⌂ Home

Cluster Administration with kubeadm

Interactive guide to join tokens, certificate management, cluster configuration, and routine cluster health operations.

Cluster administration is about the lifecycle of trust, control plane health, and safe cluster maintenance, not just application resources.

Core Model

Understand the Concept First

Join tokens

Secure and time-limited credentials let worker nodes join the cluster.

Certificate health

TLS certificate expiry and renewal are core operational responsibilities.

Cluster configuration

kubeadm and kubeconfig state influence how admins access and manage the cluster.

Lifecycle Flow

Administrative Control Flow

Certificate Renewal Flow and Timeline Day 0 Day 365 Cluster Init Certs generated Day 335 30-day warning Day 365 Cert expires Safe Renewal Window Node Maintenance: Cordon → Drain → Upgrade → Uncordon 1. Cordon kubectl cordon node1 Mark node unschedulable New pods won't start here 2. Drain kubectl drain node1 Evict all pods gracefully Pods reschedule elsewhere 3. Upgrade apt install kubelet Update packages, restart kubelet 4. Uncordon kubectl uncordon node1 Mark node schedulable Ready for new workloads Cluster Health Check Dashboard Component Status kubectl get cs ✓ scheduler: Healthy ✓ controller-manager: Healthy ✓ etcd: Healthy Certificate Status kubeadm certs check-expiration apiserver: 350 days front-proxy-client: 350 days scheduler.conf: 350 days Node Status kubectl get nodes control-plane: Ready (v1.28.0) worker1: Ready (v1.28.0) worker2: Ready (v1.28.0) Pod Health kubectl get pods -A kube-system: 12/12 All pods running No restarts Certificate Renewal Commands Manual Renewal sudo kubeadm certs renew all sudo systemctl restart kubelet Renews all certificates immediately Requires control plane component restart Automatic Renewal kubelet auto-renews certs kubelet automatically renews its own client certificate before expiration (enabled by default since K8s 1.8) Component Status Legend Healthy Warning (30 days) Critical (expired)
The thread connecting these tasks is trust and continuity: cluster admins keep the platform joinable, secure, and operational.
YAML and Commands

Examples You Can Recognize Quickly

Token Commands
kubeadm token list
kubeadm token create --ttl 2h --print-join-command
Certificate Commands
sudo kubeadm certs check-expiration
Decision Guide

Admin Task Categories

Category Goal Example tools
Node join management Control cluster membership kubeadm token commands
Certificate management Maintain secure component communication kubeadm certs
Health and access Keep cluster usable and observable kubectl, kubeconfig, API checks
Many cluster issues are really trust or certificate issues disguised as application or connectivity problems.
Use It Well

Practice and Real-World Thinking

Worker onboarding

Generate and rotate join commands safely.

Certificate planning

Prevent outages by monitoring expiration and renewal windows.

Operational review

Use kubeadm and kubectl together to understand cluster control-plane state.