Package: kubeadm.k8s.io/v1beta1

Package v1beta1 has been deprecated by v1beta2

Package v1beta1 defines the v1beta1 version of the kubeadm configuration file format. This version graduates the configuration format to BETA and is a big step towards GA.

A list of changes since v1alpha3:

• apiServerEndpoint in InitConfiguration was renamed to localAPIEndpoint for better clarity of what the field represents.
• Common fields in ClusterConfiguration such as *extraArgs and *extraVolumes for control plane components are now moved under component structs - i.e. apiServer, controllerManager, scheduler.
• auditPolicy was removed from ClusterConfiguration. Use extraArgs in apiServer to configure this feature instead.
• unifiedControlPlaneImage in ClusterConfiguration was changed to a boolean field called useHyperKubeImage.
• ClusterConfiguration now has a dns field which can be used to select and configure the cluster DNS addon.
• featureGates still exists under ClusterConfiguration, but there are no supported feature gates in 1.13. See the Kubernetes 1.13 changelog for further details.
• Both localEtcd and dns configurations now support custom image repositories.
• The controlPlane*-related fields in JoinConfiguration were refactored into a sub-structure.
• clusterName was removed from JoinConfiguration and the name is now fetched from the existing cluster.

Migration from old kubeadm config versions

Please convert your v1alpha3 configuration files to v1beta1 using the kubeadm config migrate command of kubeadm v1.13.x

Basics

The preferred way to configure kubeadm is to pass an YAML configuration file with the --config option. Some of the configuration options defined in the kubeadm config file are also available as command line flags, but only the most common/simple use case are supported with this approach.

A kubeadm config file could contain multiple configuration types separated using three dashes (---).

kubeadm supports the following configuration types:

apiVersion: kubeadm.k8s.io/v1beta1
kind: InitConfiguration

apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration

apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration

apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration

apiVersion: kubeadm.k8s.io/v1beta1
kind: JoinConfiguration

To print the defaults for init and join actions use the following commands:

kubeadm config print init-defaults
kubeadm config print join-defaults

The list of configuration types that must be included in a configuration file depends by the action you are performing (init or join) and by the configuration options you are going to use (defaults or advanced customization).

If some configuration types are not provided, or provided only partially, kubeadm will use default values. Defaults provided by kubeadm help enforce consistency of values across components when required (e.g. --cluster-cidr flag on controller manager and clusterCIDR on kube-proxy).

Users are always allowed to override default values, with the exception of a small subset of setting related to security (e.g. enforce authorization-mode Node and RBAC on the API server) If the user provides a configuration types that is not expected for the action you are performing, kubeadm will ignore those types and print a warning.

Kubeadm init configuration types

When executing kubeadm init with the --config option, the following configuration types could be used: InitConfiguration, ClusterConfiguration, KubeProxyConfiguration, KubeletConfiguration, but only one between InitConfiguration and ClusterConfiguration is mandatory.

apiVersion: kubeadm.k8s.io/v1beta1
kind: InitConfiguration
bootstrapTokens:
  # ...
nodeRegistration:
  # ...

The InitConfiguration type is used to configure runtime settings. In the case of kubeadm init, it contains the bootstrap token configuration and all the setting specific to the node where kubeadm is executed, including:

• NodeRegistration: fields related to registering the new node to the cluster. You can use it to customize the node name, the CRI socket to use or any other settings that should apply to this node only (for example. the node IP).

• LocalAPIEndpoint: the endpoint of the API server instance to be deployed on this node. You can use it to customize the API server advertise address, for example.

  apiVersion: kubeadm.k8s.io/v1beta1
  kind: ClusterConfiguration
  networking:
    # ...
  etcd:
    # ...
  apiServer:
    extraArgs:
      # ...
    extraVolumes:
      #  ...
  # ...
  

The ClusterConfiguration type is used to configure cluster-wide settings, including:

• Networking, holds configuration for the networking topology of the cluster. For example, you can use it to customize node subnet or services subnet.

• Etcd configurations that can be used to customize the local etcd or to configure the API server for using an external etcd cluster.

• kube-apiserver, kube-scheduler, kube-controller-manager configurations. You can use it to customize control-plane components by adding customized setting or overriding kubeadm default settings.

apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
# ...

The KubeProxyConfiguration type should be used to change the configuration passed to kube-proxy instances deployed in the cluster. If this object is not provided or provided only partially, kubeadm applies defaults. See kube-proxy reference or kube-proxy source code for more information.

apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
# ...

The KubeletConfiguration type is used to change the configurations passed to all kubelet instances deployed in the cluster. If this object is not provided or provided only partially, kubeadm applies defaults. See kubelet reference or kubelet source code for more information.

Here is a fully populated example of a single YAML file containing multiple configuration types to be used during a kubeadm init run.

apiVersion: kubeadm.k8s.io/v1beta1
kind: InitConfiguration
bootstrapTokens:
- token: "9a08jv.c0izixklcxtmnze7"
  description: "kubeadm bootstrap token"
  ttl: "24h"
- token: "783bde.3f89s0fje9f38fhf"
  description: "another bootstrap token"
  usages:
  - authentication
  - signing
  groups:
  - system:bootstrappers:kubeadm:default-node-token
nodeRegistration:
  name: "ec2-10-100-0-1"
  criSocket: "/var/run/dockershim.sock"
  taints:
  - key: "kubeadmNode"
    value: "master"
    effect: "NoSchedule"
  kubeletExtraArgs:
    cgroup-driver: "cgroupfs"
localAPIEndpoint:
  advertiseAddress: "10.100.0.1"
  bindPort: 6443
---
apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
etcd:
  # one of local or external
  local:
    imageRepository: "k8s.gcr.io"
    imageTag: "3.2.24"
    dataDir: "/var/lib/etcd"
    extraArgs:
      listen-client-urls: "http://10.100.0.1:2379"
    serverCertSANs:
    -  "ec2-10-100-0-1.compute-1.amazonaws.com"
    peerCertSANs:
    - "10.100.0.1"
  # external:
    # endpoints:
    # - "10.100.0.1:2379"
    # - "10.100.0.2:2379"
    # caFile: "/etcd/kubernetes/pki/etcd/etcd-ca.crt"
    # certFile: "/etcd/kubernetes/pki/etcd/etcd.crt"
    # keyFile: "/etcd/kubernetes/pki/etcd/etcd.key"
networking:
  serviceSubnet: "10.96.0.0/12"
  podSubnet: "10.100.0.1/24"
  dnsDomain: "cluster.local"
kubernetesVersion: "v1.12.0"
controlPlaneEndpoint: "10.100.0.1:6443"
apiServer:
  extraArgs:
    authorization-mode: "Node,RBAC"
  extraVolumes:
  - name: "some-volume"
    hostPath: "/etc/some-path"
    mountPath: "/etc/some-pod-path"
    readOnly: false
    pathType: File
  certSANs:
  - "10.100.1.1"
  - "ec2-10-100-0-1.compute-1.amazonaws.com"
  timeoutForControlPlane: 4m0s
controllerManager:
  extraArgs:
    "node-cidr-mask-size": "20"
  extraVolumes:
  - name: "some-volume"
    hostPath: "/etc/some-path"
    mountPath: "/etc/some-pod-path"
    readOnly: false
    pathType: File
scheduler:
  extraArgs:
    address: "10.100.0.1"
  extraVolumes:
  - name: "some-volume"
    hostPath: "/etc/some-path"
    mountPath: "/etc/some-pod-path"
    readOnly: false
    pathType: File
certificatesDir: "/etc/kubernetes/pki"
imageRepository: "k8s.gcr.io"
useHyperKubeImage: false
clusterName: "example-cluster"
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
# kubelet specific options here
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
# kube-proxy specific options here

Kubeadm join configuration types

When executing kubeadm join with the --config option, the JoinConfiguration type should be provided.

apiVersion: kubeadm.k8s.io/v1beta1
kind: JoinConfiguration
# ...

The JoinConfiguration type is used to configure runtime settings. In the case of kubeadm join, it contains the discovery method used for accessing the cluster info and all the setting which are specific to the node where kubeadm is executed, including:

• NodeRegistration: fields related to registering the new node to the cluster. You can use it to customize the node name, the CRI socket to use or any other settings that should apply to this node only (e.g. the node ip).

• APIEndpoint: the endpoint of the API server instance to be eventually deployed on this node.

Resource Types:

• ClusterConfiguration
• ClusterStatus
• InitConfiguration
• JoinConfiguration

ClusterConfiguration

(Appears in: InitConfiguration)

DEPRECATED - This group version of ClusterConfiguration is deprecated by apis/kubeadm/v1beta2.ClusterConfiguration. ClusterConfiguration contains cluster-wide configuration for a kubeadm cluster.

Field	Description
apiVersion string	kubeadm.k8s.io/v1beta1
kind string	ClusterConfiguration
etcd * Etcd	etcd holds configuration for etcd.
networking * Networking	networking holds configuration for the networking topology of the cluster.
kubernetesVersion * string	kubernetesVersion is the target version of the control plane.
controlPlaneEndpoint * string	controlPlaneEndpoint sets a stable IP address or DNS name for the control plane. It can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. If controlPlaneEndpoint is not specified, the advertiseAddress + bindPort are used. If controlPlaneEndpoint is specified without a TCP port, the bindPort is used. Possible usages are: In a cluster with more than one control plane nodes, this field should be assigned the address of the external load balancer in front of the control plane nodes. In environments with enforced node recycling, the controlPlaneEndpoint could be used for assigning a stable DNS to the control plane.
apiServer * APIServer	apiServer contains extra settings for the API server.
controllerManager * ControlPlaneComponent	controllerManager contains extra settings for the controller manager.
scheduler * ControlPlaneComponent	scheduler contains extra settings for the scheduler.
dns * DNS	dns defines the options for the DNS add-on installed in the cluster.
certificatesDir * string	certificatesDir specifies where to store or look for all required certificates.
imageRepository * string	imageRepository specifies the container registry from which images are pulled. If empty, k8s.gcr.io will be used. If kubernetes version is a CI build (starts with ci/ or ci-cross/) gcr.io/kubernetes-ci-images will be used for control plane components and kube-proxy, while k8s.gcr.io will be used for all the other images.
useHyperKubeImage * bool	useHyperKubeImage controls if hyperkube should be used for Kubernetes components instead of their respective separate images. DEPRECATED: As hyperkube is deprecated, this field is deprecated too. It will be removed in future kubeadm config versions. Kubeadm may print multiple warnings or ignore it when this is set to true.
featureGates * map[string]bool	featureGates is a map containing the feature gates to be enabled.
clusterName * string	clusterName contains the cluster name.

ClusterStatus

ClusterStatus contains the cluster status. The ClusterStatus will be stored in the kubeadm-config ConfigMap in the cluster, and then updated by kubeadm when additional control plane nodes joins or leaves the cluster.

Field	Description
apiVersion string	kubeadm.k8s.io/v1beta1
kind string	ClusterStatus
apiEndpoints * map[string]github.com/tengqm/kubeconfig/config/kubeadm/v1beta1.APIEndpoint	apiEndpoints contains a list of API endpoints currently available in the cluster, one for each control-plane or API server instance. The key of the map is the IP of the node's default interface.

InitConfiguration

DEPRECATED - This group version of InitConfiguration is deprecated by apis/kubeadm/v1beta2.InitConfiguration. InitConfiguration contains runtime information that are specific to "kubeadm init".

Field	Description
apiVersion string	kubeadm.k8s.io/v1beta1
kind string	InitConfiguration
- * ClusterConfiguration	This field holds the cluster-wide information, and embeds that struct (which can be (un)marshalled separately as well) When InitConfiguration is marshalled to bytes in the external version, this information IS NOT preserved (which can be seen from the json:"-" tag. This is due to that when InitConfiguration is (un)marshalled, it turns into two YAML documents, one for the InitConfiguration and ClusterConfiguration. Hence, the information must not be duplicated, and is therefore omitted here.
bootstrapTokens * []BootstrapToken	bootstrapTokens describes a set of Bootstrap Tokens to create during kubeadm init. This information is NOT uploaded to the kubeadm-config ConfigMap, partly because of its sensitive nature
nodeRegistration * NodeRegistrationOptions	nodeRegistration holds fields related to registering the new control-plane node to the cluster.
localAPIEndpoint * APIEndpoint	localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane instance. In HA setups, this differs from ClusterConfiguration.controlPlaneEndpoint in the sense that controlPlaneEndpoint is the global endpoint for the cluster, which loadbalances the requests to each individual API server. This configuration object lets you customize what IP/DNS name and port on which the local API server is accessible. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process fails you may set the desired value here.

JoinConfiguration

DEPRECATED - This group version of JoinConfiguration is deprecated by apis/kubeadm/v1beta2.JoinConfiguration. JoinConfiguration contains elements describing a particular node.

Field	Description
apiVersion string	kubeadm.k8s.io/v1beta1
kind string	JoinConfiguration
nodeRegistration * NodeRegistrationOptions	nodeRegistration holds fields related to registering a new control-plane node to the cluster
caCertPath * string	caCertPath is the path to the SSL certificate authority (CA) used to secure comunications between the node and the control-plane. Defaults to "/etc/kubernetes/pki/ca.crt".
discovery * Discovery	discovery specifies the options for the kubelet to use during the TLS Bootstrap process.
controlPlane * JoinControlPlane	controlPlane defines the additional control plane instance to be deployed on the joining node. If not specified, no additional control plane instance will be deployed.

APIEndpoint

(Appears in: ClusterStatus, InitConfiguration, JoinControlPlane)

APIEndpoint struct contains elements of API server instance deployed on a node.

Field	Description
advertiseAddress * string	advertiseAddress sets the IP address for the API server to advertise.
bindPort * int32	bindPort sets the secure port for the API Server to bind to. Defaults to 6443.

APIServer

(Appears in: ClusterConfiguration)

APIServer holds settings necessary for API server instances in the cluster

Field	Description
ControlPlaneComponent * ControlPlaneComponent	(Members of ControlPlaneComponent are embedded into this type.)
certSANs * []string	certSANs sets extra Subject Alternative Names (SANs) for the API Server signing cert.
timeoutForControlPlane * meta/v1.Duration	timeoutForControlPlane controls the timeout that kubeadm waits for the API server to appear.

BootstrapToken

(Appears in: InitConfiguration)

BootstrapToken describes one bootstrap token, stored as a Secret in the cluster

Field	Description
token * BootstrapTokenString	token is used for establishing bidirectional trust between nodes and control-planes. Used for joining nodes in the cluster.
description * string	description contains a human-friendly message why this token exists and what it's used for, so other administrators can know its purpose.
ttl * meta/v1.Duration	ttl defines the time to live (TTL) for this token. Defaults to 24h. The expires field and the ttl field are mutually exclusive.
expires * meta/v1.Time	expires specifies the timestamp when this token expires. Defaults to being set dynamically at runtime based on the ttl. The expires field and the ttl field are mutually exclusive.
usages * []string	usages describes the ways in which this token can be used. Can by default be used for establishing bidirectional trust, but that can be changed here.
groups * []string	groups specifies the extra groups that this token will authenticate as when/if used for authentication.

BootstrapTokenDiscovery

(Appears in: Discovery)

BootstrapTokenDiscovery is used to set the options for bootstrap token based discovery.

Field	Description
token * string	token is a token used to validate cluster information fetched from the control-plane.
apiServerEndpoint * string	apiServerEndpoint is an IP or domain name for the API server from which info will be fetched.
caCertHashes * []string	caCertHashes specifies a set of public key pins to verify when token-based discovery is used. The root CA found during discovery must match one of these values. Specifying an empty set disables root CA pinning, which can be unsafe. Each hash is specified as <type>:<value>, where the only type currently supported is "sha256". This is a hex-encoded SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded ASN.1. These hashes can be calculated using, for example, OpenSSL.
unsafeSkipCAVerification * bool	unsafeSkipCAVerification allows token-based discovery without CA verification via caCertHashes. This can weaken the kubeadm security since other nodes can impersonate the control-plane.

BootstrapTokenString

(Appears in: BootstrapToken)

DEPRECATED - This group version of BootstrapTokenString is deprecated by apis/kubeadm/v1beta2/BootstrapTokenString. BootstrapTokenString is a token of the format abcdef.abcdef0123456789 that is used for both validation of the practically of the API server from a joining node's point of view and as an authentication method for the node in the bootstrap phase of "kubeadm join". This token is and should be short-lived

Field	Description
- * string
- * string

ControlPlaneComponent

(Appears in: ClusterConfiguration, APIServer)

ControlPlaneComponent holds settings common to control plane component of the cluster

Field	Description
extraArgs * map[string]string	extraArgs is an extra set of flags to pass to the control plane components. TODO: This is temporary and ideally we would like to switch all components to use ComponentConfig + ConfigMaps.
extraVolumes * []HostPathMount	extraVolumes is an extra set of HostPath volumes to be mounted by the control plane component.

DNS

(Appears in: ClusterConfiguration)

DNS defines the DNS add-on that should be used in the cluster

Field	Description
type * DNSAddOnType	type defines the DNS add-on to be used. Can be one of "CoreDNS" or "kube-dns".
ImageMeta * ImageMeta	(Members of ImageMeta are embedded into this type.) imageMeta is used to customize the image used for the DNS add-on.

DNSAddOnType (string alias)

(Appears in: DNS)

DNSAddOnType defines string identifying DNS add-on types.

Discovery

(Appears in: JoinConfiguration)

Discovery specifies the options for the kubelet to use during the TLS Bootstrap process

Field	Description
bootstrapToken * BootstrapTokenDiscovery	bootstrapToken is used to set the options for bootstrap token based discovery. The bootstrapToken field and the file field are mutually exclusive.
file * FileDiscovery	file is used to specify a file or URL to a kubeconfig file from which to load cluster information. The bootstrapToken field and the file field are mutually exclusive.
tlsBootstrapToken * string	tlsBootstrapToken is a token used for TLS bootstrapping. If bootstrapToken is set, this field is defaulted to .bootstrapToken.token, but can be overridden. If file is set, this field must be set in case the KubeConfigFile does not contain any other authentication information.
timeout * meta/v1.Duration	timeout is used to customize timeout period for the discovery.

Etcd

(Appears in: ClusterConfiguration)

Etcd contains elements describing Etcd configuration.

Field	Description
local * LocalEtcd	local provides configurations for the local etcd instance. The local field and the external field are mutually exclusive.
external * ExternalEtcd	external describes how to connect to an external etcd service. The local field and the external field are mutually exclusive.

ExternalEtcd

(Appears in: Etcd)

ExternalEtcd describes an external etcd cluster. Kubeadm has no knowledge of where certificate files live and they must be supplied.

Field	Description
endpoints * []string	endpoints contains a list of etcd members. This field is required.
caFile * string	caFile is an SSL Certificate Authority (CA) file used to secure etcd communication. Required if using a TLS connection.
certFile * string	certFile is an SSL certification file used to secure etcd communication. Required if using a TLS connection.
keyFile * string	keyFile is an SSL key file used to secure etcd communication. Required if using a TLS connection.

FileDiscovery

(Appears in: Discovery)

FileDiscovery is used to specify a file or a URL to a kubeconfig file from which to load cluster information.

Field	Description
kubeConfigPath * string	kubeConfigPath is used to specify the file path or a URL to the kubeconfig file from which to load cluster information

HostPathMount

(Appears in: ControlPlaneComponent)

HostPathMount contains elements describing volumes that are mounted from the host.

Field	Description
name * string	name is the name of the volume inside the Pod template.
hostPath * string	hostPath is the path on the host that will be mounted inside the Pod.
mountPath * string	mountPath is the path inside the Pod where hostPath will be mounted.
readOnly * bool	readOnly indicates whether the volume is mounted in read-only mode.
pathType * core/v1.HostPathType	pathType is the type of the HostPath, for example, "DirectoryOrCreate", "File", etc.

ImageMeta

(Appears in: DNS, LocalEtcd)

ImageMeta allows to customize the image used for components that are not originated from the Kubernetes/Kubernetes release process

Field	Description
imageRepository * string	imageRepository sets the container registry to pull images from. If not set, the imageRepository defined in ClusterConfiguration will be used instead.
imageTag * string	imageTag allows for specifying a tag for the image. When this value is set, kubeadm does not automatically change the version of the above components during upgrades.

JoinControlPlane

(Appears in: JoinConfiguration)

JoinControlPlane contains elements describing an additional control plane instance to be deployed on the joining node.

Field	Description
localAPIEndpoint * APIEndpoint	localAPIEndpoint represents the endpoint of the API server instance to be deployed on this node.

LocalEtcd

(Appears in: Etcd)

LocalEtcd describes that kubeadm should run an etcd cluster locally

Field	Description
ImageMeta * ImageMeta	(Members of ImageMeta are embedded into this type.)
dataDir * string	dataDir is the directory for etcd to place its data. Defaults to "/var/lib/etcd".
extraArgs * map[string]string	extraArgs are extra arguments provided to the etcd binary when run inside a static pod.
serverCertSANs * []string	serverCertSANs sets extra Subject Alternative Names (SANs) for the etcd server signing cert.
peerCertSANs * []string	peerCertSANs sets extra Subject Alternative Names (SANs) for the etcd peer signing cert.

Networking

(Appears in: ClusterConfiguration)

Networking contains elements describing cluster's networking configuration

Field	Description
serviceSubnet * string	serviceSubnet is the subnet used by Services. Defaults to "10.96.0.0/12".
podSubnet * string	podSubnet is the subnet used by Pods.
dnsDomain * string	dnsDomain is the DNS domain used by Services. Defaults to "cluster.local".

NodeRegistrationOptions

(Appears in: InitConfiguration, JoinConfiguration)

NodeRegistrationOptions holds fields that relate to registering a new control-plane or node to the cluster, either via "kubeadm init" or "kubeadm join"

Field	Description
name * string	name is the .metadata.name field of the Node API object that will be created in this kubeadm init or kubeadm join operation. This field is also used in the CommonName field of the kubelet's client certificate to the API server. Defaults to the hostname of the node.
criSocket * string	criSocket is used to retrieve container runtime information. This information will be annotated to the Node API object, for later re-use.
taints * []core/v1.Taint	taints specifies the taints the Node API object should be registered with. If this field is not set, i.e. nil, it will be defaulted to ['node-role.kubernetes.io/master=""'] during kubeadm init. If you don't want to taint your control-plane node, set this field to an empty list ([]). This field is only used for node registration.
kubeletExtraArgs * map[string]string	kubeletExtraArgs contains extra arguments to pass to the kubelet. Kubeadm writes these arguments into an environment file for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.x ConfigMap Command line flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.

---

Generated with gendoc on git commit 7231496