kubernetes
kubeadm Config Generator
Generate a production-ready kubeadm-config.yaml for bootstrapping a Kubernetes cluster. Outputs ClusterConfiguration, InitConfiguration, and KubeletConfiguration.
kubeadm Configuration Deep Dive
kubeadm uses a configuration file to avoid long command-line flags and make cluster initialization reproducible. The config file supports multiple API objects separated by ---.
Key Configuration Objects
ClusterConfiguration — cluster-wide settings (version, networking, cert SANs)
InitConfiguration — first control plane node settings (CRI socket, node name)
JoinConfiguration — settings for additional nodes joining the cluster
KubeletConfiguration — kubelet settings applied to all nodes via kubeadmControlPlaneEndpoint
This is the most critical field for HA clusters. It must be a stable address that survives individual node failures. Common approaches:
- ›HAProxy Floating IP (Keepalived + Hetzner Floating IP) — recommended for on-prem/VPS
- ›Cloud load balancer IP — for cloud providers with native LB
- ›Single node IP — acceptable for dev/non-HA clusters
certSANs
The API server TLS certificate must include every IP and hostname that clients will use to connect. Missing a SAN means kubectl will fail with a certificate error when connecting via that address. Always include:
- ›The controlPlaneEndpoint IP/hostname
- ›Each control plane node's IP
- ›localhost and 127.0.0.1 (added automatically)
- ›Any external hostname (e.g., k8s.company.com)
CRI Socket Paths
| Runtime | Socket Path |
|---|---|
| containerd | unix:///var/run/containerd/containerd.sock |
| CRI-O | unix:///var/run/crio/crio.sock |
| Docker (deprecated) | unix:///var/run/dockershim.sock |
Key Terms
Full glossary →kubeadm
A tool for bootstrapping Kubernetes clusters. It automates the setup of control plane components and joining worker nodes, following Kubernetes best practices.
etcd
A distributed key-value store used by Kubernetes to store all cluster state and configuration. etcd is the single source of truth for the entire cluster.
cert-manager
A Kubernetes controller for automating TLS certificate management. cert-manager can issue certificates from Let's Encrypt, Vault, or internal CAs, and automatically renews them.
Helm
A package manager for Kubernetes. Helm charts bundle Kubernetes manifests into reusable packages with configurable values, versioned and published to chart repositories.
Frequently Asked Questions
What is the controlPlaneEndpoint in kubeadm?
The controlPlaneEndpoint is the stable IP or DNS name that all nodes (and kubectl users) use to reach the Kubernetes API server. For HA clusters, this should be a Floating IP managed by HAProxy + Keepalived, not the IP of a specific control plane node.
How do I apply this config?
Save the generated file as kubeadm-config.yaml, then run: `sudo kubeadm init --config kubeadm-config.yaml --upload-certs`. The --upload-certs flag is required to add more control plane nodes later.
What Pod CIDR should I use for Flannel vs Calico?
Flannel requires 10.244.0.0/16 by default (it's hardcoded in the Flannel manifest). Calico defaults to 192.168.0.0/16 but can use any range. Cilium works with any CIDR. Make sure your Pod CIDR doesn't overlap with your node network.
How do I join additional control plane nodes?
After kubeadm init completes, it prints a join command with a token. For control plane nodes, use: `kubeadm join <endpoint>:6443 --token <token> --discovery-token-ca-cert-hash <hash> --control-plane --certificate-key <key>`. The certificate-key is output when you use --upload-certs during init.
Related Calculators
Related Generators
Related Comparisons
Related Guides
kubernetes
CI/CD for Kubernetes with GitHub Actions: A Complete Guide (2026)
A practical walkthrough of building a full GitHub Actions pipeline that builds a container image, pushes it to a registry, and deploys to Kubernetes — with secrets handling, rollback, and Helm support.
kubernetes
ArgoCD vs Flux: Choosing a GitOps Tool for Kubernetes in 2026
A no-fluff comparison of ArgoCD and Flux for GitOps on Kubernetes — covering architecture, UI, Helm support, multi-tenancy, and when to pick each one.
kubernetes
Hetzner vs DigitalOcean for Kubernetes in 2026: An Honest Comparison
Hetzner is 3–5× cheaper than DigitalOcean for equivalent Kubernetes compute. But DO has managed K8s, better global coverage, and a larger app marketplace. Here's when each is the right choice.