Setup k3s on CentOS 7

Imagine this: you need a lightweight Kubernetes cluster up and running today—no drama, no endless YAML, no “what did I forget?” moments. That’s where k3s shines, especially on CentOS 7. I’ll walk you through the setup, toss in some hard-earned tips, and call out gotchas that can trip up even seasoned pros.

Step 1: Prerequisites—Get Your House in Order

Before you touch k3s, make sure your CentOS 7 box is ready. Trust me, skipping this step leads to pain later.

• Set a static IP and hostname (don’t rely on DHCP for servers!):

  vi /etc/sysconfig/network-scripts/ifcfg-eth0
  vi /etc/hostname
  

  Tip: After editing, restart networking or reboot to apply changes.

• Optional: Disable the firewall (for labs or trusted networks only):

  systemctl disable firewalld --now
  

  Gotcha: If you keep the firewall, open ports 6443 (Kubernetes API), 10250, and 8472 (Flannel VXLAN).

Step 2: (Optional) Install Rancher RKE2

If you want Rancher’s full power, set up RKE2 first. Otherwise, skip to k3s install.

1. Create config directory:

   mkdir -p /etc/rancher/rke2
   

2. Edit config.yaml:

   token: somestringforrancher
   tls-san:
     - 192.168.1.128
   

   Tip: Replace 192.168.1.128 with your server’s IP. The tls-san entry is critical for SSL and HA setups.

3. Install Rancher:

   curl -sfL https://get.rancher.io | sh -
   

4. Enable and start the Rancher service:

   systemctl enable rancherd-server.service
   systemctl start rancherd-server.service
   

5. Check startup status:

   journalctl -eu rancherd-server.service -f
   

   Tip: Look for “Ready” messages. Errors here usually mean a misconfigured config.yaml or missing ports.

6. Reset Rancher admin password (for UI login):

   rancherd reset-admin
   

Step 3: Install k3s—The Main Event

Master Node Setup

curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" sh -

• Tip: K3S_KUBECONFIG_MODE="644" makes /etc/rancher/k3s/k3s.yaml world-readable. Good for quick access, but not for production security!
• Get your cluster token (needed for workers):

  sudo cat /var/lib/rancher/k3s/server/node-token
  

Worker Node Setup

curl -sfL https://get.k3s.io | \
  K3S_URL="https://<MASTER_IP>:6443" \
  K3S_TOKEN="<TOKEN>" \
  K3S_NODE_NAME="<NODE_NAME>" \
  sh -

• Replace <MASTER_IP> with your master’s IP, <TOKEN> with the value from node-token, and <NODE_NAME> with a unique name for the node.
• Gotcha: If you see “permission denied” or “failed to connect,” double-check your firewall and SELinux settings. CentOS 7 can be picky.

Final Thoughts: What’s Next?

You’ve got a blazing-fast Kubernetes cluster. Next, try kubectl get nodes (grab the kubeconfig from /etc/rancher/k3s/k3s.yaml), deploy a test workload, and—if you’re feeling brave—secure your setup for production. If you hit a snag, don’t waste time: check logs, verify IPs, and make sure your token matches.

I’m Max L, and I never trust a cluster until I’ve rebooted every node at least once. Happy hacking!