2

I'm using hyperkube to start kube-controller-manager docker container. In order to rotate the kubernetes CA I followed this doc. I have to point the KCM client-ca and cluster-signing-cert to different certs. Automating this is difficult because KCM process uses command line arguments.

I don't see any option here. Does anyone know a way of migrating command line arguments to a config.yaml file for kube-controller-manager?

NOTE: My question is about starting the KCM process with config file just like how we have one for kubelets here.

Wytrzymały Wiktor
  • 11,492
  • 5
  • 29
  • 37
swetad90
  • 784
  • 1
  • 13
  • 34
  • Does this answer your question? [Kubernetes kube-controller-manager. How can I apply a flag?](https://stackoverflow.com/questions/60767427/kubernetes-kube-controller-manager-how-can-i-apply-a-flag) –  Aug 02 '21 at 08:09
  • Unfortunately, No. The given example passes all arguments to KCM as command line arguments, not in a yaml file. I was looking for option like kube-controller-manager --config=/etc/kcm-config.yaml – swetad90 Aug 02 '21 at 20:16
  • What do you mean? The accepted answer literally shows you how to pass arguments to the kcd with yaml file. There is no other way to do this. –  Aug 03 '21 at 05:38
  • I'm looking for kcm as we have for kubelet like this https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/#start-a-kubelet-process-configured-via-the-config-file . The one you showed was a yaml for a kube-controller-manager pod, not how to start the kcm process with a yaml file. – swetad90 Aug 03 '21 at 19:58

1 Answers1

2

There are two possible ways of starting kube-controller-manager with customized settings, by providing YAML files.

Method #1

The kube-controller-manager runs as a pod in your control plane. It's config file is located in /etc/kubernetes/manifests, a kube-controller-manager.yaml. By adding .spec.containers.command like so:

spec:
  containers:
  - command:
    - kube-controller-manager
    - --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf
...

you can change the defaults.

Then you would have to restart docker (or containerd)

sudo systemctl restart docker (or containerd)

or, if you want to restart just kube-controller-manager

docker restart kube-controller-mamnager

Method #2

You can change use ClusterConfiguration with extraArgs like so[reference]:

apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
kubernetesVersion: v1.16.0
controllerManager:
  extraArgs:
    cluster-signing-key-file: /home/johndoe/keys/ca.key
    deployment-controller-sync-period: "50"

For this you would have to extract your current cluster configuration

kubeadm config view > kubeadm-config.yaml

edit this file accordingly, and then upgrade the control plane

kubeadm upgrade apply --config kubeadm-config.yaml

Now, to answer your question - kube-controller-manager does not support --config or any other flag that would allow you to pass a YAML file as it's argument (you can check all available flags here).

The only possible solutions are the two above.

  • I have accepted Paweł Grondal's answer as that stated it right. What I'm trying to do is not available. As a workaround, to get what I am trying to, now I maintain 2 copies of the same certificate, so that I can use it during the rotation – swetad90 Aug 06 '21 at 21:33