K8S:将 "kubeadm init" 命令行参数转换为“--config”YAML

K8S: convert "kubeadm init" command-line arguments to "--config" YAML

背景

我正在尝试通过 kubeadm 配置集群。我通常通过以下方式创建(测试)集群:

sudo kubeadm init --pod-network-cidr 10.244.0.0/16

此参数似乎最终会进入 controllerManager (/etc/kubernetes/manifests/kube-controller-manager.yaml) 的静态 pod 定义中:

- --cluster-cidr=10.244.0.0/16

sudo vim /etc/kubernetes/manifests/kube-controller-manager.yaml 的大部分:

apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    component: kube-controller-manager
    tier: control-plane
  name: kube-controller-manager
  namespace: kube-system
spec:
  containers:
  - command:
    - kube-controller-manager
    - --allocate-node-cidrs=true
    - --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf
    - ...
    - --cluster-cidr=10.244.0.0/16

问题 1:

如何通过配置文件传递此设置 --pod-network-cidr=10.244.0.0/16,即 kubeadm init --config my_config.yaml?我找到了一个 sample config file template on an unofficial K8S documentation wiki,但我似乎根本找不到任何文档将这些命令行参数映射到 kubeadm 到它们的 kubeadm_config.yaml 等价物。

There's also a document showing how I can create a baseline static pod definition/yaml 通过 kubeadm config print init-defaults > kubeadm_config.yaml,但同样,没有文档说明如何通过修改和应用此 yaml 文件(即 kubeadm upgrade -f kubeadm_config.yaml 来设置 pod-network-cidr ).

kubeadm config view 的示例输出:

apiServer:
  extraArgs:
    authorization-mode: Node,RBAC
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
  type: CoreDNS
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: k8s.gcr.io
kind: ClusterConfiguration
kubernetesVersion: v1.15.4
networking:
  dnsDomain: cluster.local
  podSubnet: 10.244.0.0/16
  serviceSubnet: 10.96.0.0/12
scheduler: {}

问题 2:

如何执行上述操作,但传递 --experimental-cluster-signing-duration=0h30m0s 之类的内容?我想尝试涉及 manually/automatically 更新所有 kubeadm 相关证书的测试。

1. 根据official documentation:

It’s possible to configure kubeadm init with a configuration file instead of command line flags, and some more advanced features may only be available as configuration file options. This file is passed with the --config option.

The default configuration can be printed out using the kubeadm config print command.

It is recommended that you migrate your old v1beta1 configuration to v1beta2 using the kubeadm config migrate command.

During kubeadm init, kubeadm uploads the ClusterConfiguration object to your cluster in a ConfigMap called kubeadm-config in the kube-system namespace. This configuration is then read during kubeadm join, kubeadm reset and kubeadm upgrade. To view this ConfigMap call kubeadm config view.

You can use kubeadm config print to print the default configuration and kubeadm config migrate to convert your old configuration files to a newer version. kubeadm config images list and kubeadm config images pull can be used to list and pull the images that kubeadm requires.

子网由 kubeadm 中的 --pod-network-cidr 参数或配置文件定义,如下例所示:

apiVersion: kubeadm.k8s.io/v1alpha3
kind: InitConfiguration
api:
  advertiseAddress: 0.0.0.0
  bindPort: 6443
kubernetesVersion: v1.12.1
---
apiVersion: kubeadm.k8s.io/v1alpha3
kind: ClusterConfiguration
networking:
  podSubnet: 192.168.0.0/24

2. 我无法在官方文档或其他来源中找到类似的内容。

您可以使用 kube-controller-manager 来传递那种配置。

如果有帮助,请告诉我。