Use kubeadm to build a Kubernetes cluster

Kubernetes cluster construction - kubeadm method

Kubeadm is a K8s deployment tool that provides kubeadm init and kubeadm join for rapid deployment of Kubernetes clusters.

Tool function:

  • kubeadm init: Initialize a Master node
  • kubeadm join: join the worker node to the cluster
  • kubeadm upgrade: upgrade K8s version
  • kubeadm token: Manage the token used by kubeadm join
  • kubeadm reset: clears any changes made to the host by kubeadm init or kubeadm join
  • kubeadm version: print kubeadm version
  • kubeadm alpha: preview available new features

2.1 Server requirements:

  • Recommended minimum hardware configuration: 2-core CPU, 2G memory, 20G hard disk
  • The server should preferably be able to access the external network, and there will be a need to pull images from the Internet. If the server cannot access the Internet, you need to download the corresponding image in advance and import it to the node

Software Environment:



operating system

CentOS7.9_x64 (mini)





Server planning:






Architecture diagram:

# turn off the firewall
systemctl stop firewalld

systemctl disable firewalld

# Close selinux
sed -i 's/enforcing/disabled/' /etc/selinux/config  # permanent

setenforce 0  # temporary
# close swap
swapoff -a  # temporary

sed -ri 's/.*swap.*/#&/' /etc/fstab    # permanent

# Set the hostname according to the plan
hostnamectl set-hostname <hostname>

# Add hosts to the master
cat >> /etc/hosts << EOF k8s-master k8s-node1 k8s-node2


# Pass bridged IPv4 traffic to the iptables chain

cat > /etc/sysctl.d/k8s.conf << EOF 

net.bridge.bridge-nf-call-ip6tables = 1 

net.bridge.bridge-nf-call-iptables = 1 


sysctl --system  # take effect 

# time synchronization

yum install ntpdate -y         #Install without 


4. Install Docker/kubeadm/kubelet [all nodes]

Install Docker

#Download docker yum source file
wget -O /etc/yum.repos.d/docker-ce.repo


#Install docker

yum -y install docker-ce
#Set docker to boot and start docker
systemctl enable docker && systemctl start docker

Configure mirror download accelerator

cat > /etc/docker/daemon.json << EOF
  "registry-mirrors": [""],
  "exec-opts": ["native.cgroupdriver=systemd"]


#Check if it is written to the file

systemctl restart docker

docker info

Install cri-dockerd

Kubernetes v1.24 removes the support of docker-shim, and Docker Engine does not support the CRI standard by default, so the two can no longer be directly integrated by default. To this end, Mirantis and Docker jointly created the cri-dockerd project to provide a bridge for Docker Engine to support the CRI specification, so that Docker can be used as a Kubernetes container engine. CRI container runtime interface

as the picture shows:


 rpm -ivh cri-dockerd-0.2.5-3.el7.x86_64.rpm

Specify the dependent mirror address:

vi /usr/lib/systemd/system/cri-docker.service

ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd://
systemctl daemon-reload #reload daemon
#Set cri-docker to boot and start cri-docker
systemctl enable cri-docker && systemctl start cri-docker

Add Alibaba Cloud's k8s YUM software source

cat > /etc/yum.repos.d/kubernetes.repo << EOF









Install kubeadm, kubelet and kubectl

Download the specified version number:

yum install -y kubelet-1.25.0 kubeadm-1.25.0 kubectl-1.25.0

systemctl enable kubelet 
Deploy Kubernetes Master

Executed at (Master).

kubeadm init \


  --image-repository \

  --kubernetes-version v1.25.0 \

  --service-cidr= \

  --pod-network-cidr= \
--cri-socket=unix:///var/run/cri-dockerd.sock \


Detailed parameter explanation

  • --apiserver-advertise-address cluster advertisement address
  • --image-repository Because the default pull image address cannot be accessed in China, specify the address of the Alibaba Cloud image repository here
  • --kubernetes-version K8s version, consistent with the one installed above
  • --service-cidr cluster internal virtual network, Pod unified access entrance
  • --pod-network-cidr Pod network, consistent with the CNI network component yaml deployed below
  • --cri-socket specifies the cri-dockerd interface, if it is containerd, use --cri-socket unix:///run/containerd/containerd.sock

After the initialization is complete, a join command will be output at the end, remember it first, and use it below.

Copy the connection k8s authentication file used by kubectl to the default path:

mkdir -p $HOME/.kube

sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

sudo chown $(id -u):$(id -g) $HOME/.kube/config

View working nodes:

kubectl get nodes

NAME               STATUS     ROLES            AGE   VERSION

k8s-master   NotReady   control-plane        20s   v1.25.0

Note: Since the network plug-in has not been deployed yet, it is not ready yet NotReady, continue first

Join Kubernetes Node

Execute on (Node).

To add a new node to the cluster, execute the kubeadm join command output by kubeadm init and manually add --cri-socket=unix:///var/run/cri-dockerd.sock

kubeadm join --token xn4k4x.5ewu3lpjl6n13dh7  --discovery-token-ca-cert-hash sha256:0e0d907c485894ce2c07b7bdc1a2c939fb550f6d06ba9760cbdc7ebf127bf1b6 --cri-socket=unix:///var/run/cri-dockerd.sock

The default token is valid for 24 hours, and when it expires, the token is no longer available. At this time, the token needs to be recreated.

regenerate token

#Regenerate the token and execute it on the master node
kubeadm token create --print-join-command

References: kubeadm join | Kubernetes

Deploy Container Networking (CNI)

Calico is a pure three-tier data center network solution, which is currently the mainstream network solution for Kubernetes.

Download YAML: --no-check-certificate
# Prompt to add this command

After downloading, you need to modify the definition of the Pod network (CALICO_IPV4POOL_CIDR), which is the same as specified by --pod-network-cidr of kubeadm init.

vim calico.yaml

After modifying the file, deploy:

kubectl apply -f calico.yaml
# get status
kubectl get pods -n kube-system
#Note: This step will create the container, it will take some time, wait five to ten minutes

After five to ten minutes, check again

Show all working

Haven't created successfully for a long time

Method 1: Select the offline import method

Upload the offline zip package and unzip it

Import the offline package after executing the following command

ls *.tar |xargs -i docker load -i {}

Reload the calico.yaml file

check status again

kubectl get pods -n kube-system


The Calico Pod s are Running and the nodes are ready.

Method 2: Download manually

First check which mirror package is missing

grep image calico.yaml

Use docker pull + image package to pull them down, etc.



Then deploy again

Wait for five to ten minutes and check the status again to find that they have all been running

Note: In the future, all yaml files will only be executed on the Master node.

Installation directory: /etc/kubernetes/

Component configuration file directory: /etc/kubernetes/manifests/

References: Creating a cluster with kubeadm | Kubernetes

At this point, the k8s cluster is built

kubernetes cluster

Create a pod in the kubernetes cluster and verify that it is running normally

#Create an nginx container
kubectl create deployment nginx --image=nginx

#Check the status of creation

kubectl get pod
 #The display is still being created, wait a few minutes


# Check again, the creation is complete



#Expose nginx port

kubectl expose deployment nginx --port=80 --type=NodePort


#View external ports

kubectl get pod,svc


# Then use the IP and port of any node to access the created nginx page


testing successfully

To graphically manage k8s resources

Dashboard is an official UI that can be used for basic management of K8s resources.

YAML download address:

# this connection failed

Download the file and upload it to the server, I use kubernetes-dashboard.yaml here

By default, the Dashboard can only be accessed within the cluster. Modify the Service to NodePort type and expose it to the outside:

vi recommended.yaml


kind: Service

apiVersion: v1



    k8s-app: kubernetes-dashboard

  name: kubernetes-dashboard

  namespace: kubernetes-dashboard



    - port: 443

      targetPort: 8443

      nodePort: 30001


    k8s-app: kubernetes-dashboard

  type: NodePort

kubectl apply -f recommended.yaml

#Note that it will take some time to generate the container

# get status

kubectl get pods -n kubernetes-dashboard

#Container status 

  address: https://NodeIP:30001

Create a service account and bind the default cluster-admin administrator cluster role:

# create user
kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard
# User Authorization

kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard-admin
 # Get user Token

 kubectl create token dashboard-admin -n kubernetes-dashboard


Use the output token to log in to Dashboard.

Create pod s graphically

At this point, the k8s installation and expansion is over

Tags: Docker Kubernetes Container

Posted by addie on Wed, 07 Dec 2022 09:37:35 +0300