3.2.9 SELinux Requirements

The kubeadm-ha-setup tool checks whether SELinux is set to enforcing mode. If enforcing mode is enabled, the tool exits with an error requesting that you set SELinux to permissive mode. Setting SELinux to permissive mode allows containers to access the host file system, which is required by pod networks. This is a requirement until SELinux support is improved in the kubelet tool for Kubernetes.

To disable SELinux temporarily, do the following:

# /usr/sbin/setenforce 0

To disable SELinux enforcing mode for subsequent reboots so that Kubernetes continues to run correctly, modify /etc/selinux/config and set the SELinux variable:

SELINUX=Permissive