Deploy control plane without master node registration using kubeadm
I'd like to set up the Kubernetes cluster and hide the control plane components for all clients (some kind of a managed cluster). Kubeadm
uses Kubelet and static pods to run this components which lead to registering Node and Pod resources into the API Server so any user with ClusterRole
can list and manage the master nodes and pods.
I can bootstrap the control plane, stop the Kubelet agent and delete the master node resources but it seems that in this way I can't use kubeadm
to upgrade the components and Kubelet to recover pods if any crash occurs.
Can I run the control plane out of the Kubernetes cluster using kubeadm
or should I use my own instruments in that case?
Can I run the control plane out of the Kubernetes cluster using kubeadm
Short answer: No, it is not possible.
should I use my own instruments in that case
Yes, that will be the solution to this situation. If you find your own solution, feel free to write it as an answer.
As a workaround, you can try to create a separate control plane (as in Kubernetes the hard way) and thenkubeadm join
. However, you must also be aware that this type of configuration will be complicated to perform. Look also at this blog page.
See also similar topics:
- How do managed Kubernetes providers hide the master nodes?
You can run the Kubernetes control plane outside Kubernetes as long as the worker nodes have network access to the control plane. This approach is used on most managed Kubernetes solutions.
- GKE Where does Master Node runs
- Why I can not get master node information in full-managed kubernetes?
Look also this page about Self-registration of Nodes.
EDIT: I have found another possible workaround.
EDIT2: This tutorial should help you too.