salt.modules.kubeadm

Warning

This module will be removed from Salt in version 3009 in favor of the kubernetes Salt Extension.

Module for kubeadm :maintainer: Alberto Planas <aplanas@suse.com> :maturity: new :depends: None :platform: Linux

salt.modules.kubeadm.alpha_certs_renew(rootfs=None)

New in version 3001.

Renews certificates for a Kubernetes cluster

rootfs

The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.alpha_certs_renew
salt.modules.kubeadm.alpha_kubeconfig_user(client_name, apiserver_advertise_address=None, apiserver_bind_port=None, cert_dir=None, org=None, token=None, rootfs=None)

New in version 3001.

Outputs a kubeconfig file for an additional user

client_name

The name of the user. It will be used as the CN if client certificates are created

apiserver_advertise_address

The IP address the API server is accessible on

apiserver_bind_port

The port the API server is accessible on (default 6443)

cert_dir

The path where certificates are stored (default "/etc/kubernetes/pki")

org

The organization of the client certificate

token

The token that show be used as the authentication mechanism for this kubeconfig, instead of client certificates

rootfs

The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.alpha_kubeconfig_user client_name=user
salt.modules.kubeadm.alpha_kubelet_config_download(kubeconfig=None, kubelet_version=None, rootfs=None)

New in version 3001.

Downloads the kubelet configuration from the cluster ConfigMap kubelet-config-1.X

kubeconfig

The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf

kubelet_version

The desired version for the kubelet

rootfs

The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.alpha_kubelet_config_download
salt '*' kubeadm.alpha_kubelet_config_download kubelet_version='1.14.0'
salt.modules.kubeadm.alpha_kubelet_config_enable_dynamic(node_name, kubeconfig=None, kubelet_version=None, rootfs=None)

New in version 3001.

Enables or updates dynamic kubelet configuration for a node

node_name

Name of the node that should enable the dynamic kubelet configuration

kubeconfig

The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf

kubelet_version

The desired version for the kubelet

rootfs

The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.alpha_kubelet_config_enable_dynamic node-1
salt.modules.kubeadm.alpha_selfhosting_pivot(cert_dir=None, config=None, kubeconfig=None, store_certs_in_secrets=False, rootfs=None)

New in version 3001.

Converts a static Pod-hosted control plane into a selt-hosted one

cert_dir

The path where certificates are stored (default "/etc/kubernetes/pki")

config

Path to kubeadm configuration file

kubeconfig

The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf

store_certs_in_secrets

Enable storing certs in secrets

rootfs

The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.alpha_selfhost_pivot
salt.modules.kubeadm.config_images_list(config=None, feature_gates=None, kubernetes_version=None, kubeconfig=None, rootfs=None)

New in version 3001.

Print a list of images kubeadm will use

config

Path to kubeadm configuration file

feature_gates

A set of key=value pairs that describe feature gates for various features

kubernetes_version

Choose a specifig Kubernetes version for the control plane (default "stable-1")

kubeconfig

The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf

rootfs

The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.config_images_list
salt.modules.kubeadm.config_images_pull(config=None, cri_socket=None, feature_gates=None, kubernetes_version=None, kubeconfig=None, rootfs=None)

New in version 3001.

Pull images used by kubeadm

config

Path to kubeadm configuration file

cri_socket

Path to the CRI socket to connect

feature_gates

A set of key=value pairs that describe feature gates for various features

kubernetes_version

Choose a specifig Kubernetes version for the control plane (default "stable-1")

kubeconfig

The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf

rootfs

The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.config_images_pull
salt.modules.kubeadm.config_migrate(old_config, new_config=None, kubeconfig=None, rootfs=None)

New in version 3001.

Read an older version of the kubeadm configuration API types from a file, and output the similar config object for the newer version

old_config

Path to the kubeadm config file that is usin the old API version and should be converted

new_config

Path to the resulting equivalent kubeadm config file using the new API version. If not specified the output will be returned

kubeconfig

The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf

rootfs

The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.config_migrate /oldconfig.cfg
salt.modules.kubeadm.config_print_init_defaults(component_configs=None, kubeconfig=None, rootfs=None)

New in version 3001.

Return default init configuration, that can be used for 'kubeadm init'

component_config

A comma-separated list for component config API object to print the default values for (valid values: KubeProxyConfiguration, KubeletConfiguration)

kubeconfig

The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf

rootfs

The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.config_print_init_defaults
salt.modules.kubeadm.config_print_join_defaults(component_configs=None, kubeconfig=None, rootfs=None)

New in version 3001.

Return default join configuration, that can be used for 'kubeadm join'

component_config

A comma-separated list for component config API object to print the default values for (valid values: KubeProxyConfiguration, KubeletConfiguration)

kubeconfig

The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf

rootfs

The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.config_print_join_defaults
salt.modules.kubeadm.config_upload_from_file(config, kubeconfig=None, rootfs=None)

New in version 3001.

Upload a configuration file to the in-cluster ConfigMap for kubeadm configuration

config

Path to a kubeadm configuration file

kubeconfig

The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf

rootfs

The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.config_upload_from_file /config.cfg
salt.modules.kubeadm.config_upload_from_flags(apiserver_advertise_address=None, apiserver_bind_port=None, apiserver_cert_extra_sans=None, cert_dir=None, cri_socket=None, feature_gates=None, kubernetes_version=None, node_name=None, pod_network_cidr=None, service_cidr=None, service_dns_domain=None, kubeconfig=None, rootfs=None)

New in version 3001.

Create the in-cluster configuration file for the first time using flags

apiserver_advertise_address

The IP address the API server will advertise it's listening on

apiserver_bind_port

The port the API server is accessible on (default 6443)

apiserver_cert_extra_sans

Optional extra Subject Alternative Names (SANs) to use for the API Server serving certificate

cert_dir

The path where to save and store the certificates (default "/etc/kubernetes/pki")

cri_socket

Path to the CRI socket to connect

feature_gates

A set of key=value pairs that describe feature gates for various features

kubernetes_version

Choose a specifig Kubernetes version for the control plane (default "stable-1")

node_name

Specify the node name

pod_network_cidr

Specify range of IP addresses for the pod network

service_cidr

Use alternative range of IP address for service VIPs (default "10.96.0.0/12")

service_dns_domain

Use alternative domain for services (default "cluster.local")

kubeconfig

The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf

rootfs

The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.config_upload_from_flags
salt.modules.kubeadm.config_view(kubeconfig=None, rootfs=None)

New in version 3001.

View the kubeadm configuration stored inside the cluster

kubeconfig

The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf

rootfs

The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.config_view
salt.modules.kubeadm.init(apiserver_advertise_address=None, apiserver_bind_port=None, apiserver_cert_extra_sans=None, cert_dir=None, certificate_key=None, control_plane_endpoint=None, config=None, cri_socket=None, experimental_upload_certs=False, upload_certs=False, feature_gates=None, ignore_preflight_errors=None, image_repository=None, kubernetes_version=None, node_name=None, pod_network_cidr=None, service_cidr=None, service_dns_domain=None, skip_certificate_key_print=False, skip_phases=None, skip_token_print=False, token=None, token_ttl=None, rootfs=None)

New in version 3001.

Command to set up the Kubernetes control plane

apiserver_advertise_address

The IP address the API server will advertise it's listening on

apiserver_bind_port

The port the API server is accessible on (default 6443)

apiserver_cert_extra_sans

Optional extra Subject Alternative Names (SANs) to use for the API Server serving certificate

cert_dir

The path where to save and store the certificates (default "/etc/kubernetes/pki")

certificate_key

Key used to encrypt the control-plane certificates in the kubeadm-certs Secret

config

Path to a kubeadm configuration file

control_plane_endpoint

Specify a stable IP address or DNS name for the control plane

cri_socket

Path to the CRI socket to connect

experimental_upload_certs

Upload control-plane certificate to the kubeadm-certs Secret. ( kubeadm version =< 1.16 )

upload_certs

Upload control-plane certificate to the kubeadm-certs Secret. ( kubeadm version > 1.16 )

feature_gates

A set of key=value pairs that describe feature gates for various features

ignore_preflight_errors

A list of checks whose errors will be shown as warnings

image_repository

Choose a container registry to pull control plane images from

kubernetes_version

Choose a specifig Kubernetes version for the control plane (default "stable-1")

node_name

Specify the node name

pod_network_cidr

Specify range of IP addresses for the pod network

service_cidr

Use alternative range of IP address for service VIPs (default "10.96.0.0/12")

service_dns_domain

Use alternative domain for services (default "cluster.local")

skip_certificate_key_print

Don't print the key used to encrypt the control-plane certificates

skip_phases

List of phases to be skipped

skip_token_print

Skip printing of the default bootstrap token generated by 'kubeadm init'

token

The token to use for establishing bidirectional trust between nodes and control-plane nodes. The token must match a regular expression, that by default is [a-z0-9]{6}.[a-z0-9]{16}

token_ttl

The duration defore the token is automatically deleted (1s, 2m, 3h). If set to '0' the token will never expire. Default value is 24h0m0s

rootfs

The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.init pod_network_cidr='10.244.0.0/16'
salt.modules.kubeadm.join(api_server_endpoint=None, apiserver_advertise_address=None, apiserver_bind_port=None, certificate_key=None, config=None, cri_socket=None, discovery_file=None, discovery_token=None, discovery_token_ca_cert_hash=None, discovery_token_unsafe_skip_ca_verification=False, experimental_control_plane=False, control_plane=False, ignore_preflight_errors=None, node_name=None, skip_phases=None, tls_bootstrap_token=None, token=None, rootfs=None)

New in version 3001.

Command to join to an existing cluster

api_server_endpoint

IP address or domain name and port of the API Server

apiserver_advertise_address

If the node should host a new control plane instance, the IP address the API Server will advertise it's listening on

apiserver_bind_port

If the node should host a new control plane instance, the port the API Server to bind to (default 6443)

certificate_key

Use this key to decrypt the certificate secrets uploaded by init

config

Path to a kubeadm configuration file

cri_socket

Path to the CRI socket to connect

discovery_file

For file-based discovery, a file or URL from which to load cluster information

discovery_token

For token-based discovery, the token used to validate cluster information fetched from the API Server

discovery_token_ca_cert_hash

For token-based discovery, validate that the root CA public key matches this hash (format: "<type>:<value>")

discovery_token_unsafe_skip_ca_verification

For token-based discovery, allow joining without 'discovery-token-ca-cert-hash' pinning

experimental_control_plane

Create a new control plane instance on this node (kubeadm version =< 1.16)

control_plane

Create a new control plane instance on this node (kubeadm version > 1.16)

ignore_preflight_errors

A list of checks whose errors will be shown as warnings

node_name

Specify the node name

skip_phases

List of phases to be skipped

tls_bootstrap_token

Specify the token used to temporarily authenticate with the Kubernetes Control Plane while joining the node

token

Use this token for both discovery-token and tls-bootstrap-token when those values are not provided

rootfs

The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.join 10.160.65.165:6443 token='token'
salt.modules.kubeadm.join_params(create_if_needed=False)

New in version 3001.

Return the parameters required for joining into the cluster

create_if_needed

If the token bucket is empty and this parameter is True, a new token will be created.

CLI Example:

salt '*' kubeadm.join_params
salt '*' kubeadm.join_params create_if_needed=True
salt.modules.kubeadm.reset(cert_dir=None, cri_socket=None, ignore_preflight_errors=None, kubeconfig=None, rootfs=None)

New in version 3001.

Revert any changes made to this host by 'kubeadm init' or 'kubeadm join'

cert_dir

The path to the directory where the certificates are stored (default "/etc/kubernetes/pki")

cri_socket

Path to the CRI socket to connect

ignore_preflight_errors

A list of checks whose errors will be shown as warnings

kubeconfig

The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf

rootfs

The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.join 10.160.65.165:6443 token='token'
salt.modules.kubeadm.token_create(token=None, config=None, description=None, groups=None, ttl=None, usages=None, kubeconfig=None, rootfs=None)

New in version 3001.

Create bootstrap tokens on the server

token

Token to write, if None one will be generated. The token must match a regular expression, that by default is [a-z0-9]{6}.[a-z0-9]{16}

config

Path to kubeadm configuration file

description

A human friendly description of how this token is used

groups

List of extra groups that this token will authenticate, default to ['system:bootstrappers:kubeadm:default-node-token']

ttl

The duration defore the token is automatically deleted (1s, 2m, 3h). If set to '0' the token will never expire. Default value is 24h0m0s

usages

Describes the ways in which this token can be used. The default value is ['signing', 'authentication']

kubeconfig

The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf

rootfs

The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.token_create
salt '*' kubeadm.token_create a1b2c.0123456789abcdef
salt '*' kubeadm.token_create ttl='6h'
salt '*' kubeadm.token_create usages="['signing']"
salt.modules.kubeadm.token_delete(token, kubeconfig=None, rootfs=None)

New in version 3001.

Delete bootstrap tokens on the server

token

Token to write, if None one will be generated. The token must match a regular expression, that by default is [a-z0-9]{6}.[a-z0-9]{16}

kubeconfig

The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf

rootfs

The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.token_delete a1b2c
salt '*' kubeadm.token_create a1b2c.0123456789abcdef
salt.modules.kubeadm.token_generate(kubeconfig=None, rootfs=None)

New in version 3001.

Generate and return a bootstrap token, but do not create it on the server

kubeconfig

The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf

rootfs

The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.token_generate
salt.modules.kubeadm.token_list(kubeconfig=None, rootfs=None)

New in version 3001.

List bootstrap tokens on the server

kubeconfig

The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf

rootfs

The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.token_list
salt.modules.kubeadm.version(kubeconfig=None, rootfs=None)

New in version 3001.

Return the version of kubeadm

kubeconfig

The kubeconfig file to use when talking to the cluster. The default values in /etc/kubernetes/admin.conf

rootfs

The path to the real host root filesystem

CLI Example:

salt '*' kubeadm.version