部署文档上都有说明原因。
关于防火墙的原因（nftables后端兼容性问题，产生重复的防火墙规则） The> iptablestooling can act as a compatibility layer, behaving like iptables but actually configuring nftables. This nftables backend is not compatible with the current kubeadm packages: it causes duplicated firewall rules and breaks> kube-proxy. 关于selinux的原因（关闭selinux以允许容器访问宿主机的文件系统） Setting SELinux in permissive mode by running> setenforce 0and> sed ...effectively disables it. This is required to allow containers to access the host filesystem, which is needed by pod networks for example. You have to do this until SELinux support is improved in the kubelet. 至于swap嘛，开发人员有说明：
本来内存都是按需求来的，超过了很有可能是程序有问题了，这个时候用swap就有可能造成程序雪崩，不如直接让操作系统kill，报漏问题

参考

作者：牛博恩
链接：https://www.zhihu.com/question/374752553/answer/1052244227