The `kubeadm v1beta3` config format defines the cluster bootstrap configuration for Kubernetes. It replaces v1beta2 by removing legacy fields and refining the API. Engineers use it to drive automated control plane initialization, node joining, certificate distribution, and networking setup in a repeatable manner.
TL;DR
- v1beta3 drops deprecated fields:
useHyperKubeImageanddns.type. - It splits config into three kinds:
InitConfiguration,ClusterConfiguration,JoinConfiguration. ClusterConfigurationcentralizes control plane settings: version, endpoints, certs, networking.InitConfigurationholds node registration and bootstrap token data.JoinConfigurationconfigures worker or control-plane node joins with CA keys.- Use the YAML schema in automation and CI/CD to ensure consistent cluster creation.
Understanding kubeadm v1beta3 config
The v1beta3 version of kubeadm config refines earlier releases by removing unused fields and adding tags for secret data. It follows the Kubernetes API conventions and delivers a schema-driven approach to cluster bootstrap. You reference it in CLI and automation via --config flag.
Changes since v1beta2 in kubeadm v1beta3 config
Key edits in this release:
- Removed
ClusterConfiguration.useHyperKubeImage—hyperkube image no longer supported. - Dropped
ClusterConfiguration.dns.type—CoreDNS is now mandatory. - Added
datapolicytags for fields holding secrets so operators can track sensitive data.
ClusterConfiguration in kubeadm v1beta3 config
ClusterConfiguration lives in kubeadm.k8s.io/v1beta3. It defines cluster-wide settings:
- kubernetesVersion: target Kubernetes version.
- controlPlaneEndpoint: DNS or IP of HA endpoint.
- certificateKey: used to encrypt control-plane certificate secrets.
- certificatesDir: path on disk to store all certs.
- clusterName: logical name for the cluster.
- networking: nested object for
podSubnet,serviceSubnet,dnsDomain. - apiServer, controllerManager, scheduler: embedded configs for extra args and endpoint overrides.
- imageRepository: override default control-plane image registry.
- etcd: external or local etcd settings, including
localandexternalsections.
InitConfiguration for kubeadm v1beta3 config
InitConfiguration holds node-specific bootstrap data:
- bootstrapTokens: list of tokens for joining nodes.
- nodeRegistration:
criSocket,taints,name,kubeletExtraArgs. - localAPIEndpoint: bind port and interface for local API server process during init.
JoinConfiguration and kubeadm v1beta3 config
JoinConfiguration applies to worker and control-plane node joins. It includes:
- discovery: methods to locate control plane (
bootstrapToken,tlsBootstrapToken,filemethods). - nodeRegistration: same as init for CRI, taints, etc.
- controlPlane: flags to join as control-plane (certificateKey and APIEndpoint).
Sample YAML: kubeadm v1beta3 config
apiVersion: kubeadm.k8s.io/v1beta3
kind: InitConfiguration
bootstrapTokens:
- token: "abcdef.0123456789abcdef"
ttl: "24h"
nodeRegistration:
name: "master1"
criSocket: "/var/run/dockershim.sock"
kubeletExtraArgs:
cgroup-driver: "systemd"
---
apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
kubernetesVersion: "v1.24.0"
controlPlaneEndpoint: "api.mycluster.local:6443"
networking:
podSubnet: "192.168.0.0/16"
serviceSubnet: "10.96.0.0/12"
dnsDomain: "cluster.local"
imageRepository: "registry.example.com/k8s"
etcd:
local:
dataDir: "/var/lib/etcd"
Best Practices with kubeadm v1beta3 config
Store config files in Git with strict access controls. Tag secret fields separately. Use CI pipelines to lint and validate schema. Pin the Kubernetes version. Use certificateKey vault integration. Employ external etcd for HA clusters.
References
Suggested Reading
PostHashID: b2b9c6d7d349f045698ce780fc3bb76df9126d1a87195f2c14043249981c28a5
