Page Content

Tutorials

Load more

How to Install Kubeadm in Kubernetes Step by Step Guide

KUBERNETES
Agarapu Drakshyani
Author: Agarapu Drakshyani
4 min.read

Install Kubeadm in Kubernetes

A collection of unconfigured Linux machines can be converted into a safe, operational, and best-practice-compliant Kubernetes cluster through the multi-step kubeadm installation process. The thorough procedures needed to set up your hosts, install the relevant binaries, set up the control plane, and add worker nodes to the cluster are all covered in this article.

Initial System Requirements and Prerequisites

Make sure your environment fulfills each node’s technical criteria before running commands:

  • Operating System: A compatible Linux host, such as Ubuntu 16.04+CentOS 7, or HypriotOS v1.0.1+.
  • Hardware: A minimum of 2 GiB of RAM per machine is required; anything less leaves insufficient room for user applications.
  • CPU: The control-plane node must have at least 2 CPUs.
  • Networking: All machines must have full network connectivity, whether via public or private networks.
  • Unique Identifiers: Every node must have a unique hostnameMAC address, and product_uuid. You can verify the MAC address with ip link and the product_uuid with sudo cat /sys/class/dmi/id/product_uuid.
  • Port Availability: Specific ports must be open. For the control plane, these include 6443 (API Server), 2379-2380 (etcd), and 10250-10252 (Kubelet/Scheduler/Controller Manager).

You can also read What is the Kubeadm Command used for? & it’s Limitations

Preparing the Host Operating System

For the Kubernetes network stack and agents to operate properly, system-level configurations are required.

Network Bridging and Iptables

You must allow iptables to see bridged traffic by tweaking kernel parameters on all nodes. This is done by ensuring the br_netfilter module is loaded and setting net.bridge.bridge-nf-call-iptables and net.ipv4.ip_forward to 1 via sysctl.

Disabling Swap

Traditionally, Kubelet won’t start on nodes with swap memory. To disable it permanently, delete out any swap entries in /etc/fstab and temporarily use sudo swapoff -a. Kubernetes v1.28 added beta swap functionality, however stability requires disabling it.

Installing the Container Runtime (CRI)

Every node has to have a runtime that is compatible with the Container Runtime Interface (CRI) installed in order to run containers within Pods.

  • The most popular options are CRI-O and containerd.
  • Since Docker does not natively implement the CRI, you must also install cri-dockerd if you are using Docker Engine.
  • Crucial: Make that the kubelet and container runtime are using the same cgroup driver. Using the systemd driver for both is highly advised.

You can also read How to install Kubectl in Kubernetes Explained Briefly

Installing Kubeadm, Kubelet, and Kubectl

Every cluster system has to have these three core binaries installed.

  1. kubeadm: The command used to bootstrap the cluster.
  2. kubelet: The agent that runs on all nodes to manage containers.
  3. kubectl: The command-line utility used to communicate with the cluster.

Package Repository Setup

As of September 2023, the legacy package repositories have been deprecated. You must use the new repositories at pkgs.k8s.io.

  • Step 1: Update the apt package index and install dependencies like gpg and curl.
  • Step 2: Download the public signing key for the Kubernetes repositories.
  • Step 3: Add the appropriate repository for the specific Kubernetes minor version you intend to install (e.g., v1.35).
  • Step 4: Install the binaries and use version pinning (e.g., apt-mark hold) to prevent accidental upgrades during system updates.

Initializing the Control-Plane Node

The cluster is created on the master node when the binaries are installed.

Initialization Command

Run kubeadm init on the master. Key flags include:

  • --pod-network-cidr: Defines the IP range for Pods. This value often depends on the chosen networking plugin (e.g., 192.168.0.0/16 for Calico or 10.244.0.0/16 for Flannel).
  • --apiserver-advertise-address: Specifies which IP the API server should advertise; if omitted, it defaults to the interface with the default gateway.
  • --control-plane-endpoint: Essential if you plan to upgrade to a High Availability (HA) setup later, as it sets a shared endpoint for all control-plane nodes.

Kubeconfig Configuration

You need to set up kubectl for your user after initialization. At /etc/kubernetes/admin.conf, Kubeadm creates an administrative file based on certificates. Set the proper permissions after copying this to your home directory at $HOME/.kube/config. Don’t distribute this file because it gives you superuser rights.

You can also read Kubernetes Controller Manager vs Cloud Controller Manager

Installing a Pod Network Add-on

One distinctive feature of Kubeadm is that networking is not included by default.

  1. Before the cluster operates, a Container Network Interface (CNI) plugin needs to be installed.
  2. Until the network is installed, CoreDNS will stay in a “Pending” status.
  3. Calico, flannel, weave net, and cilium are popular choices. Using the manifest supplied by the plugin creator, you install them using kubectl apply.

Joining Worker Nodes

You can add worker nodes to host your application workloads once the control plane is prepared.

  • The Join Command: Kubeadm outputs a kubeadm join command when the master node is initialized.
  • Handshake: Give your worker nodes this command. It performs a secure mutual authentication with the master using a discovery hash and a bootstrap token.
  • Token Lifecycle: These tokens are secret and temporary. You can manage them listing, creating, or deleting using the kubeadm token command.

Post-Installation and Validation

Check cluster status with kubectl get nodes. Once the CNI is fully deployed, all nodes should be “Ready”.

Master Isolation

The control-plane node does not schedule user Pods by default for security. If you are setting up a single-node cluster for development, you can remove this restriction by “untainting” the node with: kubectl taint nodes --all node-role.kubernetes.io/control-plane-.

Maintenance and Clean-up

  • Resetting: Unchange or restart the host with kubeadm reset.
  • Backups: The etcd database at /var/lib/etcd on the master node should be backed up regularly in a single-master cluster since it lacks redundancy.

You can also read What is a Kubernetes Controller Manager?

Previous article
What is the Kubeadm Command used for? & it’s Limitations
Next article
What is the Pod in Kubernetes? and Pod Lifecycle
Agarapu Drakshyani
Agarapu Drakshyani