Kubernetes easy install with Kubeadm

Auteur: Fabrice JAMMES (LinkedIn). Date: Jan 27, 2020 · 10 min read

This article explains how to install Kubernetes with kubeadm, the official Kubernetes installer. It is inspired by the official documentation, while declining it for Ubuntu and simplifying it.

It has been successfully tested with Kubernetes 1.21.0

Pre-requisites: Infrastructure

  • One or more machines running Ubuntu LTS, with administrator access ( sudo)
  • 2 GB or more of RAM per machine
  • 2 or more processors on the master node
  • Full network connectivity between all machines in the cluster

The ‘size-of-master-and-master-components’ documentation define some guidelines on how to size your masters nodes depending on the total number of your Kubernetes nodes.

Pre-requisites: System

Install containerd

containerd is a lightweight runtime for Linux containers. It is a reliable project, validated by the Cloud-Native Computing Foundation, as you can see on the CNCF landscape web page. The installation of containerd is required on all of your machines. Indeed, this is the basic brick that will allow Kubernetes to run and manage the containers. Copy and paste the code below in a script and execute it on each machine.


set -euxo pipefail

cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf

sudo modprobe overlay
sudo modprobe br_netfilter

# Setup required sysctl params, these persist across reboots.
cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables  = 1
net.ipv4.ip_forward                 = 1
net.bridge.bridge-nf-call-ip6tables = 1

# Apply sysctl params without reboot
sudo sysctl --system

# Install containerd
## Set up the repository
### Install packages to allow apt to use a repository over HTTPS
sudo apt-get update
sudo apt-get install \
    apt-transport-https \
    ca-certificates \
    curl \
    gnupg \

### Add Docker’s official GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

### Add Docker apt repository.
echo \
  "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

## Install containerd
sudo apt-get update
sudo apt-get install -y containerd.io

# Configure containerd
sudo mkdir -p /etc/containerd
containerd config default | sudo tee /etc/containerd/config.toml

# Restart containerd
sudo systemctl restart containerd

For more information regarding the installation of containerd, please check the official documentation.

Install kubeadm and its friends: kubelet and kubectl

  • kubeadm is the official Kubernetes installer, it must be run as root on each nodes of your Kubernetes cluster.
  • kubelet is the daemon in charge of running and managing the containers on every nodes controlled by Kubernetes. It must be available on all the nodes of the cluster, including the master nodes because it also manages the containers in charge of the Kubernetes system components. It uses the CRI specification (Container Runtime Interface) to communicate with the local container execution engine, in our example containerd.
  • kubectl is the Kubernetes client, install it on the machine that will allow you to control your Kubernetes cluster. As seen above, we recommend that you copy and paste the code below into a script and execute it on each machine.

set -euxo pipefail

sudo mkdir -p /etc/apt/keyrings
sudo rm -f /etc/apt/keyrings/kubernetes-apt-keyring.gpg

curl -fsSL https://pkgs.k8s.io/core:/stable:/"$K8S_VERSION"/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
# This overwrites any existing configuration in /etc/apt/sources.list.d/kubernetes.list
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/'"$K8S_VERSION"'/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list

sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl ipvsadm
sudo apt-mark hold kubelet kubeadm kubectl

Please note that the script prevents updates to kubeadm, kubectl, and kubelet which could be caused by the installation of security updates with apt-get commands.

Create the Kubernetes cluster

On your master node, run the following command:

sudo kubeadm init --pod-network-cidr=

Here is what will appear on your console, in the last lines of standard output:

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:

You can now join any number of machines by running the following on each node
as root:

  kubeadm join <control-plane-host>:<control-plane-port> --token <token> --discovery-token-ca-cert-hash sha256:<hash>

There are three very important instructions here:

  • how to configure kubectl, the Kubernetes client. In our example we will use the Kubernetes master node as a client, on which we will therefore issue the commands below:
# Connect with your regular user account, and not with `root` account
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
  • installing a network plugin, here we choose a popular one: calico. Just run the command below on your Kubernetes client, which we just configured. Note that in our example it is also the master Kubernetes:
kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.24.5/manifests/tigera-operator.yaml
curl https://raw.githubusercontent.com/projectcalico/calico/v3.24.5/manifests/custom-resources.yaml -O
kubectl create -f custom-resources.yaml
  • the command to execute on all your other nodes so that they join the Kubernetes cluster:
sudo kubeadm join <control-plane-host>:<control-plane-port> --token <token> --discovery-token-ca-cert-hash sha256:<hash>

<control-plane-host>:<control-plane-port> contains the DNS name or IP and port of the Kubernetes master. <token> is the token, whose lifetime is limited, which allows the current node to identify itself to the master. Finally, <hash> allows the current node to ensure the authenticity of the master.


It is not recommended to run user workload on Kubernetes master node(s) for security reason. That’s why we recommend to use dedicated master node(s) for running Kubernetes system components.

Check that everything works

The following command checks that your Kubernetes cluster is up and running:

kubectl cluster-info                                                                                                                                                        ✔  10376  09:19:37
Kubernetes master is running at
KubeDNS is running at

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

The command below list all nodes:

kubectl get nodes

Finally, installing Kubernetes with kubeadm is rather simple, isn’t it :-).

Remove the cluster

The official documentation describes all the operations required to delete your cluster. If you have created your machines in a Cloud, an equivalent and much simpler solution is of course to delete all of them, and then recreate them in their initial state.

Automate installation

Here is a sample script to automate this process: https://github.com/k8s-school/k8s-advanced/tree/master/0_kubeadm . To learn more, you can contact us and register to one of our training courses.