CentOS 7 Kubernetes Worker Node Setup - Validation & Corrections
1. Repository Configuration
# Backup existing repo files
sudo cp -r /etc/yum.repos.d /etc/yum.repos.d.backup
# Update all CentOS repo files to use vault
sudo sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
sudo sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
# Clean yum cache
sudo yum clean all
sudo yum makecache
Status: - CentOS 7 is EOL, so vault repositories are necessary.
2. System Package Installation
# Install required system packages
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
Status: - These are required for container runtime.
3. Kubernetes Repository Setup
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.32/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.32/rpm/repodata/repomd.xml.key
exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
EOF
Status: - Uses the new Kubernetes repository format.
⚠️ Issues Found & Corrections
1. Container Runtime Configuration
Issue: Script installs containerd.io
but doesn't configure it properly for Kubernetes.
Correction:
# Install containerd
sudo yum install -y containerd.io
# Configure containerd for Kubernetes
sudo mkdir -p /etc/containerd
containerd config default | sudo tee /etc/containerd/config.toml
# Enable SystemdCgroup (CRITICAL for Kubernetes)
sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
# Restart and enable containerd
sudo systemctl restart containerd
sudo systemctl enable containerd
2. Kubernetes Package Installation
Issue: Version pinning may cause issues if exact version isn't available.
Correction:
# Install Kubernetes components (use --nogpgcheck if GPG issues occur)
sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
# Enable kubelet (don't start yet - will fail until joined)
sudo systemctl enable kubelet
3. System Configuration Issues
Issue: Several sysctl parameters are duplicated and kernel modules aren't properly configured.
Correction:
# Load required kernel modules
sudo modprobe overlay
sudo modprobe br_netfilter
# Make modules persistent
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
# Set sysctl parameters
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
sudo sysctl --system
4. CNI Configuration Issues
Issue: CNI version might be outdated, and worker nodes don't need manual CNI configuration.
Correction:
# CNI will be configured automatically by the CNI plugin (Flannel/Calico)
# Only ensure CNI directories exist
sudo mkdir -p /etc/cni/net.d
sudo mkdir -p /opt/cni/bin
5. Kubelet Configuration
Issue: Manual kubelet configuration is unnecessary and potentially problematic.
Correction:
# Remove manual kubelet configuration - kubeadm will handle this
# The kubelet will be configured automatically during join
🔧 Recommended Complete Setup Script
#!/bin/bash
# 1. Configure CentOS 7 repositories (EOL)
sudo cp -r /etc/yum.repos.d /etc/yum.repos.d.backup
sudo sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
sudo sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
sudo yum clean all && sudo yum makecache
# 2. Install required packages
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
# 3. Install container runtime
sudo yum install -y containerd.io
# 4. Configure containerd
sudo mkdir -p /etc/containerd
containerd config default | sudo tee /etc/containerd/config.toml
sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
sudo systemctl restart containerd
sudo systemctl enable containerd
# 5. Add Kubernetes repository
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.32/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.32/rpm/repodata/repomd.xml.key
exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
EOF
# 6. Install Kubernetes components
sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
sudo systemctl enable kubelet
# 7. Configure system
sudo swapoff -a
sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
# 8. Load kernel modules
sudo modprobe overlay
sudo modprobe br_netfilter
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
# 9. Configure sysctl
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
sudo sysctl --system
# 10. Configure firewall
sudo systemctl stop firewalld
sudo systemctl disable firewalld
# 11. Create CNI directories
sudo mkdir -p /etc/cni/net.d
sudo mkdir -p /opt/cni/bin
# 12. Join the cluster (replace with your actual join command)
# sudo kubeadm join <master-ip>:6443 --token <token> --discovery-token-ca-cert-hash sha256:<hash>
🚨 Critical Points
- Don't start kubelet before joining - It will fail until the node joins the cluster
- SystemdCgroup = true is essential for containerd with Kubernetes
- Firewall must be disabled or properly configured for Kubernetes ports
- Swap must be disabled completely
- Use exact join command from your master node
- Verify containerd is running before attempting to join
🔍 Verification Steps
After setup, verify before joining:
# Check containerd status
sudo systemctl status containerd
# Check kubelet status (should be inactive until joined)
sudo systemctl status kubelet
# Verify swap is disabled
free -h
# Check if required kernel modules are loaded
lsmod | grep br_netfilter
lsmod | grep overlay
Top comments (0)