Alauda Container Platform

Node Preprocessing

Before installing the global cluster, all nodes (control plane nodes and worker nodes) must complete preprocessing.

TOC

Supported OS and Kernel Versions

The following table lists the supported operating systems, their validated versions, and the corresponding tested kernel versions.

INFO

Only the kernel version shipped with the official operating system is supported. The kernel version must match the tested version (for example, A.B.C); the suffix after the dash (“-”) may differ.

If the OS, kernel version, or CPU architecture does not meet the requirements, please contact technical support.

x86

Red Hat Enterprise Linux (RHEL)
CentOS
Ubuntu
Kylin Linux Advanced Server
  • RHEL 7.8: 3.10.0-1127.el7.x86_64
  • RHEL 8.0: 4.18.0-80.el8.x86_64
  • RHEL 8.6: 4.18.0-372.9.1.el8.x86_64
WARNING

RHEL 7.8 does not support Calico Vxlan IPv6.

ARM

Kylin Linux Advanced Server
  • Kylin V10 SP3: 4.19.90-52.22.v2207.ky10.aarch64
WARNING
  • Kylin V10, V10-SP1, and V10-SP2 have known kernel issues that may cause NodePort network access failures; it is recommended to upgrade to Kylin V10-SP3.
  • ARM architecture only supports Kunpeng 920. For other models, please contact technical support.

Execute the Quick Configuration Script

The installation package provides a script for quickly configuring nodes.

Unzip the installation package to obtain the init.sh script file in the res directory. Copy the script file to the nodes and ensure that you have root privileges.

Execute the script:

bash init.sh
WARNING

init.sh cannot guarantee that all of the following checks are properly handled. You still need to continue with the steps below.

Node Checks

The following lists all the checks that must be completed on the nodes. Depending on the node's role, the required checks will vary. For example, some checks apply only to control plane nodes.

Checks are divided into two categories:

  • ✅ Indicates a check that must pass.
  • ⚠️ Indicates a check that must be met in specific scenarios. Please determine whether the corresponding conditions are met according to the instructions. If they are, you must resolve them.

The following is the list of checks:

  • OS and Kernel

    • ✅ The machine's grub boot configuration must have the transparent_hugepage=never parameter.
    • ✅ CentOS 7.x system machine's grub boot configuration must have the cgroup.memory=nokmem parameter.
    • ✅ Check whether the kernel modules ip_vs, ip_vs_rr, ip_vs_wrr, and ip_vs_sh are enabled.
    • ⚠️ When the kernel version is lower than 4.19.0 (or RHEL is lower than 4.18.0), check whether the kernel modules nf_conntrack_ipv4 and (for IPv6) nf_conntrack_ipv6 are enabled.
    • ⚠️ If the global cluster plans to use Kube-OVN CNI, the kernel modules geneve and openvswitch must be enabled.
    • ✅ Disable apparmor/selinux and firewall.
    • ✅ Disable swap .

  • Users and Permissions

    • ✅ The node's SSH user has root privileges and can use sudo without the password.
    • ✅ The UseDNS and UsePAM parameters in /etc/ssh/sshd_config must be set to no.
    • ✅ Executing systemctl show --property=DefaultTasksMax returns infinity or a very large value; otherwise, adjust /etc/systemd/system.conf.

  • Node Network

    • hostname must comply with the following rules:
      • No more than 36 characters.
      • Starts and ends with a letter or number.
      • Contains only lowercase letters, numbers, -, and ., but cannot contain .-, .., or -..
    • localhost in /etc/hosts must resolve to 127.0.0.1.
    • ✅ The /etc/resolv.conf file must exist and contain nameserver configurations, but must not contain addresses starting with 172 (disable systemd-resolved).
    • ⚠️ The /etc/resolv.conf file should not configure search domains (if you must configure them, see Configure Search Domain).
    • ✅ The machine's IP address cannot be a loopback, multicast, link-local, all-0, or broadcast address.
    • ✅ Executing ip route must return a default route or a route pointing to 0.0.0.0.
    • ✅ The nodes must not occupy the following ports:
      • Control plane nodes: 2379, 2380, 6443, 10249 ~ 10256
      • Node where the installer is located: 8080, 12080, 12443, 16443, 2379, 2380, 6443, 10249 ~ 10256
      • Worker nodes: 10249 ~ 10256
    • ✅ If the global cluster uses Kube-OVN or Calico, ensure that the following ports are not occupied:
      • Kube-OVN: 6641, 6642
      • Calico: 179
    • ⚠️ Ensure that the IP addresses in the network segment 172.16.x.x ~ 172.32.x.x required by Docker are not occupied. If the IPs in this network segment are occupied and cannot be changed, please contact technical support.

  • Software and Directory Requirements:

    • ✅ Must have the following installed: ip, ss, tar, swapoff, modprobe, sysctl, md5sum, and scp or sftp.
    • ⚠️ If you plan to use local storage TopoLVM or Rook, you need to install lvm2.
    • ✅ The /etc/systemd/system/kubelet.service file is not allowed to exist.
    • /tmp mount parameters must not contain noexec.
    • ✅ Remove packages that conflict with global cluster components (see Remove Conflicting Packages).
    • ✅ The following files must be deleted if they exist:
      • /var/lib/docker
      • /var/lib/containerd
      • /var/log/pods
      • /var/lib/kubelet/pki

  • Cross-Node Checks

    • ✅ There must be no network firewall restrictions between nodes in the global cluster.
    • ✅ The hostname of each node in the cluster must be unique.
    • ✅ The time zones of all nodes must be unified, and the time synchronization error must be ≤ 10 seconds.

Appendix

Remove Conflicting Packages

Before installation, applications may already be running in the docker/containerd environment on the nodes, or software conflicting with the global cluster may have been installed. Therefore, it is necessary to check and uninstall conflicting packages.

DANGER
  • To avoid application interruption or data loss, be sure to confirm whether there are conflicting software packages. When a conflict is found, please develop an application switching plan and back up your data before uninstalling.
  • After uninstalling conflicting packages, you still need to check whether there are other potentially conflicting binary files in directories such as /usr/local/bin/ (such as software related to docker, containerd, runc, podman, container network, container runtime, or Kubernetes).

The following commands can be used for reference.

CentOS / RedHat
Ubuntu
Kylin

Check:

for x in \
    docker docker-client docker-common docker-latest \
    podman-docker podman \
    runc \
    containernetworking-plugins \
    apptainer \
    kubernetes kubernetes-master kubernetes-node kubernetes-client \
    ; do
    rpm -qa | grep -F "$x"
done

Uninstall:

for x in \
    docker docker-client docker-common docker-latest \
    podman-docker podman \
    runc \
    containernetworking-plugins \
    apptainer \
    kubernetes kubernetes-master kubernetes-node kubernetes-client \
    ; do
    yum remove "$x"
done

In Linux OS, the /etc/resolv.conf file is used to configure DNS client domain name resolution settings. The search line specifies the domain search path for DNS queries.

Configuration Requirements

  • Number of Domains: The number of domains in the search line should be less than domainCountLimit - 3 (default domainCountLimit is 32).
  • Length of Single Domain: Each domain name must not exceed 253 characters.
  • Total Character Length: The total character count of all domain names and spaces must not exceed MaxDNSSearchListChar (default is 2048).

Example

search domain1.com domain2.com domain3.com
  • The total number of domains is 3.
  • The length of a single domain, such as domain1.com, is 11.
  • The total character length is 35, i.e., 11 + 11 + 11 + 2 (two spaces).
WARNING
  • If the search line in the /etc/resolv.conf file does not meet the above limitations, it may cause DNS query failures or performance degradation.
  • Before modifying the /etc/resolv.conf file, it is recommended to back up the file.