K8S: convert "kubeadm init" command-line arguments to "--config" YAML

Question

---

Background

I'm attempting to configure a cluster via kubeadm. I normally create the (test) cluster via:

sudo kubeadm init --pod-network-cidr 10.244.0.0/16

This parameter appears to eventually find its way into the static pod definition for the controllerManager (/etc/kubernetes/manifests/kube-controller-manager.yaml):

- --cluster-cidr=10.244.0.0/16

Larger portions of sudo vim /etc/kubernetes/manifests/kube-controller-manager.yaml:

apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    component: kube-controller-manager
    tier: control-plane
  name: kube-controller-manager
  namespace: kube-system
spec:
  containers:
  - command:
    - kube-controller-manager
    - --allocate-node-cidrs=true
    - --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf
    - ...
    - --cluster-cidr=10.244.0.0/16

---

Question 1:

How can I pass this setting, --pod-network-cidr=10.244.0.0/16 via a config file, i.e. kubeadm init --config my_config.yaml? I found a sample config file template on an unofficial K8S documentation wiki, but I can't seem to find any documentation at all that maps these command-line arguments to kubeadm to their kubeadm_config.yaml equivalents.

There's also a document showing how I can create a baseline static pod definition/yaml via kubeadm config print init-defaults > kubeadm_config.yaml, but again, no documentation that shows how to set pod-network-cidr by modifying and applying this yaml file (i.e. kubeadm upgrade -f kubeadm_config.yaml).

Sample output of kubeadm config view:

apiServer:
  extraArgs:
    authorization-mode: Node,RBAC
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
  type: CoreDNS
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: k8s.gcr.io
kind: ClusterConfiguration
kubernetesVersion: v1.15.4
networking:
  dnsDomain: cluster.local
  podSubnet: 10.244.0.0/16
  serviceSubnet: 10.96.0.0/12
scheduler: {}

---

Question 2:

How can I do the above, but pass something like --experimental-cluster-signing-duration=0h30m0s? I'd like to experiment with tests involving manually/automatically renewing all kubeadm-related certs.

---

Answer 1

1. Accorindg to the official documentation:

It’s possible to configure kubeadm init with a configuration file instead of command line flags, and some more advanced features may only be available as configuration file options. This file is passed with the --config option.

The default configuration can be printed out using the kubeadm config print command.

It is recommended that you migrate your old v1beta1 configuration to v1beta2 using the kubeadm config migrate command.

During kubeadm init, kubeadm uploads the ClusterConfiguration object to your cluster in a ConfigMap called kubeadm-config in the kube-system namespace. This configuration is then read during kubeadm join, kubeadm reset and kubeadm upgrade. To view this ConfigMap call kubeadm config view.

You can use kubeadm config print to print the default configuration and kubeadm config migrate to convert your old configuration files to a newer version. kubeadm config images list and kubeadm config images pull can be used to list and pull the images that kubeadm requires.

Subnets are defined by --pod-network-cidr argument in kubeadm OR by a config file such as the example below below:

apiVersion: kubeadm.k8s.io/v1alpha3
kind: InitConfiguration
api:
  advertiseAddress: 0.0.0.0
  bindPort: 6443
kubernetesVersion: v1.12.1
---
apiVersion: kubeadm.k8s.io/v1alpha3
kind: ClusterConfiguration
networking:
  podSubnet: 192.168.0.0/24

2. I was not able to find anything like this in the official documentation nor in other sources.

You instead can use kube-controller-manager to pass that kind of configuration.

Please let me know if that helped.