1

I have a Kubernetes cluster 1.17, and I want to add some extraArgs and extraVolumes (like in https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/control-plane-flags/) in the apiserver. Usually, I update the manifest file /etc/kubernetes/manifests/kube-apiserver.yaml to apply my new config, then I update the kubeadm-config ConfigMap to keep this new configuration for the next Kubernetes upgrade (because static pod manifests are re-generated from this ConfigMap when upgrading).

Is it possible to update only the kubeadm-config ConfigMap then apply the configuration with a command like kubeadm init phase control-plane apiserver ? What are the risks ?

Antoine
  • 310
  • 1
  • 5
  • 14
  • Could you elaborate what exactly you want to achieve? What args/volumes you want to add/change ? – PjoterS Feb 22 '21 at 07:35
  • 1
    I edited my question to clarify. For example, I need to add the extraArg `--authentication-token-webhook-config-file=/etc/kubernetes/conf/ldap.conf` and an extraVolume to mount the the authentication configuration file in the apiserver pod. – Antoine Feb 22 '21 at 08:21

2 Answers2

1

That's the way to go to upgrade static pod definitions of control plane components, but instead of init command I guess you meant upgrade.

$ kubeadm upgrade command consults each time current cluster configuration from ConfigMap ($ kubectl -n kube-system get cm kubeadm-config -o yaml) before applying changes.

Talking about risks, you can try to envision them by studying output of kubeadm upgrade diff command, e.g.

kubeadm upgrade diff v1.20.4. More details in this documentation. You could also try to use --dry-run flag from this doc. It won't change any state, it will display the actions that would be performed.

As addition, you could also read about --experimental-patches from this docs

PjoterS
  • 12,841
  • 1
  • 22
  • 54
  • The `kubectl upgrade` command worried me because I didn't know if we could update only the configuration, without the version. But I just tested and it's OK. As usual, `kubectl upgrade apply` on the first node, then `kubectl upgrade node` on other control-plane nodes worked. Thanks for your clear answer. – Antoine Mar 04 '21 at 15:41
  • Cannot edit my comment: I would write `kubeadm` in the place of `kubectl` obviously. – Antoine Sep 29 '21 at 10:01
-1

If you mean change the apiserver config in a live cluster,you can change /etc/kubernetes/manifest/kubeadm-apiserver.conf to apply.

But you must be careful becouse the old static pod will be killed before the new pod ready.

zh h
  • 1
  • 3