kubeadm
Kubeadm is a tool built to provide kubeadm init and kubeadm join as best-practice “fast paths” for creating Kubernetes clusters.
refer
Command
kubeadm init to bootstrap a Kubernetes control-plane node
kubeadm join to bootstrap a Kubernetes worker node and join it to the cluster
kubeadm upgrade to upgrade a Kubernetes cluster to a newer version
kubeadm config if you initialized your cluster using kubeadm v1.7.x or lower, to configure your cluster for kubeadm upgrade
kubeadm token to manage tokens for kubeadm join
kubeadm reset to revert any changes made to this host by kubeadm init or kubeadm join
kubeadm version to print the kubeadm version
kubeadm alpha to preview a set of features made available for gathering feedback from the community
init workflow
kubeadm init bootstraps a Kubernetes control-plane node by executing the following steps:
1.Runs a series of pre-flight checks to validate the system state before making changes. Some checks only trigger warnings, others are considered errors and will exit kubeadm until the problem is corrected or the user specifies –ignore-preflight-errors=
2.Generates a self-signed CA (or using an existing one if provided) to set up identities for each component in the cluster. If the user has provided their own CA cert and/or key by dropping it in the cert directory configured via –cert-dir (/etc/kubernetes/pki by default) this step is skipped as described in the Using custom certificates document. The APIServer certs will have additional SAN entries for any –apiserver-cert-extra-sans arguments, lowercased if necessary.
3.Writes kubeconfig files in /etc/kubernetes/ for the kubelet, the controller-manager and the scheduler to use to connect to the API server, each with its own identity, as well as an additional kubeconfig file for administration named admin.conf.
4.Generates static Pod manifests for the API server, controller manager and scheduler. In case an external etcd is not provided, an additional static Pod manifest is generated for etcd. Static Pod manifests are written to /etc/kubernetes/manifests; the kubelet watches this directory for Pods to create on startup.
Once control plane Pods are up and running, the kubeadm init sequence can continue.
1.Apply labels and taints to the control-plane node so that no additional workloads will run there.
2.Generates the token that additional nodes can use to register themselves with a control-plane in the future. Optionally, the user can provide a token via –token, as described in the kubeadm token docs.
3.Makes all the necessary configurations for allowing node joining with the Bootstrap Tokens and TLS Bootstrap mechanism:
Write a ConfigMap for making available all the information required for joining, and set up related RBAC access rules.
Let Bootstrap Tokens access the CSR signing API.
Configure auto-approval for new CSR requests.
kubeadm-init-phase
refer