|
| 1 | +--- |
| 2 | +layout: blog |
| 3 | +title: 'Kubernetes v1.31: kubeadm v1beta4' |
| 4 | +date: 2024-08-23 |
| 5 | +slug: kubernetes-1-31-kubeadm-v1beta4 |
| 6 | +author: > |
| 7 | + Paco Xu (DaoCloud) |
| 8 | +--- |
| 9 | + |
| 10 | +As part of the Kubernetes v1.31 release, [`kubeadm`](/docs/reference/setup-tools/kubeadm/) is |
| 11 | +adopting a new ([v1beta4](/docs/reference/config-api/kubeadm-config.v1beta4/)) version of |
| 12 | +its configuration file format. Configuration in the previous v1beta3 format is now formally |
| 13 | +deprecated, which means it's supported but you should migrate to v1beta4 and stop using |
| 14 | +the deprecated format. |
| 15 | +Support for v1beta3 configuration will be removed after a minimum of 3 Kubernetes minor releases. |
| 16 | + |
| 17 | +In this article, I'll walk you through key changes; |
| 18 | +I'll explain about the kubeadm v1beta4 configuration format, |
| 19 | +and how to migrate from v1beta3 to v1beta4. |
| 20 | + |
| 21 | +You can read the reference for the v1beta4 configuration format: |
| 22 | +[kubeadm Configuration (v1beta4)]((/docs/reference/config-api/kubeadm-config.v1beta4/)). |
| 23 | + |
| 24 | +### A list of changes since v1beta3 |
| 25 | + |
| 26 | +This version improves on the [v1beta3](/docs/reference/config-api/kubeadm-config.v1beta3/) |
| 27 | +format by fixing some minor issues and adding a few new fields. |
| 28 | + |
| 29 | +To put it simply, |
| 30 | + |
| 31 | +- Two new configuration elements: ResetConfiguration and UpgradeConfiguration |
| 32 | +- For InitConfiguration and JoinConfiguration, `dryRun` mode and `nodeRegistration.imagePullSerial` are supported |
| 33 | +- For ClusterConfiguration, there are new fields including `certificateValidityPeriod`, |
| 34 | +`caCertificateValidityPeriod`, `encryptionAlgorithm`, `dns.disabled` and `proxy.disabled`. |
| 35 | +- Support `extraEnvs` for all control plan components |
| 36 | +- `extraArgs` changed from a map to structured extra arguments for duplicates |
| 37 | +- Add a `timeouts` structure for init, join, upgrade and reset. |
| 38 | + |
| 39 | +For details, you can see the [official document](/docs/reference/config-api/kubeadm-config.v1beta4/) below: |
| 40 | + |
| 41 | +- Support custom environment variables in control plane components under `ClusterConfiguration`. |
| 42 | +Use `apiServer.extraEnvs`, `controllerManager.extraEnvs`, `scheduler.extraEnvs`, `etcd.local.extraEnvs`. |
| 43 | +- The ResetConfiguration API type is now supported in v1beta4. Users are able to reset a node by passing |
| 44 | +a `--config` file to `kubeadm reset`. |
| 45 | +- `dryRun` mode is now configurable in InitConfiguration and JoinConfiguration. |
| 46 | +- Replace the existing string/string extra argument maps with structured extra arguments that support duplicates. |
| 47 | + The change applies to `ClusterConfiguration` - `apiServer.extraArgs`, `controllerManager.extraArgs`, |
| 48 | + `scheduler.extraArgs`, `etcd.local.extraArgs`. Also to `nodeRegistrationOptions.kubeletExtraArgs`. |
| 49 | +- Added `ClusterConfiguration.encryptionAlgorithm` that can be used to set the asymmetric encryption |
| 50 | + algorithm used for this cluster's keys and certificates. Can be one of "RSA-2048" (default), "RSA-3072", |
| 51 | + "RSA-4096" or "ECDSA-P256". |
| 52 | +- Added `ClusterConfiguration.dns.disabled` and `ClusterConfiguration.proxy.disabled` that can be used |
| 53 | + to disable the CoreDNS and kube-proxy addons during cluster initialization. |
| 54 | + Skipping the related addons phases, during cluster creation will set the same fields to `true`. |
| 55 | +- Added the `nodeRegistration.imagePullSerial` field in `InitConfiguration` and `JoinConfiguration`, |
| 56 | + which can be used to control if kubeadm pulls images serially or in parallel. |
| 57 | +- The UpgradeConfiguration kubeadm API is now supported in v1beta4 when passing `--config` to |
| 58 | + `kubeadm upgrade` subcommands. |
| 59 | + For upgrade subcommands, the usage of component configuration for kubelet and kube-proxy, as well as |
| 60 | + InitConfiguration and ClusterConfiguration, is now deprecated and will be ignored when passing `--config`. |
| 61 | +- Added a `timeouts` structure to `InitConfiguration`, `JoinConfiguration`, `ResetConfiguration` and |
| 62 | + `UpgradeConfiguration` that can be used to configure various timeouts. |
| 63 | + The `ClusterConfiguration.timeoutForControlPlane` field is replaced by `timeouts.controlPlaneComponentHealthCheck`. |
| 64 | + The `JoinConfiguration.discovery.timeout` is replaced by `timeouts.discovery`. |
| 65 | +- Added a `certificateValidityPeriod` and `caCertificateValidityPeriod` fields to `ClusterConfiguration`. |
| 66 | + These fields can be used to control the validity period of certificates generated by kubeadm during |
| 67 | + sub-commands such as `init`, `join`, `upgrade` and `certs`. |
| 68 | + Default values continue to be 1 year for non-CA certificates and 10 years for CA certificates. |
| 69 | + Also note that only non-CA certificates are renewable by `kubeadm certs renew`. |
| 70 | + |
| 71 | +These changes simplify the configuration of tools that use kubeadm |
| 72 | +and improve the extensibility of kubeadm itself. |
| 73 | + |
| 74 | +### How to migrate v1beta3 configuration to v1beta4? |
| 75 | + |
| 76 | +If your configuration is not using the latest version, it is recommended that you migrate using |
| 77 | +the [kubeadm config migrate](/docs/reference/setup-tools/kubeadm/kubeadm-config/#cmd-config-migrate) command. |
| 78 | + |
| 79 | +This command reads an existing configuration file that uses the old format, and writes a new |
| 80 | +file that uses the current format. |
| 81 | + |
| 82 | +#### Example {#example-kubeadm-config-migrate} |
| 83 | + |
| 84 | +Using kubeadm v1.31, run `kubeadm config migrate --old-config old-v1beta3.yaml --new-config new-v1beta4.yaml` |
| 85 | + |
| 86 | +## How do I get involved? |
| 87 | + |
| 88 | +Huge thanks to all the contributors who helped with the design, implementation, |
| 89 | +and review of this feature: |
| 90 | + |
| 91 | +- Lubomir I. Ivanov ([neolit123](https://github.com/neolit123)) |
| 92 | +- Dave Chen([chendave](https://github.com/chendave)) |
| 93 | +- Paco Xu ([pacoxu](https://github.com/pacoxu)) |
| 94 | +- Sata Qiu([sataqiu](https://github.com/sataqiu)) |
| 95 | +- Baofa Fan([carlory](https://github.com/carlory)) |
| 96 | +- Calvin Chen([calvin0327](https://github.com/calvin0327)) |
| 97 | +- Ruquan Zhao([ruquanzhao](https://github.com/ruquanzhao)) |
| 98 | + |
| 99 | +For those interested in getting involved in future discussions on kubeadm configuration, |
| 100 | +you can reach out kubeadm or [SIG-cluster-lifecycle](https://github.com/kubernetes/community/blob/master/sig-cluster-lifecycle/README.md) by several means: |
| 101 | + |
| 102 | +- v1beta4 related items are tracked in [kubeadm issue #2890](https://github.com/kubernetes/kubeadm/issues/2890). |
| 103 | +- Slack: [#kubeadm](https://kubernetes.slack.com/messages/kubeadm) or [#sig-cluster-lifecycle](https://kubernetes.slack.com/messages/sig-cluster-lifecycle) |
| 104 | +- [Mailing list](https://groups.google.com/forum/#!forum/kubernetes-sig-cluster-lifecycle) |
0 commit comments