Kubernetes Single-Node Setup on AlmaLinux 9.8 with Kubeadm, Containerd & Calico

This guide walks you through setting up a fully functional single-node Kubernetes cluster using Kubeadm, with containerd as the container runtime and Tigera Calico as the CNI plugin — all running on AlmaLinux 9.8 (Olive Jaguar).

By the end, you’ll have a working Kubernetes node capable of scheduling and running pods, complete with networking provided by Calico.

Server Specifications#

Component	Details
OS	AlmaLinux 9.8 (Olive Jaguar)
CPU	4 vCPU
RAM	10 GB
Container Runtime	containerd
CNI Plugin	Tigera Calico
Installer	kubeadm

1. System Preparation#

1.1 Set Hostname#

1
hostnamectl set-hostname <your-hostname>

1.2 Disable Swap#

Kubernetes requires swap to be disabled.

1
# Disable swap immediately
2
swapoff -a
3

4
# Disable swap permanently
5
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

1.3 Disable SELinux#

1
# Disable temporarily
2
setenforce 0
3

4
# Disable permanently
5
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config

1.4 Disable Firewall (or Configure Required Ports)#

1
systemctl disable --now firewalld

Tip: If you prefer to keep the firewall active, open the following ports instead:

6443/tcp — Kubernetes API Server

2379-2380/tcp — etcd server client API

10250/tcp — kubelet API

10251/tcp — kube-scheduler

10252/tcp — kube-controller-manager

179/tcp — Calico BGP

4789/udp — Calico VXLAN (optional)

1.5 Load Required Kernel Modules#

1
# Create module configuration
2
cat <<EOF | tee /etc/modules-load.d/k8s.conf
3
overlay
4
br_netfilter
5
EOF
6

7
# Load modules immediately
8
modprobe overlay
9
modprobe br_netfilter

1.6 Configure Sysctl Parameters#

1
cat <<EOF | tee /etc/sysctl.d/k8s.conf
2
net.bridge.bridge-nf-call-iptables  = 1
3
net.bridge.bridge-nf-call-ip6tables = 1
4
net.ipv4.ip_forward                 = 1
5
EOF
6

7
# Apply the configuration
8
sysctl --system

1.7 Verify Kernel Modules Are Loaded#

1
lsmod | grep br_netfilter
2
lsmod | grep overlay

Expected output (values may vary):

1
br_netfilter           36864  0
2
bridge                421888  1 br_netfilter
3
overlay               237568  0

2. Installing containerd#

Reference: Docker Engine on RHEL — docs.docker.com

Since we only need containerd (not the full Docker Engine), we’ll use the Docker repository to install just the containerd.io package.

2.1 Remove Potentially Conflicting Packages#

1
dnf remove -y docker \
2
    docker-client \
3
    docker-client-latest \
4
    docker-common \
5
    docker-latest \
6
    docker-latest-logrotate \
7
    docker-logrotate \
8
    docker-engine \
9
    podman \
10
    runc

2.2 Install DNF Plugin and Add Docker Repository#

1
dnf -y install dnf-plugins-core
2
dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo

2.3 Install containerd.io#

Only install the containerd.io package — no need for docker-ce or other Docker components.

1
dnf install -y containerd.io

2.4 Enable and Start containerd#

1
systemctl enable --now containerd

2.5 Verify containerd#

1
systemctl status containerd
2
containerd --version

3. Configuring containerd for Kubernetes#

3.1 Generate Default Configuration#

1
mkdir -p /etc/containerd
2
containerd config default | tee /etc/containerd/config.toml

3.2 Enable SystemdCgroup#

Kubernetes requires containerd to use systemd as the cgroup driver.

1
sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml

Verify the change:

1
grep 'SystemdCgroup' /etc/containerd/config.toml
2
# Expected output: SystemdCgroup = true

3.3 Restart containerd#

1
systemctl restart containerd
2
systemctl status containerd

4. Installing kubeadm, kubelet, kubectl#

Reference: Installing kubeadm — kubernetes.io

4.1 Add the Kubernetes Repository#

1
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
2
[kubernetes]
3
name=Kubernetes
4
baseurl=https://pkgs.k8s.io/core:/stable:/v1.36/rpm/
5
enabled=1
6
gpgcheck=1
7
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.36/rpm/repodata/repomd.xml.key
8
exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
9
EOF

Note: Replace v1.36 with your desired Kubernetes version. Check the latest releases at kubernetes.io/releases.

4.2 Install kubelet, kubeadm, kubectl#

1
dnf install -y kubelet kubeadm kubectl --disableexcludes=kubernetes

4.3 Enable kubelet#

1
systemctl enable --now kubelet

Note: kubelet will enter a restart loop until kubeadm init completes — this is expected behavior.

4.4 Verify Versions#

1
kubeadm version
2
kubectl version --client
3
kubelet --version

5. Initializing the Cluster with kubeadm#

5.1 Initialize the Control Plane#

1
kubeadm init \
2
  --pod-network-cidr=10.244.0.0/16 \
3
  --cri-socket unix:///run/containerd/containerd.sock

Important:

The --pod-network-cidr=10.244.0.0/16 flag is used here because some server networks (e.g., 192.168.x.x/24) may overlap with Calico’s default CIDR (192.168.0.0/16). Using 10.244.0.0/16 avoids routing conflicts.

If your server has multiple network interfaces, add --apiserver-advertise-address=<your-server-ip> to specify which IP the API server should bind to.

Make sure to save the kubeadm join command from the output — you’ll need it if you ever want to add worker nodes.

6. Configuring kubectl#

6.1 Set Up kubeconfig for Root User#

1
mkdir -p $HOME/.kube
2
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
3
chown $(id -u):$(id -g) $HOME/.kube/config

6.2 Verify the Node (NotReady Is Expected)#

1
kubectl get nodes

Expected output:

1
NAME              STATUS     ROLES           AGE   VERSION
2
<your-hostname>   NotReady   control-plane   Xs    v1.36.x

The NotReady status is expected because the CNI plugin (Calico) hasn’t been installed yet.

7. Installing Tigera Calico#

Reference: Calico on single-host Kubernetes — docs.tigera.io

7.1 Install the Tigera Operator#

1
kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.32.0/manifests/tigera-operator.yaml

7.2 Create the Custom Resource for Calico#

Since we’re using CIDR 10.244.0.0/16 (instead of the default 192.168.0.0/16), download the manifest first, update the CIDR, then apply:

1
curl -O https://raw.githubusercontent.com/projectcalico/calico/v3.32.0/manifests/custom-resources.yaml
2

3
# Replace Calico's default CIDR with ours
4
sed -i 's|192.168.0.0/16|10.244.0.0/16|g' custom-resources.yaml
5

6
# Verify the change
7
grep 'cidr' custom-resources.yaml
8

9
# Apply the configuration
10
kubectl create -f custom-resources.yaml

7.3 Wait for Calico to Deploy#

1
watch kubectl get pods -n calico-system

Wait until all pods show Running status:

1
NAME                                       READY   STATUS    RESTARTS   AGE
2
calico-kube-controllers-xxx                1/1     Running   0          Xm
3
calico-node-xxx                            1/1     Running   0          Xm
4
calico-typha-xxx                           1/1     Running   0          Xm
5
csi-node-driver-xxx                        2/2     Running   0          Xm

Press Ctrl+C to exit watch.

7.4 Untaint the Control Plane Node#

By default, Kubernetes prevents workloads from being scheduled on control plane nodes. For a single-node setup, we need to remove this taint:

1
kubectl taint nodes --all node-role.kubernetes.io/control-plane-

8. Verifying the Cluster#

8.1 Check Node Status#

1
kubectl get nodes -o wide

The node status should now show Ready:

1
NAME              STATUS   ROLES           AGE   VERSION   INTERNAL-IP     OS-IMAGE                      CONTAINER-RUNTIME
2
<your-hostname>   Ready    control-plane   Xm    v1.36.x   <your-ip>      AlmaLinux 9.8 (Olive Jaguar)  containerd://2.x.x

8.2 Check All System Pods#

1
kubectl get pods -A

All pods across kube-system, calico-system, and tigera-operator namespaces should show Running status.

8.3 Test with a Simple Deployment#

1
kubectl run nginx --image=nginx --port=80
2
kubectl get pods

Expected output:

1
NAME    READY   STATUS    RESTARTS   AGE
2
nginx   1/1     Running   0          15s

Verify the pod details:

1
kubectl describe pod nginx

The pod should be scheduled on your node with a Calico-assigned IP from the 10.244.x.x range.

8.4 Check Cluster Information#

1
kubectl cluster-info
2
kubectl version

Troubleshooting#

Node remains NotReady after installing Calico#

Inspect the node events and Calico logs:

1
kubectl describe node <your-hostname>
2
kubectl logs -n calico-system -l k8s-app=calico-node

Pod stuck in ContainerCreating#

Check the pod events and kubelet logs:

1
kubectl describe pod <pod-name>
2
journalctl -u kubelet -f

Reset the cluster (start over)#

If you need to completely reset and start fresh:

1
kubeadm reset -f
2
rm -rf /etc/cni/net.d
3
rm -rf $HOME/.kube
4
iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X
5
ipvsadm --clear 2>/dev/null || true

References#

This guide is based on a real-world deployment. Adjust hostnames, IPs, and version numbers to match your own environment.