Master Kubernetes on AlmaLinux: Step‑by‑Step Setup with Containerd, kubeadm, and More

Many operators feel overwhelmed when they hear they need to "install Kubernetes"—the myriad components (kube‑apiserver, kube‑scheduler, kube‑controller‑manager, etc.) and the shift from Docker to Containerd can be confusing. This article starts from the very basics, explains each component in plain language, and shows how to set up a three‑node AlmaLinux cluster (master, node1, node2) using Containerd as the container runtime.

Kubernetes Architecture Overview

Before memorising a long list of component names, understand why they exist and how they cooperate.

Why use Kubernetes?

When you only have a few containers, a simple docker run works. In production you need automatic restart, scheduling, load‑balancing, isolation, health checks, scaling, and rolling updates—tasks that Docker alone cannot handle efficiently.

Scheduling Automatically places containers on suitable nodes.

Orchestration Defines CPU/memory limits, replica counts, and network exposure.

High Availability Restarts containers on another node if a machine fails.

Self‑Healing Health checks restart unhealthy Pods.

Load Balancing Distributes traffic to healthy containers.

Persistent Storage Maps container data to external volumes.

Logging & Monitoring Collects logs and integrates with Prometheus/Grafana.

Core Components Explained with Simple Analogies

Kube‑apiserver (API Server) "Factory manager's office"—all commands and configuration requests go through here. For example, kubectl create deployment nginx sends an HTTP request to the apiserver.

etcd (Distributed Key‑Value Store) "Manager's vault"—stores cluster state such as which Pods are running and node resources.

Kube‑scheduler (Scheduler) "Dispatcher"—assigns newly created Pods to nodes based on CPU, memory, and affinity rules.

Kube‑controller‑manager (Controller Manager) "Inspection team"—runs control loops (Deployment, ReplicaSet, Node, etc.) to keep the actual state matching the desired state.

Kubelet (Node Agent) "Rack manager"—runs on each node, pulls images via Containerd, reports node health, and starts/stops Pods.

Containerd (Container Runtime) "Warehouse + mechanic"—fetches images, unpacks them, creates namespaces, mounts volumes, and launches containers. This guide uses Containerd instead of Docker.

Kubectl (CLI) "Factory intercom"—the command‑line tool you use to talk to the apiserver.

Kube‑proxy (Network Proxy) "Traffic controller"—configures iptables/IPVS rules so Service traffic reaches the correct Pods.

Environment Preparation: AlmaLinux Three‑Node Setup

Before installing Kubernetes, prepare each server:

Verify OS version and basic tools.

Set hostnames (master, node1, node2) and update /etc/hosts for name resolution.

Disable firewalld and SELinux to avoid inter‑component communication issues.

Install Containerd.

Add the Kubernetes repository and install kubeadm, kubelet, and kubectl.

Enable and start kubelet.

Validate that each component is running.

Disable Firewall

<code>sudo systemctl stop firewalld
sudo systemctl disable firewalld
sudo systemctl status firewalld   # should show inactive (dead)</code>

Disable SELinux

<code>sudo setenforce 0   # temporary
# Edit /etc/selinux/config and set SELINUX=disabled for permanent change
sudo reboot</code>

Install Containerd

<code>sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum install -y containerd.io
sudo systemctl start containerd
sudo systemctl enable containerd
sudo systemctl status containerd   # should be active (running)</code>

Generate the default configuration and adjust for Chinese mirrors:

<code>containerd config default > /etc/containerd/config.toml
# Add the following section to /etc/containerd/config.toml
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://registry.docker-cn.com", "https://mirror.ccs.tencentyun.com"]
</code>

<code>sudo systemctl restart containerd
containerd --version   # e.g., containerd.io 1.5.x
crictl info            # should show RuntimeName: containerd</code>

Install kubeadm, kubelet, kubectl

<code># Add Alibaba Cloud mirror for Kubernetes packages
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
sudo systemctl enable --now kubelet
sudo systemctl status kubelet   # active (running)

kubeadm version
kubectl version --client
kubelet --version</code>

Verification Steps

Check that each service is active and that the nodes can communicate.

<code># Verify containerd
sudo systemctl status containerd
containerd --version
crictl info

# Verify kubelet on each node
sudo systemctl status kubelet
kubelet --version

# Verify kubeadm and kubectl on the master
kubeadm version
kubectl version --client

# Basic network checks
ping -c 3 node1
ping -c 3 192.168.1.11
ss -tunlp | grep ":22"   # ensure SSH port is open
</code>

What Has Been Completed?

Confirmed OS version and installed basic tools (wget, curl, vim, net‑tools).

Set hostnames and configured /etc/hosts for name resolution.

Disabled firewalld and SELinux to allow unrestricted component communication.

Installed Containerd, generated its config, and added Chinese image‑registry mirrors.

Installed kubeadm, kubelet, and kubectl, enabled kubelet to start on boot, and verified their versions.

Validated that containerd and kubelet run correctly and that basic network connectivity exists between the three nodes.

With this foundation in place, you can now run kubeadm init on the master, join the worker nodes, and start deploying applications.