add workaround for RHEL8

Signed-off-by: Kay Yan <kay.yan@daocloud.io>

README.md

@@ -77,13 +77,13 @@ vagrant up
 - **Flatcar Container Linux by Kinvolk**
 - **Debian** Bookworm, Bullseye
 - **Ubuntu** 20.04, 22.04, 24.04
-- **CentOS/RHEL** [8, 9](docs/operating_systems/centos.md#centos-8)
+- **CentOS/RHEL** [8, 9](docs/operating_systems/rhel.md#rhel-8)
 - **Fedora** 39, 40
 - **Fedora CoreOS** (see [fcos Note](docs/operating_systems/fcos.md))
 - **openSUSE** Leap 15.x/Tumbleweed
-- **Oracle Linux** [8, 9](docs/operating_systems/centos.md#centos-8)
-- **Alma Linux** [8, 9](docs/operating_systems/centos.md#centos-8)
-- **Rocky Linux** [8, 9](docs/operating_systems/centos.md#centos-8)
+- **Oracle Linux** [8, 9](docs/operating_systems/rhel.md#rhel-8)
+- **Alma Linux** [8, 9](docs/operating_systems/rhel.md#rhel-8)
+- **Rocky Linux** [8, 9](docs/operating_systems/rhel.md#rhel-8)
 - **Kylin Linux Advanced Server V10** (experimental: see [kylin linux notes](docs/operating_systems/kylinlinux.md))
 - **Amazon Linux 2** (experimental: see [amazon linux notes](docs/operating_systems/amazonlinux.md))
 - **UOS Linux** (experimental: see [uos linux notes](docs/operating_systems/uoslinux.md))

docs/operating_systems/rhel.md

@@ -25,10 +25,17 @@ rh_subscription_role: "Red Hat Enterprise Server"
 rh_subscription_sla: "Self-Support"
 ```
 
-If the RHEL 7/8 hosts are already registered to a valid Red Hat support subscription via an alternative configuration management approach prior to the deployment of Kubespray, the successful RHEL `subscription-manager` status check will simply result in the RHEL subscription registration tasks being skipped.
+If the RHEL 8/9 hosts are already registered to a valid Red Hat support subscription via an alternative configuration management approach prior to the deployment of Kubespray, the successful RHEL `subscription-manager` status check will simply result in the RHEL subscription registration tasks being skipped.
 
 ## RHEL 8
 
-If you have containers that are using iptables in the host network namespace (`hostNetwork=true`),
+In the RHEL(including the AlamLinux, RockyLinux, Centos) 8, if you have containers that are using iptables in the host network namespace (`hostNetwork=true`),
 you need to ensure they are using iptables-nft.
 An example how k8s do the autodetection can be found [in this PR](https://github.com/kubernetes/kubernetes/pull/82966)
+
+Kernel version 4.18 is lower than the kubeadm 1.32 system verification requirement. Refer to [this PR](https://github.com/kubernetes/system-validators/pull/48). Therefore, you need to add the following configuration to ignore the kubeadm preflight errors:
+
+```ini
+kubeadm_ignore_preflight_errors:
+  - SystemVerification
+```

roles/kubespray-defaults/defaults/main/download.yml

@@ -363,7 +363,6 @@ snapshot_controller_supported_versions:
   v1.32: "v7.0.2"
   v1.31: "v7.0.2"
   v1.30: "v7.0.2"
-  v1.29: "v7.0.2"
 snapshot_controller_image_repo: "{{ kube_image_repo }}/sig-storage/snapshot-controller"
 snapshot_controller_image_tag: "{{ snapshot_controller_supported_versions[kube_major_version] }}"
 

tests/files/packet_almalinux8-calico-ha-ebpf.yml

@@ -8,3 +8,7 @@ vm_memory: 3072
 calico_bpf_enabled: true
 loadbalancer_apiserver_localhost: true
 auto_renew_certificates: true
+
+# Workaround for RHEL8: kernel version 4.18 is lower than Kubernetes system verification.
+kubeadm_ignore_preflight_errors:
+  - SystemVerification

tests/files/packet_almalinux8-calico-nodelocaldns-secondary.yml

@@ -7,3 +7,7 @@ vm_memory: 3072
 # Kubespray settings
 enable_nodelocaldns_secondary: true
 loadbalancer_apiserver_type: haproxy
+
+# Workaround for RHEL8: kernel version 4.18 is lower than Kubernetes system verification.
+kubeadm_ignore_preflight_errors:
+  - SystemVerification

tests/files/packet_almalinux8-calico-remove-node.yml

@@ -5,3 +5,7 @@ mode: ha
 
 # Kubespray settings
 auto_renew_certificates: true
+
+# Workaround for RHEL8: kernel version 4.18 is lower than Kubernetes system verification.
+kubeadm_ignore_preflight_errors:
+  - SystemVerification

tests/files/packet_almalinux8-calico.yml

@@ -20,3 +20,7 @@ ntp_force_sync_immediately: true
 
 # Scheduler plugins
 scheduler_plugins_enabled: true
+
+# Workaround for RHEL8: kernel version 4.18 is lower than Kubernetes system verification.
+kubeadm_ignore_preflight_errors:
+  - SystemVerification

tests/files/packet_almalinux8-crio.yml

@@ -6,3 +6,7 @@ mode: default
 # Kubespray settings
 container_manager: crio
 auto_renew_certificates: true
+
+# Workaround for RHEL8: kernel version 4.18 is lower than Kubernetes system verification.
+kubeadm_ignore_preflight_errors:
+  - SystemVerification

tests/files/packet_almalinux8-docker.yml

@@ -8,3 +8,7 @@ vm_memory: 3072
 container_manager: docker
 etcd_deployment_type: docker
 resolvconf_mode: docker_dns
+
+# Workaround for RHEL8: kernel version 4.18 is lower than Kubernetes system verification.
+kubeadm_ignore_preflight_errors:
+  - SystemVerification

tests/files/packet_almalinux8-kube-ovn.yml

@@ -6,3 +6,7 @@ vm_memory: 3072
 
 # Kubespray settings
 kube_network_plugin: kube-ovn
+
+# Workaround for RHEL8: kernel version 4.18 is lower than Kubernetes system verification.
+kubeadm_ignore_preflight_errors:
+  - SystemVerification

tests/files/packet_amazon-linux-2-all-in-one.yml

@@ -2,3 +2,7 @@
 # Instance settings
 cloud_image: amazon-linux-2
 mode: all-in-one
+
+# Workaround for RHEL8: kernel version 4.18 is lower than Kubernetes system verification.
+kubeadm_ignore_preflight_errors:
+  - SystemVerification

tests/files/packet_rockylinux8-calico.yml

@@ -9,3 +9,7 @@ metrics_server_enabled: true
 dashboard_namespace: "kube-dashboard"
 dashboard_enabled: true
 loadbalancer_apiserver_type: haproxy
+
+# Workaround for RHEL8: kernel version 4.18 is lower than Kubernetes system verification.
+kubeadm_ignore_preflight_errors:
+  - SystemVerification