I'm attempting to configure a cluster via kubeadm. I normally create the (test) cluster via:
sudo kubeadm init --pod-network-cidr 10.244.0.0/16
This parameter appears to eventually find its way into the static pod definition for the controllerManager (/etc/kubernetes/manifests/kube-controller-manager.yaml):
- --cluster-cidr=10.244.0.0/16
Larger portions of sudo vim /etc/kubernetes/manifests/kube-controller-manager.yaml:
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
component: kube-controller-manager
tier: control-plane
name: kube-controller-manager
namespace: kube-system
spec:
containers:
- command:
- kube-controller-manager
- --allocate-node-cidrs=true
- --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf
- ...
- --cluster-cidr=10.244.0.0/16
How can I pass this setting, --pod-network-cidr=10.244.0.0/16 via a config file, i.e. kubeadm init --config my_config.yaml? I found a sample config file template on an unofficial K8S documentation wiki, but I can't seem to find any documentation at all that maps these command-line arguments to kubeadm to their kubeadm_config.yaml equivalents.
There's also a document showing how I can create a baseline static pod definition/yaml via kubeadm config print init-defaults > kubeadm_config.yaml, but again, no documentation that shows how to set pod-network-cidr by modifying and applying this yaml file (i.e. kubeadm upgrade -f kubeadm_config.yaml).
Sample output of kubeadm config view:
apiServer:
extraArgs:
authorization-mode: Node,RBAC
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: k8s.gcr.io
kind: ClusterConfiguration
kubernetesVersion: v1.15.4
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16
serviceSubnet: 10.96.0.0/12
scheduler: {}
How can I do the above, but pass something like --experimental-cluster-signing-duration=0h30m0s? I'd like to experiment with tests involving manually/automatically renewing all kubeadm-related certs.
1. Accorindg to the official documentation:
It’s possible to configure
kubeadm initwith a configuration file instead of command line flags, and some more advanced features may only be available as configuration file options. This file is passed with the--configoption.The default configuration can be printed out using the
kubeadm config printcommand.It is recommended that you migrate your old v1beta1 configuration to v1beta2 using the
kubeadm config migratecommand.During
kubeadm init, kubeadm uploads the ClusterConfiguration object to your cluster in a ConfigMap called kubeadm-config in the kube-system namespace. This configuration is then read duringkubeadm join,kubeadm resetandkubeadm upgrade. To view this ConfigMap callkubeadm config view.You can use
kubeadm config printto print the default configuration andkubeadm config migrateto convert your old configuration files to a newer version.kubeadm config images listandkubeadm config images pullcan be used to list and pull the images that kubeadm requires.
Subnets are defined by --pod-network-cidr argument in kubeadm OR by a config file such as the example below below:
apiVersion: kubeadm.k8s.io/v1alpha3
kind: InitConfiguration
api:
advertiseAddress: 0.0.0.0
bindPort: 6443
kubernetesVersion: v1.12.1
---
apiVersion: kubeadm.k8s.io/v1alpha3
kind: ClusterConfiguration
networking:
podSubnet: 192.168.0.0/24
2. I was not able to find anything like this in the official documentation nor in other sources.
You instead can use kube-controller-manager to pass that kind of configuration.
Please let me know if that helped.