-
Notifications
You must be signed in to change notification settings - Fork 14.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add a blog to introduce about kubeadm v1beta4
- Loading branch information
Showing
1 changed file
with
100 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,100 @@ | ||
| --- | ||
| layout: blog | ||
| title: 'Kubernetes v.31: kubeadm v1beta4' | ||
| date: 2024-09-20 | ||
| slug: kubernetes-1-31-kubeadm-v1beta4 | ||
| author: > | ||
| Paco Xu (DaoCloud), | ||
| --- | ||
|
|
||
| [`kubeadm`](/docs/reference/setup-tools/kubeadm/) Configuration([v1beta4](https://kubernetes.io/docs/reference/config-api/kubeadm-config.v1beta4/)) is released with Kubernetes v1.31. | ||
| The configuration | ||
| v1beta3 is still supported, but v1beta3 will be deprecated and removed in future releases. | ||
|
|
||
| This guide will walk you through key changes and update about kubeadm v1beta4 Configuration, | ||
| and how to migrate from v1beta3 to v1beta4. | ||
|
|
||
| kubeadm v1beta4 configuration details can be found in the [API doc]((https://kubernetes.io/docs/reference/config-api/kubeadm-config.v1beta4/)). | ||
| The documentation is maintained in [code](https://github.com/kubernetes/kubernetes/blob/master/cmd/kubeadm/app/apis/kubeadm/v1beta4/doc.go) and generated to the website kubernetes.io. | ||
|
|
||
| ### A list of changes since v1beta3 | ||
|
|
||
| This version improves on the [v1beta3](https://kubernetes.io/docs/reference/config-api/kubeadm-config.v1beta3/) | ||
| format by fixing some minor issues and adding a few new fields. | ||
|
|
||
| To put it simply, | ||
|
|
||
| - Two new API type: ResetConfiguration and UpgradeConfiguration | ||
| - For InitConfiguration and JoinConfiguration, `dry-run` mode and `NodeRegistration.ImagePullSerial` are supported | ||
| - For ClusterConfiguration, we add field including `CertificateValidityPeriod`, `CACertificateValidityPeriod`, `EncryptionAlgorithm`, `DNS.Disabled` and `Proxy.Disabled`. | ||
| - Support `ExtraEnvs` for all control plan components | ||
| - `ExtraArgs` changed from a map to structured extra arguments for duplicates | ||
| - Add a `Timeouts` structure for init, join, upgrade and reset. | ||
|
|
||
| For details, you can see the official document below: | ||
|
|
||
| - Support custom environment variables in control plane components under `ClusterConfiguration`. | ||
| Use `APIServer.ExtraEnvs`, `ControllerManager.ExtraEnvs`, `Scheduler.ExtraEnvs`, `Etcd.Local.ExtraEnvs`. | ||
| - The ResetConfiguration API type is now supported in v1beta4. Users are able to reset a node by passing | ||
| a --config file to "kubeadm reset". | ||
| - `dry-run` mode in is now configurable in InitConfiguration and JoinConfiguration. | ||
| - Replace the existing string/string extra argument maps with structured extra arguments that support duplicates. | ||
| The change applies to `ClusterConfiguration` - `APIServer.ExtraArgs`, `ControllerManager.ExtraArgs`, | ||
| `Scheduler.ExtraArgs`, `Etcd.Local.ExtraArgs`. Also to `NodeRegistrationOptions.KubeletExtraArgs`. | ||
| - Add `ClusterConfiguration.EncryptionAlgorithm` that can be used to set the asymmetric encryption algorithm | ||
| used for this cluster's keys and certificates. Can be one of "RSA-2048" (default), "RSA-3072", "RSA-4096" or "ECDSA-P256". | ||
| - Add `ClusterConfiguration.DNS.Disabled` and `ClusterConfiguration.Proxy.Disabled` that can be used to disable | ||
| the CoreDNS and kube-proxy addons during cluster initialization. Skipping the related addons phases, | ||
| during cluster creation will set the same fields to `false`. | ||
| - Add the `NodeRegistration.ImagePullSerial` field in 'InitConfiguration` and `JoinConfiguration`, which | ||
| can be used to control if kubeadm pulls images serially or in parallel. | ||
| - The UpgradeConfiguration kubeadm API is now supported in v1beta4 when passing --config to "kubeadm upgrade" subcommands. | ||
| Usage of component configuration for kubelet and kube-proxy, InitConfiguration and ClusterConfiguration is deprecated | ||
| and will be ignored when passing --config to upgrade subcommands. | ||
| - Add a `Timeouts` structure to `InitConfiguration`, `JoinConfiguration`, `ResetConfiguration` and `UpgradeConfiguration` | ||
| that can be used to configure various timeouts. The `ClusterConfiguration.TimeoutForControlPlane` field is replaced | ||
| by `Timeouts.ControlPlaneComponentHealthCheck`. The `JoinConfiguration.Discovery.Timeout` is replaced by | ||
| `Timeouts.Discovery`. | ||
| - Add a `CertificateValidityPeriod` and `CACertificateValidityPeriod` fields to `ClusterConfiguration`. These fields | ||
| can be used to control the validity period of certificates generated by kubeadm during sub-commands such as `init`, | ||
| `join`, `upgrade` and `certs`. Default values continue to be 1 year for non-CA certificates and 10 years for CA | ||
| certificates. Only non-CA certificates continue to be renewable by `kubeadm certs renew`. | ||
|
|
||
| The aim of those changes can be summarized as making tools that use kubeadm easier to configure | ||
| and make kubeadm easier to extend. | ||
|
|
||
| ### How to migrate v1beta3 configuration to v1beta4? | ||
|
|
||
| If your configuration is not using the latest version it is **recommended** that you migrate using | ||
| the [kubeadm config migrate](/docs/reference/setup-tools/kubeadm/kubeadm-config/#cmd-config-migrate) command. | ||
|
|
||
| Read an older version of the kubeadm configuration API types from a file, and output the similar config object for the newer version | ||
|
|
||
| Using kubeadm v1.31, run `kubeadm config migrate --old-config old-v1beta3.yaml --new-config new-v1beta4.yaml` | ||
|
|
||
| #### Migration from old kubeadm config versions | ||
|
|
||
| - kubeadm v1.15.x and newer can be used to migrate from v1beta1 to v1beta2. | ||
| - kubeadm v1.22.x and newer no longer support v1beta1 and older APIs, but can be used to migrate v1beta2 to v1beta3. | ||
| - kubeadm v1.27.x and newer no longer support v1beta2 and older APIs. | ||
| - kubeadm v1.31.x and newer can be used to migrate from v1beta3 to v1beta4. | ||
|
|
||
| ## How do I get involved? | ||
|
|
||
| Huge thank you to all the contributors who helped with the design, implementation, | ||
| and review of this feature: | ||
|
|
||
| - Lubomir I. Ivanov ([neolit123](https://github.com/neolit123)) | ||
| - Dave Chen([chendave](https://github.com/chendave)) | ||
| - Paco Xu ([pacoxu](https://github.com/pacoxu)) | ||
| - Sata Qiu([sataqiu](https://github.com/sataqiu)) | ||
| - Baofa Fan([carlory](https://github.com/carlory)) | ||
| - Calvin Chen([calvin0327](https://github.com/calvin0327)) | ||
| - Ruquan Zhao([ruquanzhao](https://github.com/ruquanzhao)) | ||
|
|
||
| For those interested in getting involved in future discussions on kubeadm configuration, | ||
| you can reach out kubeadm or [SIG-cluster-lifecycle](https://github.com/kubernetes/community/blob/master/sig-cluster-lifecycle/README.md) by several means: | ||
|
|
||
| - v1beta4 related items are tracked in https://github.com/kubernetes/kubeadm/issues/2890. | ||
| - Slack: [#kubeadm](https://kubernetes.slack.com/messages/kubeadm) or [#sig-cluster-lifecycle](https://kubernetes.slack.com/messages/sig-cluster-lifecycle) | ||
| - [Mailing list](https://groups.google.com/forum/#!forum/kubernetes-sig-cluster-lifecycle) |