5.2.1.1. OS Setup

5.2.1.1.1. Basic OS Setup

This section covers the basic preparation of Kubernetes nodes before installing components. It describes setting up environment variables, changing the hostname, and installing required system utilities. These steps are mandatory for the correct operation of kubelet and other control plane components.

Basic node setup

● Required

Basic node settings

• Node environment variables.
• Changing the node name.
• Installing dependencies.

Node environment variables

master-1

export HOST_NAME=master-1

master-2

export HOST_NAME=master-2

master-3

export HOST_NAME=master-3

export CLUSTER_NAME="my-first-cluster"
export BASE_DOMAIN="example.com"
export CLUSTER_DOMAIN="cluster.local"
export FULL_HOST_NAME="${HOST_NAME}.${CLUSTER_NAME}.${BASE_DOMAIN}"

Changing the node name

hostnamectl set-hostname ${FULL_HOST_NAME}

Installing dependencies

apt

sudo apt update
sudo apt install -y conntrack socat jq tree

yum

sudo yum update
sudo yum install -y conntrack-tools socat jq tree

dnf

sudo dnf update
sudo dnf install -y conntrack-tools socat jq tree

5.2.1.1.2. Kernel Module Configuration

This section covers loading kernel modules required for the correct operation of Kubernetes. The setup includes modprobe configuration and activation of the overlay and br_netfilter modules, which provide support for the container filesystem and network functions. These steps are mandatory for the functioning of network policies, iptables, and container runtimes.

Loading kernel modules

● Required

Component installation steps:

• Modprobe configuration.
• Loading modules.

Bash

Modprobe configuration

cat <<EOF > /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF

Loading modules

sudo -i
modprobe overlay
modprobe br_netfilter

Cloud-init

Modprobe configuration

# write_files:
- path: /etc/modules-load.d/k8s.conf
  owner: root:root
  permissions: '0644'
  content: |
    overlay
    br_netfilter

Loading modules

# runcmd:
- modprobe overlay
- modprobe br_netfilter

note

The overlay module is used by the OverlayFS filesystem to manage container layers. It allows merging multiple directories into a single virtual filesystem. It is used by runtimes such as Docker and containerd.

The br_netfilter module enables processing of network bridge traffic through the netfilter subsystem. This is necessary for the correct operation of iptables in Kubernetes.

5.2.1.1.3. Configuring sysctl Parameters

This section covers configuring kernel parameters using sysctl, which are necessary for Kubernetes networking. Changes are made to ensure traffic routing between pods and correct iptables operation for bridges. These parameters are mandatory for enabling IP packet forwarding and network flow filtering in the cluster.

Configuring sysctl parameters

● Required

Component installation steps:

• Sysctl configuration.
• Applying configuration.

Note

Network Parameters

For correct traffic routing and filtering, kernel parameters must be set.

Bash

Sysctl configuration

cat <<EOF > /etc/sysctl.d/99-br-netfilter.conf
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
EOF

Applying configuration

sysctl --system

Cloud-init

Sysctl configuration

# write_files:
- path: /etc/sysctl.d/99-br-netfilter.conf
  owner: root:root
  permissions: '0644'
  content: |
    net.bridge.bridge-nf-call-iptables=1
    net.bridge.bridge-nf-call-ip6tables=1

Applying configuration

# runcmd:
- sysctl --system

If the net.ipv4.ip_forward parameter is not enabled, the system will not forward IP packets between interfaces. This can lead to network failures within the cluster, service unavailability, and loss of connectivity between pods.

Bash

Sysctl configuration

cat <<EOF > /etc/sysctl.d/99-network.conf
net.ipv4.ip_forward=1
EOF

sysctl --system

Cloud-init

Sysctl configuration

# write_files:
- path: /etc/sysctl.d/99-network.conf
  owner: root:root
  permissions: '0644'
  content: |
    net.ipv4.ip_forward=1

Applying configuration

# runcmd:
- sysctl --system