Top Kubeadm commands to Manage your Kubernetes cluster
Quick Summary
- To add a worker node to your cluster, you’ll first need to generate a token on your control plane node using the kubeadm token command.
- Make sure you have firewall exceptions and changes in place on your Kubernetes hosts for traffic if needed if you are using iptables, network policy, or something else if your hosts are in a different location separated with network devices.
- It retrieves the necessary join token and configuration information from the control plane node and configures the worker node to participate in the cluster.
Kubeadm is a command line tool for managing and configuring Kubernetes clusters for development or production. This guide will look at the top kubeadm commands to manage your Kubernetes cluster and what you need to know.Â
Table of contents
1. Installing Kubeadm
Before we look at the commands we can use with kubeadm, how do we install it? First, we need to add the Kubernetes apt repository before we can install kubeadm and setup Kubernetes cluster nodes.
To add the default apt repository in Ubuntu hosts run the commands below. Keep in mind you can also automate your deployment with something like Terraform.
##Pull down the GPG key
curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-archive-keyring.gpg
##Add the key to your sources.list
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
##Update the apt package index
sudo apt-get updateBelow, I am running the kubeadm commands on Ubuntu VMs, AMD64 platform implementation in the lab for reference. Also, I have created a linuxadmin user for authentication outside of root with sudo privileges and using that for SSH.Â
Then, to install both kubeadm kubelet and kubectl, we can use the following command:
sudo apt-get install -y kubeadm kubelet kubectl
You can check your kubeadm version afterwards with the command:
kubeadm versionYou can also just run the kubeadm command by itself to see some examples in the output.
2. Kubeadm clusters initialization and configuration:
One of the first commands we will look at is the kubeadm init command. Using this command, we can create a Kubernetes cluster using kubeadm for cluster setup. Keep in mind there are prerequisites, dependencies, and other addons before you can run the command such as installing containerd (container runtimes) for new versions of Kubernetes. Docker containers (Docker engine) were used in early Kubernetes releases. Developers can use CRICTL command line tools to access these.
kubeadm init: This command initializes a Kubernetes control-plane node, bootstrapping the cluster scheduler, which is the minimum viable Kubernetes cluster. It performs pre-flight checks, installs necessary components like the kube-controller-manager, Kubernetes API server, etcd, and kubelet (all the master node components), and generates essential certificates and configuration files and sets up the private network for the pods. Make sure you have firewall exceptions and changes in place on your Kubernetes hosts for traffic if needed if you are using iptables, network policy, or something else if your hosts are in a different location separated with network devices. There are a number of ports needed.
Keep in mind you will still need to install a container network solution like the Calico network plugin (CNI). For example, you could use the following command with arguments to spin up your Kubernetes cluster. Note the pod network IP address range and control plane designation. You can use other command line flags like using bootstrap tokens.–enable-bootstrap-token-auth
When you run kubeadm, it runs prechecks to flush out errors before creating the cluster.
kubeadm init --pod-network-cidr=10.244.0.0/16 --control-plane-endpoint=10.1.149.123Below, you can see the initialization process runs a series of commands and pulls down the Kubernetes image required, TLS cert configuration based on DNS names for the network interface, coredns, front-proxy client and many other actions.
3. Adding worker nodes
To add a worker node to your cluster, you’ll first need to generate a token on your control plane node using the kubeadm token command:
kubeadm token create --print-join-commandThis command generates the necessary token and prints the complete kubeadm join command. You can use the token more than once, if you have two worker nodes or others, all the nodes can use the same token.
kubeadm join command: This command adds worker nodes to the existing cluster. It retrieves the necessary join token and configuration information from the control plane node and configures the worker node to participate in the cluster. It will need full network connectivity to the control plane node (master node).
kubeadm join --token <token> --discovery-token-ca-cert-hash sha256:<hash> 192.168.1.10:6443
After you create the cluster, you can create a test app using something like a simple installation of Nginx pod and configmap in order to validate the design and backend of your cluster and have users test. Keep in mind, you can use other apps as well. You can expose the app with a nodeport configuration or ingress proxy.
4. Upgrading your Kubernetes cluster
Performing lifecycle maintenance on your Kubernetes cluster is an important part of Kubernetes cluster management. One feature of Kubeadm is it includes a command to check for updates to your Kubernetes cluster and perform those upgrades.
To check your cluster for upgrades, use the command:
kubeadm upgrade planAs you can see below, it checks the configuration, reads the configuration from the cluster, runs a pre-flight check, health checks and checks the current version and available versions.
Applying the upgrade
After you have checked for upgrades, you can apply the upgrades using the kubeadm command:
kubeadm upgrade apply v1.28.xThis command upgrades your control plane components to the specified version. Replace v1.28.x with the desired Kubernetes version.
As a note, you will need to make sure you have the newer version of kubeadm first, before you upgrade your Kubernetes cluster server version:
5. Creating a Highly Available Cluster
Initializing the First Control Plane Node
kubeadm init --control-plane-endpoint "LOAD_BALANCER_DNS:LOAD_BALANCER_PORT" --upload-certsThis command is used when setting up a highly available Kubernetes cluster. The –control-plane-endpoint is used to specify a shared endpoint for all control-plane nodes, typically a load balancer networking solution housing the IPs. The –upload-certs flag is used for sharing certificates between control-plane nodes.
Adding Additional Control Plane Nodes
kubeadm join [LOAD_BALANCER_DNS:LOAD_BALANCER_PORT] --token [token] --discovery-token-ca-cert-hash sha256:[hash] --control-plane --certificate-key [certificateKey]After initializing the first control plane node, this command is used to add additional control plane nodes to your cluster for high availability. Keep in mind, that you need to have a persistent storage volume to ensure your containerized workloads are highly available from a storage perspective.
6. Resetting the Cluster
The process to reset the cluster is a simple command with kubeadm.
kubeadm resetUse this command to remove all Kubernetes components installed by kubeadm. It’s a useful step for starting over or cleaning up if you have an issue or errors. This is a great tool for lab environments where you want to reset the cluster and if you forgot to take a snapshot on your Kubernetes cluster host virtual machines and you have an error state.
Combining Kubeadm and Kubectl for Effective Cluster Management
Kubeadm is primarily focused on setting up and managing the infrastructure of a Kubernetes cluster. Another tool, kubectl, is the tool used for interacting with your cluster once these are created. Knowing how these work together is important. To use the kubectl command you will need to have your kubeconfig file configured to connect to your Kubernetes cluster, on your control plane node or a workstation. The kubeconfig file contains the credentials (token secrets) to connect to the cluster.
You can also access the Kubernetes API with a kubectl proxy. Kubectl proxy is a utility that enables access to the Kubernetes API server from within a cluster, from a pod, or another location outside the cluster.
Verifying Cluster Status
Once your Kubernetes cluster is initialized with kubeadm, the first step is to check the status of your nodes:
kubectl get nodesThis command lists all nodes in the cluster and shows their status, confirming that they are connected and operational.
Getting service information
This command gives you information about services deployed in your cluster.
kubectl get svcGetting namespace information
This command gives you information about namespaces deployed in your cluster.
kubectl get nsDeploying Applications
With your cluster up and running, deploying applications can be accomplished with kubectl. You can use the command below to install configurations like an ingress controller.
kubectl apply -f [application-config.yaml]This command deploys an application using a configuration file, which specifies the deployment details, including replicas, labels, and resource requirements.
Monitoring Cluster Resources
To monitor the resources and workloads running on your cluster:
kubectl top nodes
kubectl top podsThese commands provide real-time metrics on the usage of CPU and memory at both the node and pod levels.
Managing Pods and Deployments
For day-to-day management tasks, such as viewing, creating, and deleting pods and deployments:
kubectl get pods kubectl create -f [pod-config.yaml] kubectl delete pod [pod-name]These commands allow you to manage the pods within your cluster, ensuring smooth application operations.
Accessing Logs for Troubleshooting
When troubleshooting issues within your cluster you can take a look at logging with the command:
kubectl logs [pod-name]This command retrieves logs from a specific pod, crucial for diagnosing issues or monitoring application behavior.
Executing Commands in a Container
To run commands inside a container within your Kubernetes cluster:
kubectl exec -it [pod-name] -- [command]This command is invaluable for debugging and interacting with your applications directly.
Together, kubeadm and kubectl cover the full spectrum of Kubernetes cluster management tasks. While kubeadm takes care of the initial setup, network configurations, and node management, kubectl steps in for workload management, resource monitoring, and operational tasks. Understanding how to leverage both tools effectively is key to a well-maintained and efficient Kubernetes environment.
Frequently Asked Questions About Kubeadm
If you have a question about Kubeadm, note the following.
Kubeadm is specifically designed for initializing, upgrading, and managing the lifecycle of a Kubernetes cluster. It focuses on the control plane and node setup. In contrast, kubectl is a command-line interface for running commands against Kubernetes clusters, handling everyday tasks like deploying applications and inspecting resources.
Absolutely. Kubeadm is capable of setting up a minimum viable Kubernetes cluster that can be scaled and secured for production use. It simplifies many complexities involved in cluster setup, but you should also consider additional aspects like network configurations and security policies for a production environment.
Before running kubeadm init, ensure that the machine has a compatible Linux operating system, has at least 2 CPUs, and 2GB of RAM. Additionally, full network connectivity between all machines in the cluster is a must. Disable swap memory, and make sure that a container runtime is installed and running.
The choice of a pod network plugin depends on your specific network requirements and the size of your cluster. Common options include Calico, Weave, and Flannel. Ensure compatibility with the kubeadm init command, specifically the network CIDR used.
After successfully running kubeadm init, the next steps involve deploying a pod network on the cluster and then joining your worker nodes to the cluster using the kubeadm join command. It’s also recommended to set up Kubernetes Dashboard for a user-friendly interface to your cluster.
Securing your Kubernetes cluster involves several steps: regularly updating Kubernetes to the latest version with kubeadm upgrade, managing role-based access control (RBAC), securing your pod network, and controlling access to the Kubernetes API server. Regularly review Kubernetes’ official documentation for best security practices.
Kubeadm provides commands like kubeadm reset for cleaning up broken installations and kubeadm token create for re-joining a node to the cluster. For more severe cases, referring to the official Kubernetes documentation and community support forums is advisable for recovery strategies.
Wrapping up
Learning Kubeadm can definitely serve as a way to better provision and configure Kubernetes clusters instances and it has many great features as part of your tooling. You can use Minikube and other software solutions to learn Kubernetes, including ECS in AWS or another cloud provider, but kubeadm makes it easy in the home lab or production clusters to easily create Kubernetes clusters. Let me know your feedback in the comments. Are you using kubeadm for your Kubernetes clusters and for KOPs? Hopefully this content helps you to understand this tool better and make use of it in your K8s operations.
