add workaround for RHEL8

Signed-off-by: Kay Yan <kay.yan@daocloud.io>
kubernetes-sigs · Jan 14, 2025 · d0b2cdf · d0b2cdf
1 parent e8c3cfd
commit d0b2cdf
Show file tree

Hide file tree

Showing 10 changed files with 60 additions and 21 deletions.
diff --git a/README.md b/README.md
@@ -77,19 +77,21 @@ vagrant up
 - **Flatcar Container Linux by Kinvolk**
 - **Debian** Bookworm, Bullseye
 - **Ubuntu** 20.04, 22.04, 24.04
-- **CentOS/RHEL** [8, 9](docs/operating_systems/centos.md#centos-8)
+- **CentOS/RHEL** [8, 9](docs/operating_systems/rhel.md#rhel-8)
 - **Fedora** 39, 40
 - **Fedora CoreOS** (see [fcos Note](docs/operating_systems/fcos.md))
 - **openSUSE** Leap 15.x/Tumbleweed
-- **Oracle Linux** [8, 9](docs/operating_systems/centos.md#centos-8)
-- **Alma Linux** [8, 9](docs/operating_systems/centos.md#centos-8)
-- **Rocky Linux** [8, 9](docs/operating_systems/centos.md#centos-8)
+- **Oracle Linux** [8, 9](docs/operating_systems/rhel.md#rhel-8)
+- **Alma Linux** [8, 9](docs/operating_systems/rhel.md#rhel-8)
+- **Rocky Linux** [8, 9](docs/operating_systems/rhel.md#rhel-8)
 - **Kylin Linux Advanced Server V10** (experimental: see [kylin linux notes](docs/operating_systems/kylinlinux.md))
 - **Amazon Linux 2** (experimental: see [amazon linux notes](docs/operating_systems/amazonlinux.md))
 - **UOS Linux** (experimental: see [uos linux notes](docs/operating_systems/uoslinux.md))
 - **openEuler** (experimental: see [openEuler notes](docs/operating_systems/openeuler.md))
 
-Note: Upstart/SysV init based OS types are not supported.
+Note: 
+- Upstart/SysV init based OS types are not supported.
+- If the OS kernel version is < 4.19, please refer to the [kernel requirements](docs/operations/kernel-requirements.md).
 
 ## Supported Components
 

diff --git a/docs/_sidebar.md b/docs/_sidebar.md
diff --git a/docs/operating_systems/centos.md b/docs/operating_systems/centos.md
diff --git a/docs/operating_systems/docs/operations/kernel-requirements.md b/docs/operating_systems/docs/operations/kernel-requirements.md
diff --git a/docs/operating_systems/rhel.md b/docs/operating_systems/rhel.md
@@ -1,7 +1,18 @@
 # Red Hat Enterprise Linux (RHEL)
 
+The documentation also applies to Red Hat derivatives, including AlmaLinux, Rocky Linux, Oracle Linux, and CentOS.
+
+## RHEL 8
+
+In the RHEL 8, if you have containers that are using iptables in the host network namespace (`hostNetwork=true`), you need to ensure they are using iptables-nft.
+An example how k8s do the autodetection can be found [in this PR](https://github.com/kubernetes/kubernetes/pull/82966)
+
+The kernel version is lower than the kubenretes 1.32 system validation, please refer to the [kernel requirements](../operations/kernel-requirements.md).
+
 ## RHEL Support Subscription Registration
 
+The content of this section does not apply to open-source derivatives.
+
 In order to install packages via yum or dnf, RHEL 7/8 hosts are required to be registered for a valid Red Hat support subscription.
 
 You can apply for a 1-year Development support subscription by creating a [Red Hat Developers](https://developers.redhat.com/) account. Be aware though that as the Red Hat Developers subscription is limited to only 1 year, it should not be used to register RHEL 7/8 hosts provisioned in Production environments.
@@ -25,10 +36,4 @@ rh_subscription_role: "Red Hat Enterprise Server"
 rh_subscription_sla: "Self-Support"
 ```
 
-If the RHEL 7/8 hosts are already registered to a valid Red Hat support subscription via an alternative configuration management approach prior to the deployment of Kubespray, the successful RHEL `subscription-manager` status check will simply result in the RHEL subscription registration tasks being skipped.
-
-## RHEL 8
-
-If you have containers that are using iptables in the host network namespace (`hostNetwork=true`),
-you need to ensure they are using iptables-nft.
-An example how k8s do the autodetection can be found [in this PR](https://github.com/kubernetes/kubernetes/pull/82966)
+If the RHEL 8/9 hosts are already registered to a valid Red Hat support subscription via an alternative configuration management approach prior to the deployment of Kubespray, the successful RHEL `subscription-manager` status check will simply result in the RHEL subscription registration tasks being skipped.
diff --git a/docs/operations/kernel-requirements.md b/docs/operations/kernel-requirements.md
@@ -0,0 +1,29 @@
+# Kernel Requirements
+
+For Kubernetes >1.32.0, the recommended LTS version from the 4.x series is 4.19. Any 5.x or 6.x versions are also supported. For cgroups v2 support, the minimum version is 4.15 and the recommended version is 5.8+. Refer to [this link](https://github.com/kubernetes/kubernetes/blob/v1.32.0/vendor/k8s.io/system-validators/validators/types_unix.go#L33). For more information, see [kernel version requirements](https://kubernetes.io/docs/reference/node/kernel-version-requirements).
+
+If the OS kernel version is lower than required, add the following configuration to ignore the kubeadm preflight errors:
+
+```yaml
+kubeadm_ignore_preflight_errors:
+  - SystemVerification
+```
+
+The Kernel Version Matrixs:
+
+| OS Verion          | Kernel Verion  | Kernel >4.19       |
+|---                 | ---            | ---                |
+| RHEL 9             | 5.14           | :white_check_mark: |
+| RHEL 8             | 4.18           | :x:                |
+| Alma Linux 9       | 5.14           | :white_check_mark: |
+| Alma Linux 8       | 4.18           | :x:                |
+| Rocky Linux 9      | 5.14           | :white_check_mark: |
+| Rocky Linux 8      | 4.18           | :x:                |
+| Oracle Linux 9     | 5.14           | :white_check_mark: |
+| Oracle Linux 8     | 4.18           | :x:                |
+| Ubuntu 22.04       | 5.15           | :white_check_mark: |
+| Ubuntu 20.04       | 5.4            | :white_check_mark: |
+| Debian 12          | 6.1            | :white_check_mark: |
+| Debian 11          | 5.10           | :white_check_mark: |
+| openSUSE Leap 15.5 | 5.14           | :white_check_mark: |
+| Amazon Linux 2     | 4.14           | :x:                |
diff --git a/roles/kubespray-defaults/defaults/main/download.yml b/roles/kubespray-defaults/defaults/main/download.yml
@@ -363,7 +363,6 @@ snapshot_controller_supported_versions:
   v1.32: "v7.0.2"
   v1.31: "v7.0.2"
   v1.30: "v7.0.2"
-  v1.29: "v7.0.2"
 snapshot_controller_image_repo: "{{ kube_image_repo }}/sig-storage/snapshot-controller"
 snapshot_controller_image_tag: "{{ snapshot_controller_supported_versions[kube_major_version] }}"
 

diff --git a/tests/files/packet_almalinux8-calico.yml b/tests/files/packet_almalinux8-calico.yml
@@ -3,3 +3,7 @@
 cloud_image: almalinux-8
 mode: default
 vm_memory: 3072
+
+# Workaround for RHEL8: kernel version 4.18 is lower than Kubernetes system verification.
+kubeadm_ignore_preflight_errors:
+  - SystemVerification
diff --git a/tests/files/packet_amazon-linux-2-all-in-one.yml b/tests/files/packet_amazon-linux-2-all-in-one.yml
@@ -2,3 +2,7 @@
 # Instance settings
 cloud_image: amazon-linux-2
 mode: all-in-one
+
+# Workaround for RHEL8: kernel version 4.18 is lower than Kubernetes system verification.
+kubeadm_ignore_preflight_errors:
+  - SystemVerification
diff --git a/tests/files/packet_rockylinux8-calico.yml b/tests/files/packet_rockylinux8-calico.yml
@@ -9,3 +9,7 @@ metrics_server_enabled: true
 dashboard_namespace: "kube-dashboard"
 dashboard_enabled: true
 loadbalancer_apiserver_type: haproxy
+
+# Workaround for RHEL8: kernel version 4.18 is lower than Kubernetes system verification.
+kubeadm_ignore_preflight_errors:
+  - SystemVerification