upgrade to kubeadm v1beta3 config format

2025-12-01 07:26:05 +07:00 · 2022-01-07 16:34:27 -08:00
parent 67a15a0832
commit 8fbaace793
1 changed files with 144 additions and 1 deletions
--- a/pkg/cluster/internal/kubeadm/config.go
+++ b/pkg/cluster/internal/kubeadm/config.go
@@ -427,6 +427,147 @@ conntrack:
 {{end}}{{end}}
 `

+// ConfigTemplateBetaV3 is the kubeadm config template for API version v1beta3
+const ConfigTemplateBetaV3 = `# config generated by kind
+apiVersion: kubeadm.k8s.io/v1beta3
+kind: ClusterConfiguration
+metadata:
+  name: config
+kubernetesVersion: {{.KubernetesVersion}}
+clusterName: "{{.ClusterName}}"
+{{ if .KubeadmFeatureGates}}featureGates:
+{{ range $key, $value := .KubeadmFeatureGates }}
+  "{{ $key }}": {{ $value }}
+{{end}}{{end}}
+controlPlaneEndpoint: "{{ .ControlPlaneEndpoint }}"
+# on docker for mac we have to expose the api server via port forward,
+# so we need to ensure the cert is valid for localhost so we can talk
+# to the cluster after rewriting the kubeconfig to point to localhost
+apiServer:
+  certSANs: [localhost, "{{.APIServerAddress}}"]
+  extraArgs:
+    "runtime-config": "{{ .RuntimeConfigString }}"
+{{ if .FeatureGates }}
+    "feature-gates": "{{ .FeatureGatesString }}"
+{{ end}}
+controllerManager:
+  extraArgs:
+{{ if .FeatureGates }}
+    "feature-gates": "{{ .FeatureGatesString }}"
+{{ end }}
+    enable-hostpath-provisioner: "true"
+    # configure ipv6 default addresses for IPv6 clusters
+    {{ if .IPv6 -}}
+    bind-address: "::"
+    {{- end }}
+scheduler:
+  extraArgs:
+{{ if .FeatureGates }}
+    "feature-gates": "{{ .FeatureGatesString }}"
+{{ end }}
+    # configure ipv6 default addresses for IPv6 clusters
+    {{ if .IPv6 -}}
+    bind-address: "::1"
+    {{- end }}
+networking:
+  podSubnet: "{{ .PodSubnet }}"
+  serviceSubnet: "{{ .ServiceSubnet }}"
+---
+apiVersion: kubeadm.k8s.io/v1beta3
+kind: InitConfiguration
+metadata:
+  name: config
+# we use a well know token for TLS bootstrap
+bootstrapTokens:
+- token: "{{ .Token }}"
+# we use a well know port for making the API server discoverable inside docker network. 
+# from the host machine such port will be accessible via a random local port instead.
+localAPIEndpoint:
+  advertiseAddress: "{{ .AdvertiseAddress }}"
+  bindPort: {{.APIBindPort}}
+nodeRegistration:
+  criSocket: "unix:///run/containerd/containerd.sock"
+  kubeletExtraArgs:
+    fail-swap-on: "false"
+    node-ip: "{{ .NodeAddress }}"
+    provider-id: "kind://{{.NodeProvider}}/{{.ClusterName}}/{{.NodeName}}"
+    node-labels: "{{ .NodeLabels }}"
+---
+# no-op entry that exists solely so it can be patched
+apiVersion: kubeadm.k8s.io/v1beta3
+kind: JoinConfiguration
+metadata:
+  name: config
+{{ if .ControlPlane -}}
+controlPlane:
+  localAPIEndpoint:
+    advertiseAddress: "{{ .AdvertiseAddress }}"
+    bindPort: {{.APIBindPort}}
+{{- end }}
+nodeRegistration:
+  criSocket: "unix:///run/containerd/containerd.sock"
+  kubeletExtraArgs:
+    fail-swap-on: "false"
+    node-ip: "{{ .NodeAddress }}"
+    provider-id: "kind://{{.NodeProvider}}/{{.ClusterName}}/{{.NodeName}}"
+    node-labels: "{{ .NodeLabels }}"
+discovery:
+  bootstrapToken:
+    apiServerEndpoint: "{{ .ControlPlaneEndpoint }}"
+    token: "{{ .Token }}"
+    unsafeSkipCAVerification: true
+---
+apiVersion: kubelet.config.k8s.io/v1beta1
+kind: KubeletConfiguration
+metadata:
+  name: config
+# explicitly set default cgroup driver
+# unblocks https://github.com/kubernetes/kubernetes/pull/99471
+# TODO: consider switching to systemd instead
+# tracked in: https://github.com/kubernetes-sigs/kind/issues/1726
+cgroupDriver: cgroupfs
+# configure ipv6 addresses in IPv6 mode
+{{ if .IPv6 -}}
+address: "::"
+healthzBindAddress: "::"
+{{- end }}
+# disable disk resource management by default
+# kubelet will see the host disk that the inner container runtime
+# is ultimately backed by and attempt to recover disk space. we don't want that.
+imageGCHighThresholdPercent: 100
+evictionHard:
+  nodefs.available: "0%"
+  nodefs.inodesFree: "0%"
+  imagefs.available: "0%"
+{{if .FeatureGates}}featureGates:
+{{ range $key := .SortedFeatureGateKeys }}
+  "{{ $key }}": {{ index $.FeatureGates $key }}
+{{end}}{{end}}
+{{if ne .KubeProxyMode "None"}}
+---
+apiVersion: kubeproxy.config.k8s.io/v1alpha1
+kind: KubeProxyConfiguration
+metadata:
+  name: config
+mode: "{{ .KubeProxyMode }}"
+{{if .FeatureGates}}featureGates:
+{{ range $key := .SortedFeatureGateKeys }}
+  "{{ $key }}": {{ index $.FeatureGates $key }}
+{{end}}{{end}}
+iptables:
+  minSyncPeriod: 1s
+conntrack:
+# Skip setting sysctl value "net.netfilter.nf_conntrack_max"
+# It is a global variable that affects other namespaces
+  maxPerCore: 0
+{{if .RootlessProvider}}
+# Skip setting "net.netfilter.nf_conntrack_tcp_timeout_established"
+  tcpEstablishedTimeout: 0s
+# Skip setting "net.netfilter.nf_conntrack_tcp_timeout_close"
+  tcpCloseWaitTimeout: 0s
+{{end}}{{end}}
+`
+
 // Config returns a kubeadm config generated from config data, in particular
 // the kubernetes version
 func Config(data ConfigData) (config string, err error) {
@@ -454,9 +595,11 @@ func Config(data ConfigData) (config string, err error) {
 	}

 	// assume the latest API version, then fallback if the k8s version is too low
-	templateSource := ConfigTemplateBetaV2
+	templateSource := ConfigTemplateBetaV3
 	if ver.LessThan(version.MustParseSemantic("v1.15.0")) {
 		templateSource = ConfigTemplateBetaV1
+	} else if ver.LessThan(version.MustParseSemantic("v1.23.0")) {
+		templateSource = ConfigTemplateBetaV2
 	}

 	t, err := template.New("kubeadm-config").Parse(templateSource)