This note is the third part in a series about installing Kubernetes. You can find the previous parts here and here. In this part, we will cover how to initialize the Kubernetes cluster and set up networking using Calico.

Step 1: Initialize the Cluster

Begin by initializing the Kubernetes cluster on the first master node:

kubeadm init --control-plane-endpoint="192.168.11.21:6443" --upload-certs --apiserver-advertise-address=192.168.11.71 --pod-network-cidr=192.168.0.0/16
  • --control-plane-endpoint="192.168.11.21:6443": Specifies the IP address of the HAProxy load balancer.
  • --apiserver-advertise-address=192.168.11.71: The IP address of the node running the command.
  • --pod-network-cidr=192.168.0.0/16: Defines the CIDR range for the pod network.

After executing this command, kubeadm will provide further instructions for setting up additional nodes and deploying the pod network.

Generally, the kubeadm init installation follows these steps:

  • Preflight – Ensures that the system configuration and conditions are met. At this step, kubeadm downloads the core container images.
  • Generates a self-signed CA and certificates for etcd, the API server, and the proxy.
  • Creates configuration files for the core Kubernetes services.
  • Starts the kubelet service, which manages the running Kubelet containers.
  • Initializes the first control node. Pods for the API server, controller manager, scheduler, and etcd are created and started.
  • upload-configuration creates the kubelet config and ConfigMaps for cluster configuration.
  • Uploads certificates to /etc/kubernetes/pki.
  • Marks the node as a control node and generates a token for other nodes to join.

Another important point at this step is that kubeadm installs the CoreDNS and kube-proxy add-ons and brings their pods to the Ready state until the network service is installed.

Step 2: Deploy Calico Network

Once the cluster is initialized, deploy Calico for the pod network:

kubectl --kubeconfig=/etc/kubernetes/admin.conf create -f https://docs.projectcalico.org/v3.15/manifests/calico.yaml

Calico is a popular choice for managing Kubernetes networking and ensures seamless communication between pods.

Optional Steps: Regenerate Certificates

You can regenerate cluster certificates if needed, using the following command on the first master node:

kubeadm init phase upload-certs --upload-certs
[upload-certs] Storing the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace
[upload-certs] Using certificate key:
f228f02ee8fc90e31758cea0455806997d01cdda977e2ad03ab2f729b0da69f8

This command will upload the certificates to a Secret named kubeadm-certs in the kube-system namespace.

Step 3: Generate Join Commands

Use the generated certificate key to create join tokens for other master or worker nodes:

  • For Master Nodes: 
    [root@kube-master1 ~]# kubeadm token create --print-join-command --certificate-key f228f02ee8fc90e31758cea0455806997d01cdda977e2ad03ab2f729b0da69f8

    Output:

    kubeadm join 192.168.11.21:6443 --token ivb497.vc9cugiqlr6dpeg5 --discovery-token-ca-cert-hash sha256:56c4a1c8dd067ca1f60ffbc4d5140cf5c17edb97e8bc6d804ecc5c343bc044a0 --control-plane --certificate-key f228f02ee8fc90e31758cea0455806997d01cdda977e2ad03ab2f729b0da69f8
  • For Worker Nodes: 
    [root@kube-master1 ~]# kubeadm token create --print-join-command

    Output:

    kubeadm join 192.168.11.21:6443 --token ap8kar.25w1p7ybhoqzj4pe --discovery-token-ca-cert-hash sha256:56c4a1c8dd067ca1f60ffbc4d5140cf5c17edb97e8bc6d804ecc5c343bc044a0

These commands will allow you to join new master or worker nodes to the cluster.

Step 4: Configure Kubectl Access

To set up kubectl on your master node for managing the cluster:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

Step 5: Managing the Cluster from Another Host

To manage the cluster from a different machine (e.g., a Fedora workstation), install kubectl and set up configuration:

curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
sudo cp kubectl /usr/local/bin/
sudo chmod 755 /usr/local/bin/kubectl

scp k-master1:.kube/admin.conf .kube/
echo "export KUBECONFIG=/home/admin/.kube/admin.conf" >> ~/.bashrc
bash
kubectl get nodes

You may also enjoy