Single node Kubernetes Cluster on Fedora with SELinux enabled

Kubeadm to install Single Node K8S with SELinux

Suraj Deshmukh

2 minute read

Start a single node fedora machine, using whatever method but I have used this Vagrantfile to do it:

# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|

  config.vm.define "fedora" do |fedora| = "fedora/28-cloud-base"
    config.vm.hostname = "fedora"

  config.vm.provider "virtualbox" do |virtualbox, override|
    virtualbox.memory = 4096
    virtualbox.cpus = 4

  config.vm.provision "shell", privileged: false, inline: <<-SHELL
    echo ' localhost' | cat - /etc/hosts > temp && sudo mv temp /etc/hosts

Now start it and ssh into it:

vagrant up
vagrant ssh

Once inside the machine, become root user and run this script:

sudo -i
curl | sh

And you should have a running Kubernetes cluster.

Understanding steps

Install and start docker:

yum install -y docker
systemctl enable docker && systemctl start docker

Install kubelet and start it:

echo "
" | tee /etc/yum.repos.d/kubernetes.repo

yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
systemctl enable kubelet && systemctl start kubelet

Set SELinux contexts:

# for kubernetes files
mkdir -p /etc/kubernetes/
chcon -R -t svirt_sandbox_file_t /etc/kubernetes/

# for etcd files
mkdir -p /var/lib/etcd
chcon -R -t svirt_sandbox_file_t /var/lib/etcd

Start kubeadm:

kubeadm config images pull
kubeadm init

Set the kubectl context:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

Install network, this step can be varied depending on which networking provider you want to install, here I have installed weave net. For other providers see here.

kubectl apply -f "$(kubectl version | base64 | tr -d '\n')"

Also use master node as worker node.

kubectl taint nodes --all

Finally list nodes or wait until node is ready.

kubectl get nodes

Debugging the setup

  • You can see logs of kubelet by running journalctl -f -u kubelet
  • You can also see if there are any failing control plain containers by running docker ps -a and then check the logs of failed containers.


comments powered by Disqus