I'm using hyperkube to start kube-controller-manager docker container. In order to rotate the kubernetes CA I followed this doc. I have to point the KCM client-ca and cluster-signing-cert to different certs. Automating this is difficult because KCM process uses command line arguments.
I don't see any option here. Does anyone know a way of migrating command line arguments to a config.yaml file for kube-controller-manager?
NOTE: My question is about starting the KCM process with config file just like how we have one for kubelets here.
There are two possible ways of starting kube-controller-manager with customized settings, by providing YAML files.
The kube-controller-manager runs as a pod in your control plane. It's config file is located in /etc/kubernetes/manifests, a kube-controller-manager.yaml. By adding .spec.containers.command like so:
spec:
containers:
- command:
- kube-controller-manager
- --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf
...
you can change the defaults.
Then you would have to restart docker (or containerd)
sudo systemctl restart docker (or containerd)
or, if you want to restart just kube-controller-manager
docker restart kube-controller-mamnager
You can change use ClusterConfiguration with extraArgs like so[reference]:
apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
kubernetesVersion: v1.16.0
controllerManager:
extraArgs:
cluster-signing-key-file: /home/johndoe/keys/ca.key
deployment-controller-sync-period: "50"
For this you would have to extract your current cluster configuration
kubeadm config view > kubeadm-config.yaml
edit this file accordingly, and then upgrade the control plane
kubeadm upgrade apply --config kubeadm-config.yaml
Now, to answer your question - kube-controller-manager does not support --config or any other flag that would allow you to pass a YAML file as it's argument (you can check all available flags here).
The only possible solutions are the two above.