kubeadm Cheatsheet
kubeadm
is used for managing k8s clusters.
Full life-cycle:
kubeadm init
: bootstrap the first node.kubeadm join
: bootstrap more nodes and join to the cluster.kubeadm upgrade
: upgrade a Kubernetes cluster to a newer version; perform the upgrade of etcd by default.kubeadm reset
: performs a best effort revert of changes made to this host bykubeadm init
orkubeadm join
.
NOT in scope:
- provisioning machines: use metal3 for provisioning bare-metal machines.
- installing addons, e.g. dashboard, monitoring solutions, and cloud-specific addons, etc.
Used by other tools like minikube, kind, etc.
Commands
Token
Create token
$ kubeadm token create
List token
$ kubeadm token list
Init
$ kubeadm init --control-plane-endpoint=$IPADDR --apiserver-cert-extra-sans=$IPADDR --pod-network-cidr=$POD_CIDR --node-name $NODENAME --ignore-preflight-errors Swap
$ kubeadm init --pod-network-cidr=192.168.0.0/16
Join as a worker node
Print join command
$ kubeadm token create --print-join-command
# this will print something like this:
# kubeadm join 10.200.xxx.xxx:443 --token 0iyxxx.72o1s06xxxxxxx --discovery-token-ca-cert-hash sha256:xxxxxxxxxxxxxx
Join:
$ kubeadm join --token TOKEN MASTER_IP:MASTER_PORT --discovery-token-ca-cert-hash sha256:HASH
$ kubeadm join phase control-plane-prepare certs --config /dev/stdin --v 5
Join as a control-plane node
--certificate-key string
: When used together with '--print-join-command', print the full 'kubeadm join' flag needed to join the cluster as a control-plane. To create a new certificate key you must use 'kubeadm init phase upload-certs --upload-certs'.
Tear down a node
$ kubectl drain NODE --delete-local-data --force --ignore-daemonsets
$ kubectl delete node NODE
$ kubeadm reset
To force reset:
$ kubeadm reset --force
Config
Get Pod and Service CIDRs
$ kubeadm config view | grep Subnet
Dump config
$ cd /etc
$ kubeadm config view > kubeadmconf.yaml
Get kubeconfig
$ kubeadm kubeconfig user --client-name kubernetes-admin
Troubleshooting
Port 10250 is in use
kubeadm may throw error: Port 10250 is in use
.
10250
is used by kubelet
.
$ lsof -i:10250
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
kubelet 68360 root 18u IPv6 473103 0t0 TCP *:10250 (LISTEN)
Try to kill the existing kubelet
.