Kubeadm: Kubeadm config documentation/example?

Created on 24 Jan 2017 · 12Comments · Source: kubernetes/kubeadm

I am trying to give kubeadm a config when I run kubeadm init
I notice that I have the config in exactly the correct format, say, change the token

apiVersion: kubeadm.k8s.io/v1alpha1
kind: MasterConfiguration
kubernetesVersion: v1.4.4
secrets:
  givenToken: 123456.3123fe2e098799f3

It just works. And in the kubeadm output

validating provided token
accepted provided token

However, if I use another yaml. Basically I want to specify my own crt files

apiVersion: kubeadm.k8s.io/v1alpha1
kind: MasterConfiguration
kubernetesVersion: v1.4.4
etcd:
  caFile : /root/easy-rsa-master/easyrsa3/pki/ca.crt
  certFile : /root/easy-rsa-master/easyrsa3/pki/issued/kubernetes-master.crt
  keyFile : /root/easy-rsa-master/easyrsa3/pki/private/kubernetes-master.key

It doesn't even outputing validating provided token
it seems like kubeadm didn't recognize the config(?)

Is there a way to debug this?
Where is the documentation for the syntax for kubeadm config?
There is only a sample master configuration in the end of https://kubernetes.io/docs/admin/kubeadm/
If I want to specify other command line values for api-servers thats supported in https://kubernetes.io/docs/admin/kube-apiserver/, what's the corresponding name?

For example, if I want to specify the --tls-private-key-file for api server in kubeadm init config.yaml, whats the corresponding name? is it tlsPrivateKeyFile?

Source

Lokicity

👍3

Most helpful comment

A config example has been added to the docs here:

https://kubernetes.io/docs/admin/kubeadm/#config-file

jistr on 7 Apr 2017

👎36 😄4 👀2 😕1

All 12 comments

@Lokicity From what I understand, you can't dynamically change configs on the control plan while its running. You would have to restart that component.

As for the token issue, if you don't pass in any token, it will generate one for you.

dmmcquay on 27 Jan 2017

Yes. But kubeadm init has a --config which allow user to pass in their default data. Can I pass in certain data I want for the api servers? For example, I want to use my own --tls-private-key-file for the api server other than the default one generated by kubeadm.
I want to be able to do that at kubeadm init time

Lokicity on 27 Jan 2017

A config example has been added to the docs here:

https://kubernetes.io/docs/admin/kubeadm/#config-file

jistr on 7 Apr 2017

👎36 😄4 👀2 😕1

@jistr follow your upper link, I used the below yaml file

apiVersion: kubeadm.k8s.io/v1alpha1
kind: MasterConfiguration
etcd:
  endpoints:
  - http://127.0.0.1:2379

as config file but it does not reflect the etcd Endpoint(still nil).

kubeadm.MasterConfiguration{TypeMeta:v1.TypeMeta{Kind:"", APIVersion:""}, API:kubeadm.API{AdvertiseAddress:"192.168.180.53", BindPort:6443}, Etcd:kubeadm.Etcd{Endpoints:[]string(nil), CAFil
e:"", CertFile:"", KeyFile:""}, Networking:kubeadm.Networking{ServiceSubnet:"10.96.0.0/12", PodSubnet:"", DNSDomain:"cluster.local"}, KubernetesVersion:"v1.6.0", CloudProvider:"", AuthorizationM
ode:"RBAC", Token:"8f6cc5.9fdf609145758fbd", TokenTTL:0, SelfHosted:false, APIServerExtraArgs:map[string]string(nil), ControllerManagerExtraArgs:map[string]string(nil), SchedulerExtraArgs:map[st
ring]string(nil), APIServerCertSANs:[]string(nil), CertificatesDir:"/etc/kubernetes/pki"}

I wonder where I maybe made a mistake or is it a code bug?

WIZARD-CXY on 12 Apr 2017

👍3

Hello,

We are having the same issue as @WIZARD-CXY.
Is there any update regarding this?

Thanks!

akarasik on 17 May 2017

cc @jamiehannaford
Maybe you could take a look and see if the etcd slice doesn't get parsed correctly?

luxas on 17 May 2017

@WIZARD-CXY @akarasik What version of kubeadm and etcd are you using? I've just tried with the following and it worked for me:

root@c1: kubeadm version
kubeadm version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.3", GitCommit:"0480917b552be33e2dba47386e51decb1a211df6", GitTreeState:"clean", BuildDate:"2017-05-10T15:38:08Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}

root@c1: curl 127.0.0.1:2379/version
{"etcdserver":"3.1.7","etcdcluster":"3.1.0"}

root@c1: cat config.yaml
apiVersion: kubeadm.k8s.io/v1alpha1
kind: MasterConfiguration
etcd:
  endpoints:
  - http://127.0.0.1:2379

root@c1: kubectl get pods --all-namespaces
NAMESPACE     NAME                         READY     STATUS    RESTARTS   AGE
kube-system   kube-controller-manager-c1   1/1       Running   0          49s
kube-system   kube-dns-3913472980-vxldm    0/3       Pending   0          45s
kube-system   kube-proxy-2d3q4             1/1       Running   0          45s
kube-system   kube-scheduler-c1            1/1       Running   0          56s

Also where did you access the kubeadm.MasterConfiguration struct? Was it dumped out automatically or did you add debug logic to a file?

jamiehannaford on 17 May 2017

@jamiehannaford kubeadm 1.6.1 etcd 3.0.17
I got kubeadm.MasterConfiguration struct though a simple debug print. Maybe I will upgrade kubeadm and try it again today and I will update the result here. Thanks for your help

WIZARD-CXY on 18 May 2017

@jamiehannaford kubeadm 1.6.3 works like a charm.

WIZARD-CXY on 18 May 2017

👍2 😄1

@Lokicity Are you still encountering problems with newer versions of kubeadm?

jamiehannaford on 18 May 2017

Closing as fixed... :+1:

luxas on 29 May 2017

see example for v1.14 in https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1

apiVersion: kubeadm.k8s.io/v1beta1
kind: InitConfiguration
bootstrapTokens:
- token: "9a08jv.c0izixklcxtmnze7"
  description: "kubeadm bootstrap token"
  ttl: "24h"
- token: "783bde.3f89s0fje9f38fhf"
  description: "another bootstrap token"
  usages:
  - authentication
  - signing
  groups:
  - system:bootstrappers:kubeadm:default-node-token
nodeRegistration:
  name: "ec2-10-100-0-1"
  criSocket: "/var/run/dockershim.sock"
  taints:
  - key: "kubeadmNode"
    value: "master"
    effect: "NoSchedule"
  kubeletExtraArgs:
    cgroup-driver: "cgroupfs"
localAPIEndpoint:
  advertiseAddress: "10.100.0.1"
  bindPort: 6443
---
apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
etcd:
  # one of local or external
  local:
    imageRepository: "k8s.gcr.io"
    imageTag: "3.2.24"
    dataDir: "/var/lib/etcd"
    extraArgs:
      listen-client-urls: "http://10.100.0.1:2379"
    serverCertSANs:
    -  "ec2-10-100-0-1.compute-1.amazonaws.com"
    peerCertSANs:
    - "10.100.0.1"
  # external:
    # endpoints:
    # - "10.100.0.1:2379"
    # - "10.100.0.2:2379"
    # caFile: "/etcd/kubernetes/pki/etcd/etcd-ca.crt"
    # certFile: "/etcd/kubernetes/pki/etcd/etcd.crt"
    # keyFile: "/etcd/kubernetes/pki/etcd/etcd.key"
networking:
  serviceSubnet: "10.96.0.0/12"
  podSubnet: "10.100.0.1/24"
  dnsDomain: "cluster.local"
kubernetesVersion: "v1.12.0"
controlPlaneEndpoint: "10.100.0.1:6443"
apiServer:
  extraArgs:
    authorization-mode: "Node,RBAC"
  extraVolumes:
  - name: "some-volume"
    hostPath: "/etc/some-path"
    mountPath: "/etc/some-pod-path"
    readOnly: false
    pathType: File
  certSANs:
  - "10.100.1.1"
  - "ec2-10-100-0-1.compute-1.amazonaws.com"
  timeoutForControlPlane: 4m0s
controllerManager:
  extraArgs:
    "node-cidr-mask-size": "20"
  extraVolumes:
  - name: "some-volume"
    hostPath: "/etc/some-path"
    mountPath: "/etc/some-pod-path"
    readOnly: false
    pathType: File
scheduler:
  extraArgs:
    address: "10.100.0.1"
extraVolumes:
- name: "some-volume"
  hostPath: "/etc/some-path"
  mountPath: "/etc/some-pod-path"
  readOnly: false
  pathType: File
certificatesDir: "/etc/kubernetes/pki"
imageRepository: "k8s.gcr.io"
useHyperKubeImage: false
clusterName: "example-cluster"
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
# kubelet specific options here
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
# kube-proxy specific options here