salt.modules.kubeadm¶

maintainer:	Alberto Planas <aplanas@suse.com>
maturity:	new
depends:	None
platform:	Linux

salt.modules.kubeadm.alpha_certs_renew(rootfs=None)¶

New in version 3001.

Renews certificates for a Kubernetes cluster

rootfs: The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.alpha_certs_renew

salt.modules.kubeadm.alpha_kubeconfig_user(client_name, apiserver_advertise_address=None, apiserver_bind_port=None, cert_dir=None, org=None, token=None, rootfs=None)¶

New in version 3001.

Outputs a kubeconfig file for an additional user

client_name: The name of the user. It will be used as the CN if client certificates are created
apiserver_advertise_address: The IP address the API server is accessible on
apiserver_bind_port: The port the API server is accessible on (default 6443)
cert_dir: The path where certificates are stored (default "/etc/kubernetes/pki")
org: The organization of the client certificate
token: The token that show be used as the authentication mechanism for this kubeconfig, instead of client certificates
rootfs: The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.alpha_kubeconfig_user client_name=user

salt.modules.kubeadm.alpha_kubelet_config_download(kubeconfig=None, kubelet_version=None, rootfs=None)¶

New in version 3001.

Downloads the kubelet configuration from the cluster ConfigMap kubelet-config-1.X

kubeconfig: The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf
kubelet_version: The desired version for the kubelet
rootfs: The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.alpha_kubelet_config_download
salt '*' kubeadm.alpha_kubelet_config_download kubelet_version='1.14.0'

salt.modules.kubeadm.alpha_kubelet_config_enable_dynamic(node_name, kubeconfig=None, kubelet_version=None, rootfs=None)¶

New in version 3001.

Enables or updates dynamic kubelet configuration for a node

node_name: Name of the node that should enable the dynamic kubelet configuration
kubeconfig: The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf
kubelet_version: The desired version for the kubelet
rootfs: The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.alpha_kubelet_config_enable_dynamic node-1

salt.modules.kubeadm.alpha_selfhosting_pivot(cert_dir=None, config=None, kubeconfig=None, store_certs_in_secrets=False, rootfs=None)¶

New in version 3001.

Converts a static Pod-hosted control plane into a selt-hosted one

cert_dir: The path where certificates are stored (default "/etc/kubernetes/pki")
config: Path to kubeadm configuration file
kubeconfig: The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf
store_certs_in_secrets: Enable storing certs in secrets
rootfs: The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.alpha_selfhost_pivot

salt.modules.kubeadm.config_images_list(config=None, feature_gates=None, kubernetes_version=None, kubeconfig=None, rootfs=None)¶

New in version 3001.

Print a list of images kubeadm will use

config: Path to kubeadm configuration file
feature_gates: A set of key=value pairs that describe feature gates for various features
kubernetes_version: Choose a specifig Kubernetes version for the control plane (default "stable-1")
kubeconfig: The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf
rootfs: The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.config_images_list

salt.modules.kubeadm.config_images_pull(config=None, cri_socket=None, feature_gates=None, kubernetes_version=None, kubeconfig=None, rootfs=None)¶

New in version 3001.

Pull images used by kubeadm

config: Path to kubeadm configuration file
cri_socket: Path to the CRI socket to connect
feature_gates: A set of key=value pairs that describe feature gates for various features
kubernetes_version: Choose a specifig Kubernetes version for the control plane (default "stable-1")
kubeconfig: The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf
rootfs: The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.config_images_pull

salt.modules.kubeadm.config_migrate(old_config, new_config=None, kubeconfig=None, rootfs=None)¶

New in version 3001.

Read an older version of the kubeadm configuration API types from a file, and output the similar config object for the newer version

old_config: Path to the kubeadm config file that is usin the old API version and should be converted
new_config: Path to the resulting equivalent kubeadm config file using the new API version. If not specified the output will be returned
kubeconfig: The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf
rootfs: The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.config_migrate /oldconfig.cfg

salt.modules.kubeadm.config_print_init_defaults(component_configs=None, kubeconfig=None, rootfs=None)¶

New in version 3001.

Return default init configuration, that can be used for 'kubeadm init'

component_config: A comma-separated list for component config API object to print the default values for (valid values: KubeProxyConfiguration, KubeletConfiguration)
kubeconfig: The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf
rootfs: The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.config_print_init_defaults

salt.modules.kubeadm.config_print_join_defaults(component_configs=None, kubeconfig=None, rootfs=None)¶

New in version 3001.

Return default join configuration, that can be used for 'kubeadm join'

component_config: A comma-separated list for component config API object to print the default values for (valid values: KubeProxyConfiguration, KubeletConfiguration)
kubeconfig: The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf
rootfs: The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.config_print_join_defaults

salt.modules.kubeadm.config_upload_from_file(config, kubeconfig=None, rootfs=None)¶

New in version 3001.

Upload a configuration file to the in-cluster ConfigMap for kubeadm configuration

config: Path to a kubeadm configuration file
kubeconfig: The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf
rootfs: The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.config_upload_from_file /config.cfg

salt.modules.kubeadm.config_upload_from_flags(apiserver_advertise_address=None, apiserver_bind_port=None, apiserver_cert_extra_sans=None, cert_dir=None, cri_socket=None, feature_gates=None, kubernetes_version=None, node_name=None, pod_network_cidr=None, service_cidr=None, service_dns_domain=None, kubeconfig=None, rootfs=None)¶

New in version 3001.

Create the in-cluster configuration file for the first time using flags

apiserver_advertise_address: The IP address the API server will advertise it's listening on
apiserver_bind_port: The port the API server is accessible on (default 6443)
apiserver_cert_extra_sans: Optional extra Subject Alternative Names (SANs) to use for the API Server serving certificate
cert_dir: The path where to save and store the certificates (default "/etc/kubernetes/pki")
cri_socket: Path to the CRI socket to connect
feature_gates: A set of key=value pairs that describe feature gates for various features
kubernetes_version: Choose a specifig Kubernetes version for the control plane (default "stable-1")
node_name: Specify the node name
pod_network_cidr: Specify range of IP addresses for the pod network
service_cidr: Use alternative range of IP address for service VIPs (default "10.96.0.0/12")
service_dns_domain: Use alternative domain for services (default "cluster.local")
kubeconfig: The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf
rootfs: The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.config_upload_from_flags

salt.modules.kubeadm.config_view(kubeconfig=None, rootfs=None)¶

New in version 3001.

View the kubeadm configuration stored inside the cluster

kubeconfig: The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf
rootfs: The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.config_view

salt.modules.kubeadm.init(apiserver_advertise_address=None, apiserver_bind_port=None, apiserver_cert_extra_sans=None, cert_dir=None, certificate_key=None, config=None, cri_socket=None, experimental_upload_certs=False, feature_gates=None, ignore_preflight_errors=None, image_repository=None, kubernetes_version=None, node_name=None, pod_network_cidr=None, service_cidr=None, service_dns_domain=None, skip_certificate_key_print=False, skip_phases=None, skip_token_print=False, token=None, token_ttl=None, rootfs=None)¶

New in version 3001.

Command to set up the Kubernetes control plane

apiserver_advertise_address: The IP address the API server will advertise it's listening on
apiserver_bind_port: The port the API server is accessible on (default 6443)
apiserver_cert_extra_sans: Optional extra Subject Alternative Names (SANs) to use for the API Server serving certificate
cert_dir: The path where to save and store the certificates (default "/etc/kubernetes/pki")
certificate_key: Key used to encrypt the control-plane certificates in the kubeadm-certs Secret
config: Path to a kubeadm configuration file
cri_socket: Path to the CRI socket to connect
experimental_upload_certs: Upload control-plane certificate to the kubeadm-certs Secret
feature_gates: A set of key=value pairs that describe feature gates for various features
ignore_preflight_errors: A list of checks whose errors will be shown as warnings
image_repository: Choose a container registry to pull control plane images from
kubernetes_version: Choose a specifig Kubernetes version for the control plane (default "stable-1")
node_name: Specify the node name
pod_network_cidr: Specify range of IP addresses for the pod network
service_cidr: Use alternative range of IP address for service VIPs (default "10.96.0.0/12")
service_dns_domain: Use alternative domain for services (default "cluster.local")
skip_certificate_key_print: Don't print the key used to encrypt the control-plane certificates
skip_phases: List of phases to be skipped
skip_token_print: Skip printing of the default bootstrap token generated by 'kubeadm init'
token: The token to use for establishing bidirectional trust between nodes and control-plane nodes. The token must match a regular expression, that by default is [a-z0-9]{6}.[a-z0-9]{16}
token_ttl: The duration defore the token is automatically deleted (1s, 2m, 3h). If set to '0' the token will never expire. Default value is 24h0m0s
rootfs: The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.init pod_network_cidr='10.244.0.0/16'

salt.modules.kubeadm.join(api_server_endpoint=None, apiserver_advertise_address=None, apiserver_bind_port=None, certificate_key=None, config=None, cri_socket=None, discovery_file=None, discovery_token=None, discovery_token_ca_cert_hash=None, discovery_token_unsafe_skip_ca_verification=False, experimental_control_plane=False, ignore_preflight_errors=None, node_name=None, skip_phases=None, tls_bootstrap_token=None, token=None, rootfs=None)¶

New in version 3001.

Command to join to an existing cluster

api_server_endpoint: IP address or domain name and port of the API Server
apiserver_advertise_address: If the node should host a new control plane instance, the IP address the API Server will advertise it's listening on
apiserver_bind_port: If the node should host a new control plane instance, the port the API Server to bind to (default 6443)
certificate_key: Use this key to decrypt the certificate secrets uploaded by init
config: Path to a kubeadm configuration file
cri_socket: Path to the CRI socket to connect
discovery_file: For file-based discovery, a file or URL from which to load cluster information
discovery_token: For token-based discovery, the token used to validate cluster information fetched from the API Server
discovery_token_ca_cert_hash: For token-based discovery, validate that the root CA public key matches this hash (format: "<type>:<value>")
discovery_token_unsafe_skip_ca_verification: For token-based discovery, allow joining without 'discovery-token-ca-cert-hash' pinning
experimental_control_plane: Create a new control plane instance on this node
ignore_preflight_errors: A list of checks whose errors will be shown as warnings
node_name: Specify the node name
skip_phases: List of phases to be skipped
tls_bootstrap_token: Specify the token used to temporarily authenticate with the Kubernetes Control Plane while joining the node
token: Use this token for both discovery-token and tls-bootstrap-token when those values are not provided
rootfs: The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.join 10.160.65.165:6443 token='token'

salt.modules.kubeadm.join_params(create_if_needed=False)¶

New in version 3001.

Return the parameters required for joining into the cluster

create_if_needed: If the token bucket is empty and this parameter is True, a new token will be created.

CLI Example:

salt '*' kubeadm.join_params
salt '*' kubeadm.join_params create_if_needed=True

salt.modules.kubeadm.reset(cert_dir=None, cri_socket=None, ignore_preflight_errors=None, kubeconfig=None, rootfs=None)¶

New in version 3001.

Revert any changes made to this host by 'kubeadm init' or 'kubeadm join'

cert_dir: The path to the directory where the certificates are stored (default "/etc/kubernetes/pki")
cri_socket: Path to the CRI socket to connect
ignore_preflight_errors: A list of checks whose errors will be shown as warnings
kubeconfig: The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf
rootfs: The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.join 10.160.65.165:6443 token='token'

salt.modules.kubeadm.token_create(token=None, config=None, description=None, groups=None, ttl=None, usages=None, kubeconfig=None, rootfs=None)¶

New in version 3001.

Create bootstrap tokens on the server

token: Token to write, if None one will be generated. The token must match a regular expression, that by default is [a-z0-9]{6}.[a-z0-9]{16}
config: Path to kubeadm configuration file
description: A human friendly description of how this token is used
groups: List of extra groups that this token will authenticate, default to ['system:bootstrappers:kubeadm:default-node-token']
ttl: The duration defore the token is automatically deleted (1s, 2m, 3h). If set to '0' the token will never expire. Default value is 24h0m0s
usages: Describes the ways in which this token can be used. The default value is ['signing', 'authentication']
kubeconfig: The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf
rootfs: The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.token_create
salt '*' kubeadm.token_create a1b2c.0123456789abcdef
salt '*' kubeadm.token_create ttl='6h'
salt '*' kubeadm.token_create usages="['signing']"

salt.modules.kubeadm.token_delete(token, kubeconfig=None, rootfs=None)¶

New in version 3001.

Delete bootstrap tokens on the server

token: Token to write, if None one will be generated. The token must match a regular expression, that by default is [a-z0-9]{6}.[a-z0-9]{16}
kubeconfig: The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf
rootfs: The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.token_delete a1b2c
salt '*' kubeadm.token_create a1b2c.0123456789abcdef

salt.modules.kubeadm.token_generate(kubeconfig=None, rootfs=None)¶

New in version 3001.

Generate and return a bootstrap token, but do not create it on the server

kubeconfig: The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf
rootfs: The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.token_generate

salt.modules.kubeadm.token_list(kubeconfig=None, rootfs=None)¶

New in version 3001.

List bootstrap tokens on the server

kubeconfig: The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf
rootfs: The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.token_list

salt.modules.kubeadm.version(kubeconfig=None, rootfs=None)¶

New in version 3001.

Return the version of kubeadm

kubeconfig: The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf
rootfs: The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.version

Docs for previous releases are available on readthedocs.org.

Latest Salt release: 3004.1

Previous topic

salt.modules.kmod

salt.modules.kubeadm¶

Quick search

Previous topic