CentOS Stream 10: Configure Control Plane Node
Initialize the Kubernetes Control Plane node with kubeadm and configure Calico as the pod network on CentOS Stream 10.
May 24, 2026 • 6 min read
centoscentos-stream-10kubernetesk8scluster
Configure Multi Nodes Kubernetes Cluster.
This example is based on the environment like follows.
+----------------------+ +----------------------+
| [ ctrl.srv.world ] | | [ dlp.srv.world ] |
| Manager Node | | Control Plane |
+-----------+----------+ +-----------+----------+
eth0|10.0.0.25 eth0|10.0.0.30
| |
------------+--------------------------+-----------
| |
eth0|10.0.0.51 eth0|10.0.0.52
+-----------+----------+ +-----------+----------+
| [ node01.srv.world ] | | [ node02.srv.world ] |
| Worker Node#1 | | Worker Node#2 |
+----------------------+ +----------------------+
Prerequisites
Configure pre-requirements on all Nodes as shown in Install Kubeadm.
Initialize Control Plane Node
Generate the default kubeadm configuration:
kubeadm config print init-defaults > config.yaml
Edit config.yaml:
apiVersion: kubeadm.k8s.io/v1beta4
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
# change to specify Control Plane Node IP address
advertiseAddress: 10.0.0.30
bindPort: 6443
nodeRegistration:
# change to specify CRI-O
criSocket: unix:///var/run/crio/crio.sock
imagePullPolicy: IfNotPresent
imagePullSerial: true
# change to specify Control Plane Node Hostname
name: dlp.srv.world
taints: null
---
apiVersion: kubeadm.k8s.io/v1beta4
caCertificateValidityPeriod: 87600h0m0s
certificateValidityPeriod: 8760h0m0s
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
encryptionAlgorithm: RSA-2048
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.k8s.io
kind: ClusterConfiguration
kubernetesVersion: 1.32.0
# specify the Manager Node IP address for proxying
controlPlaneEndpoint: "10.0.0.25:6443"
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
# Calico default pod network
podSubnet: 192.168.0.0/16
---
# switch to nftables kube-proxy
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: nftables
Initialize the cluster:
kubeadm init --config=config.yaml
After initialization, set up kubeconfig:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Transfer the admin.conf to the Manager Node:
scp /etc/kubernetes/admin.conf centos@10.0.0.25:/tmp
Configure Pod Network with Calico
On the Manager Node, set up cluster admin access and deploy Calico:
mkdir -p $HOME/.kube
mv /tmp/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
wget https://raw.githubusercontent.com/projectcalico/calico/v3.30.2/manifests/operator-crds.yaml
wget https://raw.githubusercontent.com/projectcalico/calico/v3.30.2/manifests/tigera-operator.yaml
kubectl apply -f operator-crds.yaml
kubectl apply -f tigera-operator.yaml
Create custom resources for Calico:
cat > custom-resources.yaml <<EOF
apiVersion: operator.tigera.io/v1
kind: Installation
metadata:
name: default
spec:
calicoNetwork:
linuxDataplane: Nftables
ipPools:
- name: default-ipv4-ippool
blockSize: 26
cidr: 192.168.0.0/16
encapsulation: VXLANCrossSubnet
natOutgoing: Enabled
nodeSelector: all()
---
apiVersion: operator.tigera.io/v1
kind: APIServer
metadata:
name: default
spec: {}
EOF
kubectl apply -f custom-resources.yaml
Verify the cluster status:
kubectl get nodes
kubectl get pods -A