kubeadm config add support for more than one APIEndpoint

2025-07-21 19:01:49 +00:00 · 2018-08-27 09:00:26 +02:00 · 2018-08-27 09:00:26 +02:00 · 7dfb3c7134
commit 7dfb3c7134
parent b2b3c36ecb
48 changed files with 506 additions and 414 deletions
--- a/cmd/kubeadm/app/apis/kubeadm/fuzzer/fuzzer.go
+++ b/cmd/kubeadm/app/apis/kubeadm/fuzzer/fuzzer.go
@ -45,25 +45,14 @@ func Funcs(codecs runtimeserializer.CodecFactory) []interface{} {
 		func(obj *kubeadm.InitConfiguration, c fuzz.Continue) {
 			c.FuzzNoCustom(obj)
 			fuzzClusterConfig(&obj.ClusterConfiguration)
-			obj.BootstrapTokens = []kubeadm.BootstrapToken{
-				{
-					Token: &kubeadm.BootstrapTokenString{
-						ID:     "abcdef",
-						Secret: "abcdef0123456789",
-					},
-					TTL:    &metav1.Duration{Duration: 1 * time.Hour},
-					Usages: []string{"foo"},
-					Groups: []string{"foo"},
-				},
-			}
-			obj.NodeRegistration = kubeadm.NodeRegistrationOptions{
-				CRISocket: "foo",
-				Name:      "foo",
-				Taints:    []v1.Taint{},
-			}
+			fuzzBootstrapTokens(&obj.BootstrapTokens)
+			fuzzNodeRegistration(&obj.NodeRegistration)
+			fuzzAPIEndpoint(&obj.APIEndpoint)
 		},
 		func(obj *kubeadm.JoinConfiguration, c fuzz.Continue) {
 			c.FuzzNoCustom(obj)
+			fuzzNodeRegistration(&obj.NodeRegistration)
+			fuzzAPIEndpoint(&obj.APIEndpoint)
 			obj.CACertPath = "foo"
 			obj.DiscoveryFile = "foo"
 			obj.DiscoveryToken = "foo"
@ -72,18 +61,37 @@ func Funcs(codecs runtimeserializer.CodecFactory) []interface{} {
 			obj.TLSBootstrapToken = "foo"
 			obj.Token = "foo"
 			obj.ClusterName = "foo"
-			obj.NodeRegistration = kubeadm.NodeRegistrationOptions{
-				CRISocket: "foo",
-				Name:      "foo",
-			}
 		},
 	}
 }

+func fuzzBootstrapTokens(obj *[]kubeadm.BootstrapToken) {
+	obj = &[]kubeadm.BootstrapToken{
+		{
+			Token: &kubeadm.BootstrapTokenString{
+				ID:     "abcdef",
+				Secret: "abcdef0123456789",
+			},
+			TTL:    &metav1.Duration{Duration: 1 * time.Hour},
+			Usages: []string{"foo"},
+			Groups: []string{"foo"},
+		},
+	}
+}
+
+func fuzzNodeRegistration(obj *kubeadm.NodeRegistrationOptions) {
+	obj.CRISocket = "foo"
+	obj.Name = "foo"
+	obj.Taints = []v1.Taint{}
+}
+
+func fuzzAPIEndpoint(obj *kubeadm.APIEndpoint) {
+	obj.BindPort = 20
+	obj.AdvertiseAddress = "foo"
+}
+
 func fuzzClusterConfig(obj *kubeadm.ClusterConfiguration) {
 	obj.KubernetesVersion = "v10"
-	obj.API.BindPort = 20
-	obj.API.AdvertiseAddress = "foo"
 	obj.Networking.ServiceSubnet = "10.96.0.0/12"
 	obj.Networking.DNSDomain = "cluster.local"
 	obj.CertificatesDir = "foo"
--- a/cmd/kubeadm/app/apis/kubeadm/register.go
+++ b/cmd/kubeadm/app/apis/kubeadm/register.go
@ -48,6 +48,7 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 	scheme.AddKnownTypes(SchemeGroupVersion,
 		&InitConfiguration{},
 		&ClusterConfiguration{},
+		&ClusterStatus{},
 		&JoinConfiguration{},
 	)
 	return nil
--- a/cmd/kubeadm/app/apis/kubeadm/types.go
+++ b/cmd/kubeadm/app/apis/kubeadm/types.go
@ -47,6 +47,9 @@ type InitConfiguration struct {

 	// NodeRegistration holds fields that relate to registering the new master node to the cluster
 	NodeRegistration NodeRegistrationOptions
+
+	// APIEndpoint represents the endpoint of the instance of the API server to be deployed on this node.
+	APIEndpoint APIEndpoint
 }

 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@ -59,8 +62,6 @@ type ClusterConfiguration struct {
 	// +k8s:conversion-gen=false
 	ComponentConfigs ComponentConfigs

-	// API holds configuration for the k8s apiserver.
-	API API
 	// Etcd holds configuration for etcd.
 	Etcd Etcd

@ -148,8 +149,20 @@ type ComponentConfigs struct {
 // the roundtrip is considered valid, as semi-static values are set and preserved during a roundtrip.
 func (cc ComponentConfigs) Fuzz(c fuzz.Continue) {}

-// API struct contains elements of API server address.
-type API struct {
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// ClusterStatus contains the cluster status. The ClusterStatus will be stored in the kubeadm-config
+// ConfigMap in the cluster, and then updated by kubeadm when additional control plane instance joins or leaves the cluster.
+type ClusterStatus struct {
+	metav1.TypeMeta
+
+	// APIEndpoints currently available in the cluster, one for each control plane/api server instance.
+	// The key of the map is the IP of the host's default interface
+	APIEndpoints map[string]APIEndpoint
+}
+
+// APIEndpoint struct contains elements of API server instance deployed on a node.
+type APIEndpoint struct {
 	// AdvertiseAddress sets the IP address for the API server to advertise.
 	AdvertiseAddress string

@ -314,9 +327,8 @@ type JoinConfiguration struct {
 	// control plane instance.
 	ControlPlane bool

-	// AdvertiseAddress sets the IP address for the API server to advertise; the
-	// API server will be installed only on nodes hosting an additional control plane instance.
-	AdvertiseAddress string
+	// APIEndpoint represents the endpoint of the instance of the API server eventually to be deployed on this node.
+	APIEndpoint APIEndpoint

 	// FeatureGates enabled by the user.
 	FeatureGates map[string]bool
--- a/cmd/kubeadm/app/apis/kubeadm/v1alpha2/conversion.go
+++ b/cmd/kubeadm/app/apis/kubeadm/v1alpha2/conversion.go
@ -35,6 +35,16 @@ func Convert_v1alpha2_InitConfiguration_To_kubeadm_InitConfiguration(in *InitCon
 	if err := split_v1alpha2_InitConfiguration_into_kubeadm_ClusterConfiguration(in, &out.ClusterConfiguration, s); err != nil {
 		return err
 	}
+	if err := split_v1alpha2_InitConfiguration_into_kubeadm_APIEndpoint(in, &out.APIEndpoint, s); err != nil {
+		return err
+	}
+	return nil
+}
+
+func split_v1alpha2_InitConfiguration_into_kubeadm_APIEndpoint(in *InitConfiguration, out *kubeadm.APIEndpoint, s conversion.Scope) error {
+	out.AdvertiseAddress = in.API.AdvertiseAddress
+	out.BindPort = in.API.BindPort
+	// in.API.ControlPlaneEndpoint will be splitted into ClusterConfiguration
 	return nil
 }

@ -42,9 +52,6 @@ func split_v1alpha2_InitConfiguration_into_kubeadm_ClusterConfiguration(in *Init
 	if err := split_v1alpha2_InitConfiguration_into_kubeadm_ComponentConfigs(in, &out.ComponentConfigs, s); err != nil {
 		return err
 	}
-	if err := Convert_v1alpha2_API_To_kubeadm_API(&in.API, &out.API, s); err != nil {
-		return err
-	}
 	if err := Convert_v1alpha2_Networking_To_kubeadm_Networking(&in.Networking, &out.Networking, s); err != nil {
 		return err
 	}
@ -71,14 +78,6 @@ func split_v1alpha2_InitConfiguration_into_kubeadm_ClusterConfiguration(in *Init
 	return nil
 }

-func Convert_v1alpha2_API_To_kubeadm_API(in *API, out *kubeadm.API, s conversion.Scope) error {
-	if err := autoConvert_v1alpha2_API_To_kubeadm_API(in, out, s); err != nil {
-		return err
-	}
-	// in.ControlPlaneEndpoint is assigned outside this function
-	return nil
-}
-
 func split_v1alpha2_InitConfiguration_into_kubeadm_ComponentConfigs(in *InitConfiguration, out *kubeadm.ComponentConfigs, s conversion.Scope) error {
 	if in.KubeProxy.Config != nil {
 		if out.KubeProxy == nil {
@ -101,6 +100,15 @@ func split_v1alpha2_InitConfiguration_into_kubeadm_ComponentConfigs(in *InitConf
 	return nil
 }

+func Convert_v1alpha2_JoinConfiguration_To_kubeadm_JoinConfiguration(in *JoinConfiguration, out *kubeadm.JoinConfiguration, s conversion.Scope) error {
+	if err := autoConvert_v1alpha2_JoinConfiguration_To_kubeadm_JoinConfiguration(in, out, s); err != nil {
+		return err
+	}
+	out.APIEndpoint.AdvertiseAddress = in.AdvertiseAddress
+	out.APIEndpoint.BindPort = in.BindPort
+	return nil
+}
+
 func Convert_kubeadm_InitConfiguration_To_v1alpha2_InitConfiguration(in *kubeadm.InitConfiguration, out *InitConfiguration, s conversion.Scope) error {
 	if err := autoConvert_kubeadm_InitConfiguration_To_v1alpha2_InitConfiguration(in, out, s); err != nil {
 		return err
@ -108,6 +116,9 @@ func Convert_kubeadm_InitConfiguration_To_v1alpha2_InitConfiguration(in *kubeadm
 	if err := join_kubeadm_ClusterConfiguration_into_v1alpha2_InitConfiguration(&in.ClusterConfiguration, out, s); err != nil {
 		return err
 	}
+	if err := join_kubeadm_APIEndpoint_into_v1alpha2_InitConfiguration(&in.APIEndpoint, out, s); err != nil {
+		return err
+	}
 	return nil
 }

@ -115,9 +126,6 @@ func join_kubeadm_ClusterConfiguration_into_v1alpha2_InitConfiguration(in *kubea
 	if err := join_kubeadm_ComponentConfigs_into_v1alpha2_InitConfiguration(&in.ComponentConfigs, out, s); err != nil {
 		return err
 	}
-	if err := Convert_kubeadm_API_To_v1alpha2_API(&in.API, &out.API, s); err != nil {
-		return err
-	}
 	if err := Convert_kubeadm_Etcd_To_v1alpha2_Etcd(&in.Etcd, &out.Etcd, s); err != nil {
 		return err
 	}
@ -144,11 +152,10 @@ func join_kubeadm_ClusterConfiguration_into_v1alpha2_InitConfiguration(in *kubea
 	return nil
 }

-func Convert_kubeadm_API_To_v1alpha2_API(in *kubeadm.API, out *API, s conversion.Scope) error {
-	if err := autoConvert_kubeadm_API_To_v1alpha2_API(in, out, s); err != nil {
-		return err
-	}
-	// out.ControlPlaneEndpoint is assigned outside this function
+func join_kubeadm_APIEndpoint_into_v1alpha2_InitConfiguration(in *kubeadm.APIEndpoint, out *InitConfiguration, s conversion.Scope) error {
+	out.API.AdvertiseAddress = in.AdvertiseAddress
+	out.API.BindPort = in.BindPort
+	// out.API.ControlPlaneEndpoint will join from ClusterConfiguration
 	return nil
 }

@ -173,3 +180,12 @@ func join_kubeadm_ComponentConfigs_into_v1alpha2_InitConfiguration(in *kubeadm.C
 	}
 	return nil
 }
+
+func Convert_kubeadm_JoinConfiguration_To_v1alpha2_JoinConfiguration(in *kubeadm.JoinConfiguration, out *JoinConfiguration, s conversion.Scope) error {
+	if err := autoConvert_kubeadm_JoinConfiguration_To_v1alpha2_JoinConfiguration(in, out, s); err != nil {
+		return err
+	}
+	out.AdvertiseAddress = in.APIEndpoint.AdvertiseAddress
+	out.BindPort = in.APIEndpoint.BindPort
+	return nil
+}
--- a/cmd/kubeadm/app/apis/kubeadm/v1alpha2/defaults.go
+++ b/cmd/kubeadm/app/apis/kubeadm/v1alpha2/defaults.go
@ -170,6 +170,10 @@ func SetDefaults_JoinConfiguration(obj *JoinConfiguration) {
 		obj.ClusterName = DefaultClusterName
 	}

+	if obj.BindPort == 0 {
+		obj.BindPort = DefaultAPIBindPort
+	}
+
 	SetDefaults_NodeRegistrationOptions(&obj.NodeRegistration)
 }

--- a/cmd/kubeadm/app/apis/kubeadm/v1alpha2/types.go
+++ b/cmd/kubeadm/app/apis/kubeadm/v1alpha2/types.go
@ -285,6 +285,10 @@ type JoinConfiguration struct {
 	// API server will be installed only on nodes hosting an additional control plane instance.
 	AdvertiseAddress string `json:"advertiseAddress,omitempty"`

+	// BindPort sets the secure port for the API Server to bind to.
+	// Defaults to 6443.
+	BindPort int32 `json:"bindPort,omitempty"`
+
 	// FeatureGates enabled by the user.
 	FeatureGates map[string]bool `json:"featureGates,omitempty"`
 }
--- a/cmd/kubeadm/app/apis/kubeadm/v1alpha3/defaults.go
+++ b/cmd/kubeadm/app/apis/kubeadm/v1alpha3/defaults.go
@ -72,6 +72,7 @@ func SetDefaults_InitConfiguration(obj *InitConfiguration) {
 	SetDefaults_ClusterConfiguration(&obj.ClusterConfiguration)
 	SetDefaults_NodeRegistrationOptions(&obj.NodeRegistration)
 	SetDefaults_BootstrapTokens(obj)
+	SetDefaults_APIEndpoint(&obj.APIEndpoint)
 }

 // SetDefaults_ClusterConfiguration assigns default values for the ClusterConfiguration
@ -80,10 +81,6 @@ func SetDefaults_ClusterConfiguration(obj *ClusterConfiguration) {
 		obj.KubernetesVersion = DefaultKubernetesVersion
 	}

-	if obj.API.BindPort == 0 {
-		obj.API.BindPort = DefaultAPIBindPort
-	}
-
 	if obj.Networking.ServiceSubnet == "" {
 		obj.Networking.ServiceSubnet = DefaultServicesSubnet
 	}
@ -148,6 +145,7 @@ func SetDefaults_JoinConfiguration(obj *JoinConfiguration) {
 	}

 	SetDefaults_NodeRegistrationOptions(&obj.NodeRegistration)
+	SetDefaults_APIEndpoint(&obj.APIEndpoint)
 }

 func SetDefaults_NodeRegistrationOptions(obj *NodeRegistrationOptions) {
@ -197,3 +195,10 @@ func SetDefaults_BootstrapToken(bt *BootstrapToken) {
 		bt.Groups = constants.DefaultTokenGroups
 	}
 }
+
+// SetDefaults_APIEndpoint sets the defaults for the API server instance deployed on a node.
+func SetDefaults_APIEndpoint(obj *APIEndpoint) {
+	if obj.BindPort == 0 {
+		obj.BindPort = DefaultAPIBindPort
+	}
+}
--- a/cmd/kubeadm/app/apis/kubeadm/v1alpha3/register.go
+++ b/cmd/kubeadm/app/apis/kubeadm/v1alpha3/register.go
@ -60,6 +60,7 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 	scheme.AddKnownTypes(SchemeGroupVersion,
 		&InitConfiguration{},
 		&ClusterConfiguration{},
+		&ClusterStatus{},
 		&JoinConfiguration{},
 	)
 	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
--- a/cmd/kubeadm/app/apis/kubeadm/v1alpha3/types.go
+++ b/cmd/kubeadm/app/apis/kubeadm/v1alpha3/types.go
@ -44,6 +44,9 @@ type InitConfiguration struct {

 	// NodeRegistration holds fields that relate to registering the new master node to the cluster
 	NodeRegistration NodeRegistrationOptions `json:"nodeRegistration,omitempty"`
+
+	// APIEndpoint represents the endpoint of the instance of the API server to be deployed on this node.
+	APIEndpoint APIEndpoint `json:"apiEndpoint,omitempty"`
 }

 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@ -52,8 +55,6 @@ type InitConfiguration struct {
 type ClusterConfiguration struct {
 	metav1.TypeMeta `json:",inline"`

-	// API holds configuration for the k8s apiserver.
-	API API `json:"api"`
 	// Etcd holds configuration for etcd.
 	Etcd Etcd `json:"etcd"`

@ -121,8 +122,20 @@ type ClusterConfiguration struct {
 	ClusterName string `json:"clusterName,omitempty"`
 }

-// API struct contains elements of API server address.
-type API struct {
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// ClusterStatus contains the cluster status. The ClusterStatus will be stored in the kubeadm-config
+// ConfigMap in the cluster, and then updated by kubeadm when additional control plane instance joins or leaves the cluster.
+type ClusterStatus struct {
+	metav1.TypeMeta `json:",inline"`
+
+	// APIEndpoints currently available in the cluster, one for each control plane/api server instance.
+	// The key of the map is the IP of the host's default interface
+	APIEndpoints map[string]APIEndpoint `json:"apiEndpoints"`
+}
+
+// APIEndpoint struct contains elements of API server instance deployed on a node.
+type APIEndpoint struct {
 	// AdvertiseAddress sets the IP address for the API server to advertise.
 	AdvertiseAddress string `json:"advertiseAddress"`

@ -287,9 +300,8 @@ type JoinConfiguration struct {
 	// control plane instance.
 	ControlPlane bool `json:"controlPlane,omitempty"`

-	// AdvertiseAddress sets the IP address for the API server to advertise; the
-	// API server will be installed only on nodes hosting an additional control plane instance.
-	AdvertiseAddress string `json:"advertiseAddress,omitempty"`
+	// APIEndpoint represents the endpoint of the instance of the API server eventually to be deployed on this node.
+	APIEndpoint APIEndpoint `json:"apiEndpoint,omitempty"`

 	// FeatureGates enabled by the user.
 	FeatureGates map[string]bool `json:"featureGates,omitempty"`
--- a/cmd/kubeadm/app/apis/kubeadm/validation/validation.go
+++ b/cmd/kubeadm/app/apis/kubeadm/validation/validation.go
@ -48,6 +48,7 @@ func ValidateInitConfiguration(c *kubeadm.InitConfiguration) field.ErrorList {
 	allErrs = append(allErrs, ValidateNodeRegistrationOptions(&c.NodeRegistration, field.NewPath("nodeRegistration"))...)
 	allErrs = append(allErrs, ValidateBootstrapTokens(c.BootstrapTokens, field.NewPath("bootstrapTokens"))...)
 	allErrs = append(allErrs, ValidateClusterConfiguration(&c.ClusterConfiguration)...)
+	allErrs = append(allErrs, ValidateAPIEndpoint(&c.APIEndpoint, field.NewPath("apiEndpoint"))...)
 	return allErrs
 }

@ -58,7 +59,6 @@ func ValidateClusterConfiguration(c *kubeadm.ClusterConfiguration) field.ErrorLi
 	allErrs = append(allErrs, ValidateCertSANs(c.APIServerCertSANs, field.NewPath("apiServerCertSANs"))...)
 	allErrs = append(allErrs, ValidateAbsolutePath(c.CertificatesDir, field.NewPath("certificatesDir"))...)
 	allErrs = append(allErrs, ValidateFeatureGates(c.FeatureGates, field.NewPath("featureGates"))...)
-	allErrs = append(allErrs, ValidateAPI(&c.API, field.NewPath("api"))...)
 	allErrs = append(allErrs, ValidateHostPort(c.ControlPlaneEndpoint, field.NewPath("controlPlaneEndpoint"))...)
 	allErrs = append(allErrs, ValidateEtcd(&c.Etcd, field.NewPath("etcd"))...)
 	allErrs = append(allErrs, componentconfigs.Known.Validate(c)...)
@ -70,7 +70,7 @@ func ValidateJoinConfiguration(c *kubeadm.JoinConfiguration) field.ErrorList {
 	allErrs := field.ErrorList{}
 	allErrs = append(allErrs, ValidateDiscovery(c)...)
 	allErrs = append(allErrs, ValidateNodeRegistrationOptions(&c.NodeRegistration, field.NewPath("nodeRegistration"))...)
-	allErrs = append(allErrs, ValidateIPFromString(c.AdvertiseAddress, field.NewPath("advertiseAddress"))...)
+	allErrs = append(allErrs, ValidateAPIEndpoint(&c.APIEndpoint, field.NewPath("apiEndpoint"))...)

 	if !filepath.IsAbs(c.CACertPath) || !strings.HasSuffix(c.CACertPath, ".crt") {
 		allErrs = append(allErrs, field.Invalid(field.NewPath("caCertPath"), c.CACertPath, "the ca certificate path must be an absolute path"))
@ -405,8 +405,8 @@ func ValidateFeatureGates(featureGates map[string]bool, fldPath *field.Path) fie
 	return allErrs
 }

-// ValidateAPI validates API configuration
-func ValidateAPI(c *kubeadm.API, fldPath *field.Path) field.ErrorList {
+// ValidateAPIEndpoint validates API server's endpoint
+func ValidateAPIEndpoint(c *kubeadm.APIEndpoint, fldPath *field.Path) field.ErrorList {
 	allErrs := field.ErrorList{}
 	allErrs = append(allErrs, ValidateIPFromString(c.AdvertiseAddress, fldPath.Child("advertiseAddress"))...)
 	allErrs = append(allErrs, ValidatePort(c.BindPort, fldPath.Child("bindPort"))...)
--- a/cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go
+++ b/cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go
@ -288,15 +288,15 @@ func TestValidateHostPort(t *testing.T) {
 	}
 }

-func TestValidateAPI(t *testing.T) {
+func TestValidateAPIEndpoint(t *testing.T) {
 	var tests = []struct {
 		name     string
-		s        *kubeadm.API
+		s        *kubeadm.APIEndpoint
 		expected bool
 	}{
 		{
 			name: "Valid IPv4 address / port",
-			s: &kubeadm.API{
+			s: &kubeadm.APIEndpoint{
 				AdvertiseAddress: "4.5.6.7",
 				BindPort:         6443,
 			},
@ -304,7 +304,7 @@ func TestValidateAPI(t *testing.T) {
 		},
 		{
 			name: "Valid IPv6 address / port",
-			s: &kubeadm.API{
+			s: &kubeadm.APIEndpoint{
 				AdvertiseAddress: "2001:db7::2",
 				BindPort:         6443,
 			},
@ -312,7 +312,7 @@ func TestValidateAPI(t *testing.T) {
 		},
 		{
 			name: "Invalid IPv4 address",
-			s: &kubeadm.API{
+			s: &kubeadm.APIEndpoint{
 				AdvertiseAddress: "1.2.34",
 				BindPort:         6443,
 			},
@ -320,7 +320,7 @@ func TestValidateAPI(t *testing.T) {
 		},
 		{
 			name: "Invalid IPv6 address",
-			s: &kubeadm.API{
+			s: &kubeadm.APIEndpoint{
 				AdvertiseAddress: "2001:db7:1",
 				BindPort:         6443,
 			},
@ -328,7 +328,7 @@ func TestValidateAPI(t *testing.T) {
 		},
 		{
 			name: "Invalid BindPort",
-			s: &kubeadm.API{
+			s: &kubeadm.APIEndpoint{
 				AdvertiseAddress: "4.5.6.7",
 				BindPort:         0,
 			},
@ -336,7 +336,7 @@ func TestValidateAPI(t *testing.T) {
 		},
 	}
 	for _, rt := range tests {
-		actual := ValidateAPI(rt.s, nil)
+		actual := ValidateAPIEndpoint(rt.s, nil)
 		if (len(actual) == 0) != rt.expected {
 			t.Errorf(
 				"%s test case failed:\n\texpected: %t\n\t  actual: %t",
@ -360,11 +360,11 @@ func TestValidateInitConfiguration(t *testing.T) {
 			&kubeadm.InitConfiguration{}, false},
 		{"invalid missing token with IPv4 service subnet",
 			&kubeadm.InitConfiguration{
+				APIEndpoint: kubeadm.APIEndpoint{
+					AdvertiseAddress: "1.2.3.4",
+					BindPort:         6443,
+				},
 				ClusterConfiguration: kubeadm.ClusterConfiguration{
-					API: kubeadm.API{
-						AdvertiseAddress: "1.2.3.4",
-						BindPort:         6443,
-					},
 					Networking: kubeadm.Networking{
 						ServiceSubnet: "10.96.0.1/12",
 						DNSDomain:     "cluster.local",
@ -375,11 +375,11 @@ func TestValidateInitConfiguration(t *testing.T) {
 			}, false},
 		{"invalid missing token with IPv6 service subnet",
 			&kubeadm.InitConfiguration{
+				APIEndpoint: kubeadm.APIEndpoint{
+					AdvertiseAddress: "1.2.3.4",
+					BindPort:         6443,
+				},
 				ClusterConfiguration: kubeadm.ClusterConfiguration{
-					API: kubeadm.API{
-						AdvertiseAddress: "1.2.3.4",
-						BindPort:         6443,
-					},
 					Networking: kubeadm.Networking{
 						ServiceSubnet: "2001:db8::1/98",
 						DNSDomain:     "cluster.local",
@ -390,11 +390,11 @@ func TestValidateInitConfiguration(t *testing.T) {
 			}, false},
 		{"invalid missing node name",
 			&kubeadm.InitConfiguration{
+				APIEndpoint: kubeadm.APIEndpoint{
+					AdvertiseAddress: "1.2.3.4",
+					BindPort:         6443,
+				},
 				ClusterConfiguration: kubeadm.ClusterConfiguration{
-					API: kubeadm.API{
-						AdvertiseAddress: "1.2.3.4",
-						BindPort:         6443,
-					},
 					Networking: kubeadm.Networking{
 						ServiceSubnet: "10.96.0.1/12",
 						DNSDomain:     "cluster.local",
@ -404,11 +404,11 @@ func TestValidateInitConfiguration(t *testing.T) {
 			}, false},
 		{"valid master configuration with incorrect IPv4 pod subnet",
 			&kubeadm.InitConfiguration{
+				APIEndpoint: kubeadm.APIEndpoint{
+					AdvertiseAddress: "1.2.3.4",
+					BindPort:         6443,
+				},
 				ClusterConfiguration: kubeadm.ClusterConfiguration{
-					API: kubeadm.API{
-						AdvertiseAddress: "1.2.3.4",
-						BindPort:         6443,
-					},
 					Networking: kubeadm.Networking{
 						ServiceSubnet: "10.96.0.1/12",
 						DNSDomain:     "cluster.local",
@ -420,11 +420,11 @@ func TestValidateInitConfiguration(t *testing.T) {
 			}, false},
 		{"valid master configuration with IPv4 service subnet",
 			&kubeadm.InitConfiguration{
+				APIEndpoint: kubeadm.APIEndpoint{
+					AdvertiseAddress: "1.2.3.4",
+					BindPort:         6443,
+				},
 				ClusterConfiguration: kubeadm.ClusterConfiguration{
-					API: kubeadm.API{
-						AdvertiseAddress: "1.2.3.4",
-						BindPort:         6443,
-					},
 					Etcd: kubeadm.Etcd{
 						Local: &kubeadm.LocalEtcd{
 							DataDir: "/some/path",
@ -467,11 +467,11 @@ func TestValidateInitConfiguration(t *testing.T) {
 			}, true},
 		{"valid master configuration using IPv6 service subnet",
 			&kubeadm.InitConfiguration{
+				APIEndpoint: kubeadm.APIEndpoint{
+					AdvertiseAddress: "1:2:3::4",
+					BindPort:         3446,
+				},
 				ClusterConfiguration: kubeadm.ClusterConfiguration{
-					API: kubeadm.API{
-						AdvertiseAddress: "1:2:3::4",
-						BindPort:         3446,
-					},
 					Etcd: kubeadm.Etcd{
 						Local: &kubeadm.LocalEtcd{
 							DataDir: "/some/path",
--- a/cmd/kubeadm/app/cmd/config.go
+++ b/cmd/kubeadm/app/cmd/config.go
@ -164,8 +164,8 @@ func getAllAPIObjectNames() []string {
 func getDefaultedInitConfig() (*kubeadmapi.InitConfiguration, error) {
 	return configutil.ConfigFileAndDefaultsToInternalConfig("", &kubeadmapiv1alpha3.InitConfiguration{
 		// TODO: Probably move to getDefaultedClusterConfig?
+		APIEndpoint: kubeadmapiv1alpha3.APIEndpoint{AdvertiseAddress: "1.2.3.4"},
 		ClusterConfiguration: kubeadmapiv1alpha3.ClusterConfiguration{
-			API:               kubeadmapiv1alpha3.API{AdvertiseAddress: "1.2.3.4"},
 			KubernetesVersion: fmt.Sprintf("v1.%d.0", constants.MinimumControlPlaneVersion.Minor()+1),
 		},
 		BootstrapTokens: []kubeadmapiv1alpha3.BootstrapToken{sillyToken},
--- a/cmd/kubeadm/app/cmd/init.go
+++ b/cmd/kubeadm/app/cmd/init.go
@ -158,11 +158,11 @@ func NewCmdInit(out io.Writer) *cobra.Command {
 // AddInitConfigFlags adds init flags bound to the config to the specified flagset
 func AddInitConfigFlags(flagSet *flag.FlagSet, cfg *kubeadmapiv1alpha3.InitConfiguration, featureGatesString *string) {
 	flagSet.StringVar(
-		&cfg.API.AdvertiseAddress, "apiserver-advertise-address", cfg.API.AdvertiseAddress,
+		&cfg.APIEndpoint.AdvertiseAddress, "apiserver-advertise-address", cfg.APIEndpoint.AdvertiseAddress,
 		"The IP address the API Server will advertise it's listening on. Specify '0.0.0.0' to use the address of the default network interface.",
 	)
 	flagSet.Int32Var(
-		&cfg.API.BindPort, "apiserver-bind-port", cfg.API.BindPort,
+		&cfg.APIEndpoint.BindPort, "apiserver-bind-port", cfg.APIEndpoint.BindPort,
 		"Port for the API Server to bind to.",
 	)
 	flagSet.StringVar(
--- a/cmd/kubeadm/app/cmd/join.go
+++ b/cmd/kubeadm/app/cmd/join.go
@ -235,9 +235,13 @@ func AddJoinConfigFlags(flagSet *flag.FlagSet, cfg *kubeadmapiv1alpha3.JoinConfi
 		&cfg.ControlPlane, "experimental-control-plane", cfg.ControlPlane,
 		"Create a new control plane instance on this node")
 	flagSet.StringVar(
-		&cfg.AdvertiseAddress, "apiserver-advertise-address", cfg.AdvertiseAddress,
+		&cfg.APIEndpoint.AdvertiseAddress, "apiserver-advertise-address", cfg.APIEndpoint.AdvertiseAddress,
 		"If the node should host a new control plane instance, the IP address the API Server will advertise it's listening on.",
 	)
+	flagSet.Int32Var(
+		&cfg.APIEndpoint.BindPort, "apiserver-bind-port", cfg.APIEndpoint.BindPort,
+		"If the node should host a new control plane instance, the port for the API Server to bind to.",
+	)
 }

 // AddJoinOtherFlags adds join flags that are not bound to a configuration file to the given flagset
@ -265,7 +269,7 @@ func NewJoin(cfgPath string, args []string, defaultcfg *kubeadmapiv1alpha3.JoinC
 		glog.V(1).Infoln("[join] found NodeName empty; using OS hostname as NodeName")
 	}

-	if defaultcfg.AdvertiseAddress == "" {
+	if defaultcfg.APIEndpoint.AdvertiseAddress == "" {
 		glog.V(1).Infoln("[join] found advertiseAddress empty; using default interface's IP address as advertiseAddress")
 	}

@ -306,7 +310,7 @@ func (j *Join) Run(out io.Writer) error {

 		// injects into the kubeadm configuration used for init the information about the joining node
 		clusterConfiguration.NodeRegistration = j.cfg.NodeRegistration
-		clusterConfiguration.API.AdvertiseAddress = j.cfg.AdvertiseAddress
+		clusterConfiguration.APIEndpoint.AdvertiseAddress = j.cfg.APIEndpoint.AdvertiseAddress

 		// Checks if the cluster configuration supports
 		// joining a new control plane instance and if all the necessary certificates are provided
--- a/cmd/kubeadm/app/cmd/phases/addons.go
+++ b/cmd/kubeadm/app/cmd/phases/addons.go
@ -149,8 +149,8 @@ func getAddonsSubCommands() []*cobra.Command {
 		cmd.Flags().StringVar(&cfg.ImageRepository, "image-repository", cfg.ImageRepository, `Choose a container registry to pull control plane images from`)

 		if properties.use == "all" || properties.use == "kube-proxy" {
-			cmd.Flags().StringVar(&cfg.API.AdvertiseAddress, "apiserver-advertise-address", cfg.API.AdvertiseAddress, `The IP address the API server is accessible on`)
-			cmd.Flags().Int32Var(&cfg.API.BindPort, "apiserver-bind-port", cfg.API.BindPort, `The port the API server is accessible on`)
+			cmd.Flags().StringVar(&cfg.APIEndpoint.AdvertiseAddress, "apiserver-advertise-address", cfg.APIEndpoint.AdvertiseAddress, `The IP address the API server is accessible on`)
+			cmd.Flags().Int32Var(&cfg.APIEndpoint.BindPort, "apiserver-bind-port", cfg.APIEndpoint.BindPort, `The port the API server is accessible on`)
 			cmd.Flags().StringVar(&cfg.Networking.PodSubnet, "pod-network-cidr", cfg.Networking.PodSubnet, `The range of IP addresses used for the Pod network`)
 		}

--- a/cmd/kubeadm/app/cmd/phases/certs.go
+++ b/cmd/kubeadm/app/cmd/phases/certs.go
@ -152,11 +152,9 @@ func makeCmd(certSpec *certsphase.KubeadmCert, cfgPath *string, cfg *kubeadmapiv
 func getSANDescription(certSpec *certsphase.KubeadmCert) string {
 	//Defaulted config we will use to get SAN certs
 	defaultConfig := &kubeadmapiv1alpha3.InitConfiguration{
-		ClusterConfiguration: kubeadmapiv1alpha3.ClusterConfiguration{
-			API: kubeadmapiv1alpha3.API{
-				// GetAPIServerAltNames errors without an AdvertiseAddress; this is as good as any.
-				AdvertiseAddress: "127.0.0.1",
-			},
+		APIEndpoint: kubeadmapiv1alpha3.APIEndpoint{
+			// GetAPIServerAltNames errors without an AdvertiseAddress; this is as good as any.
+			AdvertiseAddress: "127.0.0.1",
 		},
 	}
 	defaultInternalConfig := &kubeadmapi.InitConfiguration{}
@ -192,7 +190,7 @@ func addFlags(cmd *cobra.Command, cfgPath *string, cfg *kubeadmapiv1alpha3.InitC
 		cmd.Flags().StringVar(&cfg.Networking.DNSDomain, "service-dns-domain", cfg.Networking.DNSDomain, "Alternative domain for services, to use for the API server serving cert")
 		cmd.Flags().StringVar(&cfg.Networking.ServiceSubnet, "service-cidr", cfg.Networking.ServiceSubnet, "Alternative range of IP address for service VIPs, from which derives the internal API server VIP that will be added to the API Server serving cert")
 		cmd.Flags().StringSliceVar(&cfg.APIServerCertSANs, "apiserver-cert-extra-sans", []string{}, "Optional extra altnames to use for the API server serving cert. Can be both IP addresses and DNS names")
-		cmd.Flags().StringVar(&cfg.API.AdvertiseAddress, "apiserver-advertise-address", cfg.API.AdvertiseAddress, "The IP address the API server is accessible on, to use for the API server serving cert")
+		cmd.Flags().StringVar(&cfg.APIEndpoint.AdvertiseAddress, "apiserver-advertise-address", cfg.APIEndpoint.AdvertiseAddress, "The IP address the API server is accessible on, to use for the API server serving cert")
 	}
 }

--- a/cmd/kubeadm/app/cmd/phases/certs_test.go
+++ b/cmd/kubeadm/app/cmd/phases/certs_test.go
@ -265,8 +265,8 @@ func TestSubCmdCertsCreateFilesWithConfigFile(t *testing.T) {
 			defer os.RemoveAll(tmpdir)

 			cfg := &kubeadmapi.InitConfiguration{
+				APIEndpoint: kubeadmapi.APIEndpoint{AdvertiseAddress: "1.2.3.4", BindPort: 1234},
 				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-					API:             kubeadmapi.API{AdvertiseAddress: "1.2.3.4", BindPort: 1234},
 					CertificatesDir: tmpdir,
 				},
 				NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: "valid-node-name"},
--- a/cmd/kubeadm/app/cmd/phases/controlplane.go
+++ b/cmd/kubeadm/app/cmd/phases/controlplane.go
@ -143,8 +143,8 @@ func getControlPlaneSubCommands(outDir, defaultKubernetesVersion string) []*cobr
 		cmd.Flags().StringVar(&cfg.KubernetesVersion, "kubernetes-version", cfg.KubernetesVersion, `Choose a specific Kubernetes version for the control plane`)

 		if properties.use == "all" || properties.use == "apiserver" {
-			cmd.Flags().StringVar(&cfg.API.AdvertiseAddress, "apiserver-advertise-address", cfg.API.AdvertiseAddress, "The IP address of the API server is accessible on")
-			cmd.Flags().Int32Var(&cfg.API.BindPort, "apiserver-bind-port", cfg.API.BindPort, "The port the API server is accessible on")
+			cmd.Flags().StringVar(&cfg.APIEndpoint.AdvertiseAddress, "apiserver-advertise-address", cfg.APIEndpoint.AdvertiseAddress, "The IP address of the API server is accessible on")
+			cmd.Flags().Int32Var(&cfg.APIEndpoint.BindPort, "apiserver-bind-port", cfg.APIEndpoint.BindPort, "The port the API server is accessible on")
 			cmd.Flags().StringVar(&cfg.Networking.ServiceSubnet, "service-cidr", cfg.Networking.ServiceSubnet, "The range of IP address used for service VIPs")
 			cmd.Flags().StringVar(&featureGatesString, "feature-gates", featureGatesString, "A set of key=value pairs that describe feature gates for various features. "+
 				"Options are:\n"+strings.Join(features.KnownFeatures(&features.InitFeatureGates), "\n"))
--- a/cmd/kubeadm/app/cmd/phases/kubeconfig.go
+++ b/cmd/kubeadm/app/cmd/phases/kubeconfig.go
@ -173,8 +173,8 @@ func getKubeConfigSubCommands(out io.Writer, outDir, defaultKubernetesVersion st
 			cmd.Flags().StringVar(&cfgPath, "config", cfgPath, "Path to kubeadm config file. WARNING: Usage of a configuration file is experimental")
 		}
 		cmd.Flags().StringVar(&cfg.CertificatesDir, "cert-dir", cfg.CertificatesDir, "The path where certificates are stored")
-		cmd.Flags().StringVar(&cfg.API.AdvertiseAddress, "apiserver-advertise-address", cfg.API.AdvertiseAddress, "The IP address the API server is accessible on")
-		cmd.Flags().Int32Var(&cfg.API.BindPort, "apiserver-bind-port", cfg.API.BindPort, "The port the API server is accessible on")
+		cmd.Flags().StringVar(&cfg.APIEndpoint.AdvertiseAddress, "apiserver-advertise-address", cfg.APIEndpoint.AdvertiseAddress, "The IP address the API server is accessible on")
+		cmd.Flags().Int32Var(&cfg.APIEndpoint.BindPort, "apiserver-bind-port", cfg.APIEndpoint.BindPort, "The port the API server is accessible on")
 		cmd.Flags().StringVar(&outDir, "kubeconfig-dir", outDir, "The path where to save the kubeconfig file")
 		if properties.use == "all" || properties.use == "kubelet" {
 			cmd.Flags().StringVar(&cfg.NodeRegistration.Name, "node-name", cfg.NodeRegistration.Name, `The node name that should be used for the kubelet client certificate`)
--- a/cmd/kubeadm/app/cmd/phases/kubeconfig_test.go
+++ b/cmd/kubeadm/app/cmd/phases/kubeconfig_test.go
@ -277,8 +277,8 @@ func TestKubeConfigSubCommandsThatCreateFilesWithConfigFile(t *testing.T) {

 		// Adds a master configuration file
 		cfg := &kubeadmapi.InitConfiguration{
+			APIEndpoint: kubeadmapi.APIEndpoint{AdvertiseAddress: "1.2.3.4", BindPort: 1234},
 			ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-				API:             kubeadmapi.API{AdvertiseAddress: "1.2.3.4", BindPort: 1234},
 				CertificatesDir: pkidir,
 			},
 			NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: "valid-node-name"},
--- a/cmd/kubeadm/app/cmd/upgrade/common_test.go
+++ b/cmd/kubeadm/app/cmd/upgrade/common_test.go
@ -43,9 +43,6 @@ func TestPrintConfiguration(t *testing.T) {
 				},
 			},
 			expectedBytes: []byte(`[upgrade/config] Configuration used:
-	api:
-	  advertiseAddress: ""
-	  bindPort: 0
 	apiVersion: kubeadm.k8s.io/v1alpha3
 	auditPolicy:
 	  logDir: ""
@ -79,9 +76,6 @@ func TestPrintConfiguration(t *testing.T) {
 				},
 			},
 			expectedBytes: []byte(`[upgrade/config] Configuration used:
-	api:
-	  advertiseAddress: ""
-	  bindPort: 0
 	apiVersion: kubeadm.k8s.io/v1alpha3
 	auditPolicy:
 	  logDir: ""
--- a/cmd/kubeadm/app/cmd/upgrade/node.go
+++ b/cmd/kubeadm/app/cmd/upgrade/node.go
@ -239,7 +239,7 @@ func RunUpgradeControlPlane(flags *controlplaneUpgradeFlags) error {
 	//TODO: as soon as the new config wil be in place check if the node is a known control plane instance
 	//      and retrive corresponding infos (now are temporary managed as flag)
 	cfg.NodeRegistration.Name = flags.nodeName
-	cfg.API.AdvertiseAddress = flags.advertiseAddress
+	cfg.APIEndpoint.AdvertiseAddress = flags.advertiseAddress

 	// Rotate API server certificate if needed
 	if err := upgrade.BackupAPIServerCertIfNeeded(cfg, flags.dryRun); err != nil {
--- a/cmd/kubeadm/app/phases/addons/proxy/proxy_test.go
+++ b/cmd/kubeadm/app/phases/addons/proxy/proxy_test.go
@ -171,11 +171,11 @@ func TestEnsureProxyAddon(t *testing.T) {
 		client := clientsetfake.NewSimpleClientset()
 		// TODO: Consider using a YAML file instead for this that makes it possible to specify YAML documents for the ComponentConfigs
 		masterConfig := &kubeadmapiv1alpha3.InitConfiguration{
+			APIEndpoint: kubeadmapiv1alpha3.APIEndpoint{
+				AdvertiseAddress: "1.2.3.4",
+				BindPort:         1234,
+			},
 			ClusterConfiguration: kubeadmapiv1alpha3.ClusterConfiguration{
-				API: kubeadmapiv1alpha3.API{
-					AdvertiseAddress: "1.2.3.4",
-					BindPort:         1234,
-				},
 				Networking: kubeadmapiv1alpha3.Networking{
 					PodSubnet: "5.6.7.8/24",
 				},
@ -191,9 +191,9 @@ func TestEnsureProxyAddon(t *testing.T) {
 				return true, nil, apierrors.NewUnauthorized("")
 			})
 		case InvalidMasterEndpoint:
-			masterConfig.API.AdvertiseAddress = "1.2.3"
+			masterConfig.APIEndpoint.AdvertiseAddress = "1.2.3"
 		case IPv6SetBindAddress:
-			masterConfig.API.AdvertiseAddress = "1:2::3:4"
+			masterConfig.APIEndpoint.AdvertiseAddress = "1:2::3:4"
 			masterConfig.Networking.PodSubnet = "2001:101::/96"
 		}

--- a/cmd/kubeadm/app/phases/certs/certs_test.go
+++ b/cmd/kubeadm/app/phases/certs/certs_test.go
@ -400,8 +400,8 @@ func TestUsingExternalCA(t *testing.T) {
 		defer os.RemoveAll(dir)

 		cfg := &kubeadmapi.InitConfiguration{
+			APIEndpoint: kubeadmapi.APIEndpoint{AdvertiseAddress: "1.2.3.4"},
 			ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-				API:             kubeadmapi.API{AdvertiseAddress: "1.2.3.4"},
 				Networking:      kubeadmapi.Networking{ServiceSubnet: "10.96.0.0/12", DNSDomain: "cluster.local"},
 				CertificatesDir: dir,
 			},
@ -569,8 +569,8 @@ func TestCreateCertificateFilesMethods(t *testing.T) {
 		defer os.RemoveAll(tmpdir)

 		cfg := &kubeadmapi.InitConfiguration{
+			APIEndpoint: kubeadmapi.APIEndpoint{AdvertiseAddress: "1.2.3.4"},
 			ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-				API:             kubeadmapi.API{AdvertiseAddress: "1.2.3.4"},
 				Etcd:            kubeadmapi.Etcd{Local: &kubeadmapi.LocalEtcd{}},
 				Networking:      kubeadmapi.Networking{ServiceSubnet: "10.96.0.0/12", DNSDomain: "cluster.local"},
 				CertificatesDir: tmpdir,
--- a/cmd/kubeadm/app/phases/certs/pkiutil/pki_helpers.go
+++ b/cmd/kubeadm/app/phases/certs/pkiutil/pki_helpers.go
@ -253,9 +253,9 @@ func pathForPublicKey(pkiPath, name string) string {
 // GetAPIServerAltNames builds an AltNames object for to be used when generating apiserver certificate
 func GetAPIServerAltNames(cfg *kubeadmapi.InitConfiguration) (*certutil.AltNames, error) {
 	// advertise address
-	advertiseAddress := net.ParseIP(cfg.API.AdvertiseAddress)
+	advertiseAddress := net.ParseIP(cfg.APIEndpoint.AdvertiseAddress)
 	if advertiseAddress == nil {
-		return nil, fmt.Errorf("error parsing API AdvertiseAddress %v: is not a valid textual representation of an IP address", cfg.API.AdvertiseAddress)
+		return nil, fmt.Errorf("error parsing APIEndpoint AdvertiseAddress %v: is not a valid textual representation of an IP address", cfg.APIEndpoint.AdvertiseAddress)
 	}

 	// internal IP address for the API server
@ -326,9 +326,9 @@ func GetEtcdAltNames(cfg *kubeadmapi.InitConfiguration) (*certutil.AltNames, err
 // The user can override the listen address with `Etcd.ExtraArgs` and add SANs with `Etcd.PeerCertSANs`.
 func GetEtcdPeerAltNames(cfg *kubeadmapi.InitConfiguration) (*certutil.AltNames, error) {
 	// advertise address
-	advertiseAddress := net.ParseIP(cfg.API.AdvertiseAddress)
+	advertiseAddress := net.ParseIP(cfg.APIEndpoint.AdvertiseAddress)
 	if advertiseAddress == nil {
-		return nil, fmt.Errorf("error parsing API AdvertiseAddress %v: is not a valid textual representation of an IP address", cfg.API.AdvertiseAddress)
+		return nil, fmt.Errorf("error parsing APIEndpoint AdvertiseAddress %v: is not a valid textual representation of an IP address", cfg.APIEndpoint.AdvertiseAddress)
 	}

 	// create AltNames with defaults DNSNames/IPs
--- a/cmd/kubeadm/app/phases/certs/pkiutil/pki_helpers_test.go
+++ b/cmd/kubeadm/app/phases/certs/pkiutil/pki_helpers_test.go
@ -446,8 +446,8 @@ func TestGetAPIServerAltNames(t *testing.T) {
 		{
 			name: "ControlPlaneEndpoint DNS",
 			cfg: &kubeadmapi.InitConfiguration{
+				APIEndpoint: kubeadmapi.APIEndpoint{AdvertiseAddress: "1.2.3.4"},
 				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-					API:                  kubeadmapi.API{AdvertiseAddress: "1.2.3.4"},
 					ControlPlaneEndpoint: "api.k8s.io:6443",
 					Networking:           kubeadmapi.Networking{ServiceSubnet: "10.96.0.0/12", DNSDomain: "cluster.local"},
 					APIServerCertSANs:    []string{"10.1.245.94", "10.1.245.95", "1.2.3.L", "invalid,commas,in,DNS"},
@ -460,8 +460,8 @@ func TestGetAPIServerAltNames(t *testing.T) {
 		{
 			name: "ControlPlaneEndpoint IP",
 			cfg: &kubeadmapi.InitConfiguration{
+				APIEndpoint: kubeadmapi.APIEndpoint{AdvertiseAddress: "1.2.3.4"},
 				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-					API:                  kubeadmapi.API{AdvertiseAddress: "1.2.3.4"},
 					ControlPlaneEndpoint: "4.5.6.7:6443",
 					Networking:           kubeadmapi.Networking{ServiceSubnet: "10.96.0.0/12", DNSDomain: "cluster.local"},
 					APIServerCertSANs:    []string{"10.1.245.94", "10.1.245.95", "1.2.3.L", "invalid,commas,in,DNS"},
@ -569,8 +569,8 @@ func TestGetEtcdPeerAltNames(t *testing.T) {
 	proxyIP := "10.10.10.100"
 	advertiseIP := "1.2.3.4"
 	cfg := &kubeadmapi.InitConfiguration{
+		APIEndpoint: kubeadmapi.APIEndpoint{AdvertiseAddress: advertiseIP},
 		ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-			API: kubeadmapi.API{AdvertiseAddress: advertiseIP},
 			Etcd: kubeadmapi.Etcd{
 				Local: &kubeadmapi.LocalEtcd{
 					PeerCertSANs: []string{
--- a/cmd/kubeadm/app/phases/controlplane/manifests.go
+++ b/cmd/kubeadm/app/phases/controlplane/manifests.go
@ -77,7 +77,7 @@ func GetStaticPodSpecs(cfg *kubeadmapi.InitConfiguration, k8sVersion *version.Ve
 			ImagePullPolicy: v1.PullIfNotPresent,
 			Command:         getAPIServerCommand(cfg),
 			VolumeMounts:    staticpodutil.VolumeMountMapToSlice(mounts.GetVolumeMounts(kubeadmconstants.KubeAPIServer)),
-			LivenessProbe:   staticpodutil.ComponentProbe(cfg, kubeadmconstants.KubeAPIServer, int(cfg.API.BindPort), "/healthz", v1.URISchemeHTTPS),
+			LivenessProbe:   staticpodutil.ComponentProbe(cfg, kubeadmconstants.KubeAPIServer, int(cfg.APIEndpoint.BindPort), "/healthz", v1.URISchemeHTTPS),
 			Resources:       staticpodutil.ComponentResources("250m"),
 			Env:             getProxyEnvVars(),
 		}, mounts.GetVolumes(kubeadmconstants.KubeAPIServer)),
@ -139,7 +139,7 @@ func createStaticPodFiles(manifestDir string, cfg *kubeadmapi.InitConfiguration,
 // getAPIServerCommand builds the right API server command from the given config object and version
 func getAPIServerCommand(cfg *kubeadmapi.InitConfiguration) []string {
 	defaultArguments := map[string]string{
-		"advertise-address":               cfg.API.AdvertiseAddress,
+		"advertise-address":               cfg.APIEndpoint.AdvertiseAddress,
 		"insecure-port":                   "0",
 		"enable-admission-plugins":        "NodeRestriction",
 		"service-cluster-ip-range":        cfg.Networking.ServiceSubnet,
@ -150,7 +150,7 @@ func getAPIServerCommand(cfg *kubeadmapi.InitConfiguration) []string {
 		"kubelet-client-certificate":      filepath.Join(cfg.CertificatesDir, kubeadmconstants.APIServerKubeletClientCertName),
 		"kubelet-client-key":              filepath.Join(cfg.CertificatesDir, kubeadmconstants.APIServerKubeletClientKeyName),
 		"enable-bootstrap-token-auth":     "true",
-		"secure-port":                     fmt.Sprintf("%d", cfg.API.BindPort),
+		"secure-port":                     fmt.Sprintf("%d", cfg.APIEndpoint.BindPort),
 		"allow-privileged":                "true",
 		"kubelet-preferred-address-types": "InternalIP,ExternalIP,Hostname",
 		// add options to configure the front proxy.  Without the generated client cert, this will never be useable
--- a/cmd/kubeadm/app/phases/controlplane/manifests_test.go
+++ b/cmd/kubeadm/app/phases/controlplane/manifests_test.go
@ -145,15 +145,17 @@ func TestCreateStaticPodFilesAndWrappers(t *testing.T) {
 func TestGetAPIServerCommand(t *testing.T) {
 	var tests = []struct {
 		name     string
-		cfg      *kubeadmapi.ClusterConfiguration
+		cfg      *kubeadmapi.InitConfiguration
 		expected []string
 	}{
 		{
 			name: "testing defaults",
-			cfg: &kubeadmapi.ClusterConfiguration{
-				API:             kubeadmapi.API{BindPort: 123, AdvertiseAddress: "1.2.3.4"},
-				Networking:      kubeadmapi.Networking{ServiceSubnet: "bar"},
-				CertificatesDir: testCertsDir,
+			cfg: &kubeadmapi.InitConfiguration{
+				APIEndpoint: kubeadmapi.APIEndpoint{BindPort: 123, AdvertiseAddress: "1.2.3.4"},
+				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
+					Networking:      kubeadmapi.Networking{ServiceSubnet: "bar"},
+					CertificatesDir: testCertsDir,
+				},
 			},
 			expected: []string{
 				"kube-apiserver",
@ -187,14 +189,16 @@ func TestGetAPIServerCommand(t *testing.T) {
 		},
 		{
 			name: "ignores the audit policy if the feature gate is not enabled",
-			cfg: &kubeadmapi.ClusterConfiguration{
-				API:             kubeadmapi.API{BindPort: 123, AdvertiseAddress: "4.3.2.1"},
-				Networking:      kubeadmapi.Networking{ServiceSubnet: "bar"},
-				CertificatesDir: testCertsDir,
-				AuditPolicyConfiguration: kubeadmapi.AuditPolicyConfiguration{
-					Path:      "/foo/bar",
-					LogDir:    "/foo/baz",
-					LogMaxAge: utilpointer.Int32Ptr(10),
+			cfg: &kubeadmapi.InitConfiguration{
+				APIEndpoint: kubeadmapi.APIEndpoint{BindPort: 123, AdvertiseAddress: "4.3.2.1"},
+				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
+					Networking:      kubeadmapi.Networking{ServiceSubnet: "bar"},
+					CertificatesDir: testCertsDir,
+					AuditPolicyConfiguration: kubeadmapi.AuditPolicyConfiguration{
+						Path:      "/foo/bar",
+						LogDir:    "/foo/baz",
+						LogMaxAge: utilpointer.Int32Ptr(10),
+					},
 				},
 			},
 			expected: []string{
@ -229,10 +233,12 @@ func TestGetAPIServerCommand(t *testing.T) {
 		},
 		{
 			name: "ipv6 advertise address",
-			cfg: &kubeadmapi.ClusterConfiguration{
-				API:             kubeadmapi.API{BindPort: 123, AdvertiseAddress: "2001:db8::1"},
-				Networking:      kubeadmapi.Networking{ServiceSubnet: "bar"},
-				CertificatesDir: testCertsDir,
+			cfg: &kubeadmapi.InitConfiguration{
+				APIEndpoint: kubeadmapi.APIEndpoint{BindPort: 123, AdvertiseAddress: "2001:db8::1"},
+				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
+					Networking:      kubeadmapi.Networking{ServiceSubnet: "bar"},
+					CertificatesDir: testCertsDir,
+				},
 			},
 			expected: []string{
 				"kube-apiserver",
@ -266,19 +272,21 @@ func TestGetAPIServerCommand(t *testing.T) {
 		},
 		{
 			name: "an external etcd with custom ca, certs and keys",
-			cfg: &kubeadmapi.ClusterConfiguration{
-				API:          kubeadmapi.API{BindPort: 123, AdvertiseAddress: "2001:db8::1"},
-				Networking:   kubeadmapi.Networking{ServiceSubnet: "bar"},
-				FeatureGates: map[string]bool{features.HighAvailability: true},
-				Etcd: kubeadmapi.Etcd{
-					External: &kubeadmapi.ExternalEtcd{
-						Endpoints: []string{"https://8.6.4.1:2379", "https://8.6.4.2:2379"},
-						CAFile:    "fuz",
-						CertFile:  "fiz",
-						KeyFile:   "faz",
+			cfg: &kubeadmapi.InitConfiguration{
+				APIEndpoint: kubeadmapi.APIEndpoint{BindPort: 123, AdvertiseAddress: "2001:db8::1"},
+				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
+					Networking:   kubeadmapi.Networking{ServiceSubnet: "bar"},
+					FeatureGates: map[string]bool{features.HighAvailability: true},
+					Etcd: kubeadmapi.Etcd{
+						External: &kubeadmapi.ExternalEtcd{
+							Endpoints: []string{"https://8.6.4.1:2379", "https://8.6.4.2:2379"},
+							CAFile:    "fuz",
+							CertFile:  "fiz",
+							KeyFile:   "faz",
+						},
 					},
+					CertificatesDir: testCertsDir,
 				},
-				CertificatesDir: testCertsDir,
 			},
 			expected: []string{
 				"kube-apiserver",
@ -313,15 +321,17 @@ func TestGetAPIServerCommand(t *testing.T) {
 		},
 		{
 			name: "an insecure etcd",
-			cfg: &kubeadmapi.ClusterConfiguration{
-				API:        kubeadmapi.API{BindPort: 123, AdvertiseAddress: "2001:db8::1"},
-				Networking: kubeadmapi.Networking{ServiceSubnet: "bar"},
-				Etcd: kubeadmapi.Etcd{
-					External: &kubeadmapi.ExternalEtcd{
-						Endpoints: []string{"http://127.0.0.1:2379", "http://127.0.0.1:2380"},
+			cfg: &kubeadmapi.InitConfiguration{
+				APIEndpoint: kubeadmapi.APIEndpoint{BindPort: 123, AdvertiseAddress: "2001:db8::1"},
+				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
+					Networking: kubeadmapi.Networking{ServiceSubnet: "bar"},
+					Etcd: kubeadmapi.Etcd{
+						External: &kubeadmapi.ExternalEtcd{
+							Endpoints: []string{"http://127.0.0.1:2379", "http://127.0.0.1:2380"},
+						},
 					},
+					CertificatesDir: testCertsDir,
 				},
-				CertificatesDir: testCertsDir,
 			},
 			expected: []string{
 				"kube-apiserver",
@ -352,13 +362,15 @@ func TestGetAPIServerCommand(t *testing.T) {
 		},
 		{
 			name: "auditing and HA are enabled with a custom log max age of 0",
-			cfg: &kubeadmapi.ClusterConfiguration{
-				API:             kubeadmapi.API{BindPort: 123, AdvertiseAddress: "2001:db8::1"},
-				Networking:      kubeadmapi.Networking{ServiceSubnet: "bar"},
-				FeatureGates:    map[string]bool{features.HighAvailability: true, features.Auditing: true},
-				CertificatesDir: testCertsDir,
-				AuditPolicyConfiguration: kubeadmapi.AuditPolicyConfiguration{
-					LogMaxAge: utilpointer.Int32Ptr(0),
+			cfg: &kubeadmapi.InitConfiguration{
+				APIEndpoint: kubeadmapi.APIEndpoint{BindPort: 123, AdvertiseAddress: "2001:db8::1"},
+				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
+					Networking:      kubeadmapi.Networking{ServiceSubnet: "bar"},
+					FeatureGates:    map[string]bool{features.HighAvailability: true, features.Auditing: true},
+					CertificatesDir: testCertsDir,
+					AuditPolicyConfiguration: kubeadmapi.AuditPolicyConfiguration{
+						LogMaxAge: utilpointer.Int32Ptr(0),
+					},
 				},
 			},
 			expected: []string{
@ -397,11 +409,13 @@ func TestGetAPIServerCommand(t *testing.T) {
 		},
 		{
 			name: "ensure the DynamicKubelet flag gets passed through",
-			cfg: &kubeadmapi.ClusterConfiguration{
-				API:             kubeadmapi.API{BindPort: 123, AdvertiseAddress: "1.2.3.4"},
-				Networking:      kubeadmapi.Networking{ServiceSubnet: "bar"},
-				CertificatesDir: testCertsDir,
-				FeatureGates:    map[string]bool{features.DynamicKubeletConfig: true},
+			cfg: &kubeadmapi.InitConfiguration{
+				APIEndpoint: kubeadmapi.APIEndpoint{BindPort: 123, AdvertiseAddress: "1.2.3.4"},
+				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
+					Networking:      kubeadmapi.Networking{ServiceSubnet: "bar"},
+					CertificatesDir: testCertsDir,
+					FeatureGates:    map[string]bool{features.DynamicKubeletConfig: true},
+				},
 			},
 			expected: []string{
 				"kube-apiserver",
@ -436,16 +450,18 @@ func TestGetAPIServerCommand(t *testing.T) {
 		},
 		{
 			name: "test APIServerExtraArgs works as expected",
-			cfg: &kubeadmapi.ClusterConfiguration{
-				API:             kubeadmapi.API{BindPort: 123, AdvertiseAddress: "1.2.3.4"},
-				Networking:      kubeadmapi.Networking{ServiceSubnet: "bar"},
-				CertificatesDir: testCertsDir,
-				FeatureGates:    map[string]bool{features.DynamicKubeletConfig: true, features.Auditing: true},
-				APIServerExtraArgs: map[string]string{
-					"service-cluster-ip-range": "baz",
-					"advertise-address":        "9.9.9.9",
-					"audit-policy-file":        "/etc/config/audit.yaml",
-					"audit-log-path":           "/var/log/kubernetes",
+			cfg: &kubeadmapi.InitConfiguration{
+				APIEndpoint: kubeadmapi.APIEndpoint{BindPort: 123, AdvertiseAddress: "1.2.3.4"},
+				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
+					Networking:      kubeadmapi.Networking{ServiceSubnet: "bar"},
+					CertificatesDir: testCertsDir,
+					FeatureGates:    map[string]bool{features.DynamicKubeletConfig: true, features.Auditing: true},
+					APIServerExtraArgs: map[string]string{
+						"service-cluster-ip-range": "baz",
+						"advertise-address":        "9.9.9.9",
+						"audit-policy-file":        "/etc/config/audit.yaml",
+						"audit-log-path":           "/var/log/kubernetes",
+					},
 				},
 			},
 			expected: []string{
@ -484,12 +500,14 @@ func TestGetAPIServerCommand(t *testing.T) {
 		},
 		{
 			name: "authorization-mode extra-args ABAC",
-			cfg: &kubeadmapi.ClusterConfiguration{
-				API:             kubeadmapi.API{BindPort: 123, AdvertiseAddress: "1.2.3.4"},
-				Networking:      kubeadmapi.Networking{ServiceSubnet: "bar"},
-				CertificatesDir: testCertsDir,
-				APIServerExtraArgs: map[string]string{
-					"authorization-mode": authzmodes.ModeABAC,
+			cfg: &kubeadmapi.InitConfiguration{
+				APIEndpoint: kubeadmapi.APIEndpoint{BindPort: 123, AdvertiseAddress: "1.2.3.4"},
+				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
+					Networking:      kubeadmapi.Networking{ServiceSubnet: "bar"},
+					CertificatesDir: testCertsDir,
+					APIServerExtraArgs: map[string]string{
+						"authorization-mode": authzmodes.ModeABAC,
+					},
 				},
 			},
 			expected: []string{
@ -524,12 +542,14 @@ func TestGetAPIServerCommand(t *testing.T) {
 		},
 		{
 			name: "insecure-port extra-args",
-			cfg: &kubeadmapi.ClusterConfiguration{
-				API:             kubeadmapi.API{BindPort: 123, AdvertiseAddress: "1.2.3.4"},
-				Networking:      kubeadmapi.Networking{ServiceSubnet: "bar"},
-				CertificatesDir: testCertsDir,
-				APIServerExtraArgs: map[string]string{
-					"insecure-port": "1234",
+			cfg: &kubeadmapi.InitConfiguration{
+				APIEndpoint: kubeadmapi.APIEndpoint{BindPort: 123, AdvertiseAddress: "1.2.3.4"},
+				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
+					Networking:      kubeadmapi.Networking{ServiceSubnet: "bar"},
+					CertificatesDir: testCertsDir,
+					APIServerExtraArgs: map[string]string{
+						"insecure-port": "1234",
+					},
 				},
 			},
 			expected: []string{
@ -564,12 +584,14 @@ func TestGetAPIServerCommand(t *testing.T) {
 		},
 		{
 			name: "authorization-mode extra-args Webhook",
-			cfg: &kubeadmapi.ClusterConfiguration{
-				API:             kubeadmapi.API{BindPort: 123, AdvertiseAddress: "1.2.3.4"},
-				Networking:      kubeadmapi.Networking{ServiceSubnet: "bar"},
-				CertificatesDir: testCertsDir,
-				APIServerExtraArgs: map[string]string{
-					"authorization-mode": authzmodes.ModeWebhook,
+			cfg: &kubeadmapi.InitConfiguration{
+				APIEndpoint: kubeadmapi.APIEndpoint{BindPort: 123, AdvertiseAddress: "1.2.3.4"},
+				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
+					Networking:      kubeadmapi.Networking{ServiceSubnet: "bar"},
+					CertificatesDir: testCertsDir,
+					APIServerExtraArgs: map[string]string{
+						"authorization-mode": authzmodes.ModeWebhook,
+					},
 				},
 			},
 			expected: []string{
@ -606,11 +628,7 @@ func TestGetAPIServerCommand(t *testing.T) {

 	for _, rt := range tests {
 		t.Run(rt.name, func(t *testing.T) {
-			// TODO: Make getAPIServerCommand accept a ClusterConfiguration object instead of InitConfiguration
-			initcfg := &kubeadmapi.InitConfiguration{
-				ClusterConfiguration: *rt.cfg,
-			}
-			actual := getAPIServerCommand(initcfg)
+			actual := getAPIServerCommand(rt.cfg)
 			sort.Strings(actual)
 			sort.Strings(rt.expected)
 			if !reflect.DeepEqual(actual, rt.expected) {
@ -829,16 +847,18 @@ func TestGetControllerManagerCommandExternalCA(t *testing.T) {

 	tests := []struct {
 		name            string
-		cfg             *kubeadmapi.ClusterConfiguration
+		cfg             *kubeadmapi.InitConfiguration
 		caKeyPresent    bool
 		expectedArgFunc func(dir string) []string
 	}{
 		{
 			name: "caKeyPresent-false",
-			cfg: &kubeadmapi.ClusterConfiguration{
-				KubernetesVersion: "v1.7.0",
-				API:               kubeadmapi.API{AdvertiseAddress: "1.2.3.4"},
-				Networking:        kubeadmapi.Networking{ServiceSubnet: "10.96.0.0/12", DNSDomain: "cluster.local"},
+			cfg: &kubeadmapi.InitConfiguration{
+				APIEndpoint: kubeadmapi.APIEndpoint{AdvertiseAddress: "1.2.3.4"},
+				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
+					KubernetesVersion: "v1.7.0",
+					Networking:        kubeadmapi.Networking{ServiceSubnet: "10.96.0.0/12", DNSDomain: "cluster.local"},
+				},
 			},
 			caKeyPresent: false,
 			expectedArgFunc: func(tmpdir string) []string {
@ -858,10 +878,12 @@ func TestGetControllerManagerCommandExternalCA(t *testing.T) {
 		},
 		{
 			name: "caKeyPresent true",
-			cfg: &kubeadmapi.ClusterConfiguration{
-				KubernetesVersion: "v1.7.0",
-				API:               kubeadmapi.API{AdvertiseAddress: "1.2.3.4"},
-				Networking:        kubeadmapi.Networking{ServiceSubnet: "10.96.0.0/12", DNSDomain: "cluster.local"},
+			cfg: &kubeadmapi.InitConfiguration{
+				APIEndpoint: kubeadmapi.APIEndpoint{AdvertiseAddress: "1.2.3.4"},
+				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
+					KubernetesVersion: "v1.7.0",
+					Networking:        kubeadmapi.Networking{ServiceSubnet: "10.96.0.0/12", DNSDomain: "cluster.local"},
+				},
 			},
 			caKeyPresent: true,
 			expectedArgFunc: func(tmpdir string) []string {
@ -887,12 +909,7 @@ func TestGetControllerManagerCommandExternalCA(t *testing.T) {
 		defer os.RemoveAll(tmpdir)
 		test.cfg.CertificatesDir = tmpdir

-		// TODO: Make getControllerManagerCommand and CreatePKIAssets accept a ClusterConfiguration object instead of InitConfiguration
-		initcfg := &kubeadmapi.InitConfiguration{
-			ClusterConfiguration: *test.cfg,
-		}
-
-		if err := certs.CreatePKIAssets(initcfg); err != nil {
+		if err := certs.CreatePKIAssets(test.cfg); err != nil {
 			t.Errorf("failed creating pki assets: %v", err)
 		}

@ -906,7 +923,7 @@ func TestGetControllerManagerCommandExternalCA(t *testing.T) {
 			}
 		}

-		actual := getControllerManagerCommand(initcfg, version.MustParseSemantic(test.cfg.KubernetesVersion))
+		actual := getControllerManagerCommand(test.cfg, version.MustParseSemantic(test.cfg.KubernetesVersion))
 		expected := test.expectedArgFunc(tmpdir)
 		sort.Strings(actual)
 		sort.Strings(expected)
--- a/cmd/kubeadm/app/phases/kubeconfig/kubeconfig_test.go
+++ b/cmd/kubeadm/app/phases/kubeconfig/kubeconfig_test.go
@ -66,39 +66,39 @@ func TestGetKubeConfigSpecs(t *testing.T) {
 	// Creates Master Configurations pointing to the pkidir folder
 	cfgs := []*kubeadmapi.InitConfiguration{
 		{
+			APIEndpoint: kubeadmapi.APIEndpoint{AdvertiseAddress: "1.2.3.4", BindPort: 1234},
 			ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-				API:             kubeadmapi.API{AdvertiseAddress: "1.2.3.4", BindPort: 1234},
 				CertificatesDir: pkidir,
 			},
 			NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: "valid-node-name"},
 		},
 		{
+			APIEndpoint: kubeadmapi.APIEndpoint{AdvertiseAddress: "1.2.3.4", BindPort: 1234},
 			ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-				API:                  kubeadmapi.API{AdvertiseAddress: "1.2.3.4", BindPort: 1234},
 				ControlPlaneEndpoint: "api.k8s.io",
 				CertificatesDir:      pkidir,
 			},
 			NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: "valid-node-name"},
 		},
 		{
+			APIEndpoint: kubeadmapi.APIEndpoint{AdvertiseAddress: "1.2.3.4", BindPort: 1234},
 			ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-				API:                  kubeadmapi.API{AdvertiseAddress: "1.2.3.4", BindPort: 1234},
 				ControlPlaneEndpoint: "api.k8s.io:4321",
 				CertificatesDir:      pkidir,
 			},
 			NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: "valid-node-name"},
 		},
 		{
+			APIEndpoint: kubeadmapi.APIEndpoint{AdvertiseAddress: "1.2.3.4", BindPort: 1234},
 			ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-				API:                  kubeadmapi.API{AdvertiseAddress: "1.2.3.4", BindPort: 1234},
 				ControlPlaneEndpoint: "api.k8s.io",
 				CertificatesDir:      pkidir,
 			},
 			NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: "valid-node-name"},
 		},
 		{
+			APIEndpoint: kubeadmapi.APIEndpoint{AdvertiseAddress: "1.2.3.4", BindPort: 1234},
 			ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-				API:                  kubeadmapi.API{AdvertiseAddress: "1.2.3.4", BindPort: 1234},
 				ControlPlaneEndpoint: "api.k8s.io:4321",
 				CertificatesDir:      pkidir,
 			},
@ -320,8 +320,8 @@ func TestCreateKubeconfigFilesAndWrappers(t *testing.T) {

 		// Creates a Master Configuration pointing to the pkidir folder
 		cfg := &kubeadmapi.InitConfiguration{
+			APIEndpoint: kubeadmapi.APIEndpoint{AdvertiseAddress: "1.2.3.4", BindPort: 1234},
 			ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-				API:             kubeadmapi.API{AdvertiseAddress: "1.2.3.4", BindPort: 1234},
 				CertificatesDir: pkidir,
 			},
 		}
@ -397,8 +397,8 @@ func TestWriteKubeConfig(t *testing.T) {

 	// Creates a Master Configuration pointing to the pkidir folder
 	cfg := &kubeadmapi.InitConfiguration{
+		APIEndpoint: kubeadmapi.APIEndpoint{AdvertiseAddress: "1.2.3.4", BindPort: 1234},
 		ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-			API:             kubeadmapi.API{AdvertiseAddress: "1.2.3.4", BindPort: 1234},
 			CertificatesDir: pkidir,
 		},
 	}
--- a/cmd/kubeadm/app/phases/upgrade/postupgrade_test.go
+++ b/cmd/kubeadm/app/phases/upgrade/postupgrade_test.go
@ -130,8 +130,8 @@ func TestRollbackFiles(t *testing.T) {

 func TestShouldBackupAPIServerCertAndKey(t *testing.T) {
 	cfg := &kubeadmapi.InitConfiguration{
+		APIEndpoint: kubeadmapi.APIEndpoint{AdvertiseAddress: "1.2.3.4"},
 		ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-			API:        kubeadmapi.API{AdvertiseAddress: "1.2.3.4"},
 			Networking: kubeadmapi.Networking{ServiceSubnet: "10.96.0.0/12", DNSDomain: "cluster.local"},
 		},
 		NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: "test-node"},
--- a/cmd/kubeadm/app/phases/uploadconfig/uploadconfig_test.go
+++ b/cmd/kubeadm/app/phases/uploadconfig/uploadconfig_test.go
@ -65,10 +65,10 @@ func TestUploadConfiguration(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t2 *testing.T) {
 			initialcfg := &kubeadmapiv1alpha3.InitConfiguration{
+				APIEndpoint: kubeadmapiv1alpha3.APIEndpoint{
+					AdvertiseAddress: "1.2.3.4",
+				},
 				ClusterConfiguration: kubeadmapiv1alpha3.ClusterConfiguration{
-					API: kubeadmapiv1alpha3.API{
-						AdvertiseAddress: "1.2.3.4",
-					},
 					KubernetesVersion: "v1.10.10",
 				},
 				BootstrapTokens: []kubeadmapiv1alpha3.BootstrapToken{
--- a/cmd/kubeadm/app/preflight/checks.go
+++ b/cmd/kubeadm/app/preflight/checks.go
@ -855,15 +855,15 @@ func RunInitMasterChecks(execer utilsexec.Interface, cfg *kubeadmapi.InitConfigu
 	manifestsDir := filepath.Join(kubeadmconstants.KubernetesDir, kubeadmconstants.ManifestsSubDirName)
 	checks := []Checker{
 		KubernetesVersionCheck{KubernetesVersion: cfg.KubernetesVersion, KubeadmVersion: kubeadmversion.Get().GitVersion},
-		FirewalldCheck{ports: []int{int(cfg.API.BindPort), 10250}},
-		PortOpenCheck{port: int(cfg.API.BindPort)},
+		FirewalldCheck{ports: []int{int(cfg.APIEndpoint.BindPort), 10250}},
+		PortOpenCheck{port: int(cfg.APIEndpoint.BindPort)},
 		PortOpenCheck{port: 10251},
 		PortOpenCheck{port: 10252},
 		FileAvailableCheck{Path: kubeadmconstants.GetStaticPodFilepath(kubeadmconstants.KubeAPIServer, manifestsDir)},
 		FileAvailableCheck{Path: kubeadmconstants.GetStaticPodFilepath(kubeadmconstants.KubeControllerManager, manifestsDir)},
 		FileAvailableCheck{Path: kubeadmconstants.GetStaticPodFilepath(kubeadmconstants.KubeScheduler, manifestsDir)},
 		FileAvailableCheck{Path: kubeadmconstants.GetStaticPodFilepath(kubeadmconstants.Etcd, manifestsDir)},
-		HTTPProxyCheck{Proto: "https", Host: cfg.API.AdvertiseAddress},
+		HTTPProxyCheck{Proto: "https", Host: cfg.APIEndpoint.AdvertiseAddress},
 		HTTPProxyCIDRCheck{Proto: "https", CIDR: cfg.Networking.ServiceSubnet},
 		HTTPProxyCIDRCheck{Proto: "https", CIDR: cfg.Networking.PodSubnet},
 	}
@ -898,7 +898,7 @@ func RunInitMasterChecks(execer utilsexec.Interface, cfg *kubeadmapi.InitConfigu
 		checks = append(checks, ExternalEtcdVersionCheck{Etcd: cfg.Etcd})
 	}

-	if ip := net.ParseIP(cfg.API.AdvertiseAddress); ip != nil {
+	if ip := net.ParseIP(cfg.APIEndpoint.AdvertiseAddress); ip != nil {
 		if ip.To4() == nil && ip.To16() != nil {
 			checks = append(checks,
 				FileContentCheck{Path: bridgenf6, Content: []byte{'1'}},
--- a/cmd/kubeadm/app/preflight/checks_test.go
+++ b/cmd/kubeadm/app/preflight/checks_test.go
@ -186,49 +186,52 @@ func (pfct preflightCheckTest) Check() (warning, errors []error) {
 func TestRunInitMasterChecks(t *testing.T) {
 	var tests = []struct {
 		name     string
-		cfg      *kubeadmapi.ClusterConfiguration
+		cfg      *kubeadmapi.InitConfiguration
 		expected bool
 	}{
 		{name: "Test valid advertised address",
-			cfg: &kubeadmapi.ClusterConfiguration{
-				API: kubeadmapi.API{AdvertiseAddress: "foo"},
+			cfg: &kubeadmapi.InitConfiguration{
+				APIEndpoint: kubeadmapi.APIEndpoint{AdvertiseAddress: "foo"},
 			},
 			expected: false,
 		},
 		{
 			name: "Test CA file exists if specfied",
-			cfg: &kubeadmapi.ClusterConfiguration{
-				Etcd: kubeadmapi.Etcd{External: &kubeadmapi.ExternalEtcd{CAFile: "/foo"}},
+			cfg: &kubeadmapi.InitConfiguration{
+				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
+					Etcd: kubeadmapi.Etcd{External: &kubeadmapi.ExternalEtcd{CAFile: "/foo"}},
+				},
 			},
 			expected: false,
 		},
 		{
 			name: "Test Cert file exists if specfied",
-			cfg: &kubeadmapi.ClusterConfiguration{
-				Etcd: kubeadmapi.Etcd{External: &kubeadmapi.ExternalEtcd{CertFile: "/foo"}},
+			cfg: &kubeadmapi.InitConfiguration{
+				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
+					Etcd: kubeadmapi.Etcd{External: &kubeadmapi.ExternalEtcd{CertFile: "/foo"}},
+				},
 			},
 			expected: false,
 		},
 		{
 			name: "Test Key file exists if specfied",
-			cfg: &kubeadmapi.ClusterConfiguration{
-				Etcd: kubeadmapi.Etcd{External: &kubeadmapi.ExternalEtcd{CertFile: "/foo"}},
+			cfg: &kubeadmapi.InitConfiguration{
+				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
+					Etcd: kubeadmapi.Etcd{External: &kubeadmapi.ExternalEtcd{CertFile: "/foo"}},
+				},
 			},
 			expected: false,
 		},
 		{
-			cfg: &kubeadmapi.ClusterConfiguration{
-				API: kubeadmapi.API{AdvertiseAddress: "2001:1234::1:15"},
+			cfg: &kubeadmapi.InitConfiguration{
+				APIEndpoint: kubeadmapi.APIEndpoint{AdvertiseAddress: "2001:1234::1:15"},
 			},
 			expected: false,
 		},
 	}
 	for _, rt := range tests {
 		// TODO: Make RunInitMasterChecks accept a ClusterConfiguration object instead of InitConfiguration
-		initcfg := &kubeadmapi.InitConfiguration{
-			ClusterConfiguration: *rt.cfg,
-		}
-		actual := RunInitMasterChecks(exec.New(), initcfg, sets.NewString())
+		actual := RunInitMasterChecks(exec.New(), rt.cfg, sets.NewString())
 		if (actual == nil) != rt.expected {
 			t.Errorf(
 				"failed RunInitMasterChecks:\n\texpected: %t\n\t  actual: %t\n\t error: %v",
--- a/cmd/kubeadm/app/util/config/cluster.go
+++ b/cmd/kubeadm/app/util/config/cluster.go
@ -42,9 +42,9 @@ func FetchConfigFromFileOrCluster(client clientset.Interface, w io.Writer, logPr
 	if err != nil {
 		return nil, err
 	}
-	// In this function we're only interested in the ClusterConfiguration part.
-	// TODO: As described above, the return value of this func actually should be a ClusterConfiguration
-	if err := SetClusterDynamicDefaults(&initcfg.ClusterConfiguration); err != nil {
+
+	//TODO: this will be reviewed in the following PR for reading/storing the kubeadm-config ConfigMap
+	if err := SetInitDynamicDefaults(initcfg); err != nil {
 		return nil, err
 	}
 	return initcfg, err
--- a/cmd/kubeadm/app/util/config/cluster_test.go
+++ b/cmd/kubeadm/app/util/config/cluster_test.go
@ -41,12 +41,12 @@ func TestFetchConfigFromFileOrCluster(t *testing.T) {
 		{
 			name: "fetch valid config from configMap",
 			testCfg: &kubeadmapi.InitConfiguration{
+				APIEndpoint: kubeadmapi.APIEndpoint{
+					AdvertiseAddress: "1.2.3.4",
+					BindPort:         6443,
+				},
 				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
 					KubernetesVersion: "v1.10.3",
-					API: kubeadm.API{
-						AdvertiseAddress: "1.2.3.4",
-						BindPort:         6443,
-					},
 					Etcd: kubeadm.Etcd{
 						Local: &kubeadm.LocalEtcd{
 							DataDir: "/some/path",
@ -76,12 +76,12 @@ func TestFetchConfigFromFileOrCluster(t *testing.T) {
 		{
 			name: "fetch invalid config from configMap",
 			testCfg: &kubeadmapi.InitConfiguration{
+				APIEndpoint: kubeadmapi.APIEndpoint{
+					AdvertiseAddress: "1.2.3.4",
+					BindPort:         6443,
+				},
 				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
 					KubernetesVersion: "v1.10.3",
-					API: kubeadm.API{
-						AdvertiseAddress: "1.2.3.4",
-						BindPort:         6443,
-					},
 					Etcd: kubeadm.Etcd{
 						Local: &kubeadm.LocalEtcd{
 							DataDir: "/some/path",
@ -113,12 +113,12 @@ func TestFetchConfigFromFileOrCluster(t *testing.T) {
 			name:    "fetch valid config from cfgPath",
 			cfgPath: "testdata/conversion/master/v1alpha3.yaml",
 			testCfg: &kubeadmapi.InitConfiguration{
+				APIEndpoint: kubeadmapi.APIEndpoint{
+					AdvertiseAddress: "1.2.3.4",
+					BindPort:         6443,
+				},
 				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
 					KubernetesVersion: "v1.10.3",
-					API: kubeadm.API{
-						AdvertiseAddress: "1.2.3.4",
-						BindPort:         6443,
-					},
 					Etcd: kubeadm.Etcd{
 						Local: &kubeadm.LocalEtcd{
 							DataDir: "/some/path",
--- a/cmd/kubeadm/app/util/config/masterconfig.go
+++ b/cmd/kubeadm/app/util/config/masterconfig.go
@ -43,12 +43,29 @@ import (

 // SetInitDynamicDefaults checks and sets configuration values for the InitConfiguration object
 func SetInitDynamicDefaults(cfg *kubeadmapi.InitConfiguration) error {
+	if err := SetBootstrapTokensDynamicDefaults(&cfg.BootstrapTokens); err != nil {
+		return err
+	}
+	if err := SetNodeRegistrationDynamicDefaults(&cfg.NodeRegistration, true); err != nil {
+		return err
+	}
+	if err := SetAPIEndpointDynamicDefaults(&cfg.APIEndpoint); err != nil {
+		return err
+	}
+	if err := SetClusterDynamicDefaults(&cfg.ClusterConfiguration, cfg.APIEndpoint.AdvertiseAddress); err != nil {
+		return err
+	}
+	return nil
+}
+
+// SetBootstrapTokensDynamicDefaults checks and sets configuration values for the BootstrapTokens object
+func SetBootstrapTokensDynamicDefaults(cfg *[]kubeadmapi.BootstrapToken) error {
 	// Populate the .Token field with a random value if unset
 	// We do this at this layer, and not the API defaulting layer
 	// because of possible security concerns, and more practically
 	// because we can't return errors in the API object defaulting
 	// process but here we can.
-	for i, bt := range cfg.BootstrapTokens {
+	for i, bt := range *cfg {
 		if bt.Token != nil && len(bt.Token.String()) > 0 {
 			continue
 		}
@ -61,33 +78,34 @@ func SetInitDynamicDefaults(cfg *kubeadmapi.InitConfiguration) error {
 		if err != nil {
 			return err
 		}
-		cfg.BootstrapTokens[i].Token = token
+		(*cfg)[i].Token = token
 	}

+	return nil
+}
+
+// SetNodeRegistrationDynamicDefaults checks and sets configuration values for the NodeRegistration object
+func SetNodeRegistrationDynamicDefaults(cfg *kubeadmapi.NodeRegistrationOptions, masterTaint bool) error {
 	var err error
-	cfg.NodeRegistration.Name, err = nodeutil.GetHostname(cfg.NodeRegistration.Name)
+	cfg.Name, err = nodeutil.GetHostname(cfg.Name)
 	if err != nil {
 		return err
 	}

 	// Only if the slice is nil, we should append the master taint. This allows the user to specify an empty slice for no default master taint
-	if cfg.NodeRegistration.Taints == nil {
-		cfg.NodeRegistration.Taints = []v1.Taint{kubeadmconstants.MasterTaint}
+	if masterTaint && cfg.Taints == nil {
+		cfg.Taints = []v1.Taint{kubeadmconstants.MasterTaint}
 	}

-	// Do all the defaulting for the nested ClusterConfiguration as well
-	return SetClusterDynamicDefaults(&cfg.ClusterConfiguration)
+	return nil
 }

-// SetClusterDynamicDefaults checks and sets configuration values for the InitConfiguration object
-func SetClusterDynamicDefaults(cfg *kubeadmapi.ClusterConfiguration) error {
-	// Default all the embedded ComponentConfig structs
-	componentconfigs.Known.Default(cfg)
-
+// SetAPIEndpointDynamicDefaults checks and sets configuration values for the APIEndpoint object
+func SetAPIEndpointDynamicDefaults(cfg *kubeadmapi.APIEndpoint) error {
 	// validate cfg.API.AdvertiseAddress.
-	addressIP := net.ParseIP(cfg.API.AdvertiseAddress)
-	if addressIP == nil && cfg.API.AdvertiseAddress != "" {
-		return fmt.Errorf("couldn't use \"%s\" as \"apiserver-advertise-address\", must be ipv4 or ipv6 address", cfg.API.AdvertiseAddress)
+	addressIP := net.ParseIP(cfg.AdvertiseAddress)
+	if addressIP == nil && cfg.AdvertiseAddress != "" {
+		return fmt.Errorf("couldn't use \"%s\" as \"apiserver-advertise-address\", must be ipv4 or ipv6 address", cfg.AdvertiseAddress)
 	}
 	// Choose the right address for the API Server to advertise. If the advertise address is localhost or 0.0.0.0, the default interface's IP address is used
 	// This is the same logic as the API Server uses
@ -95,13 +113,23 @@ func SetClusterDynamicDefaults(cfg *kubeadmapi.ClusterConfiguration) error {
 	if err != nil {
 		return err
 	}
-	cfg.API.AdvertiseAddress = ip.String()
-	ip = net.ParseIP(cfg.API.AdvertiseAddress)
+	cfg.AdvertiseAddress = ip.String()
+
+	return nil
+}
+
+// SetClusterDynamicDefaults checks and sets configuration values for the InitConfiguration object
+func SetClusterDynamicDefaults(cfg *kubeadmapi.ClusterConfiguration, advertiseAddress string) error {
+	// Default all the embedded ComponentConfig structs
+	componentconfigs.Known.Default(cfg)
+
+	ip := net.ParseIP(advertiseAddress)
 	if ip.To4() != nil {
 		cfg.ComponentConfigs.KubeProxy.BindAddress = kubeadmapiv1alpha3.DefaultProxyBindAddressv4
 	} else {
 		cfg.ComponentConfigs.KubeProxy.BindAddress = kubeadmapiv1alpha3.DefaultProxyBindAddressv6
 	}
+
 	// Resolve possible version labels and validate version string
 	if err := NormalizeKubernetesVersion(cfg); err != nil {
 		return err
--- a/cmd/kubeadm/app/util/config/nodeconfig.go
+++ b/cmd/kubeadm/app/util/config/nodeconfig.go
@ -23,28 +23,21 @@ import (
 	"github.com/golang/glog"

 	"k8s.io/apimachinery/pkg/runtime"
-	netutil "k8s.io/apimachinery/pkg/util/net"
 	kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
 	kubeadmscheme "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/scheme"
 	kubeadmapiv1alpha3 "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1alpha3"
 	"k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/validation"
-	"k8s.io/kubernetes/pkg/util/node"
 )

 // SetJoinDynamicDefaults checks and sets configuration values for the JoinConfiguration object
 func SetJoinDynamicDefaults(cfg *kubeadmapi.JoinConfiguration) error {
-	nodeName, err := node.GetHostname(cfg.NodeRegistration.Name)
-	if err != nil {
+
+	if err := SetNodeRegistrationDynamicDefaults(&cfg.NodeRegistration, cfg.ControlPlane); err != nil {
 		return err
 	}
-	cfg.NodeRegistration.Name = nodeName

-	if cfg.AdvertiseAddress == "" {
-		ip, err := netutil.ChooseBindAddress(nil)
-		if err != nil {
-			return err
-		}
-		cfg.AdvertiseAddress = ip.String()
+	if err := SetAPIEndpointDynamicDefaults(&cfg.APIEndpoint); err != nil {
+		return err
 	}

 	return nil
--- a/cmd/kubeadm/app/util/config/testdata/conversion/master/internal.yaml
+++ b/cmd/kubeadm/app/util/config/testdata/conversion/master/internal.yaml
@ -1,4 +1,4 @@
-API:
+APIEndpoint:
  AdvertiseAddress: 192.168.2.2
  BindPort: 6443
 APIServerCertSANs: null
--- a/cmd/kubeadm/app/util/config/testdata/conversion/master/v1alpha3.yaml
+++ b/cmd/kubeadm/app/util/config/testdata/conversion/master/v1alpha3.yaml
@ -1,3 +1,6 @@
+apiEndpoint:
+  advertiseAddress: 192.168.2.2
+  bindPort: 6443
 apiVersion: kubeadm.k8s.io/v1alpha3
 bootstrapTokens:
 - groups:
@ -15,9 +18,6 @@ nodeRegistration:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
 ---
-api:
-  advertiseAddress: 192.168.2.2
-  bindPort: 6443
 apiServerExtraArgs:
  authorization-mode: Node,RBAC,Webhook
 apiVersion: kubeadm.k8s.io/v1alpha3
--- a/cmd/kubeadm/app/util/config/testdata/conversion/node/internal.yaml
+++ b/cmd/kubeadm/app/util/config/testdata/conversion/node/internal.yaml
@ -1,4 +1,6 @@
-AdvertiseAddress: 192.168.2.2
+APIEndpoint:
+  AdvertiseAddress: 192.168.2.2
+  BindPort: 6443
 CACertPath: /etc/kubernetes/pki/ca.crt
 ClusterName: kubernetes
 ControlPlane: false
--- a/cmd/kubeadm/app/util/config/testdata/conversion/node/v1alpha3.yaml
+++ b/cmd/kubeadm/app/util/config/testdata/conversion/node/v1alpha3.yaml
@ -1,4 +1,6 @@
-advertiseAddress: 192.168.2.2
+apiEndpoint:
+  advertiseAddress: 192.168.2.2
+  bindPort: 6443
 apiVersion: kubeadm.k8s.io/v1alpha3
 caCertPath: /etc/kubernetes/pki/ca.crt
 clusterName: kubernetes
--- a/cmd/kubeadm/app/util/config/testdata/defaulting/master/defaulted.yaml
+++ b/cmd/kubeadm/app/util/config/testdata/defaulting/master/defaulted.yaml
@ -1,3 +1,6 @@
+apiEndpoint:
+  advertiseAddress: 192.168.2.2
+  bindPort: 6443
 apiVersion: kubeadm.k8s.io/v1alpha3
 bootstrapTokens:
 - groups:
@ -15,9 +18,6 @@ nodeRegistration:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
 ---
-api:
-  advertiseAddress: 192.168.2.2
-  bindPort: 6443
 apiVersion: kubeadm.k8s.io/v1alpha3
 auditPolicy:
  logDir: /var/log/kubernetes/audit
--- a/cmd/kubeadm/app/util/config/testdata/defaulting/node/defaulted.yaml
+++ b/cmd/kubeadm/app/util/config/testdata/defaulting/node/defaulted.yaml
@ -1,4 +1,6 @@
-advertiseAddress: 192.168.2.2
+apiEndpoint:
+  advertiseAddress: 192.168.2.2
+  bindPort: 6443
 apiVersion: kubeadm.k8s.io/v1alpha3
 caCertPath: /etc/kubernetes/pki/ca.crt
 clusterName: kubernetes
--- a/cmd/kubeadm/app/util/endpoint.go
+++ b/cmd/kubeadm/app/util/endpoint.go
@ -32,15 +32,15 @@ import (
 // - Otherwise, in case the ControlPlaneEndpoint is not defined, use the api.AdvertiseAddress + the api.BindPort.
 func GetMasterEndpoint(cfg *kubeadmapi.InitConfiguration) (string, error) {
 	// parse the bind port
-	bindPortString := strconv.Itoa(int(cfg.API.BindPort))
+	bindPortString := strconv.Itoa(int(cfg.APIEndpoint.BindPort))
 	if _, err := ParsePort(bindPortString); err != nil {
-		return "", fmt.Errorf("invalid value %q given for api.bindPort: %s", cfg.API.BindPort, err)
+		return "", fmt.Errorf("invalid value %q given for api.bindPort: %s", cfg.APIEndpoint.BindPort, err)
 	}

 	// parse the AdvertiseAddress
-	var ip = net.ParseIP(cfg.API.AdvertiseAddress)
+	var ip = net.ParseIP(cfg.APIEndpoint.AdvertiseAddress)
 	if ip == nil {
-		return "", fmt.Errorf("invalid value `%s` given for api.advertiseAddress", cfg.API.AdvertiseAddress)
+		return "", fmt.Errorf("invalid value `%s` given for api.advertiseAddress", cfg.APIEndpoint.AdvertiseAddress)
 	}

 	// set the master url using cfg.API.AdvertiseAddress + the cfg.API.BindPort
--- a/cmd/kubeadm/app/util/endpoint_test.go
+++ b/cmd/kubeadm/app/util/endpoint_test.go
@ -32,11 +32,11 @@ func TestGetMasterEndpoint(t *testing.T) {
 		{
 			name: "use ControlPlaneEndpoint (dns) if fully defined",
 			cfg: &kubeadmapi.InitConfiguration{
+				APIEndpoint: kubeadmapi.APIEndpoint{
+					BindPort:         4567,
+					AdvertiseAddress: "4.5.6.7",
+				},
 				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-					API: kubeadmapi.API{
-						BindPort:         4567,
-						AdvertiseAddress: "4.5.6.7",
-					},
 					ControlPlaneEndpoint: "cp.k8s.io:1234",
 				},
 			},
@ -45,11 +45,11 @@ func TestGetMasterEndpoint(t *testing.T) {
 		{
 			name: "use ControlPlaneEndpoint (ipv4) if fully defined",
 			cfg: &kubeadmapi.InitConfiguration{
+				APIEndpoint: kubeadmapi.APIEndpoint{
+					BindPort:         4567,
+					AdvertiseAddress: "4.5.6.7",
+				},
 				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-					API: kubeadmapi.API{
-						BindPort:         4567,
-						AdvertiseAddress: "4.5.6.7",
-					},
 					ControlPlaneEndpoint: "1.2.3.4:1234",
 				},
 			},
@ -58,11 +58,11 @@ func TestGetMasterEndpoint(t *testing.T) {
 		{
 			name: "use ControlPlaneEndpoint (ipv6) if fully defined",
 			cfg: &kubeadmapi.InitConfiguration{
+				APIEndpoint: kubeadmapi.APIEndpoint{
+					BindPort:         4567,
+					AdvertiseAddress: "4.5.6.7",
+				},
 				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-					API: kubeadmapi.API{
-						BindPort:         4567,
-						AdvertiseAddress: "4.5.6.7",
-					},
 					ControlPlaneEndpoint: "[2001:db8::1]:1234",
 				},
 			},
@ -71,11 +71,12 @@ func TestGetMasterEndpoint(t *testing.T) {
 		{
 			name: "use ControlPlaneEndpoint (dns) + BindPort if ControlPlaneEndpoint defined without port",
 			cfg: &kubeadmapi.InitConfiguration{
+				APIEndpoint: kubeadmapi.APIEndpoint{
+					BindPort:         4567,
+					AdvertiseAddress: "4.5.6.7",
+				},
 				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-					API: kubeadmapi.API{
-						BindPort:         4567,
-						AdvertiseAddress: "4.5.6.7",
-					},
+
 					ControlPlaneEndpoint: "cp.k8s.io",
 				},
 			},
@ -84,11 +85,11 @@ func TestGetMasterEndpoint(t *testing.T) {
 		{
 			name: "use ControlPlaneEndpoint (ipv4) + BindPort if ControlPlaneEndpoint defined without port",
 			cfg: &kubeadmapi.InitConfiguration{
+				APIEndpoint: kubeadmapi.APIEndpoint{
+					BindPort:         4567,
+					AdvertiseAddress: "4.5.6.7",
+				},
 				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-					API: kubeadmapi.API{
-						BindPort:         4567,
-						AdvertiseAddress: "4.5.6.7",
-					},
 					ControlPlaneEndpoint: "1.2.3.4",
 				},
 			},
@ -97,11 +98,12 @@ func TestGetMasterEndpoint(t *testing.T) {
 		{
 			name: "use ControlPlaneEndpoint (ipv6) + BindPort if ControlPlaneEndpoint defined without port",
 			cfg: &kubeadmapi.InitConfiguration{
+				APIEndpoint: kubeadmapi.APIEndpoint{
+					BindPort:         4567,
+					AdvertiseAddress: "4.5.6.7",
+				},
 				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-					API: kubeadmapi.API{
-						BindPort:         4567,
-						AdvertiseAddress: "4.5.6.7",
-					},
+
 					ControlPlaneEndpoint: "2001:db8::1",
 				},
 			},
@ -110,11 +112,9 @@ func TestGetMasterEndpoint(t *testing.T) {
 		{
 			name: "use AdvertiseAddress (ipv4) + BindPort if ControlPlaneEndpoint is not defined",
 			cfg: &kubeadmapi.InitConfiguration{
-				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-					API: kubeadmapi.API{
-						BindPort:         4567,
-						AdvertiseAddress: "4.5.6.7",
-					},
+				APIEndpoint: kubeadmapi.APIEndpoint{
+					BindPort:         4567,
+					AdvertiseAddress: "4.5.6.7",
 				},
 			},
 			expectedEndpoint: "https://4.5.6.7:4567",
@ -122,11 +122,9 @@ func TestGetMasterEndpoint(t *testing.T) {
 		{
 			name: "use AdvertiseAddress (ipv6) + BindPort if ControlPlaneEndpoint is not defined",
 			cfg: &kubeadmapi.InitConfiguration{
-				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-					API: kubeadmapi.API{
-						BindPort:         4567,
-						AdvertiseAddress: "2001:db8::1",
-					},
+				APIEndpoint: kubeadmapi.APIEndpoint{
+					BindPort:         4567,
+					AdvertiseAddress: "2001:db8::1",
 				},
 			},
 			expectedEndpoint: "https://[2001:db8::1]:4567",
@ -134,10 +132,8 @@ func TestGetMasterEndpoint(t *testing.T) {
 		{
 			name: "fail if invalid BindPort",
 			cfg: &kubeadmapi.InitConfiguration{
-				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-					API: kubeadmapi.API{
-						BindPort: 0,
-					},
+				APIEndpoint: kubeadmapi.APIEndpoint{
+					BindPort: 0,
 				},
 			},
 			expectedError: true,
@ -146,9 +142,6 @@ func TestGetMasterEndpoint(t *testing.T) {
 			name: "fail if invalid ControlPlaneEndpoint (dns)",
 			cfg: &kubeadmapi.InitConfiguration{
 				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-					API: kubeadmapi.API{
-						BindPort: 4567,
-					},
 					ControlPlaneEndpoint: "bad!!.cp.k8s.io",
 				},
 			},
@ -158,9 +151,6 @@ func TestGetMasterEndpoint(t *testing.T) {
 			name: "fail if invalid ControlPlaneEndpoint (ip4)",
 			cfg: &kubeadmapi.InitConfiguration{
 				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-					API: kubeadmapi.API{
-						BindPort: 4567,
-					},
 					ControlPlaneEndpoint: "1..0",
 				},
 			},
@ -170,9 +160,6 @@ func TestGetMasterEndpoint(t *testing.T) {
 			name: "fail if invalid ControlPlaneEndpoint (ip6)",
 			cfg: &kubeadmapi.InitConfiguration{
 				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-					API: kubeadmapi.API{
-						BindPort: 4567,
-					},
 					ControlPlaneEndpoint: "1200::AB00:1234::2552:7777:1313",
 				},
 			},
@ -182,9 +169,6 @@ func TestGetMasterEndpoint(t *testing.T) {
 			name: "fail if invalid ControlPlaneEndpoint (port)",
 			cfg: &kubeadmapi.InitConfiguration{
 				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-					API: kubeadmapi.API{
-						BindPort: 4567,
-					},
 					ControlPlaneEndpoint: "cp.k8s.io:0",
 				},
 			},
@ -193,11 +177,9 @@ func TestGetMasterEndpoint(t *testing.T) {
 		{
 			name: "fail if invalid AdvertiseAddress (ip4)",
 			cfg: &kubeadmapi.InitConfiguration{
-				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-					API: kubeadmapi.API{
-						AdvertiseAddress: "1..0",
-						BindPort:         4567,
-					},
+				APIEndpoint: kubeadmapi.APIEndpoint{
+					AdvertiseAddress: "1..0",
+					BindPort:         4567,
 				},
 			},
 			expectedError: true,
@ -205,11 +187,9 @@ func TestGetMasterEndpoint(t *testing.T) {
 		{
 			name: "fail if invalid AdvertiseAddress (ip6)",
 			cfg: &kubeadmapi.InitConfiguration{
-				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-					API: kubeadmapi.API{
-						AdvertiseAddress: "1200::AB00:1234::2552:7777:1313",
-						BindPort:         4567,
-					},
+				APIEndpoint: kubeadmapi.APIEndpoint{
+					AdvertiseAddress: "1200::AB00:1234::2552:7777:1313",
+					BindPort:         4567,
 				},
 			},
 			expectedError: true,
--- a/cmd/kubeadm/app/util/staticpod/utils.go
+++ b/cmd/kubeadm/app/util/staticpod/utils.go
@ -230,8 +230,8 @@ func GetProbeAddress(cfg *kubeadmapi.InitConfiguration, componentName string) st
 		// the node's IP. The only option then is to use localhost.
 		if features.Enabled(cfg.FeatureGates, features.SelfHosting) {
 			return "127.0.0.1"
-		} else if cfg.API.AdvertiseAddress != "" {
-			return cfg.API.AdvertiseAddress
+		} else if cfg.APIEndpoint.AdvertiseAddress != "" {
+			return cfg.APIEndpoint.AdvertiseAddress
 		}
 	case componentName == kubeadmconstants.KubeControllerManager:
 		if addr, exists := cfg.ControllerManagerExtraArgs[kubeControllerManagerAddressArg]; exists {
--- a/cmd/kubeadm/app/util/staticpod/utils_test.go
+++ b/cmd/kubeadm/app/util/staticpod/utils_test.go
@ -46,7 +46,7 @@ func TestComponentResources(t *testing.T) {
 func TestComponentProbe(t *testing.T) {
 	var tests = []struct {
 		name      string
-		cfg       *kubeadmapi.ClusterConfiguration
+		cfg       *kubeadmapi.InitConfiguration
 		component string
 		port      int
 		path      string
@ -55,8 +55,8 @@ func TestComponentProbe(t *testing.T) {
 	}{
 		{
 			name: "default apiserver advertise address with http",
-			cfg: &kubeadmapi.ClusterConfiguration{
-				API: kubeadmapi.API{
+			cfg: &kubeadmapi.InitConfiguration{
+				APIEndpoint: kubeadmapi.APIEndpoint{
 					AdvertiseAddress: "",
 				},
 			},
@ -68,12 +68,14 @@ func TestComponentProbe(t *testing.T) {
 		},
 		{
 			name: "default apiserver advertise address with http",
-			cfg: &kubeadmapi.ClusterConfiguration{
-				API: kubeadmapi.API{
+			cfg: &kubeadmapi.InitConfiguration{
+				APIEndpoint: kubeadmapi.APIEndpoint{
 					AdvertiseAddress: "1.2.3.4",
 				},
-				FeatureGates: map[string]bool{
-					features.SelfHosting: true,
+				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
+					FeatureGates: map[string]bool{
+						features.SelfHosting: true,
+					},
 				},
 			},
 			component: kubeadmconstants.KubeAPIServer,
@ -84,8 +86,8 @@ func TestComponentProbe(t *testing.T) {
 		},
 		{
 			name: "default apiserver advertise address with https",
-			cfg: &kubeadmapi.ClusterConfiguration{
-				API: kubeadmapi.API{
+			cfg: &kubeadmapi.InitConfiguration{
+				APIEndpoint: kubeadmapi.APIEndpoint{
 					AdvertiseAddress: "",
 				},
 			},
@ -97,8 +99,8 @@ func TestComponentProbe(t *testing.T) {
 		},
 		{
 			name: "valid ipv4 apiserver advertise address with http",
-			cfg: &kubeadmapi.ClusterConfiguration{
-				API: kubeadmapi.API{
+			cfg: &kubeadmapi.InitConfiguration{
+				APIEndpoint: kubeadmapi.APIEndpoint{
 					AdvertiseAddress: "1.2.3.4",
 				},
 			},
@ -110,8 +112,8 @@ func TestComponentProbe(t *testing.T) {
 		},
 		{
 			name: "valid ipv6 apiserver advertise address with http",
-			cfg: &kubeadmapi.ClusterConfiguration{
-				API: kubeadmapi.API{
+			cfg: &kubeadmapi.InitConfiguration{
+				APIEndpoint: kubeadmapi.APIEndpoint{
 					AdvertiseAddress: "2001:db8::1",
 				},
 			},
@ -123,8 +125,10 @@ func TestComponentProbe(t *testing.T) {
 		},
 		{
 			name: "valid IPv4 controller-manager probe",
-			cfg: &kubeadmapi.ClusterConfiguration{
-				ControllerManagerExtraArgs: map[string]string{"address": "1.2.3.4"},
+			cfg: &kubeadmapi.InitConfiguration{
+				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
+					ControllerManagerExtraArgs: map[string]string{"address": "1.2.3.4"},
+				},
 			},
 			component: kubeadmconstants.KubeControllerManager,
 			port:      1,
@ -134,8 +138,10 @@ func TestComponentProbe(t *testing.T) {
 		},
 		{
 			name: "valid IPv6 controller-manager probe",
-			cfg: &kubeadmapi.ClusterConfiguration{
-				ControllerManagerExtraArgs: map[string]string{"address": "2001:db8::1"},
+			cfg: &kubeadmapi.InitConfiguration{
+				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
+					ControllerManagerExtraArgs: map[string]string{"address": "2001:db8::1"},
+				},
 			},
 			component: kubeadmconstants.KubeControllerManager,
 			port:      1,
@ -145,8 +151,10 @@ func TestComponentProbe(t *testing.T) {
 		},
 		{
 			name: "valid IPv4 scheduler probe",
-			cfg: &kubeadmapi.ClusterConfiguration{
-				SchedulerExtraArgs: map[string]string{"address": "1.2.3.4"},
+			cfg: &kubeadmapi.InitConfiguration{
+				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
+					SchedulerExtraArgs: map[string]string{"address": "1.2.3.4"},
+				},
 			},
 			component: kubeadmconstants.KubeScheduler,
 			port:      1,
@ -156,8 +164,10 @@ func TestComponentProbe(t *testing.T) {
 		},
 		{
 			name: "valid IPv6 scheduler probe",
-			cfg: &kubeadmapi.ClusterConfiguration{
-				SchedulerExtraArgs: map[string]string{"address": "2001:db8::1"},
+			cfg: &kubeadmapi.InitConfiguration{
+				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
+					SchedulerExtraArgs: map[string]string{"address": "2001:db8::1"},
+				},
 			},
 			component: kubeadmconstants.KubeScheduler,
 			port:      1,
@ -167,11 +177,7 @@ func TestComponentProbe(t *testing.T) {
 		},
 	}
 	for _, rt := range tests {
-		// TODO: Make ComponentProbe accept a ClusterConfiguration object instead of InitConfiguration
-		initcfg := &kubeadmapi.InitConfiguration{
-			ClusterConfiguration: *rt.cfg,
-		}
-		actual := ComponentProbe(initcfg, rt.component, rt.port, rt.path, rt.scheme)
+		actual := ComponentProbe(rt.cfg, rt.component, rt.port, rt.path, rt.scheme)
 		if actual.Handler.HTTPGet.Host != rt.expected {
 			t.Errorf("%s test case failed:\n\texpected: %s\n\t  actual: %s",
 				rt.name, rt.expected,
--- a/cmd/kubeadm/test/util.go
+++ b/cmd/kubeadm/test/util.go
@ -55,15 +55,15 @@ func SetupInitConfigurationFile(t *testing.T, tmpdir string, cfg *kubeadmapi.Ini
 	cfgTemplate := template.Must(template.New("init").Parse(dedent.Dedent(`
 		apiVersion: kubeadm.k8s.io/v1alpha3
 		kind: InitConfiguration
+		apiEndpoint:
+		  advertiseAddress: {{.APIEndpoint.AdvertiseAddress}}
+		  bindPort: {{.APIEndpoint.BindPort}}
 		nodeRegistration:
 		  name: {{.NodeRegistration.Name}}
 		---
 		apiVersion: kubeadm.k8s.io/v1alpha3
 		kind: ClusterConfiguration
 		certificatesDir: {{.CertificatesDir}}
-		api:
-		  advertiseAddress: {{.API.AdvertiseAddress}}
-		  bindPort: {{.API.BindPort}}
 		kubernetesVersion: v1.10.0
 		`)))