Top Kubeadm commands to Manage your Kubernetes cluster

Get an in-depth guide to Kubeadm commands for Kubernetes clusters. Learn top kubeadm commands, how it works with kubectl, and more.

Kubeadm is a command line tool for managing and configuring Kubernetes clusters for development or production. This guide will look at the top kubeadm commands to manage your Kubernetes cluster and what you need to know. 

1. Installing Kubeadm

Before we look at the commands we can use with kubeadm, how do we install it? First, we need to add the Kubernetes apt repository before we can install kubeadm and setup Kubernetes cluster nodes.

To add the default apt repository in Ubuntu hosts run the commands below. Keep in mind you can also automate your deployment with something like Terraform.

##Pull down the GPG key
curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-archive-keyring.gpg

##Add the key to your sources.list
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list

##Update the apt package index
sudo apt-get update

Below, I am running the kubeadm commands on Ubuntu VMs, AMD64 platform implementation in the lab for reference. Also, I have created a linuxadmin user for authentication outside of root with sudo privileges and using that for SSH. 

Adding the gpg key for kubernetes
Adding the gpg key for kubernetes

Then, to install both kubeadm kubelet and kubectl, we can use the following command:

sudo apt-get install -y kubeadm kubelet kubectl
Installing kubernetes components 1
Installing kubernetes components 1

You can check your kubeadm version afterwards with the command:

kubeadm version

You can also just run the kubeadm command by itself to see some examples in the output.

Running the kubeadm version command
Running the kubeadm version command

2. Kubeadm clusters initialization and configuration:

One of the first commands we will look at is the kubeadm init command. Using this command, we can create a Kubernetes cluster using kubeadm for cluster setup. Keep in mind there are prerequisites, dependencies, and other addons before you can run the command such as installing containerd (container runtimes) for new versions of Kubernetes. Docker containers (Docker engine) were used in early Kubernetes releases. Developers can use CRICTL command line tools to access these. 

kubeadm init: This command initializes a Kubernetes control-plane node, bootstrapping the cluster scheduler, which is the minimum viable Kubernetes cluster. It performs pre-flight checks, installs necessary components like the kube-controller-manager, Kubernetes API server, etcd, and kubelet (all the master node components), and generates essential certificates and configuration files and sets up the private network for the pods. Make sure you have firewall exceptions and changes in place on your Kubernetes hosts for traffic if needed if you are using iptables, network policy, or something else if your hosts are in a different location separated with network devices. There are a number of ports needed.

Keep in mind you will still need to install a container network solution like the Calico network plugin (CNI). For example, you could use the following command with arguments to spin up your Kubernetes cluster. Note the pod network IP address range and control plane designation. You can use other command line flags like using bootstrap tokens.–enable-bootstrap-token-auth

When you run kubeadm, it runs prechecks to flush out errors before creating the cluster.

kubeadm init --pod-network-cidr= --control-plane-endpoint=

Below, you can see the initialization process runs a series of commands and pulls down the Kubernetes image required, TLS cert configuration based on DNS names for the network interface, coredns, front-proxy client and many other actions.

Use kubeadm to initialize the kubernetes cluster 1
Use kubeadm to initialize the kubernetes cluster 1

3. Adding worker nodes

To add a worker node to your cluster, you’ll first need to generate a token on your control plane node using the kubeadm token command:

kubeadm token create --print-join-command

This command generates the necessary token and prints the complete kubeadm join command. You can use the token more than once, if you have two worker nodes or others, all the nodes can use the same token.

Print join command with kubeadm
Print join command with kubeadm

kubeadm join command: This command adds worker nodes to the existing cluster. It retrieves the necessary join token and configuration information from the control plane node and configures the worker node to participate in the cluster. It will need full network connectivity to the control plane node (master node).

kubeadm join --token <token> --discovery-token-ca-cert-hash sha256:<hash>
Use kubeadm to join a worker node
Use kubeadm to join a worker node

After you create the cluster, you can create a test app using something like a simple installation of Nginx pod and configmap in order to validate the design and backend of your cluster and have users test. Keep in mind, you can use other apps as well. You can expose the app with a nodeport configuration or ingress proxy.

4. Upgrading your Kubernetes cluster

Performing lifecycle maintenance on your Kubernetes cluster is an important part of Kubernetes cluster management. One feature of Kubeadm is it includes a command to check for updates to your Kubernetes cluster and perform those upgrades.

To check your cluster for upgrades, use the command:

kubeadm upgrade plan

As you can see below, it checks the configuration, reads the configuration from the cluster, runs a pre-flight check, health checks and checks the current version and available versions.

Kubeadm upgrade plan
Kubeadm upgrade plan

Applying the upgrade

After you have checked for upgrades, you can apply the upgrades using the kubeadm command:

kubeadm upgrade apply v1.28.x

This command upgrades your control plane components to the specified version. Replace v1.28.x with the desired Kubernetes version.

As a note, you will need to make sure you have the newer version of kubeadm first, before you upgrade your Kubernetes cluster server version:

Kubeadm version needs upgraded
Kubeadm version needs upgraded

5. Creating a Highly Available Cluster

Initializing the First Control Plane Node

kubeadm init --control-plane-endpoint "LOAD_BALANCER_DNS:LOAD_BALANCER_PORT" --upload-certs

This command is used when setting up a highly available Kubernetes cluster. The –control-plane-endpoint is used to specify a shared endpoint for all control-plane nodes, typically a load balancer networking solution housing the IPs. The –upload-certs flag is used for sharing certificates between control-plane nodes.

Adding Additional Control Plane Nodes

kubeadm join [LOAD_BALANCER_DNS:LOAD_BALANCER_PORT] --token [token] --discovery-token-ca-cert-hash sha256:[hash] --control-plane --certificate-key [certificateKey]

After initializing the first control plane node, this command is used to add additional control plane nodes to your cluster for high availability. Keep in mind, that you need to have a persistent storage volume to ensure your containerized workloads are highly available from a storage perspective.

6. Resetting the Cluster

The process to reset the cluster is a simple command with kubeadm.

kubeadm reset

Use this command to remove all Kubernetes components installed by kubeadm. It’s a useful step for starting over or cleaning up if you have an issue or errors. This is a great tool for lab environments where you want to reset the cluster and if you forgot to take a snapshot on your Kubernetes cluster host virtual machines and you have an error state.

Resetting a kubernetes cluster
Resetting a kubernetes cluster

Combining Kubeadm and Kubectl for Effective Cluster Management

Kubeadm is primarily focused on setting up and managing the infrastructure of a Kubernetes cluster. Another tool, kubectl, is the tool used for interacting with your cluster once these are created. Knowing how these work together is important. To use the kubectl command you will need to have your kubeconfig file configured to connect to your Kubernetes cluster, on your control plane node or a workstation. The kubeconfig file contains the credentials (token secrets) to connect to the cluster.

You can also access the Kubernetes API with a kubectl proxy. Kubectl proxy is a utility that enables access to the Kubernetes API server from within a cluster, from a pod, or another location outside the cluster.

Verifying Cluster Status

Once your Kubernetes cluster is initialized with kubeadm, the first step is to check the status of your nodes:

kubectl get nodes

This command lists all nodes in the cluster and shows their status, confirming that they are connected and operational.

Getting service information

This command gives you information about services deployed in your cluster.

kubectl get svc

Getting namespace information

This command gives you information about namespaces deployed in your cluster.

kubectl get ns

Deploying Applications

With your cluster up and running, deploying applications can be accomplished with kubectl. You can use the command below to install configurations like an ingress controller.

kubectl apply -f [application-config.yaml]

This command deploys an application using a configuration file, which specifies the deployment details, including replicas, labels, and resource requirements.

Monitoring Cluster Resources

To monitor the resources and workloads running on your cluster:

kubectl top nodes 
kubectl top pods

These commands provide real-time metrics on the usage of CPU and memory at both the node and pod levels.

Managing Pods and Deployments

For day-to-day management tasks, such as viewing, creating, and deleting pods and deployments:

kubectl get pods kubectl create -f [pod-config.yaml] kubectl delete pod [pod-name]

These commands allow you to manage the pods within your cluster, ensuring smooth application operations.

Accessing Logs for Troubleshooting

When troubleshooting issues within your cluster you can take a look at logging with the command:

kubectl logs [pod-name]

This command retrieves logs from a specific pod, crucial for diagnosing issues or monitoring application behavior.

Executing Commands in a Container

To run commands inside a container within your Kubernetes cluster:

kubectl exec -it [pod-name] -- [command]

This command is invaluable for debugging and interacting with your applications directly.

Together, kubeadm and kubectl cover the full spectrum of Kubernetes cluster management tasks. While kubeadm takes care of the initial setup, network configurations, and node management, kubectl steps in for workload management, resource monitoring, and operational tasks. Understanding how to leverage both tools effectively is key to a well-maintained and efficient Kubernetes environment.

Frequently Asked Questions About Kubeadm

If you have a question about Kubeadm, note the following.

How Does Kubeadm Differ from Kubectl and Other Kubernetes Tools?

Kubeadm is specifically designed for initializing, upgrading, and managing the lifecycle of a Kubernetes cluster. It focuses on the control plane and node setup. In contrast, kubectl is a command-line interface for running commands against Kubernetes clusters, handling everyday tasks like deploying applications and inspecting resources.

Can I Use Kubeadm for Setting Up a Production-Ready Kubernetes Cluster?

Absolutely. Kubeadm is capable of setting up a minimum viable Kubernetes cluster that can be scaled and secured for production use. It simplifies many complexities involved in cluster setup, but you should also consider additional aspects like network configurations and security policies for a production environment.

What Are the Requirements for a Node Before Running Kubeadm Init?

Before running kubeadm init, ensure that the machine has a compatible Linux operating system, has at least 2 CPUs, and 2GB of RAM. Additionally, full network connectivity between all machines in the cluster is a must. Disable swap memory, and make sure that a container runtime is installed and running.

How Do I Choose the Right Pod Network Plugin When Using Kubeadm?

The choice of a pod network plugin depends on your specific network requirements and the size of your cluster. Common options include Calico, Weave, and Flannel. Ensure compatibility with the kubeadm init command, specifically the network CIDR used.

What Steps Should Be Taken After Running Kubeadm Init?

After successfully running kubeadm init, the next steps involve deploying a pod network on the cluster and then joining your worker nodes to the cluster using the kubeadm join command. It’s also recommended to set up Kubernetes Dashboard for a user-friendly interface to your cluster.

How Can I Ensure My Kubernetes Cluster is Secure?

Securing your Kubernetes cluster involves several steps: regularly updating Kubernetes to the latest version with kubeadm upgrade, managing role-based access control (RBAC), securing your pod network, and controlling access to the Kubernetes API server. Regularly review Kubernetes’ official documentation for best security practices.

In Case of a Failed Node, How Does Kubeadm Help in Recovery?

Kubeadm provides commands like kubeadm reset for cleaning up broken installations and kubeadm token create for re-joining a node to the cluster. For more severe cases, referring to the official Kubernetes documentation and community support forums is advisable for recovery strategies.

Wrapping up

Learning Kubeadm can definitely serve as a way to better provision and configure Kubernetes clusters instances and it has many great features as part of your tooling. You can use Minikube and other software solutions to learn Kubernetes, including ECS in AWS or another cloud provider, but kubeadm makes it easy in the home lab or production clusters to easily create Kubernetes clusters. Let me know your feedback in the comments. Are you using kubeadm for your Kubernetes clusters and for KOPs? Hopefully this content helps you to understand this tool better and make use of it in your K8s operations.

Subscribe to VirtualizationHowto via Email 🔔

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com and has over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, Brandon has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.