Configure RHEL

You must configure the base operating system of your node machines to use GKE on Bare Metal. This page contains the steps you need to take to complete the needed configuration. For more information about troubleshooting GKE on Bare Metal, see the troubleshooting guides.

Before you begin

Ensure you are using a supported version of your operating system. For a list of supported versions, see Select your operating system.

Enable BPF Just In Time compiler

The kernel for your operating system must have the BPF Just In Time compiler option enabled (CONFIG_BPF_JIT=y).

  • To find out whether this option is enabled, run the following command:

    grep CONFIG_BPF_JIT /boot/config-$(uname -r)
    

Validate the package manager

Ensure that you have your RedHat username and password, and that you have root access to the machines you're configuring. Validate Package manager with the following steps:

  1. If you haven't registered your operating system, register with RedHat using your RedHat username and password to download updates:

    sudo subscription-manager register
    sudo subscription-manager refresh
    sudo subscription-manager attach --auto
    
  2. Check for updates:

    sudo dnf check-update
    

    Ensure the output has no errors and includes the last metadata expiration check. For example:

    Updating Subscription Management repositories.
    ...
    # Last metadata expiration check: ...
    ...
    

Configure or disable firewalld

Firewalld can be configured for use with GKE on Bare Metal or disabled. For information on configuring firewalld, see Configure firewalld ports on the Network requirements page.

The following instructions disable firewalld.

  1. Disable firewalld:

    sudo systemctl stop firewalld
    sudo systemctl disable firewalld
    
  2. Check the status of firewalld to ensure it is disabled:

    sudo systemctl status firewalld | grep "Active"
    # Output
    # Active: inactive (dead)
    

Configure Docker 19.03+ on your workstation

Follow these steps to manually install Docker:

  1. Remove any previous Docker version:

    sudo dnf remove docker \
        docker-client \
        docker-client-latest \
        docker-common \
        docker-latest \
        docker-latest-logrotate \
        docker-logrotate \
        docker-engine
    
  2. Remove podman-manpages:

    sudo dnf remove podman-manpages
    
  3. Install Docker 19.03+:

    sudo dnf install -y yum-utils
    sudo yum-config-manager \
        --add-repo \
        https://download.docker.com/linux/rhel/docker-ce.repo
    sudo dnf install -y --allowerasing docker-ce docker-ce-cli containerd.io
    sudo systemctl start docker
    
  4. Verify that you are now running version 19.03+:

    sudo docker version
    
  5. Compare your output with the following example to ensure the Client and Server versions are 19.03+:

     Client: Docker Engine - Community
     Version:           19.03.13
     ...
     Server: Docker Engine - Community
      Engine:
      Version:          19.03.13
    
  6. Verify Docker runs:

    docker run hello-world
    

    You should see something similar to this:

    Hello from Docker!
    

    This message shows that your installation appears to be working correctly.

Set up time synchronization

Time synchronization consists of setting the clocks on your node machines, using a designated external time reference. Time synchronization is important for time-sentive cluster activities, such as event logging and metrics collection. The kernel of your node machine controls the clock in containers that run on the node. To ensure proper time synchronization, install a network time protocol (NTP) service on your machines, using any of the available services: chrony, systemd-timesyncd, ntp, or ntpdate. Run timedatectl to verify the system clock is synchronized. The output of timedatectl should contain the following status:

System clock synchronized: yes

Ensure Linux kernel inotify limits are at or above minimum

For machines running RHEL 9, Linux kernel inotify limits for maximum user instances and user watches must be greater than or equal to the following:

  • fs.inotify.max_user_instances: 8192
  • fs.inotify.max_user_watches: 524288

To ensure these values are set correctly on your node machines:

  1. Check the value of max_user_instances:

    cat /proc/sys/fs/inotify/max_user_instances
    
  2. If needed, update max_user_instances to the minimum value:

    echo 'fs.inotify.max_user_instances=8192' | sudo tee --append /etc/sysctl.conf
    
  3. Check the value of max_user_watches:

    cat /proc/sys/fs/inotify/max_user_watches
    
  4. If needed, update max_user_watches to the minimum value:

    echo 'fs.inotify.max_user_watches=524288' | sudo tee --append /etc/sysctl.conf
    
  5. If you updated either value, reboot the machine.

Best Practices

To simplify installation, we recommend that you configure RHEL using a minimal installation with headless management. Also, be sure to enable your network connection and either use the default DHCP or provide a valid, static IP address and network information. Ensure that the machine can connect to the required external resources, such as cloud.google.com.

If Docker fails to run, check that the Docker daemon is running with the following command:

sudo systemctl start docker