Install Kubernetes Cluster on Ubuntu 24.04 with Kubeadm

Several issues in these steps. Trying to follow with containerd setup – an example error is no step to create /var/lib/kubelet/config.yaml. Another, it enters into a root bash but doesn’t exit. And kubeadm config images pull leads to ‘unknown service runtime.v1alpha2.ImageService’ error.

This not working:
sudo kubeadm config images pull
failed to pull image “k8s.gcr.io/kube-apiserver:v1.20.5″: output: time=”2021-03-25T12:37:30Z” level=fatal msg=”pulling image failed: rpc error: code = Unimplemented desc = unknown service runtime.v1alpha2.ImageService”
, error: exit status 1
To see the stack trace of this error execute with –v=5 or higher

Its working. thanks.

Awesome working example! Thanks.

after reproducing the steps mentioned I found out that kubectl get nodes does not show the nodes
and shows the error The connection to the server localhost:8080 was refused – did you specify the right host or port?
Any help asap would be highly appreciated

To install Calico I had to:
curl https://docs.projectcalico.org/manifests/calico.yaml -O
kubectl apply -f calico.yaml

Steps above did not work.

Some issues getting this to work. Here are the items I changed to get it going:

First, there was an issue getting containerd to start. The issue was that the config was not saved properly. In the “Installing containerd” section above, there was a missing `>` in the following command (I really hope my pre and /pre tags work):

containerd config default /etc/containerd/config.toml

It needs to be:

containerd config default > /etc/containerd/config.toml

Then there was an issue with flannel but that resolved itself:
https://github.com/flannel-io/flannel/issues/1482

Then, once the control plane node was up, the worker nodes would not go to ready state. I resolved this by setting the containerd.default_runtime (Again, I really hope my pre and /pre tags work):

[plugins.”io.containerd.grpc.v1.cri”.containerd.default_runtime]
runtime_type = “io.containerd.runtime.v1.linux”

Hopefully this helps someone else…

Thanks for the perfect working example and it worked for me.

Where does the IP of “cluster endpoint DNS name” come from? You’re using 172.29.20.5. My controlplane’s IP is 172.17.0.1. Should I use that?

Hey Everyone,

Great article, however I have a question where are the steps for installing kubenetes on the worker nodes do you follow the same procedure as the Controller Node? Were do you stop to get the worker node properly funtional?

Sorry I am new to kubernetes
Thanks,
Michael

Hi,

It is captured in step 7.

Following your instructions completely using the CRIO install, no pods can access the internet. The master comes up fine and the nodes come up fine and I can do deployments and everything.

pods just can not access the internet. I tried to setup jenkins and it was not able to access the internet to install the plugins

Something is flawed in your instructions

I tried all 3 container management types in this tutorial and none of the pods can access the internet. They can talk to each other but nothing in the outside world. I installed Jenkins in kubernetes and I need to install the plugins but can’t because if this issue. Please advise

I am confused by setting the IP for cluster endpoint.
The below is my network. What IP can i use for endpoint?

4: docker0: mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:71:4d:87:43 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever

Thank you very much! the guide is very helpful and i managed to setup the K8 cluster.

Clear article!

But when I run:
sudo kubeadm config images pull –cri-socket /var/run/docker.sock

Then I get this response:
failed to pull image “k8s.gcr.io/kube-apiserver:v1.22.4″: output: time=”2021-12-02T20:00:52Z” level=fatal msg=”connect: connect endpoint ‘unix:///var/run/docker.sock’, make sure you are running as root and the endpoint has been started: context deadline exceeded”
, error: exit status 1
To see the stack trace of this error execute with –v=5 or higher

Does anyone know how to fix this?

All the previous steps were executed succesfully.

The certificate created in the init command is invalid and flagged by Chrome/Safari when trying to progress through step 10 installing the dashboard.

Woooowwwwwwww !!! You have been enriching the POST, I congratulate you and very complete … !!!

I ran into this problem. See console log, docker is installed and running:

jacob@lazykub1:~$ sudo kubeadm config images pull –cri-socket /var/run/docker.sock
failed to pull image “k8s.gcr.io/kube-apiserver:v1.23.1″: output: time=”2022-01-16T14:14:45Z” level=fatal msg=”connect: connect endpoint ‘unix:///var/run/docker.sock’, make sure you are running as root and the endpoint has been started: context deadline exceeded”
, error: exit status 1
To see the stack trace of this error execute with –v=5 or higher
jacob@lazykub1:~$ sudo systemctl status docker
● docker.service – Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2022-01-16 14:14:21 UTC; 3min 23s ago
TriggeredBy: ● docker.socket
Docs: https://docs.docker.com
Main PID: 4187 (dockerd)
Tasks: 8
Memory: 33.7M
CGroup: /system.slice/docker.service
└─4187 /usr/bin/dockerd -H fd:// –containerd=/run/containerd/containerd.sock

Jan 16 14:14:20 lazykub1 dockerd[4187]: time=”2022-01-16T14:14:20.947413897Z” level=warning msg=”Your kernel does not support CPU realtime scheduler”
Jan 16 14:14:20 lazykub1 dockerd[4187]: time=”2022-01-16T14:14:20.947421586Z” level=warning msg=”Your kernel does not support cgroup blkio weight”
Jan 16 14:14:20 lazykub1 dockerd[4187]: time=”2022-01-16T14:14:20.947428108Z” level=warning msg=”Your kernel does not support cgroup blkio weight_device”
Jan 16 14:14:20 lazykub1 dockerd[4187]: time=”2022-01-16T14:14:20.947609517Z” level=info msg=”Loading containers: start.”
Jan 16 14:14:21 lazykub1 dockerd[4187]: time=”2022-01-16T14:14:21.077788214Z” level=info msg=”Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option –bip can be used to set a preferred IP address”
Jan 16 14:14:21 lazykub1 dockerd[4187]: time=”2022-01-16T14:14:21.111888405Z” level=info msg=”Loading containers: done.”
Jan 16 14:14:21 lazykub1 dockerd[4187]: time=”2022-01-16T14:14:21.133944179Z” level=info msg=”Docker daemon” commit=459d0df graphdriver(s)=overlay2 version=20.10.12
Jan 16 14:14:21 lazykub1 dockerd[4187]: time=”2022-01-16T14:14:21.134263733Z” level=info msg=”Daemon has completed initialization”
Jan 16 14:14:21 lazykub1 systemd[1]: Started Docker Application Container Engine.
Jan 16 14:14:21 lazykub1 dockerd[4187]: time=”2022-01-16T14:14:21.154710559Z” level=info msg=”API listen on /run/docker.sock”
jacob@lazykub1:~$

swap statement is not working for me.
“sudo sed -i ‘/ swap / s/^\(.*\)$/#\1/g’ /etc/fstab”
It does not comment out the swap line

# /etc/fstab: static file system information.
#
# Use ‘blkid’ to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
#
# / was on /dev/ubuntu-vg/ubuntu-lv during curtin installation
/dev/disk/by-id/dm-uuid-LVM-LMZ6lL63Lq08X4WdpxYG1q2BXTyEcLs2cS2oIdfaWHUALXM3rHgG4j26DG8Hys2M / ext4 defaults 0 1
# /boot was on /dev/sda2 during curtin installation
/dev/disk/by-uuid/d13a56c4-40f8-4994-8b23-06b8f2785f5d /boot ext4 defaults 0 1
/swap.img none swap sw 0 0

Thank you for the tutorial!!!

After some tries finally seems I got it working, now I’m looking how to integrate on GitLab.

An quick hint for those with problems on coredns failing or dont get ready.

Don’t change the range IP, post says its possible to customize and use seed for change after install, all time I have did that, pod never started, reading the file:

https://docs.projectcalico.org/manifests/custom-resources.yaml

There’s the note:

# Note: The ipPools section cannot be modified post-install.

And the default range is 192.168.0.0/16

sudo sed -i ‘s/10.85.0.0/192.168.0.0/g’ /etc/cni/net.d/100-crio-bridge.conf
sed: can’t read /etc/cni/net.d/100-crio-bridge.conf: No such file or directory

Also seeing the following error which then stops anything further on working:

sudo kubeadm config images pull –cri-socket /var/run/docker.sock
failed to pull image “k8s.gcr.io/kube-apiserver:v1.23.3″: output: time=”2022-01-31T16:26:47Z” level=fatal msg=”connect: connect endpoint ‘unix:///var/run/docker.sock’, make sure you are running as root and the endpoint has been started: context deadline exceeded”
, error: exit status 1
To see the stack trace of this error execute with –v=5 or higher

any ideas?

Hello
I have an issue with this tutorial : My install is in 1.24.0. All works good but i have a problem with tokens in service account. Any token is generated when i create sa, and i have no token in the default sa. Can you help me ?

Thx

Hello, i have an issue with this guide.
I have successfully installed my cluster with containerd and calico.
Every works good except one thing :
I haven’t any token generated for services account. When i type this command :
kubectl get sa
The default sa is present but with 0 secrets. The token section is set to
It’s similar when i tried to create a new sa, no token.
Can i have help please ?

Thanks

IF you need to specify a different pod cidr as “192.168.0.0/16” you need to edit the custom-resources.yaml for calico before applying.

Hi,
A great post, which helped me a lot.
I have been trying to host k8 on AWS EC2 Instances ( an task )

i have encountered two issues

1# at worker node

Found multiple CRI endpoints on the host. Please define which one do you wish to use by setting the ‘criSocket’ field in the kubeadm configuration file: unix:///var/run/containerd/containerd.sock, unix:///var/run/cri-dockerd.sock
To see the stack trace of this error execute with –v=5 or higher

for this i have tried
sudo kubeadm join {ip address} –token xgr4i8.kokoqjxo6yvs3d19 –discovery-token-ca-cert-hash sha256:d1b4e8ea7a87ae6b91198a2c0ac85663c48b2f2f9181d7075d13294336684379
–cri-socket /run/cri-dockerd.sock

but my command is being struck

2#
[preflight] Running pre-flight checks
[WARNING SystemVerification]: missing optional cgroups: blkio

with above message its been stuck, help me please

I installed the K8s cluster (1 master, 2 worker) using this guide. I used docker as Container Runtime. However, when I create Pods, the Pods in different worker nodes take overlapping Ips. Pod from one node can’t talk to pod from another node.

Took me a few attempts but got there in the end! Thanks for taking the time to put together.

Thank you very much.
If I’d add something to make this perfect is to add the details on how to generate the join token to add new workers.

I followed this guide (docker runtime) with an additional step for Calico:

kubectl apply -f https://projectcalico.docs.tigera.io/v3.23/manifests/calico.yaml

An outstanding issue I have is even though I specified a pod network with kubeadm init, the pods are getting assigned addresses from the docker0 network (172.17.0.0/16) instead of the pod network.

Any ideas how to resolve? I found a few similar issues on Stackoverflow but haven’t been able to resolve mine.

I have problem about docker container cannot access external calls.
I build a simple application which do api call and it says “resource temporarily unavailable”, after trying to exec into container and do apt-get update it says that cannot connect to deb.
Any help about this ? i setup cluster as described above.

Very nice article !
I did manage to setup k8s but recently i started getting errors in my pods “resource temporarily unavailable” when doing external http call, anyone have some solution ?

btw, i tried to exec into container and do “apt-get update” but it says that i cannot connect to deb.

After installing the CRI-O runtime and using Calico as suggested, my calico-kube-controller is stuck in a Pending status.

NAMESPACE NAME READY STATUS RESTARTS AGE
calico-system calico-kube-controllers-657d56796-bvh25 0/1 Pending 0 30m
calico-system calico-node-tdkjf 1/1 Running 0 30m
calico-system calico-typha-89d87cb5c-fn887 1/1 Running 0 30m
kube-system coredns-6d4b75cb6d-dbbmk 1/1 Running 0 31m
kube-system coredns-6d4b75cb6d-twlkk 1/1 Running 0 31m
kube-system etcd-res-u20-template 1/1 Running 0 32m
kube-system kube-apiserver-res-u20-template 1/1 Running 0 32m
kube-system kube-controller-manager-res-u20-template 1/1 Running 0 32m
kube-system kube-proxy-cxmvt 1/1 Running 0 31m
kube-system kube-scheduler-res-u20-template 1/1 Running 0 32m
tigera-operator tigera-operator-6995cc5df5-4w9rt 1/1 Running 0 30m

The only thing in the log that drew my attention was
“E0808 23:12:25.258702 1 disruption.go:534] Error syncing PodDisruptionBudget calico-system/calico-typha, requeuing: Operation cannot be fulfilled on poddisruptionbudgets.policy “calico-typha”: the object has been modified; please apply your changes to the latest version and try again”

Has anyone seen this issue? suggestions?

After installing the CRI-O runtime and the Calico network plugin, the calico-kube-controllers stay in a `Pending` state.

senften@res-k8s-master:~$ kubectl get pods –all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
calico-system calico-kube-controllers-657d56796-qzhxw 0/1 Pending 0 17h
calico-system calico-node-62k9g 1/1 Running 0 17h
calico-system calico-typha-8fdfcb55c-k6zcq 1/1 Running 0 17h
kube-system coredns-6d4b75cb6d-bknbp 1/1 Running 0 17h
kube-system coredns-6d4b75cb6d-jkfk7 1/1 Running 0 17h
kube-system etcd-res-k8s-master 1/1 Running 0 17h
kube-system kube-apiserver-res-k8s-master 1/1 Running 0 17h
kube-system kube-controller-manager-res-k8s-master 1/1 Running 0 17h
kube-system kube-proxy-jht5p 1/1 Running 0 17h
kube-system kube-scheduler-res-k8s-master 1/1 Running 0 17h
tigera-operator tigera-operator-6995cc5df5-j64s6 1/1 Running 0 17h

I think it may be related to this bug, [calico-kube-controllers pending since not tolerate the “node-role.kubernetes.io/control-plane” · Issue #6087 · projectcalico/calico](https://github.com/projectcalico/calico/issues/6087), but, after reading through the issue, I am still uncertain how to proceed or even sure this is the issue I’ve run into.

Any advice? Anyone else seeing this?
Thanks

How do you add additional master node into the cluster?

While running this command
sudo kubeadm config images pull –cri-socket unix:///run/cri-dockerd.sock
i m getting this error
failed to pull image “registry.k8s.io/kube-apiserver:v1.25.2″: output: time=”2022-10-13T11:52:55+05:30″ level=fatal msg=”unable to determine image API version: rpc error: code = Unavailable desc = connection error: desc = \”transport: Error while dialing dial unix /run/cri-dockerd.sock: connect: no such file or directory\””
, error: exit status 1
To see the stack trace of this error execute with –v=5 or higher

i don’t know why i m not able to create file for docker at the given file i m following all steps
Whenever i run this command sudo kubeadm config images pull –cri-socket unix:///run/cri-dockerd.sock
i m getting this following error failed to pull image “registry.k8s.io/kube-apiserver:v1.25.2″: output: time=”2022-10-13T12:29:44+05:30″ level=fatal msg=”unable to determine image API version: rpc error: code = Unavailable desc = connection error: desc = \”transport: Error while dialing dial unix /run/cri-dockerd.sock: connect: no such file or directory\””
, error: exit status 1
To see the stack trace of this error execute with –v=5 or higher

Any solution ??

thanks for ur blogs its helps most of them and reilf more stress .
Here im beginer to these .whats the use of docker . kubernates run upon or docker , or docker container runs inside the pod ? plzzz tell me im confused about all these help me out plzzz

Phew, got my master node all setup finally, thanks for the workthrough. It’s briliant and requires some patience 🙂

Thanks

I followed your guide :

Host OS: Ubuntu 22.04
CNI and version: Flannel latest
CRI and version: CRI-O latest

kubeadm init –v=5 –pod-network-cidr=10.244.0.0/16 –upload-certs –control-plane-endpoint=k8s.mydomain.com

The cluster initialized successfully but coredns pods cannot started

kubectl version –short
Client Version: v1.26.2
Kustomize Version: v4.5.7
Server Version: v1.26.2

kubectl cluster-info
Kubernetes control plane is running at https://k8s.mydomain.com:6443
CoreDNS is running at https://k8s.mydomain.com:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-787d4945fb-g8hhj 0/1 CreateContainerError 0 7m1s
coredns-787d4945fb-nkssp 0/1 CreateContainerError 0 6m29s
etcd-k8s-52ts-master1 1/1 Running 1 12h
kube-apiserver-k8s-52ts-master1 1/1 Running 1 12h
kube-controller-manager-k8s-52ts-master1 1/1 Running 1 12h
kube-proxy-m4mhc 1/1 Running 1 12h
kube-proxy-rrdpb 1/1 Running 0 12h
kube-scheduler-k8s-52ts-master1 1/1 Running 1 12h

kubectl describe pod coredns-787d4945fb-g8hhj -n kube-system
Events:
Type Reason Age From Message
—- —— —- —- ——-
Normal Scheduled 65s default-scheduler Successfully assigned kube-system/coredns-787d4945fb-g8hhj to k8s-52ts-worker1
Warning Failed 64s kubelet Error: container create failed: time=”2023-03-17T08:26:01+07:00″ level=warning msg=”unable to get oom kill count” error=”openat2 /sys/fs/cgroup/kubepods.slice/kubepods-burstable.slice/kubepods-burstable-podd45fe767_098b_401f_8da9_1a1760d804f6.slice/crio-105d630363803602c6bfe9c1516b128192b95c519ff321ed1177fe0cacdc9b42.scope/memory.events: no such file or directory”
time=”2023-03-17T08:26:01+07:00″ level=error msg=”container_linux.go:380: starting container process caused: exec: \”/coredns\”: stat /coredns: no such file or directory”
Warning Failed 63s kubelet Error: container create failed: time=”2023-03-17T08:26:02+07:00″ level=warning msg=”unable to get oom kill count” error=”openat2 /sys/fs/cgroup/kubepods.slice/kubepods-burstable.slice/kubepods-burstable-podd45fe767_098b_401f_8da9_1a1760d804f6.slice/crio-2bbebc0f6e74a3c5a8f5e460e758e322a94ffe97964f34e357d831ce3fced345.scope/memory.events: no such file or directory”
time=”2023-03-17T08:26:02+07:00″ level=error msg=”container_linux.go:380: starting container process caused: exec: \”/coredns\”: stat /coredns: no such file or directory”
Warning Failed 47s kubelet Error: container create failed: time=”2023-03-17T08:26:18+07:00″ level=error msg=”container_linux.go:380: starting container process caused: exec: \”/coredns\”: stat /coredns: no such file or directory”
Warning Failed 34s kubelet Error: container create failed: time=”2023-03-17T08:26:31+07:00″ level=error msg=”container_linux.go:380: starting container process caused: exec: \”/coredns\”: stat /coredns: no such file or directory”
Warning Failed 19s kubelet Error: container create failed: time=”2023-03-17T08:26:46+07:00″ level=error msg=”container_linux.go:380: starting container process caused: exec: \”/coredns\”: stat /coredns: no such file or directory”
Normal Pulled 9s (x6 over 64s) kubelet Container image “registry.k8s.io/coredns/coredns:v1.9.3” already present on machine

Hi ,
Thanks for this great tutorial, It’s really useful and helped me to bootstrap multiple clusters since 2022.
I want to mention two points and hope that it will help someone.
1 – For containerd, the old debian package 1.4 does not work with v1.25 and higher. the version that works it 1.6 . Here is one of the related errors :
failed to pull image “registry.k8s.io/kube-apiserver:v1.25.10″: output: time=”2023-05-21T10:16:39Z” level=fatal msg=”validate service connection: CRI v1 image API is not implemented for endpoint \”unix:///var/run/containerd/containerd.sock\”: rpc error: code = Unimplemented desc = unknown service runtime.v1.ImageService”

2 – The Urls on calico setup are not working anymore , the updated version could be found here :
https://docs.tigera.io/calico/latest/getting-started/kubernetes/self-managed-onprem/onpremises

Hi Josphat
Thanks for this guide, very detail and helpful.
Adding one more thing to the Calico installation part
curl https://raw.githubusercontent.com/projectcalico/calico/v3.25.1/manifests/custom-resources.yaml -O
as the resources.yaml seems using 192.168.0.0/16 as default cidr, but your cluster init command above is using –pod-network-cidr=172.24.0.0/16
If one want to deploy Calico network plugin, he must manually update the cidr in this yaml file to have
cidr: 172.24.0.0/16