Complete guide to install Kubernetes on AlmaLinux 9 using kubeadm. These steps are identical to Rocky Linux 9 and CentOS Stream 9.
Requirements
- 2+ CPU cores, 2 GB+ RAM per node
- AlmaLinux 9 (minimal install)
- Root or sudo access
- Unique hostname, MAC, and product_uuid per node
- Full network connectivity between all nodes
Step 1: System prerequisites (all nodes)
# Disable swap permanently
sudo swapoff -a
sudo sed -i '/ swap / s/^/#/' /etc/fstab
# Load required kernel modules
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
# Configure sysctl
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
sudo sysctl --system
# Set SELinux to permissive
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
# Open firewall ports (control plane node)
sudo firewall-cmd --permanent --add-port=6443/tcp
sudo firewall-cmd --permanent --add-port=2379-2380/tcp
sudo firewall-cmd --permanent --add-port=10250/tcp
sudo firewall-cmd --permanent --add-port=10259/tcp
sudo firewall-cmd --permanent --add-port=10257/tcp
sudo firewall-cmd --reload
# Open firewall ports (worker nodes)
sudo firewall-cmd --permanent --add-port=10250/tcp
sudo firewall-cmd --permanent --add-port=10256/tcp
sudo firewall-cmd --permanent --add-port=30000-32767/tcp
sudo firewall-cmd --reloadStep 2: Install containerd (all nodes)
# Add Docker CE repo for containerd
sudo dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# Install containerd
sudo dnf install -y containerd.io
# Generate and configure
sudo containerd config default | sudo tee /etc/containerd/config.toml
sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
sudo systemctl restart containerd
sudo systemctl enable containerdStep 3: Install kubeadm, kubelet, kubectl (all nodes)
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.31/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.31/rpm/repodata/repomd.xml.key
EOF
sudo dnf install -y kubelet kubeadm kubectl
sudo systemctl enable --now kubeletStep 4: Initialize the cluster (control plane only)
sudo kubeadm init --pod-network-cidr=10.244.0.0/16
# Configure kubectl
mkdir -p $HOME/.kube
sudo cp /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/configStep 5: Install CNI
Flannel (simple):
kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.ymlOr Cilium (eBPF-based, recommended for production):
CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/main/stable.txt)
curl -L https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-linux-amd64.tar.gz | sudo tar xz -C /usr/local/bin
cilium installStep 6: Join worker nodes
Get the join command from the control plane:
kubeadm token create --print-join-commandRun on each worker (after Steps 1-3):
sudo kubeadm join 192.168.1.100:6443 --token <token> \
--discovery-token-ca-cert-hash sha256:<hash>Step 7: Verify
kubectl get nodes
# NAME STATUS ROLES AGE VERSION
# master Ready control-plane 5m v1.31.x
# worker1 Ready <none> 1m v1.31.x
kubectl get pods -n kube-system
# All pods should be Running
# Test deployment
kubectl create deployment nginx --image=nginx:alpine --replicas=2
kubectl expose deployment nginx --port=80 --type=NodePort
kubectl get svc nginxTroubleshooting
kubelet fails to start:
sudo journalctl -xeu kubelet
# Most common: containerd SystemdCgroup not set to trueNode stays NotReady:
kubectl describe node <name>
# Usually means CNI is not installed yetReset and retry:
sudo kubeadm reset -f
sudo rm -rf /etc/cni/net.d
sudo kubeadm init --pod-network-cidr=10.244.0.0/16
