2.2.9 SELinux Requirements

The kubeadm-setup.sh script checks whether SELinux is set to enforcing mode. If enforcing mode is enabled, the script exits with an error requesting that you set SELinux to permissive mode. Setting SELinux to permissive mode allows containers to access the host file system, which is required by pod networks. This requirement exists until SELinux support in the kubelet tool for Kubernetes is improved.

To disable SELinux temporarily, do the following:

# /usr/sbin/setenforce 0

To disable SELinux enforcing mode for subsequent reboots so that Kubernetes continues to run correctly, modify /etc/selinux/config and set the SELinux variable:

SELINUX=Permissive