diff --git a/content/en/docs/reference/setup-tools/kubeadm/implementation-details.md b/content/en/docs/reference/setup-tools/kubeadm/implementation-details.md index 09cc412595fbd..cf5d7cc95e135 100644 --- a/content/en/docs/reference/setup-tools/kubeadm/implementation-details.md +++ b/content/en/docs/reference/setup-tools/kubeadm/implementation-details.md @@ -71,7 +71,7 @@ in a majority of cases, and the most intuitive location; other constants paths a The `kubeadm init` [internal workflow](/docs/reference/setup-tools/kubeadm/kubeadm-init/#init-workflow) consists of a sequence of atomic work tasks to perform, as described in `kubeadm init`. -The [`kubeadm alpha phase`](/docs/reference/setup-tools/kubeadm/kubeadm-alpha/) command allows users to invoke individually each task, and ultimately offers a reusable and composable +The [`kubeadm init phase`](/docs/reference/setup-tools/kubeadm/kubeadm-init-phase/) command allows users to invoke individually each task, and ultimately offers a reusable and composable API/toolbox that can be used by other Kubernetes bootstrap tools, by any IT automation tool or by advanced user for creating custom clusters. @@ -122,7 +122,7 @@ In any case the user can skip specific preflight checks (or eventually all prefl Please note that: -1. Preflight checks can be invoked individually with the [`kubeadm alpha phase preflight`](/docs/reference/setup-tools/kubeadm/kubeadm-alpha/#cmd-phase-preflight) command +1. Preflight checks can be invoked individually with the [`kubeadm init phase preflight`](/docs/reference/setup-tools/kubeadm/kubeadm-alpha/#cmd-phase-preflight) command ### Generate the necessary certificates @@ -158,7 +158,7 @@ Certificates are stored by default in `/etc/kubernetes/pki`, but this directory 3. If kubeadm is running in [ExternalCA mode](/docs/reference/setup-tools/kubeadm/kubeadm-init/#external-ca-mode); all the certificates must be provided by the user, because kubeadm cannot generate them by itself 4. In case of kubeadm is executed in the `--dry-run` mode, certificates files are written in a temporary folder -5. Certificate generation can be invoked individually with the [`kubeadm alpha phase certs all`](/docs/reference/setup-tools/kubeadm/kubeadm-alpha/#cmd-phase-certs) command +5. Certificate generation can be invoked individually with the [`kubeadm init phase certs`](/docs/reference/setup-tools/kubeadm/kubeadm-alpha/#cmd-phase-certs) command ### Generate kubeconfig files for control plane components @@ -186,7 +186,7 @@ Please note that: 2. If a given kubeconfig file exists, and its content is evaluated compliant with the above specs, the existing file will be used and the generation phase for the given kubeconfig skipped 3. If kubeadm is running in [ExternalCA mode](/docs/reference/setup-tools/kubeadm/kubeadm-init/#external-ca-mode), all the required kubeconfig must be provided by the user as well, because kubeadm cannot generate any of them by itself 4. In case of kubeadm is executed in the `--dry-run` mode, kubeconfig files are written in a temporary folder -5. Kubeconfig files generation can be invoked individually with the [`kubeadm alpha phase kubeconfig all`](/docs/reference/setup-tools/kubeadm/kubeadm-alpha/#cmd-phase-kubeconfig) command +5. Kubeconfig files generation can be invoked individually with the [`kubeadm init phase kubeconfig`](/docs/reference/setup-tools/kubeadm/kubeadm-alpha/#cmd-phase-kubeconfig) command ### Generate static Pod manifests for control plane components @@ -213,7 +213,7 @@ Please note that: should be used for all control plane components, this one will be used. see [using custom images](/docs/reference/setup-tools/kubeadm/kubeadm-init/#custom-images) for more details 2. In case of kubeadm is executed in the `--dry-run` mode, static Pods files are written in a temporary folder -3. Static Pod manifest generation for master components can be invoked individually with the [`kubeadm alpha phase controlplane all`](/docs/reference/setup-tools/kubeadm/kubeadm-alpha/#cmd-phase-controlplane) command +3. Static Pod manifest generation for master components can be invoked individually with the [`kubeadm init phase control-plane`](/docs/reference/setup-tools/kubeadm/kubeadm-init-phase/#cmd-phase-control-plane) command #### API server @@ -226,10 +226,6 @@ The static Pod manifest for the API server is affected by following parameters p if an external etcd server is not be provided, a local etcd will be used (via host network) - If a cloud provider is specified, the corresponding `--cloud-provider` is configured, together with the `--cloud-config` path if such file exists (this is experimental, alpha and will be removed in a future version) - - If kubeadm is invoked with `--feature-gates=HighAvailability`, the flag `--endpoint-reconciler-type=lease` is set, thus enabling - automatic reconciliation of endpoints for the internal API server VIP - - If kubeadm is invoked with `--feature-gates=DynamicKubeletConfig`, the corresponding feature on API server is activated - with the `--feature-gates=DynamicKubeletConfig=true` flag Other API server flags that are set unconditionally are: @@ -309,11 +305,11 @@ Please note that: 1. The etcd image will be pulled from `k8s.gcr.io`. In case an alternative image repository is specified this one will be used; In case an alternative image name is specified, this one will be used. see [using custom images](/docs/reference/setup-tools/kubeadm/kubeadm-init/#custom-images) for more details 2. in case of kubeadm is executed in the `--dry-run` mode, the etcd static Pod manifest is written in a temporary folder -3. Static Pod manifest generation for local etcd can be invoked individually with the [`kubeadm alpha phase etcd local`](/docs/reference/setup-tools/kubeadm/kubeadm-alpha/#cmd-phase-etcd) command +3. Static Pod manifest generation for local etcd can be invoked individually with the [`kubeadm init phase etcd local`](/docs/reference/setup-tools/kubeadm/kubeadm-alpha/#cmd-phase-etcd) command -### (optional and alpha in v1.9) Write init kubelet configuration +### Optional Dynamic Kublet Configuration -If kubeadm is invoked with `--feature-gates=DynamicKubeletConfig`, it writes the kubelet init configuration +To use this functionality call `kubeadm alpha kubelet config enable-dynamic`. It writes the kubelet init configuration into `/var/lib/kubelet/config/init/kubelet` file. The init configuration is used for starting the kubelet on this specific node, providing an alternative for the kubelet drop-in file; @@ -358,7 +354,7 @@ state and make new decisions based on that data. Please note that: 1. Before uploading, sensitive information like e.g. the token are stripped from the configuration -2. Upload of master configuration can be invoked individually with the [`kubeadm alpha phase upload-config`](/docs/reference/setup-tools/kubeadm/kubeadm-alpha/#cmd-phase-upload-config) command +2. Upload of master configuration can be invoked individually with the [`kubeadm init phase upload-config`](/docs/reference/setup-tools/kubeadm/kubeadm-alpha/#cmd-phase-upload-config) command 3. If you initialized your cluster using kubeadm v1.7.x or lower, you must create manually the master configuration ConfigMap before `kubeadm upgrade` to v1.8 . In order to facilitate this task, the [`kubeadm config upload (from-flags|from-file)`](/docs/reference/setup-tools/kubeadm/kubeadm-config/) was implemented @@ -372,7 +368,7 @@ As soon as the control plane is available, kubeadm executes following actions: Please note that: -1. Mark master phase can be invoked individually with the [`kubeadm alpha phase mark-master`](/docs/reference/setup-tools/kubeadm/kubeadm-alpha/#cmd-phase-mark-master) command +1. Mark master phase can be invoked individually with the [`kubeadm init phase mark-control-plane`](/docs/reference/setup-tools/kubeadm/kubeadm-alpha/#cmd-phase-mark-master) command ### Configure TLS-Bootstrapping for node joining @@ -383,7 +379,7 @@ existing cluster; for more details see also [design proposal](https://github.com setting API server and controller flags as already described in previous paragraphs. Please note that: -1. TLS bootstrapping for nodes can be configured with the [`kubeadm alpha phase bootstrap-token all`](/docs/reference/setup-tools/kubeadm/kubeadm-alpha/#cmd-phase-bootstrap-token) +1. TLS bootstrapping for nodes can be configured with the [`kubeadm init phase bootstrap-token`](/docs/reference/setup-tools/kubeadm/kubeadm-init-phase/#cmd-phase-bootstrap-token) command, executing all the configuration steps described in following paragraphs; alternatively, each step can be invoked individually #### Create a bootstrap token @@ -441,7 +437,7 @@ can handle to serving the `cluster-info` ConfigMap. Kubeadm installs the internal DNS server and the kube-proxy addon components via the API server. Please note that: -1. This phase can be invoked individually with the [`kubeadm alpha phase addon all`](/docs/reference/setup-tools/kubeadm/kubeadm-alpha/#cmd-phase-addon) command. +1. This phase can be invoked individually with the [`kubeadm init phase addon`](/docs/reference/setup-tools/kubeadm/kubeadm-alpha/#cmd-phase-addon) command. #### proxy @@ -468,11 +464,11 @@ Deploy the `kube-dns` Deployment and Service: - It's the upstream CoreDNS deployment relatively unmodified - The `kube-dns` ServiceAccount is bound to the privileges in the `system:kube-dns` ClusterRole -### (Optional and alpha in v1.9) self-hosting +### Optional self-hosting -This phase is performed only if `kubeadm init` is invoked with `—features-gates=selfHosting` +To enable self hosting on a existing static Pod control-plane use `kubeadm alpha selfhosting pivot`. -The self hosting phase basically replaces static Pods for control plane components with DaemonSets; this is achieved by executing +Self hosting basically replaces static Pods for control plane components with DaemonSets; this is achieved by executing following procedure for API server, scheduler and controller manager static Pods: - Load the static Pod specification from disk @@ -485,21 +481,9 @@ following procedure for API server, scheduler and controller manager static Pods - Create the DaemonSet resource in `kube-system` namespace. Wait until the Pods are running. - Remove the static Pod manifest file. The kubelet will stop the original static Pod-hosted component that was running -Please note that: - -1. Self hosting is not yet resilient to node restarts; this can be fixed with external checkpointing or with kubelet checkpointing +Please note that self hosting is not yet resilient to node restarts; this can be fixed with external checkpointing or with kubelet checkpointing for the control plane Pods. See [self-hosting](/docs/reference/setup-tools/kubeadm/kubeadm-init/#self-hosting) for more details. -2. If invoked with `—features-gates=StoreCertsInSecrets` following additional steps will be executed - - - Creation of `ca`, `apiserver`, `apiserver-kubelet-client`, `sa`, `front-proxy-ca`, `front-proxy-client` TLS secrets - in `kube-system` namespace with respective certificates and keys. - Important! storing the CA key in a Secret might have security implications - - Creation of `schedler.conf` and `controller-manager.conf` secrets in`kube-system` namespace with respective kubeconfig files - - Mutation of all the Pod specs by replacing host path volumes with projected volumes from the secrets above - -3. This phase can be invoked individually with the [`kubeadm alpha phase selfhosting convert-from-staticpods`](/docs/reference/setup-tools/kubeadm/kubeadm-alpha/#cmd-phase-self-hosting) command. - ## kubeadm join phases internal design Similarly to `kubeadm init`, also `kubeadm join` internal workflow consists of a sequence of atomic work tasks to perform. diff --git a/content/en/docs/reference/setup-tools/kubeadm/kubeadm-alpha.md b/content/en/docs/reference/setup-tools/kubeadm/kubeadm-alpha.md index ba29459a2a13b..d53d528557b61 100644 --- a/content/en/docs/reference/setup-tools/kubeadm/kubeadm-alpha.md +++ b/content/en/docs/reference/setup-tools/kubeadm/kubeadm-alpha.md @@ -11,12 +11,12 @@ weight: 90 from the community. Please try it out and give us feedback! {{< /caution >}} -In v1.8.0, kubeadm introduced the `kubeadm alpha phase` command with the aim of making kubeadm more modular. This modularity enables you to invoke atomic sub-steps of the bootstrap process; you can let kubeadm do some parts and fill in yourself where you need customizations. +In v1.8.0, kubeadm introduced the `kubeadm init phase` command with the aim of making kubeadm more modular. This modularity enables you to invoke atomic sub-steps of the bootstrap process; you can let kubeadm do some parts and fill in yourself where you need customizations. -`kubeadm alpha phase` is consistent with [kubeadm init workflow](/docs/reference/setup-tools/kubeadm/kubeadm-init/#init-workflow), +`kubeadm init phase` is consistent with [kubeadm init workflow](/docs/reference/setup-tools/kubeadm/kubeadm-init/#init-workflow), and behind the scene both use the same code. -## kubeadm alpha phase preflight {#cmd-phase-preflight} +## kubeadm init phase preflight {#cmd-phase-preflight} You can execute preflight checks both for the master node, like in `kubeadm init`, or for the worker node like in `kubeadm join`. @@ -27,7 +27,7 @@ like in `kubeadm join`. {{< /tabs >}} -## kubeadm alpha phase certs {#cmd-phase-certs} +## kubeadm init phase certs {#cmd-phase-certs} You can create all required certificates with the `all` subcommand or selectively create certificates. @@ -41,7 +41,7 @@ You can create all required certificates with the `all` subcommand or selectivel {{< tab name="front-proxy-client" include="generated/kubeadm_alpha_phase_certs_front-proxy-client.md" />}} {{< /tabs >}} -## kubeadm alpha phase certs renew {#cmd-phase-certs-renew} +## kubeadm init phase certs renew {#cmd-phase-certs-renew} You can renew all Kubernetes certificates using the `all` subcommand or renew them selectively. @@ -56,7 +56,7 @@ You can renew all Kubernetes certificates using the `all` subcommand or renew th {{< tab name="front-proxy-client" include="generated/kubeadm_alpha_phase_certs_renew_front-proxy-client.md" />}} {{< /tabs >}} -## kubeadm alpha phase kubeconfig {#cmd-phase-kubeconfig} +## kubeadm init phase kubeconfig {#cmd-phase-kubeconfig} You can create all required kubeconfig files with the `all` subcommand, or selectively create the files. Additionally, the `user` subcommand supports the creation of kubeconfig files for additional users. @@ -70,7 +70,7 @@ Additionally, the `user` subcommand supports the creation of kubeconfig files fo {{< tab name="user" include="generated/kubeadm_alpha_phase_kubeconfig_user.md" />}} {{< /tabs >}} -## kubeadm alpha phase kubelet {#cmd-phase-kubelet} +## kubeadm init phase kubelet {#cmd-phase-kubelet} Use the following commands to manage the kubelet phase. @@ -83,7 +83,7 @@ Use the following commands to manage the kubelet phase. {{< tab name="write-env-file" include="generated/kubeadm_alpha_phase_kubelet_write-env-file.md" />}} {{< /tabs >}} -## kubeadm alpha phase controlplane {#cmd-phase-controlplane} +## kubeadm init phase controlplane {#cmd-phase-controlplane} You can create all required static Pod files for the control plane components with the `all` subcommand, or selectively create the files. @@ -96,7 +96,7 @@ or selectively create the files. {{< /tabs >}} -## kubeadm alpha phase etcd {#cmd-phase-etcd} +## kubeadm init phase etcd {#cmd-phase-etcd} Use the following command to create a self-hosted, local etcd instance based on a static Pod file. @@ -105,7 +105,7 @@ Use the following command to create a self-hosted, local etcd instance based on {{< /tabs >}} -## kubeadm alpha phase mark-master {#cmd-phase-mark-master} +## kubeadm init phase mark-master {#cmd-phase-mark-master} Use the following command to label and taint the node with the `node-role.kubernetes.io/master=""` key-value pair. @@ -114,7 +114,7 @@ Use the following command to label and taint the node with the `node-role.kubern {{< /tabs >}} -## kubeadm alpha phase bootstrap-token {#cmd-phase-bootstrap-token} +## kubeadm init phase bootstrap-token {#cmd-phase-bootstrap-token} Use the following actions to fully configure bootstrap tokens. You can fully configure bootstrap tokens with the `all` subcommand, @@ -129,7 +129,7 @@ or selectively configure single elements. {{< /tabs >}} -## kubeadm alpha phase upload-config {#cmd-phase-upload-config} +## kubeadm init phase upload-config {#cmd-phase-upload-config} You can use this command to upload the kubeadm configuration to your cluster. Alternatively, you can use [kubeadm config](/docs/reference/setup-tools/kubeadm/kubeadm-config/). @@ -139,7 +139,7 @@ Alternatively, you can use [kubeadm config](/docs/reference/setup-tools/kubeadm/ {{< /tabs >}} -## kubeadm alpha phase addon {#cmd-phase-addon} +## kubeadm init phase addon {#cmd-phase-addon} You can install all the available addons with the `all` subcommand, or install them selectively. @@ -155,7 +155,7 @@ install them selectively. {{< /tabs >}} -## kubeadm alpha phase self-hosting {#cmd-phase-self-hosting} +## kubeadm init phase self-hosting {#cmd-phase-self-hosting} {{< caution >}} **Caution:** Self-hosting is an alpha feature. See [kubeadm init](/docs/reference/setup-tools/kubeadm/kubeadm-init/) documentation for self-hosting limitations. diff --git a/content/en/docs/setup/independent/create-cluster-kubeadm.md b/content/en/docs/setup/independent/create-cluster-kubeadm.md index e37bea2a1ce62..9c3a1d98966c6 100644 --- a/content/en/docs/setup/independent/create-cluster-kubeadm.md +++ b/content/en/docs/setup/independent/create-cluster-kubeadm.md @@ -505,7 +505,7 @@ and `scp` using that other user instead. The `admin.conf` file gives the user _superuser_ privileges over the cluster. This file should be used sparingly. For normal users, it's recommended to generate an unique credential to which you whitelist privileges. You can do -this with the `kubeadm alpha phase kubeconfig user --client-name ` +this with the `kubeadm alpha kubeconfig user --client-name ` command. That command will print out a KubeConfig file to STDOUT which you should save to a file and distribute to your user. After that, whitelist privileges by using `kubectl create (cluster)rolebinding`. diff --git a/content/en/docs/setup/independent/high-availability.md b/content/en/docs/setup/independent/high-availability.md index f58911eec654b..5966f42ac6181 100644 --- a/content/en/docs/setup/independent/high-availability.md +++ b/content/en/docs/setup/independent/high-availability.md @@ -148,8 +148,9 @@ different configuration. apiVersion: kubeadm.k8s.io/v1beta1 kind: ClusterConfiguration kubernetesVersion: stable - apiServerCertSANs: - - "LOAD_BALANCER_DNS" + apiServer: + certSANs: + - "LOAD_BALANCER_DNS" controlPlaneEndpoint: "LOAD_BALANCER_DNS:LOAD_BALANCER_PORT" etcd: local: @@ -227,8 +228,9 @@ done apiVersion: kubeadm.k8s.io/v1beta1 kind: ClusterConfiguration kubernetesVersion: stable - apiServerCertSANs: - - "LOAD_BALANCER_DNS" + apiServer: + certSANs: + - "LOAD_BALANCER_DNS" controlPlaneEndpoint: "LOAD_BALANCER_DNS:LOAD_BALANCER_PORT" etcd: local: @@ -277,11 +279,9 @@ done 1. Run the kubeadm phase commands to bootstrap the kubelet: ```sh - kubeadm alpha phase certs all --config kubeadm-config.yaml - kubeadm alpha phase kubelet config write-to-disk --config kubeadm-config.yaml - kubeadm alpha phase kubelet write-env-file --config kubeadm-config.yaml - kubeadm alpha phase kubeconfig kubelet --config kubeadm-config.yaml - systemctl start kubelet + kubeadm init phase certs --config kubeadm-config.yaml + kubeadm init phase kubeconfig kubelet --config kubeadm-config.yaml + kubeadm init phase kubelet-start --config kubeadm-config.yaml ``` 1. Run the commands to add the node to the etcd cluster: @@ -294,7 +294,7 @@ done export KUBECONFIG=/etc/kubernetes/admin.conf kubectl exec -n kube-system etcd-${CP0_HOSTNAME} -- etcdctl --ca-file /etc/kubernetes/pki/etcd/ca.crt --cert-file /etc/kubernetes/pki/etcd/peer.crt --key-file /etc/kubernetes/pki/etcd/peer.key --endpoints=https://${CP0_IP}:2379 member add ${CP1_HOSTNAME} https://${CP1_IP}:2380 - kubeadm alpha phase etcd local --config kubeadm-config.yaml + kubeadm init phase etcd local --config kubeadm-config.yaml ``` - This command causes the etcd cluster to become unavailable for a @@ -304,10 +304,10 @@ done 1. Deploy the control plane components and mark the node as a master: ```sh - kubeadm alpha phase kubeconfig all --config kubeadm-config.yaml - kubeadm alpha phase controlplane all --config kubeadm-config.yaml - kubeadm alpha phase kubelet config annotate-cri --config kubeadm-config.yaml - kubeadm alpha phase mark-master --config kubeadm-config.yaml + kubeadm init phase kubeconfig --config kubeadm-config.yaml + kubeadm init phase control-plane --config kubeadm-config.yaml + kubeadm init phase upload-config kubelet --config kubeadm-config.yaml + kubeadm init phase mark-control-plane --config kubeadm-config.yaml ``` ### Add the third stacked control plane node @@ -317,8 +317,9 @@ done apiVersion: kubeadm.k8s.io/v1beta1 kind: ClusterConfiguration kubernetesVersion: stable - apiServerCertSANs: - - "LOAD_BALANCER_DNS" + apiServer: + certSANs: + - "LOAD_BALANCER_DNS" controlPlaneEndpoint: "LOAD_BALANCER_DNS:LOAD_BALANCER_PORT" etcd: local: @@ -369,11 +370,9 @@ done 1. Run the kubeadm phase commands to bootstrap the kubelet: ```sh - kubeadm alpha phase certs all --config kubeadm-config.yaml - kubeadm alpha phase kubelet config write-to-disk --config kubeadm-config.yaml - kubeadm alpha phase kubelet write-env-file --config kubeadm-config.yaml - kubeadm alpha phase kubeconfig kubelet --config kubeadm-config.yaml - systemctl start kubelet + kubeadm init phase certs --config kubeadm-config.yaml + kubeadm init phase kubeconfig kubelet --config kubeadm-config.yaml + kubeadm init phase kubelet-start --config kubeadm-config.yaml ``` 1. Run the commands to add the node to the etcd cluster: @@ -386,16 +385,16 @@ done export KUBECONFIG=/etc/kubernetes/admin.conf kubectl exec -n kube-system etcd-${CP0_HOSTNAME} -- etcdctl --ca-file /etc/kubernetes/pki/etcd/ca.crt --cert-file /etc/kubernetes/pki/etcd/peer.crt --key-file /etc/kubernetes/pki/etcd/peer.key --endpoints=https://${CP0_IP}:2379 member add ${CP2_HOSTNAME} https://${CP2_IP}:2380 - kubeadm alpha phase etcd local --config kubeadm-config.yaml + kubeadm init phase etcd local --config kubeadm-config.yaml ``` 1. Deploy the control plane components and mark the node as a master: ```sh - kubeadm alpha phase kubeconfig all --config kubeadm-config.yaml - kubeadm alpha phase controlplane all --config kubeadm-config.yaml - kubeadm alpha phase kubelet config annotate-cri --config kubeadm-config.yaml - kubeadm alpha phase mark-master --config kubeadm-config.yaml + kubeadm init phase kubeconfig --config kubeadm-config.yaml + kubeadm init phase control-plane --config kubeadm-config.yaml + kubeadm init phase upload-config kubelet --config kubeadm-config.yaml + kubeadm init phase mark-control-plane --config kubeadm-config.yaml ``` ## External etcd @@ -445,8 +444,9 @@ done apiVersion: kubeadm.k8s.io/v1beta1 kind: ClusterConfiguration kubernetesVersion: stable - apiServerCertSANs: - - "LOAD_BALANCER_DNS" + apiServer: + certSANs: + - "LOAD_BALANCER_DNS" controlPlaneEndpoint: "LOAD_BALANCER_DNS:LOAD_BALANCER_PORT" etcd: external: diff --git a/content/en/docs/setup/independent/setup-ha-etcd-with-kubeadm.md b/content/en/docs/setup/independent/setup-ha-etcd-with-kubeadm.md index 76ccdbc4f1a26..aa97a0191c314 100644 --- a/content/en/docs/setup/independent/setup-ha-etcd-with-kubeadm.md +++ b/content/en/docs/setup/independent/setup-ha-etcd-with-kubeadm.md @@ -114,7 +114,7 @@ this example. generated the configuration files for kubeadm). ``` - kubeadm alpha phase certs etcd-ca + kubeadm init phase certs etcd-ca ``` This creates two files @@ -125,25 +125,25 @@ this example. 1. Create certificates for each member ```sh - kubeadm alpha phase certs etcd-server --config=/tmp/${HOST2}/kubeadmcfg.yaml - kubeadm alpha phase certs etcd-peer --config=/tmp/${HOST2}/kubeadmcfg.yaml - kubeadm alpha phase certs etcd-healthcheck-client --config=/tmp/${HOST2}/kubeadmcfg.yaml - kubeadm alpha phase certs apiserver-etcd-client --config=/tmp/${HOST2}/kubeadmcfg.yaml + kubeadm init phase certs etcd-server --config=/tmp/${HOST2}/kubeadmcfg.yaml + kubeadm init phase certs etcd-peer --config=/tmp/${HOST2}/kubeadmcfg.yaml + kubeadm init phase certs etcd-healthcheck-client --config=/tmp/${HOST2}/kubeadmcfg.yaml + kubeadm init phase certs apiserver-etcd-client --config=/tmp/${HOST2}/kubeadmcfg.yaml cp -R /etc/kubernetes/pki /tmp/${HOST2}/ # cleanup non-reusable certificates find /etc/kubernetes/pki -not -name ca.crt -not -name ca.key -type f -delete - kubeadm alpha phase certs etcd-server --config=/tmp/${HOST1}/kubeadmcfg.yaml - kubeadm alpha phase certs etcd-peer --config=/tmp/${HOST1}/kubeadmcfg.yaml - kubeadm alpha phase certs etcd-healthcheck-client --config=/tmp/${HOST1}/kubeadmcfg.yaml - kubeadm alpha phase certs apiserver-etcd-client --config=/tmp/${HOST1}/kubeadmcfg.yaml + kubeadm init phase certs etcd-server --config=/tmp/${HOST1}/kubeadmcfg.yaml + kubeadm init phase certs etcd-peer --config=/tmp/${HOST1}/kubeadmcfg.yaml + kubeadm init phase certs etcd-healthcheck-client --config=/tmp/${HOST1}/kubeadmcfg.yaml + kubeadm init phase certs apiserver-etcd-client --config=/tmp/${HOST1}/kubeadmcfg.yaml cp -R /etc/kubernetes/pki /tmp/${HOST1}/ find /etc/kubernetes/pki -not -name ca.crt -not -name ca.key -type f -delete - kubeadm alpha phase certs etcd-server --config=/tmp/${HOST0}/kubeadmcfg.yaml - kubeadm alpha phase certs etcd-peer --config=/tmp/${HOST0}/kubeadmcfg.yaml - kubeadm alpha phase certs etcd-healthcheck-client --config=/tmp/${HOST0}/kubeadmcfg.yaml - kubeadm alpha phase certs apiserver-etcd-client --config=/tmp/${HOST0}/kubeadmcfg.yaml + kubeadm init phase certs etcd-server --config=/tmp/${HOST0}/kubeadmcfg.yaml + kubeadm init phase certs etcd-peer --config=/tmp/${HOST0}/kubeadmcfg.yaml + kubeadm init phase certs etcd-healthcheck-client --config=/tmp/${HOST0}/kubeadmcfg.yaml + kubeadm init phase certs apiserver-etcd-client --config=/tmp/${HOST0}/kubeadmcfg.yaml # No need to move the certs because they are for HOST0 # clean up certs that should not be copied off this host @@ -233,9 +233,9 @@ this example. for etcd. ```sh - root@HOST0 $ kubeadm alpha phase etcd local --config=/tmp/${HOST0}/kubeadmcfg.yaml - root@HOST1 $ kubeadm alpha phase etcd local --config=/home/ubuntu/kubeadmcfg.yaml - root@HOST2 $ kubeadm alpha phase etcd local --config=/home/ubuntu/kubeadmcfg.yaml + root@HOST0 $ kubeadm init phase etcd local --config=/tmp/${HOST0}/kubeadmcfg.yaml + root@HOST1 $ kubeadm init phase etcd local --config=/home/ubuntu/kubeadmcfg.yaml + root@HOST2 $ kubeadm init phase etcd local --config=/home/ubuntu/kubeadmcfg.yaml ``` 1. Optional: Check the cluster health diff --git a/content/ko/docs/setup/independent/create-cluster-kubeadm.md b/content/ko/docs/setup/independent/create-cluster-kubeadm.md index 806bf369d1e88..c2f493f0a2ecc 100644 --- a/content/ko/docs/setup/independent/create-cluster-kubeadm.md +++ b/content/ko/docs/setup/independent/create-cluster-kubeadm.md @@ -503,7 +503,7 @@ and `scp` using that other user instead. The `admin.conf` file gives the user _superuser_ privileges over the cluster. This file should be used sparingly. For normal users, it's recommended to generate an unique credential to which you whitelist privileges. You can do -this with the `kubeadm alpha phase kubeconfig user --client-name ` +this with the `kubeadm alpha kubeconfig user --client-name ` command. That command will print out a KubeConfig file to STDOUT which you should save to a file and distribute to your user. After that, whitelist privileges by using `kubectl create (cluster)rolebinding`. diff --git a/content/ko/docs/setup/independent/high-availability.md b/content/ko/docs/setup/independent/high-availability.md index c06a1fffcf471..616b9ec3da71a 100644 --- a/content/ko/docs/setup/independent/high-availability.md +++ b/content/ko/docs/setup/independent/high-availability.md @@ -146,8 +146,9 @@ different configuration. apiVersion: kubeadm.k8s.io/v1beta1 kind: ClusterConfiguration kubernetesVersion: stable - apiServerCertSANs: - - "LOAD_BALANCER_DNS" + apiServer: + certSANs: + - "LOAD_BALANCER_DNS" controlPlaneEndpoint: "LOAD_BALANCER_DNS:LOAD_BALANCER_PORT" etcd: local: @@ -225,8 +226,9 @@ done apiVersion: kubeadm.k8s.io/v1beta1 kind: ClusterConfiguration kubernetesVersion: stable - apiServerCertSANs: - - "LOAD_BALANCER_DNS" + apiServer: + certSANs: + - "LOAD_BALANCER_DNS" controlPlaneEndpoint: "LOAD_BALANCER_DNS:LOAD_BALANCER_PORT" etcd: local: @@ -275,11 +277,9 @@ done 1. Run the kubeadm phase commands to bootstrap the kubelet: ```sh - kubeadm alpha phase certs all --config kubeadm-config.yaml - kubeadm alpha phase kubelet config write-to-disk --config kubeadm-config.yaml - kubeadm alpha phase kubelet write-env-file --config kubeadm-config.yaml - kubeadm alpha phase kubeconfig kubelet --config kubeadm-config.yaml - systemctl start kubelet + kubeadm init phase certs --config kubeadm-config.yaml + kubeadm init phase kubeconfig kubelet --config kubeadm-config.yaml + kubeadm init phase kubelet-start--config kubeadm-config.yaml ``` 1. Run the commands to add the node to the etcd cluster: @@ -292,7 +292,7 @@ done export KUBECONFIG=/etc/kubernetes/admin.conf kubectl exec -n kube-system etcd-${CP0_HOSTNAME} -- etcdctl --ca-file /etc/kubernetes/pki/etcd/ca.crt --cert-file /etc/kubernetes/pki/etcd/peer.crt --key-file /etc/kubernetes/pki/etcd/peer.key --endpoints=https://${CP0_IP}:2379 member add ${CP1_HOSTNAME} https://${CP1_IP}:2380 - kubeadm alpha phase etcd local --config kubeadm-config.yaml + kubeadm init phase etcd local --config kubeadm-config.yaml ``` - This command causes the etcd cluster to become unavailable for a @@ -302,10 +302,10 @@ done 1. Deploy the control plane components and mark the node as a master: ```sh - kubeadm alpha phase kubeconfig all --config kubeadm-config.yaml - kubeadm alpha phase controlplane all --config kubeadm-config.yaml - kubeadm alpha phase kubelet config annotate-cri --config kubeadm-config.yaml - kubeadm alpha phase mark-master --config kubeadm-config.yaml + kubeadm init phase kubeconfig --config kubeadm-config.yaml + kubeadm init phase control-plane --config kubeadm-config.yaml + kubeadm init phase upload-config kubelet --config kubeadm-config.yaml + kubeadm init phase mark-control-plane --config kubeadm-config.yaml ``` ### Add the third stacked control plane node @@ -315,8 +315,9 @@ done apiVersion: kubeadm.k8s.io/v1beta1 kind: ClusterConfiguration kubernetesVersion: stable - apiServerCertSANs: - - "LOAD_BALANCER_DNS" + apiServer: + certSANs: + - "LOAD_BALANCER_DNS" controlPlaneEndpoint: "LOAD_BALANCER_DNS:LOAD_BALANCER_PORT" etcd: local: @@ -367,11 +368,9 @@ done 1. Run the kubeadm phase commands to bootstrap the kubelet: ```sh - kubeadm alpha phase certs all --config kubeadm-config.yaml - kubeadm alpha phase kubelet config write-to-disk --config kubeadm-config.yaml - kubeadm alpha phase kubelet write-env-file --config kubeadm-config.yaml - kubeadm alpha phase kubeconfig kubelet --config kubeadm-config.yaml - systemctl start kubelet + kubeadm init phase certs --config kubeadm-config.yaml + kubeadm init phase kubeconfig kubelet --config kubeadm-config.yaml + kubeadm init phase kubelet-start--config kubeadm-config.yaml ``` 1. Run the commands to add the node to the etcd cluster: @@ -384,16 +383,16 @@ done export KUBECONFIG=/etc/kubernetes/admin.conf kubectl exec -n kube-system etcd-${CP0_HOSTNAME} -- etcdctl --ca-file /etc/kubernetes/pki/etcd/ca.crt --cert-file /etc/kubernetes/pki/etcd/peer.crt --key-file /etc/kubernetes/pki/etcd/peer.key --endpoints=https://${CP0_IP}:2379 member add ${CP2_HOSTNAME} https://${CP2_IP}:2380 - kubeadm alpha phase etcd local --config kubeadm-config.yaml + kubeadm init phase etcd local --config kubeadm-config.yaml ``` 1. Deploy the control plane components and mark the node as a master: ```sh - kubeadm alpha phase kubeconfig all --config kubeadm-config.yaml - kubeadm alpha phase controlplane all --config kubeadm-config.yaml - kubeadm alpha phase kubelet config annotate-cri --config kubeadm-config.yaml - kubeadm alpha phase mark-master --config kubeadm-config.yaml + kubeadm init phase kubeconfig --config kubeadm-config.yaml + kubeadm init phase control-plane --config kubeadm-config.yaml + kubeadm init phase upload-config kubelet --config kubeadm-config.yaml + kubeadm init phase mark-control-plane --config kubeadm-config.yaml ``` ## External etcd @@ -443,8 +442,9 @@ done apiVersion: kubeadm.k8s.io/v1beta1 kind: ClusterConfiguration kubernetesVersion: stable - apiServerCertSANs: - - "LOAD_BALANCER_DNS" + apiServer: + certSANs: + - "LOAD_BALANCER_DNS" controlPlaneEndpoint: "LOAD_BALANCER_DNS:LOAD_BALANCER_PORT" etcd: external: diff --git a/content/ko/docs/setup/independent/setup-ha-etcd-with-kubeadm.md b/content/ko/docs/setup/independent/setup-ha-etcd-with-kubeadm.md index 08d547cfbdfa1..ad5a4df1d0dd3 100644 --- a/content/ko/docs/setup/independent/setup-ha-etcd-with-kubeadm.md +++ b/content/ko/docs/setup/independent/setup-ha-etcd-with-kubeadm.md @@ -112,7 +112,7 @@ this example. generated the configuration files for kubeadm). ``` - kubeadm alpha phase certs etcd-ca + kubeadm init phase certs etcd-ca ``` This creates two files @@ -123,25 +123,25 @@ this example. 1. Create certificates for each member ```sh - kubeadm alpha phase certs etcd-server --config=/tmp/${HOST2}/kubeadmcfg.yaml - kubeadm alpha phase certs etcd-peer --config=/tmp/${HOST2}/kubeadmcfg.yaml - kubeadm alpha phase certs etcd-healthcheck-client --config=/tmp/${HOST2}/kubeadmcfg.yaml - kubeadm alpha phase certs apiserver-etcd-client --config=/tmp/${HOST2}/kubeadmcfg.yaml + kubeadm init phase certs etcd-server --config=/tmp/${HOST2}/kubeadmcfg.yaml + kubeadm init phase certs etcd-peer --config=/tmp/${HOST2}/kubeadmcfg.yaml + kubeadm init phase certs etcd-healthcheck-client --config=/tmp/${HOST2}/kubeadmcfg.yaml + kubeadm init phase certs apiserver-etcd-client --config=/tmp/${HOST2}/kubeadmcfg.yaml cp -R /etc/kubernetes/pki /tmp/${HOST2}/ # cleanup non-reusable certificates find /etc/kubernetes/pki -not -name ca.crt -not -name ca.key -type f -delete - kubeadm alpha phase certs etcd-server --config=/tmp/${HOST1}/kubeadmcfg.yaml - kubeadm alpha phase certs etcd-peer --config=/tmp/${HOST1}/kubeadmcfg.yaml - kubeadm alpha phase certs etcd-healthcheck-client --config=/tmp/${HOST1}/kubeadmcfg.yaml - kubeadm alpha phase certs apiserver-etcd-client --config=/tmp/${HOST1}/kubeadmcfg.yaml + kubeadm init phase certs etcd-server --config=/tmp/${HOST1}/kubeadmcfg.yaml + kubeadm init phase certs etcd-peer --config=/tmp/${HOST1}/kubeadmcfg.yaml + kubeadm init phase certs etcd-healthcheck-client --config=/tmp/${HOST1}/kubeadmcfg.yaml + kubeadm init phase certs apiserver-etcd-client --config=/tmp/${HOST1}/kubeadmcfg.yaml cp -R /etc/kubernetes/pki /tmp/${HOST1}/ find /etc/kubernetes/pki -not -name ca.crt -not -name ca.key -type f -delete - kubeadm alpha phase certs etcd-server --config=/tmp/${HOST0}/kubeadmcfg.yaml - kubeadm alpha phase certs etcd-peer --config=/tmp/${HOST0}/kubeadmcfg.yaml - kubeadm alpha phase certs etcd-healthcheck-client --config=/tmp/${HOST0}/kubeadmcfg.yaml - kubeadm alpha phase certs apiserver-etcd-client --config=/tmp/${HOST0}/kubeadmcfg.yaml + kubeadm init phase certs etcd-server --config=/tmp/${HOST0}/kubeadmcfg.yaml + kubeadm init phase certs etcd-peer --config=/tmp/${HOST0}/kubeadmcfg.yaml + kubeadm init phase certs etcd-healthcheck-client --config=/tmp/${HOST0}/kubeadmcfg.yaml + kubeadm init phase certs apiserver-etcd-client --config=/tmp/${HOST0}/kubeadmcfg.yaml # No need to move the certs because they are for HOST0 # clean up certs that should not be copied off this host @@ -231,9 +231,9 @@ this example. for etcd. ```sh - root@HOST0 $ kubeadm alpha phase etcd local --config=/tmp/${HOST0}/kubeadmcfg.yaml - root@HOST1 $ kubeadm alpha phase etcd local --config=/home/ubuntu/kubeadmcfg.yaml - root@HOST2 $ kubeadm alpha phase etcd local --config=/home/ubuntu/kubeadmcfg.yaml + root@HOST0 $ kubeadm init phase etcd local --config=/tmp/${HOST0}/kubeadmcfg.yaml + root@HOST1 $ kubeadm init phase etcd local --config=/home/ubuntu/kubeadmcfg.yaml + root@HOST2 $ kubeadm init phase etcd local --config=/home/ubuntu/kubeadmcfg.yaml ``` 1. Optional: Check the cluster health