LinuxCommandLibrary

kubeadm

Initialize and manage Kubernetes clusters

TLDR

Create a Kubernetes control plane

$ kubeadm init
copy

Bootstrap a Kubernetes worker node and join it to a cluster
$ kubeadm join --token [token]
copy

Create a new bootstrap token with a TTL of 12 hours
$ kubeadm token create --ttl [12h0m0s]
copy

Check if the Kubernetes cluster is upgradeable and which versions are available
$ kubeadm upgrade plan
copy

Upgrade Kubernetes cluster to a specified version
$ kubeadm upgrade apply [version]
copy

View the kubeadm ConfigMap containing the cluster's configuration
$ kubeadm config view
copy

Revert changes made to the host by 'kubeadm init' or 'kubeadm join'
$ kubeadm reset
copy

SYNOPSIS

kubeadm <command> [<flags>]

PARAMETERS

--component-configs strings
    Files containing component configurations (e.g., kube-apiserver).

--dry-run
    Simulate actions without changes.

--kubeconfig string
    Path to kubeconfig file (default: ~/.kube/config).

--rootfs-dir string
    Path to real root filesystem (deprecated).

-h, --help
    Show help.

completion
    Generate shell completion scripts.

config
    Manage kubeadm config files (view, print, migrate).

init
    Initialize control-plane node.

join
    Join node to cluster.

reset
    Revert init/join changes.

token
    Manage bootstrap tokens.

upgrade
    Upgrade control plane/plan.

version
    Print kubeadm version.

DESCRIPTION

Kubeadm is an official tool for bootstrapping minimal, secure Kubernetes clusters. It automates key steps like initializing the control plane node with kubeadm init, generating join commands for worker nodes via kubeadm join, resetting clusters with kubeadm reset, and handling upgrades.

Kubeadm produces a stack of conformant Docker images, ensuring best practices for networking, TLS bootstrapping, and service accounts. It supports various pod infrastructures (e.g., Calico, Flannel) and cloud providers. Configuration is via YAML files for reproducibility.

Primarily for dev/test/production setups where users manage OS/container runtime. It doesn't install dependencies like containerd/Docker or CNI plugins—users handle those. Post-init, apply a CNI and untaint the master for workloads. Widely used in CI/CD and learning environments. Supports air-gapped installs and custom certs.

CAVEATS

Does not install container runtime or CNI; requires manual setup. Not fully production-ready without customizations (e.g., HA etcd). Version skew limits apply between components.

COMMON WORKFLOW

kubeadm init --pod-network-cidr=10.244.0.0/16
kubectl apply -f calico.yaml
kubeadm token create --print-join-command

CONFIG FILE

Use YAML for init/join: kubeadm init --config=config.yaml. Supports migrating kubeadm v1 configs.

HISTORY

Introduced in Kubernetes v1.4 (2016) as experimental; stabilized in v1.11 (2018). Developed by SIG Cluster Lifecycle for declarative bootstrapping. Evolved with features like config files (v1.12), phase control (v1.13), and plan-based upgrades (v1.15+).

SEE ALSO

kubectl(1), kubelet(8), crictl(1), containerd(8)

Copied to clipboard