Demystifying pre-flight checks in kubeadm join command

kubeadm is tool to setup a kubernetes cluster. It is not production ready yet at the time of this writing.

This article describes what checks kubeadm performs when you execute following command.

kubeadm join

When you execute above command and if you don’t specify — skip-preflight-checks flag, kubeadm performs some checks to validate system state before making changes. This article describes each of the checks performed.

  • Root user check : This check verifies that the user executing kubeadm is root user. It does so by checking UID of a current user.
  • System Verification Check : This check performs multiple other checks. It checks that OS is Linux by comparing a value of “uname” with the one specified in specs. After that it performs kernel related checks. It checks kernel release value with one specified in specs. It also checks for various kernel configurations by loading kernel config from specified path or loading kernel config module if file not found. Next check is for existence of cpu”, “cpuacct”, “cpuset”, “devices”, “freezer”, “memory CGroups curently. The last check it performs in this category is for Docker. It checks specific version of Docker and Graph driver it uses. Currently it checks for aufs”, “overlay”, “devicemapper.
  • Hostname Check : It checks hostname of node. It should be in lower case and reachable.
  • Service Checks : It verifies that services are loaded and active if specified. Currently it checks for Docker and Kubelet services.
  • Port Checks : It checks for port 10250 currently.
  • Directory Checks : It checks if directories are available and empty. If they are not empty then it throws error. Currently it checks for kubernetes manifest directory and /var/lib/kubelet.
  • File Availability Checks : It checks for existence of /etc/kubernetes/pki/ca.crt and <kubernetes_dir>/kubelet.conf.
  • File Content Check : It checks for value of file /proc/sys/net/bridge/bridge-nf-call-iptables. It should contain a value 1. It can be set temporary by using sysctl command or permanently by setting that parameter to /etc/sysctl.conf file.
  • Executable Existence Checks : In these checks it looks up for various executable in PATH. Currently it checks for ip, iptables, mount, nsenter, ebtables, ethtool, socat, tc and touch executable.

Please keep in mind that checks performed at kubelet init and kubelet reset is different.

Feel free to reach me if you see anything improper or changed.

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.