K8S: convert "kubeadm init" command-line arguments to "--config" YAML


Background

I’m attempting to configure a cluster via kubeadm. I normally create the (test) cluster via:

sudo kubeadm init --pod-network-cidr 10.244.0.0/16

This parameter appears to eventually find its way into the static pod definition for the controllerManager (/etc/kubernetes/manifests/kube-controller-manager.yaml):

- --cluster-cidr=10.244.0.0/16

Larger portions of sudo vim /etc/kubernetes/manifests/kube-controller-manager.yaml:

apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    component: kube-controller-manager
    tier: control-plane
  name: kube-controller-manager
  namespace: kube-system
spec:
  containers:
  - command:
    - kube-controller-manager
    - --allocate-node-cidrs=true
    - --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf
    - ...
    - --cluster-cidr=10.244.0.0/16

Question 1:

How can I pass this setting, --pod-network-cidr=10.244.0.0/16 via a config file, i.e. kubeadm init --config my_config.yaml? I found a sample config file template on an unofficial K8S documentation wiki, but I can’t seem to find any documentation at all that maps these command-line arguments to kubeadm to their kubeadm_config.yaml equivalents.

There’s also a document showing how I can create a baseline static pod definition/yaml via kubeadm config print init-defaults > kubeadm_config.yaml, but again, no documentation that shows how to set pod-network-cidr by modifying and applying this yaml file (i.e. kubeadm upgrade -f kubeadm_config.yaml).

Sample output of kubeadm config view:

apiServer:
  extraArgs:
    authorization-mode: Node,RBAC
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
  type: CoreDNS
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: k8s.gcr.io
kind: ClusterConfiguration
kubernetesVersion: v1.15.4
networking:
  dnsDomain: cluster.local
  podSubnet: 10.244.0.0/16
  serviceSubnet: 10.96.0.0/12
scheduler: {}

Question 2:

How can I do the above, but pass something like --experimental-cluster-signing-duration=0h30m0s? I’d like to experiment with tests involving manually/automatically renewing all kubeadm-related certs.


This should help you out. :slightly_smiling_face:

kubeadm init
kubeadm config
Creating a single master cluster with kubeadm

I’ve read through all of those documents at length, and none of them address my use case(s).

Issue has been resolved:

Thank you.

1 Like