I am trying to give kubeadm a config when I run kubeadm init
I notice that I have the config in exactly the correct format, say, change the token
apiVersion: kubeadm.k8s.io/v1alpha1
kind: MasterConfiguration
kubernetesVersion: v1.4.4
secrets:
givenToken: 123456.3123fe2e098799f3
It just works. And in the kubeadm output
However, if I use another yaml. Basically I want to specify my own crt files
apiVersion: kubeadm.k8s.io/v1alpha1
kind: MasterConfiguration
kubernetesVersion: v1.4.4
etcd:
caFile : /root/easy-rsa-master/easyrsa3/pki/ca.crt
certFile : /root/easy-rsa-master/easyrsa3/pki/issued/kubernetes-master.crt
keyFile : /root/easy-rsa-master/easyrsa3/pki/private/kubernetes-master.key
It doesn't even outputing
it seems like kubeadm didn't recognize the config(?)
Is there a way to debug this?
Where is the documentation for the syntax for kubeadm config?
There is only a sample master configuration in the end of https://kubernetes.io/docs/admin/kubeadm/
If I want to specify other command line values for api-servers thats supported in https://kubernetes.io/docs/admin/kube-apiserver/, what's the corresponding name?
For example, if I want to specify the --tls-private-key-file for api server in kubeadm init config.yaml, whats the corresponding name? is it tlsPrivateKeyFile?
@Lokicity From what I understand, you can't dynamically change configs on the control plan while its running. You would have to restart that component.
As for the token issue, if you don't pass in any token, it will generate one for you.
Yes. But kubeadm init has a --config which allow user to pass in their default data. Can I pass in certain data I want for the api servers? For example, I want to use my own --tls-private-key-file for the api server other than the default one generated by kubeadm.
I want to be able to do that at kubeadm init time
A config example has been added to the docs here:
@jistr follow your upper link, I used the below yaml file
apiVersion: kubeadm.k8s.io/v1alpha1
kind: MasterConfiguration
etcd:
endpoints:
- http://127.0.0.1:2379
as config file but it does not reflect the etcd Endpoint(still nil).
kubeadm.MasterConfiguration{TypeMeta:v1.TypeMeta{Kind:"", APIVersion:""}, API:kubeadm.API{AdvertiseAddress:"192.168.180.53", BindPort:6443}, Etcd:kubeadm.Etcd{Endpoints:[]string(nil), CAFil
e:"", CertFile:"", KeyFile:""}, Networking:kubeadm.Networking{ServiceSubnet:"10.96.0.0/12", PodSubnet:"", DNSDomain:"cluster.local"}, KubernetesVersion:"v1.6.0", CloudProvider:"", AuthorizationM
ode:"RBAC", Token:"8f6cc5.9fdf609145758fbd", TokenTTL:0, SelfHosted:false, APIServerExtraArgs:map[string]string(nil), ControllerManagerExtraArgs:map[string]string(nil), SchedulerExtraArgs:map[st
ring]string(nil), APIServerCertSANs:[]string(nil), CertificatesDir:"/etc/kubernetes/pki"}
I wonder where I maybe made a mistake or is it a code bug?
Hello,
We are having the same issue as @WIZARD-CXY.
Is there any update regarding this?
Thanks!
cc @jamiehannaford
Maybe you could take a look and see if the etcd slice doesn't get parsed correctly?
@WIZARD-CXY @akarasik What version of kubeadm
and etcd
are you using? I've just tried with the following and it worked for me:
root@c1: kubeadm version
kubeadm version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.3", GitCommit:"0480917b552be33e2dba47386e51decb1a211df6", GitTreeState:"clean", BuildDate:"2017-05-10T15:38:08Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}
root@c1: curl 127.0.0.1:2379/version
{"etcdserver":"3.1.7","etcdcluster":"3.1.0"}
root@c1: cat config.yaml
apiVersion: kubeadm.k8s.io/v1alpha1
kind: MasterConfiguration
etcd:
endpoints:
- http://127.0.0.1:2379
root@c1: kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system kube-controller-manager-c1 1/1 Running 0 49s
kube-system kube-dns-3913472980-vxldm 0/3 Pending 0 45s
kube-system kube-proxy-2d3q4 1/1 Running 0 45s
kube-system kube-scheduler-c1 1/1 Running 0 56s
Also where did you access the kubeadm.MasterConfiguration
struct? Was it dumped out automatically or did you add debug logic to a file?
@jamiehannaford kubeadm 1.6.1 etcd 3.0.17
I got kubeadm.MasterConfiguration struct though a simple debug print. Maybe I will upgrade kubeadm and try it again today and I will update the result here. Thanks for your help
@jamiehannaford kubeadm 1.6.3 works like a charm.
@Lokicity Are you still encountering problems with newer versions of kubeadm?
Closing as fixed... :+1:
see example for v1.14 in https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1
apiVersion: kubeadm.k8s.io/v1beta1
kind: InitConfiguration
bootstrapTokens:
- token: "9a08jv.c0izixklcxtmnze7"
description: "kubeadm bootstrap token"
ttl: "24h"
- token: "783bde.3f89s0fje9f38fhf"
description: "another bootstrap token"
usages:
- authentication
- signing
groups:
- system:bootstrappers:kubeadm:default-node-token
nodeRegistration:
name: "ec2-10-100-0-1"
criSocket: "/var/run/dockershim.sock"
taints:
- key: "kubeadmNode"
value: "master"
effect: "NoSchedule"
kubeletExtraArgs:
cgroup-driver: "cgroupfs"
localAPIEndpoint:
advertiseAddress: "10.100.0.1"
bindPort: 6443
---
apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
etcd:
# one of local or external
local:
imageRepository: "k8s.gcr.io"
imageTag: "3.2.24"
dataDir: "/var/lib/etcd"
extraArgs:
listen-client-urls: "http://10.100.0.1:2379"
serverCertSANs:
- "ec2-10-100-0-1.compute-1.amazonaws.com"
peerCertSANs:
- "10.100.0.1"
# external:
# endpoints:
# - "10.100.0.1:2379"
# - "10.100.0.2:2379"
# caFile: "/etcd/kubernetes/pki/etcd/etcd-ca.crt"
# certFile: "/etcd/kubernetes/pki/etcd/etcd.crt"
# keyFile: "/etcd/kubernetes/pki/etcd/etcd.key"
networking:
serviceSubnet: "10.96.0.0/12"
podSubnet: "10.100.0.1/24"
dnsDomain: "cluster.local"
kubernetesVersion: "v1.12.0"
controlPlaneEndpoint: "10.100.0.1:6443"
apiServer:
extraArgs:
authorization-mode: "Node,RBAC"
extraVolumes:
- name: "some-volume"
hostPath: "/etc/some-path"
mountPath: "/etc/some-pod-path"
readOnly: false
pathType: File
certSANs:
- "10.100.1.1"
- "ec2-10-100-0-1.compute-1.amazonaws.com"
timeoutForControlPlane: 4m0s
controllerManager:
extraArgs:
"node-cidr-mask-size": "20"
extraVolumes:
- name: "some-volume"
hostPath: "/etc/some-path"
mountPath: "/etc/some-pod-path"
readOnly: false
pathType: File
scheduler:
extraArgs:
address: "10.100.0.1"
extraVolumes:
- name: "some-volume"
hostPath: "/etc/some-path"
mountPath: "/etc/some-pod-path"
readOnly: false
pathType: File
certificatesDir: "/etc/kubernetes/pki"
imageRepository: "k8s.gcr.io"
useHyperKubeImage: false
clusterName: "example-cluster"
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
# kubelet specific options here
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
# kube-proxy specific options here
Most helpful comment
A config example has been added to the docs here:
https://kubernetes.io/docs/admin/kubeadm/#config-file