Managing a Kubernetes cluster effectively requires robust tools and best practices. Kubeadm is the de facto standard tool designed to bootstrap Kubernetes clusters quickly and reliably. This article provides an in-depth exploration of managing Kubernetes clusters with Kubeadm — from initial installation through scaling and performing seamless upgrades — targeted at intermediate and advanced users aiming to optimize cluster operations.

What is Kubeadm and Why Use It?

Kubeadm simplifies the process of bootstrapping a Kubernetes cluster by automating the installation and configuration of essential control plane components and worker nodes. It offers:

  • Standardized installation workflows
  • Support for highly available clusters
  • Easy node joining and removal
  • Built-in tooling for upgrades

Unlike managed Kubernetes services, Kubeadm empowers you with fine-grained control, making it ideal for on-premises or custom cloud setups.

Installing a Kubernetes Cluster with Kubeadm

Prerequisites
  • Linux-based machines (Ubuntu, CentOS, etc.)
  • Minimum 2 CPUs and 2GB RAM per node recommended
  • Swap disabled and bridged network traffic enabled
  • Container runtime installed (Docker, containerd, etc.)
Step 1: Prepare the Nodes
  • Disable swap: sudo swapoff -a
  • Configure sysctl for networking:
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system
Step 2: Install Kubeadm, Kubelet, and Kubectl

Add Kubernetes apt repository and install packages:

sudo apt-get update && sudo apt-get install -y apt-transport-https curl
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
cat <<EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list
deb https://apt.kubernetes.io/ kubernetes-xenial main
EOF
sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl
Step 3: Initialize the Control Plane

On the master node, run:

sudo kubeadm init --pod-network-cidr=10.244.0.0/16
  • The --pod-network-cidr flag must match your chosen CNI plugin (e.g., Flannel uses 10.244.0.0/16).
  • Save the join token command displayed after initialization to add worker nodes later.
Step 4: Configure kubectl Access
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Step 5: Deploy a Pod Network Add-on

Example for Flannel:

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

Scaling the Cluster: Adding and Removing Nodes

Adding Worker Nodes

Use the join token command from the control plane init step:

sudo kubeadm join <master-ip>:6443 --token <token> --discovery-token-ca-cert-hash sha256:<hash>
Removing Nodes
  • Drain the node to safely evict workloads:
kubectl drain <node-name> --ignore-daemonsets --delete-local-data
  • Delete the node from the cluster:
kubectl delete node <node-name>
  • On the node itself, reset kubeadm state:
sudo kubeadm reset

Upgrading Kubernetes Cluster with Kubeadm

Keeping your cluster updated is critical for security, performance, and new features.

Step 1: Plan and Backup
Step 2: Upgrade kubeadm
sudo apt-get update
sudo apt-get install -y kubeadm=<new-version>

Verify the version:

kubeadm version
Step 3: Drain the Control Plane Node
kubectl drain <master-node> --ignore-daemonsets
Step 4: Upgrade the Control Plane
sudo kubeadm upgrade apply <new-version>
Step 5: Upgrade kubelet and kubectl on Control Plane and Worker Nodes
sudo apt-get install -y kubelet=<new-version> kubectl=<new-version>
sudo systemctl daemon-reload
sudo systemctl restart kubelet
Step 6: Uncordon the Control Plane Node
kubectl uncordon <master-node>
Step 7: Upgrade Worker Nodes
  • Drain each worker node
  • Upgrade kubeadm, kubelet, and kubectl
  • Restart kubelet
  • Uncordon the node

Best Practices for Cluster Management with Kubeadm

  • Use HA clusters with stacked or external etcd for production
  • Automate installations and upgrades with Ansible or Terraform
  • Regularly monitor node and pod health via Prometheus and Grafana
  • Secure your cluster with RBAC, Network Policies, and TLS certificates
  • Regularly test backups and disaster recovery procedures

Conclusion

Kubeadm remains a powerful, flexible tool for managing Kubernetes clusters with granular control over installation, scaling, and upgrades. By mastering these workflows, DevOps engineers and platform teams can ensure resilient, secure, and scalable Kubernetes environments tailored to their infrastructure needs.