sudo yum clean all && sudo yum makecache

# 2. Install required packages
sudo yum install -y yum-utils device-mapper-persistent-data lvm2

# 3. Install container runtime
sudo yum install -y containerd.io

# 4. Configure containerd
sudo mkdir -p /etc/containerd
containerd config default | sudo tee /etc/containerd/config.toml
sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
sudo systemctl restart containerd
sudo systemctl enable containerd

# 5. Add Kubernetes repository
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.32/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.32/rpm/repodata/repomd.xml.key
exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
EOF

# 6. Install Kubernetes components
sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
sudo systemctl enable kubelet

# 7. Configure system
sudo swapoff -a
sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

# 8. Load kernel modules
sudo modprobe overlay
sudo modprobe br_netfilter

cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF

# 9. Configure sysctl
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF

sudo sysctl --system

# 10. Configure firewall
sudo systemctl stop firewalld
sudo systemctl disable firewalld

# 11. Create CNI directories
sudo mkdir -p /etc/cni/net.d
sudo mkdir -p /opt/cni/bin

# 12. Join the cluster (replace with your actual join command)
# sudo kubeadm join <master-ip>:6443 --token <token> --discovery-token-ca-cert-hash sha256:<hash>

🚨 Critical Points

1. Don't start kubelet before joining - It will fail until the node joins the cluster
2. SystemdCgroup = true is essential for containerd with Kubernetes
3. Firewall must be disabled or properly configured for Kubernetes ports
4. Swap must be disabled completely
5. Use exact join command from your master node
6. Verify containerd is running before attempting to join

🔍 Verification Steps

After setup, verify before joining:

# Check containerd status
sudo systemctl status containerd

# Check kubelet status (should be inactive until joined)
sudo systemctl status kubelet

# Verify swap is disabled
free -h

# Check if required kernel modules are loaded
lsmod | grep br_netfilter
lsmod | grep overlay