Customizing components with the kubeadm API
This page covers how to customize the components that kubeadm deploys. For control plane components
you can use flags in the ClusterConfiguration structure or patches per-node. For the kubelet
and kube-proxy you can use KubeletConfiguration and KubeProxyConfiguration, accordingly.
All of these options are possible via the kubeadm configuration API. For more details on each field in the configuration you can navigate to our API reference pages.
Note: Customizing the CoreDNS deployment of kubeadm is currently not supported. You must manually patch thekube-system/corednsConfigMap and recreate the CoreDNS Pods after that. Alternatively, you can skip the default CoreDNS deployment and deploy your own variant. For more details on that see Using init phases with kubeadm.
Kubernetes v1.12 [stable]
Customizing the control plane with flags in ClusterConfiguration
The kubeadm ClusterConfiguration object exposes a way for users to override the default
flags passed to control plane components such as the APIServer, ControllerManager, Scheduler and Etcd.
The components are defined using the following structures:
apiServercontrollerManagerscheduleretcd
These structures contain a common extraArgs field, that consists of key: value pairs.
To override a flag for a control plane component:
- Add the appropriate
extraArgsto your configuration. - Add flags to the
extraArgsfield. - Run
kubeadm initwith--config <YOUR CONFIG YAML>.
Note: You can generate aClusterConfigurationobject with default values by runningkubeadm config print init-defaultsand saving the output to a file of your choice.
Note: TheClusterConfigurationobject is currently global in kubeadm clusters. This means that any flags that you add, will apply to all instances of the same component on different nodes. To apply individual configuration per component on different nodes you can use patches.
Note: Duplicate flags (keys), or passing the same flag--foomultiple times, is currently not supported. To workaround that you must use patches.
APIServer flags
For details, see the reference documentation for kube-apiserver.
Example usage:
apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
kubernetesVersion: v1.16.0
apiServer:
extraArgs:
anonymous-auth: "false"
enable-admission-plugins: AlwaysPullImages,DefaultStorageClass
audit-log-path: /home/johndoe/audit.log
ControllerManager flags
For details, see the reference documentation for kube-controller-manager.
Example usage:
apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
kubernetesVersion: v1.16.0
controllerManager:
extraArgs:
cluster-signing-key-file: /home/johndoe/keys/ca.key
deployment-controller-sync-period: "50"
Scheduler flags
For details, see the reference documentation for kube-scheduler.
Example usage:
apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
kubernetesVersion: v1.16.0
scheduler:
extraArgs:
config: /etc/kubernetes/scheduler-config.yaml
extraVolumes:
- name: schedulerconfig
hostPath: /home/johndoe/schedconfig.yaml
mountPath: /etc/kubernetes/scheduler-config.yaml
readOnly: true
pathType: "File"
Etcd flags
For details, see the etcd server documentation.
Example usage:
apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
etcd:
local:
extraArgs:
election-timeout: 1000
Customizing the control plane with patches
Kubernetes v1.22 [beta]
Kubeadm allows you to pass a directory with patch files to InitConfiguration and JoinConfiguration
on individual nodes. These patches can be used as the last customization step before the control
plane component manifests are written to disk.
You can pass this file to kubeadm init with --config <YOUR CONFIG YAML>:
apiVersion: kubeadm.k8s.io/v1beta3
kind: InitConfiguration
nodeRegistration:
patches:
directory: /home/user/somedir
Note: Forkubeadm inityou can pass a file containing both aClusterConfigurationandInitConfigurationseparated by---.
You can pass this file to kubeadm join with --config <YOUR CONFIG YAML>:
apiVersion: kubeadm.k8s.io/v1beta3
kind: JoinConfiguration
nodeRegistration:
patches:
directory: /home/user/somedir
The directory must contain files named target[suffix][+patchtype].extension.
For example, kube-apiserver0+merge.yaml or just etcd.json.
targetcan be one ofkube-apiserver,kube-controller-manager,kube-schedulerandetcd.patchtypecan be one ofstrategic,mergeorjsonand these must match the patching formats supported by kubectl. The defaultpatchtypeisstrategic.extensionmust be eitherjsonoryaml.suffixis an optional string that can be used to determine which patches are applied first alpha-numerically.
Note: If you are usingkubeadm upgradeto upgrade your kubeadm nodes you must again provide the same patches, so that the customization is preserved after upgrade. To do that you can use the--patchesflag, which must point to the same directory.kubeadm upgradecurrently does not support a configuration API structure that can be used for the same purpose.
Customizing the kubelet
To customize the kubelet you can add a KubeletConfiguration next to the ClusterConfiguration or
InitConfiguration separated by --- within the same configuration file. This file can then be passed to kubeadm init.
Note: kubeadm applies the sameKubeletConfigurationto all nodes in the cluster. To apply node specific settings you can use kubelet flags as overrides by passing them in thenodeRegistration.kubeletExtraArgsfield supported by bothInitConfigurationandJoinConfiguration. Some kubelet flags are deprecated, so check their status in the kubelet reference documentation before using them.
For more details see Configuring each kubelet in your cluster using kubeadm
Customizing kube-proxy
To customize kube-proxy you can pass a KubeProxyConfiguration next your ClusterConfiguration or
InitConfiguration to kubeadm init separated by ---.
For more details you can navigate to our API reference pages.
Note: kubeadm deploys kube-proxy as a DaemonSet, which means that theKubeProxyConfigurationwould apply to all instances of kube-proxy in the cluster.