Create Kubernetes clusters using kubeadm with this in-depth guide, exploring essential commands, the process of initializing the control plane, adding worker nodes, and performing lifecycle management.

kubeadm, a powerful command line tool designed by the Kubernetes team, enables users to initialize and manage Kubernetes clusters. It provides an intuitive way to build Kubernetes clusters, providing a quick and convenient way to set up a minimum viable Kubernetes cluster.

It sets up the cluster so that the cluster adheres to best practices and compliance standards. This ensures that you have full network connectivity, a secure control plane node, and all essential Kubernetes components correctly installed. It also makes creating a Kubernetes cluster much easier than manually creating every component needed by Kubernetes the hard way, without the assistance of a tool like kubeadm.

kubeadm and Kubernetes prerequisites

Below are the general prerequisites for installing kubeadm and Kubernetes on cluster nodes, including master and worker nodes.

  1. Compatible Linux operating system: kubeadm is supported on a variety of Linux distributions. Check the official Kubernetes documentation for a full list of supported versions.
  2. Machine specifications: Each machine in your cluster, both master and worker nodes, should meet the minimum requirements. As a general rule, master nodes should have at least 2 CPUs and 2 GB of memory. Worker nodes can be less powerful but should still have at least 1 CPU and 1 GB of memory.
  3. Container runtime: Kubernetes supports several container runtimes. Docker is the most popular and widely used, but you can also use containerd, CRI-O, and others. Ensure that a container runtime is installed and properly configured on all nodes.
  4. Network connectivity: Full network connectivity between all machines in the cluster is a must. This includes both control plane nodes and worker nodes.
  5. Unique hostname and MAC address: Each node (both master and worker) in the cluster should have a unique hostname and MAC address.
  6. Port availability: Certain network ports need to be open on your machines. The official Kubernetes documentation provides a full list of these ports. You can find those listed here: Ports and Protocols.
  7. Disabling swap: kubeadm and Kubernetes require swap to be disabled on the host machine.
  8. Root privileges: You will need root privileges (sudo) to run commands.

Installing kubeadm

Before creating a Kubernetes cluster, we need to install kubeadm along with the kubelet and kubectl. These are essential Kubernetes components, each serving a specific purpose.

First, ensure that your system meets the necessary prerequisites. Then you can proceed with the installation by updating the apt package index and installing the necessary packages:

sudo apt-get update && sudo apt-get install -y apt-transport-https ca-certificates curl 
Running updates and installing prerequisites

Running updates and installing prerequisites

Next, add the Kubernetes apt repository:

curl -s | sudo apt-key add && \
sudo apt-add-repository "deb kubernetes-xenial main" \  
sudo apt-get update 
Adding the Kubernetes repository

Adding the Kubernetes repository

Finally, install kubeadm:

sudo apt install kubeadm kubelet kubectl kubernetes-cni -y
Installing kubeadm kubelet kubectl and kubernetes cni

Installing kubeadm kubelet kubectl and kubernetes cni

Remember to repeat these steps on all machines that will join the cluster. You can verify that kubeadm is installed by simply issuing the kubeadm command at the shell prompt.

Testing kubeadm by issuing the command

Testing kubeadm by issuing the command

Creating a Kubernetes cluster with kubeadm

First, initialize the control plane node with the kubeadm init command. This prepares your machine to function as the master node in the Kubernetes cluster. Keep in mind that you will also need to have containerd installed as the container runtime, in addition to installing the components for kubeadm and Kubernetes. The command below initializes the Kubernetes cluster and specifies the pod network CIDR for use internally with Kubernetes pods.

sudo kubeadm init --pod-network-cidr= 

This command results in output that includes a kubeadm join command. Make note of this full command, as you'll need it to add worker nodes to the cluster.

Next, set up the kubeconfig file for the current user. This configuration file will provide kubectl, the Kubernetes command line interface, with the necessary connection details to interact with the cluster.

mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config 

Installing a Pod network

Kubernetes requires a Pod network add-on for Pods to communicate. There are many options available. However, we will use Flannel in this example:

kubectl apply -f 

Adding worker nodes

Now, to add worker nodes to the cluster, use the kubeadm join command that was outputted when the control plane node was initialized:

sudo kubeadm join <control-plane-host>:<control-plane-port> --token <token> --discovery-token-ca-cert-hash <hash> 

Replace <control-plane-host>:<control-plane-port>, <token>, and <hash> with your specific details.

If you need to reprint the token, you can do that with the following command:

kubeadm token create --print-join-command
Printing the join command if needed

Printing the join command if needed

To verify the status of your nodes, use the following command:

kubectl get nodes
Running kubectl get nodes

Running kubectl get nodes

Upgrading your Kubernetes cluster

To upgrade your cluster, you'll first need to determine which version to upgrade to. Let's assume you want to upgrade to version 1.26.0. You will need to upgrade your control plane node first.

Plan the upgrade:

sudo kubeadm upgrade plan v1.26.0

Apply the upgrade:

sudo kubeadm upgrade apply v1.26.0 

After upgrading the control plane node, you can proceed to upgrade your worker nodes.

Resetting Your Kubernetes cluster

If you want to reset your cluster back to its pre-init state, you can use the kubeadm reset command:

sudo kubeadm reset 

This command cleans up any cluster state in the machine, including network configurations, and removes Kubernetes and etcd data.

Checking cluster health

To ensure that your cluster is functioning as expected, you can use the following command:

kubectl get componentstatuses 
Checking component statuses using kubeadm

Checking component statuses using kubeadm

This will output the status of your cluster's control plane components. If you have errors, you will need to troubleshoot them further.

Adding control plane nodes

For high availability, you can add control plane nodes to your cluster. Here's how:

First, generate the necessary certificates using the following command:

sudo kubeadm init phase certs all sudo kubeadm init phase kubeconfig all 

Then, copy these files to the new control plane node.

On the new control plane node, run the following command:

sudo kubeadm init phase control-plane all 

Securing your Kubernetes cluster

One of the important aspects of managing a Kubernetes cluster is ensuring its security. Here are some basic commands for managing the security aspects of your cluster:

You can create a secure connection to your cluster using the following command:

kubectl config set-context --current --user=<username> 

You can list all the nodes, along with their roles and statuses, using the following command:

kubectl get nodes -o jsonpath='{range .items[*]}{}{"\t"}{.status.addresses[?(@.type=="ExternalIP")].address}{"\t"}{.status.nodeInfo.kubeletVersion}{"\n"}{end}'

Validating a Kubernetes cluster with Kubeadm

To check the current state of your Kubernetes cluster, kubeadm provides a validation tool that performs a series of checks. This command ensures that the control plane node and worker nodes are configured and functioning correctly.

sudo kubeadm check-node-instance-type 

This command validates whether the nodes' instance types meet the recommendations for a Kubernetes cluster.

Kubeadm configuration options

kubeadm offers multiple configuration options, which can be viewed by running the following command:

sudo kubeadm config images list 

This command lists the images necessary to run a Kubernetes cluster.

Kubeadm token management

Kubeadm uses bootstrap tokens to authenticate new nodes when joining a cluster. You can manage these tokens with the following commands:

List existing tokens:

sudo kubeadm token list 

Create a new token:

sudo kubeadm token create 

This command will output a new token that you can use for node join operations.

Customizing the control plane with kubeadm

By default, kubeadm sets up a minimal control plane. However, there might be situations in which you need to customize the control plane components. kubeadm supports this through configuration files.

To generate the default configuration file:

sudo kubeadm config print init-defaults > kubeadm-config.yaml 

You can then edit this file as needed, and pass it to the kubeadm init command:

sudo kubeadm init --config kubeadm-config.yaml 

Testing your cluster's DNS

DNS is a vital component of a Kubernetes cluster. To test that your cluster's DNS is functioning correctly, you can create a simple Pod to perform a DNS lookup:

kubectl apply -f 
kubectl exec -i -t dnsutils -- nslookup kubernetes.default 

If the DNS is functioning correctly, the nslookup command should return the Service's IP address.

Subscribe to 4sysops newsletter!

Wrapping up

With the kubeadm command line tool, you can create, and manage Kubernetes clusters with an automated approach that eliminates much of the complexity of trying to create Kubernetes clusters manually. As we have seen, it contains many subcommands that allow you to interact with your Kubernetes cluster and perform lifecycle management. By mastering kubeadm commands, admins have an effective way to harness the power of Kubernetes.

  1. That was a very detailed and excellent post.
    As per my experience, it is worth mentioning that when you install Docker engine (with official method), you end up having multiple container runtimes (Docker and ContainerD). In that case, you need to specify the CRI socket with kubeadm join command as shown below or the join command will fail:

    kubeadm join : --token  \
            --discovery-token-ca-cert-hash  \
            --cri-socket unix:///var/run/cri-dockerd.sock

  2. Sorry, the command got messed up and I can’t edit the comment. Here is the updated command:
    kubeadm join –token \
    –discovery-token-ca-cert-hash \
    –cri-socket unix:///var/run/cri-dockerd.sock

Leave a reply

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account