⚙️ Kubeadm Installation Guide on AWS
Shraddha ModheraIf you want full control over your Kubernetes cluster and prefer setting it up from scratch, kubeadm is your go-to tool.
This guide walks through installing a Kubernetes cluster manually on AWS EC2 instances using kubeadm, containerd, and Calico as the CNI plugin.
☁️ AWS Setup — Security Group Configuration
Make sure all EC2 instances (master + workers) are part of the same security group.
🔐 Step 1: Create or Update Security Group
Go to the EC2 Dashboard
In the left menu, click Security Groups → Create Security Group
Set:
Name: Kubernetes-Cluster-SG
Description: Allow K8s & SSH
VPC: Default or your custom VPC
➕ Inbound Rules
| Type | Port Range | Source | Description |
| SSH | 22 | 0.0.0.0/0 | For SSH Access |
| Custom TCP | 6443 | 0.0.0.0/0 | Kubernetes API Port |
Attach this group to all instances during launch.
🔁 Execute on Both Master & Worker Nodes
🔧 Disable Swap (required by Kubernetes)
sudo swapoff -a
📥 Load Required Kernel Modules
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
🧱 Set System Parameters
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
sudo sysctl --system
Verify modules:
lsmod | grep br_netfilter
lsmod | grep overlay
📦 Install Container Runtime (containerd)
sudo apt-get update
sudo apt-get install -y ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings/docker.asc
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo \"$VERSION_CODENAME\") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install -y containerd.io
⚙️ Configure containerd for Kubernetes
containerd config default | sed -e 's/SystemdCgroup = false/SystemdCgroup = true/' -e 's/sandbox_image = \"registry.k8s.io\\/pause:3.6\"/sandbox_image = \"registry.k8s.io\\/pause:3.9\"/' | sudo tee /etc/containerd/config.toml
sudo systemctl restart containerd
sudo systemctl status containerd
🧠 Execute ONLY on the Master Node
🚀 Initialize Kubernetes Cluster
sudo kubeadm init
📁 Set Up Local kubeconfig
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
🌐 Install Calico CNI
kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.0/manifests/calico.yaml
🔑 Generate Join Command for Worker Nodes
kubeadm token create --print-join-command
Copy the join command output. You’ll use it on worker nodes next.
💻 Execute on ALL Worker Nodes
♻️ Optional: Reset pre-flight configs (if re-running)
sudo kubeadm reset pre-flight checks
🔗 Join Worker Node to Cluster
Paste the command from the master and run like so:
sudo kubeadm join <control-plane-ip>:6443 --token <token> --discovery-token-ca-cert-hash sha256:<hash> --cri-socket unix:///run/containerd/containerd.sock --v=5
⚠️ Make sure you add sudo and --v=5 as shown above.
✅ Verify Cluster Connection (On Master)
kubectl get nodes
If all setup is correct, you’ll see both the master and worker nodes in a Ready state.
🎉 You’ve successfully installed a production-grade Kubernetes cluster manually using kubeadm!
Subscribe to my newsletter
Read articles from Shraddha Modhera directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by