CentOS Stream 10: Configure Manager Node

Configure a manager node with Nginx reverse proxy for a multi-node Kubernetes cluster on CentOS Stream 10.

May 24, 2026 4 min read
centoscentos-stream-10kubernetesk8scluster

Configure Multi Nodes Kubernetes Cluster.

This example is based on the environment like follows.

For System requirements, each Node has unique Hostname, MAC address, Product_uuid. MAC address and Product_uuid are generally already unique one if you installed OS on physical machine or virtual machine with common procedure. You can see Product_uuid with the command dmidecode -s system-uuid.

+----------------------+   +----------------------+
|  [ ctrl.srv.world ]  |   |   [ dlp.srv.world ]  |
|     Manager Node     |   |     Control Plane    |
+-----------+----------+   +-----------+----------+
        eth0|10.0.0.25             eth0|10.0.0.30
            |                          |
------------+--------------------------+-----------
            |                          |
        eth0|10.0.0.51             eth0|10.0.0.52
+-----------+----------+   +-----------+----------+
| [ node01.srv.world ] |   | [ node02.srv.world ] |
|     Worker Node#1    |   |     Worker Node#2    |
+----------------------+   +----------------------+

Configure Manager Node

Install Nginx and configure it as a reverse proxy to the Control Plane node:

dnf -y install nginx nginx-mod-stream

Edit /etc/nginx/nginx.conf:

server {
    # line 38 : change listening port
    listen       8080;
    listen       [::]:8080;
}

# add to last line : proxy settings
stream {
    upstream k8s-api {
        server 10.0.0.30:6443;
    }
    server {
        listen 6443;
        proxy_pass k8s-api;
    }
}

Enable and start Nginx:

systemctl enable --now nginx

SELinux Configuration

If SELinux is enabled, change policy as follows:

setsebool -P httpd_can_network_connect on
setsebool -P httpd_graceful_shutdown on
setsebool -P httpd_can_network_relay on
setsebool -P nis_enabled on
semanage port -a -t http_port_t -p tcp 6443

Firewall Configuration

If Firewalld is running, allow related services:

firewall-cmd --add-service={kube-apiserver,http,https}
firewall-cmd --runtime-to-permanent

Install Kubectl

On Manager Node, install Kubernetes client. Replace the version number with the one you want to install.

cat <<'EOF' > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.32/rpm/
enabled=0
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.32/rpm/repodata/repomd.xml.key
EOF

dnf --enablerepo=kubernetes -y install kubectl