Add a duplicated v1beta1 API

cmd/kubeadm/app/apis/kubeadm/scheme/scheme.go

@@ -24,6 +24,7 @@ import (
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
 	"k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1alpha3"
+	"k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1"
 )
 
 // Scheme is the runtime.Scheme to which all kubeadm api types are registered.
@@ -41,5 +42,6 @@ func init() {
 func AddToScheme(scheme *runtime.Scheme) {
 	utilruntime.Must(kubeadm.AddToScheme(scheme))
 	utilruntime.Must(v1alpha3.AddToScheme(scheme))
-	utilruntime.Must(scheme.SetVersionPriority(v1alpha3.SchemeGroupVersion))
+	utilruntime.Must(v1beta1.AddToScheme(scheme))
+	utilruntime.Must(scheme.SetVersionPriority(v1beta1.SchemeGroupVersion))
 }

cmd/kubeadm/app/apis/kubeadm/v1beta1/bootstraptokenstring.go

@@ -0,0 +1,86 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+import (
+	"fmt"
+	"strings"
+
+	bootstrapapi "k8s.io/cluster-bootstrap/token/api"
+	bootstraputil "k8s.io/cluster-bootstrap/token/util"
+)
+
+// BootstrapTokenString is a token of the format abcdef.abcdef0123456789 that is used
+// for both validation of the practically of the API server from a joining node's point
+// of view and as an authentication method for the node in the bootstrap phase of
+// "kubeadm join". This token is and should be short-lived
+type BootstrapTokenString struct {
+	ID     string
+	Secret string
+}
+
+// MarshalJSON implements the json.Marshaler interface.
+func (bts BootstrapTokenString) MarshalJSON() ([]byte, error) {
+	return []byte(fmt.Sprintf(`"%s"`, bts.String())), nil
+}
+
+// UnmarshalJSON implements the json.Unmarshaller interface.
+func (bts *BootstrapTokenString) UnmarshalJSON(b []byte) error {
+	// If the token is represented as "", just return quickly without an error
+	if len(b) == 0 {
+		return nil
+	}
+
+	// Remove unnecessary " characters coming from the JSON parser
+	token := strings.Replace(string(b), `"`, ``, -1)
+	// Convert the string Token to a BootstrapTokenString object
+	newbts, err := NewBootstrapTokenString(token)
+	if err != nil {
+		return err
+	}
+	bts.ID = newbts.ID
+	bts.Secret = newbts.Secret
+	return nil
+}
+
+// String returns the string representation of the BootstrapTokenString
+func (bts BootstrapTokenString) String() string {
+	if len(bts.ID) > 0 && len(bts.Secret) > 0 {
+		return bootstraputil.TokenFromIDAndSecret(bts.ID, bts.Secret)
+	}
+	return ""
+}
+
+// NewBootstrapTokenString converts the given Bootstrap Token as a string
+// to the BootstrapTokenString object used for serialization/deserialization
+// and internal usage. It also automatically validates that the given token
+// is of the right format
+func NewBootstrapTokenString(token string) (*BootstrapTokenString, error) {
+	substrs := bootstraputil.BootstrapTokenRegexp.FindStringSubmatch(token)
+	// TODO: Add a constant for the 3 value here, and explain better why it's needed (other than because how the regexp parsin works)
+	if len(substrs) != 3 {
+		return nil, fmt.Errorf("the bootstrap token %q was not of the form %q", token, bootstrapapi.BootstrapTokenPattern)
+	}
+
+	return &BootstrapTokenString{ID: substrs[1], Secret: substrs[2]}, nil
+}
+
+// NewBootstrapTokenStringFromIDAndSecret is a wrapper around NewBootstrapTokenString
+// that allows the caller to specify the ID and Secret separately
+func NewBootstrapTokenStringFromIDAndSecret(id, secret string) (*BootstrapTokenString, error) {
+	return NewBootstrapTokenString(bootstraputil.TokenFromIDAndSecret(id, secret))
+}

cmd/kubeadm/app/apis/kubeadm/v1beta1/bootstraptokenstring_test.go

@@ -0,0 +1,236 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+import (
+	"encoding/json"
+	"fmt"
+	"reflect"
+	"testing"
+)
+
+func TestMarshalJSON(t *testing.T) {
+	var tests = []struct {
+		bts      BootstrapTokenString
+		expected string
+	}{
+		{BootstrapTokenString{ID: "abcdef", Secret: "abcdef0123456789"}, `"abcdef.abcdef0123456789"`},
+		{BootstrapTokenString{ID: "foo", Secret: "bar"}, `"foo.bar"`},
+		{BootstrapTokenString{ID: "h", Secret: "b"}, `"h.b"`},
+	}
+	for _, rt := range tests {
+		b, err := json.Marshal(rt.bts)
+		if err != nil {
+			t.Fatalf("json.Marshal returned an unexpected error: %v", err)
+		}
+		if string(b) != rt.expected {
+			t.Errorf(
+				"failed BootstrapTokenString.MarshalJSON:\n\texpected: %s\n\t  actual: %s",
+				rt.expected,
+				string(b),
+			)
+		}
+	}
+}
+
+func TestUnmarshalJSON(t *testing.T) {
+	var tests = []struct {
+		input         string
+		bts           *BootstrapTokenString
+		expectedError bool
+	}{
+		{`"f.s"`, &BootstrapTokenString{}, true},
+		{`"abcdef."`, &BootstrapTokenString{}, true},
+		{`"abcdef:abcdef0123456789"`, &BootstrapTokenString{}, true},
+		{`abcdef.abcdef0123456789`, &BootstrapTokenString{}, true},
+		{`"abcdef.abcdef0123456789`, &BootstrapTokenString{}, true},
+		{`"abcdef.ABCDEF0123456789"`, &BootstrapTokenString{}, true},
+		{`"abcdef.abcdef0123456789"`, &BootstrapTokenString{ID: "abcdef", Secret: "abcdef0123456789"}, false},
+		{`"123456.aabbccddeeffgghh"`, &BootstrapTokenString{ID: "123456", Secret: "aabbccddeeffgghh"}, false},
+	}
+	for _, rt := range tests {
+		newbts := &BootstrapTokenString{}
+		err := json.Unmarshal([]byte(rt.input), newbts)
+		if (err != nil) != rt.expectedError {
+			t.Errorf("failed BootstrapTokenString.UnmarshalJSON:\n\texpected error: %t\n\t  actual error: %v", rt.expectedError, err)
+		} else if !reflect.DeepEqual(rt.bts, newbts) {
+			t.Errorf(
+				"failed BootstrapTokenString.UnmarshalJSON:\n\texpected: %v\n\t  actual: %v",
+				rt.bts,
+				newbts,
+			)
+		}
+	}
+}
+
+func TestJSONRoundtrip(t *testing.T) {
+	var tests = []struct {
+		input string
+		bts   *BootstrapTokenString
+	}{
+		{`"abcdef.abcdef0123456789"`, nil},
+		{"", &BootstrapTokenString{ID: "abcdef", Secret: "abcdef0123456789"}},
+	}
+	for _, rt := range tests {
+		if err := roundtrip(rt.input, rt.bts); err != nil {
+			t.Errorf("failed BootstrapTokenString JSON roundtrip with error: %v", err)
+		}
+	}
+}
+
+func roundtrip(input string, bts *BootstrapTokenString) error {
+	var b []byte
+	var err error
+	newbts := &BootstrapTokenString{}
+	// If string input was specified, roundtrip like this: string -> (unmarshal) -> object -> (marshal) -> string
+	if len(input) > 0 {
+		if err := json.Unmarshal([]byte(input), newbts); err != nil {
+			return fmt.Errorf("expected no unmarshal error, got error: %v", err)
+		}
+		if b, err = json.Marshal(newbts); err != nil {
+			return fmt.Errorf("expected no marshal error, got error: %v", err)
+		}
+		if input != string(b) {
+			return fmt.Errorf(
+				"expected token: %s\n\t  actual: %s",
+				input,
+				string(b),
+			)
+		}
+	} else { // Otherwise, roundtrip like this: object -> (marshal) -> string -> (unmarshal) -> object
+		if b, err = json.Marshal(bts); err != nil {
+			return fmt.Errorf("expected no marshal error, got error: %v", err)
+		}
+		if err := json.Unmarshal(b, newbts); err != nil {
+			return fmt.Errorf("expected no unmarshal error, got error: %v", err)
+		}
+		if !reflect.DeepEqual(bts, newbts) {
+			return fmt.Errorf(
+				"expected object: %v\n\t  actual: %v",
+				bts,
+				newbts,
+			)
+		}
+	}
+	return nil
+}
+
+func TestTokenFromIDAndSecret(t *testing.T) {
+	var tests = []struct {
+		bts      BootstrapTokenString
+		expected string
+	}{
+		{BootstrapTokenString{ID: "foo", Secret: "bar"}, "foo.bar"},
+		{BootstrapTokenString{ID: "abcdef", Secret: "abcdef0123456789"}, "abcdef.abcdef0123456789"},
+		{BootstrapTokenString{ID: "h", Secret: "b"}, "h.b"},
+	}
+	for _, rt := range tests {
+		actual := rt.bts.String()
+		if actual != rt.expected {
+			t.Errorf(
+				"failed BootstrapTokenString.String():\n\texpected: %s\n\t  actual: %s",
+				rt.expected,
+				actual,
+			)
+		}
+	}
+}
+
+func TestNewBootstrapTokenString(t *testing.T) {
+	var tests = []struct {
+		token         string
+		expectedError bool
+		bts           *BootstrapTokenString
+	}{
+		{token: "", expectedError: true, bts: nil},
+		{token: ".", expectedError: true, bts: nil},
+		{token: "1234567890123456789012", expectedError: true, bts: nil},   // invalid parcel size
+		{token: "12345.1234567890123456", expectedError: true, bts: nil},   // invalid parcel size
+		{token: ".1234567890123456", expectedError: true, bts: nil},        // invalid parcel size
+		{token: "123456.", expectedError: true, bts: nil},                  // invalid parcel size
+		{token: "123456:1234567890.123456", expectedError: true, bts: nil}, // invalid separation
+		{token: "abcdef:1234567890123456", expectedError: true, bts: nil},  // invalid separation
+		{token: "Abcdef.1234567890123456", expectedError: true, bts: nil},  // invalid token id
+		{token: "123456.AABBCCDDEEFFGGHH", expectedError: true, bts: nil},  // invalid token secret
+		{token: "123456.AABBCCD-EEFFGGHH", expectedError: true, bts: nil},  // invalid character
+		{token: "abc*ef.1234567890123456", expectedError: true, bts: nil},  // invalid character
+		{token: "abcdef.1234567890123456", expectedError: false, bts: &BootstrapTokenString{ID: "abcdef", Secret: "1234567890123456"}},
+		{token: "123456.aabbccddeeffgghh", expectedError: false, bts: &BootstrapTokenString{ID: "123456", Secret: "aabbccddeeffgghh"}},
+		{token: "abcdef.abcdef0123456789", expectedError: false, bts: &BootstrapTokenString{ID: "abcdef", Secret: "abcdef0123456789"}},
+		{token: "123456.1234560123456789", expectedError: false, bts: &BootstrapTokenString{ID: "123456", Secret: "1234560123456789"}},
+	}
+	for _, rt := range tests {
+		actual, err := NewBootstrapTokenString(rt.token)
+		if (err != nil) != rt.expectedError {
+			t.Errorf(
+				"failed NewBootstrapTokenString for the token %q\n\texpected error: %t\n\t  actual error: %v",
+				rt.token,
+				rt.expectedError,
+				err,
+			)
+		} else if !reflect.DeepEqual(actual, rt.bts) {
+			t.Errorf(
+				"failed NewBootstrapTokenString for the token %q\n\texpected: %v\n\t  actual: %v",
+				rt.token,
+				rt.bts,
+				actual,
+			)
+		}
+	}
+}
+
+func TestNewBootstrapTokenStringFromIDAndSecret(t *testing.T) {
+	var tests = []struct {
+		id, secret    string
+		expectedError bool
+		bts           *BootstrapTokenString
+	}{
+		{id: "", secret: "", expectedError: true, bts: nil},
+		{id: "1234567890123456789012", secret: "", expectedError: true, bts: nil}, // invalid parcel size
+		{id: "12345", secret: "1234567890123456", expectedError: true, bts: nil},  // invalid parcel size
+		{id: "", secret: "1234567890123456", expectedError: true, bts: nil},       // invalid parcel size
+		{id: "123456", secret: "", expectedError: true, bts: nil},                 // invalid parcel size
+		{id: "Abcdef", secret: "1234567890123456", expectedError: true, bts: nil}, // invalid token id
+		{id: "123456", secret: "AABBCCDDEEFFGGHH", expectedError: true, bts: nil}, // invalid token secret
+		{id: "123456", secret: "AABBCCD-EEFFGGHH", expectedError: true, bts: nil}, // invalid character
+		{id: "abc*ef", secret: "1234567890123456", expectedError: true, bts: nil}, // invalid character
+		{id: "abcdef", secret: "1234567890123456", expectedError: false, bts: &BootstrapTokenString{ID: "abcdef", Secret: "1234567890123456"}},
+		{id: "123456", secret: "aabbccddeeffgghh", expectedError: false, bts: &BootstrapTokenString{ID: "123456", Secret: "aabbccddeeffgghh"}},
+		{id: "abcdef", secret: "abcdef0123456789", expectedError: false, bts: &BootstrapTokenString{ID: "abcdef", Secret: "abcdef0123456789"}},
+		{id: "123456", secret: "1234560123456789", expectedError: false, bts: &BootstrapTokenString{ID: "123456", Secret: "1234560123456789"}},
+	}
+	for _, rt := range tests {
+		actual, err := NewBootstrapTokenStringFromIDAndSecret(rt.id, rt.secret)
+		if (err != nil) != rt.expectedError {
+			t.Errorf(
+				"failed NewBootstrapTokenStringFromIDAndSecret for the token with id %q and secret %q\n\texpected error: %t\n\t  actual error: %v",
+				rt.id,
+				rt.secret,
+				rt.expectedError,
+				err,
+			)
+		} else if !reflect.DeepEqual(actual, rt.bts) {
+			t.Errorf(
+				"failed NewBootstrapTokenStringFromIDAndSecret for the token with id %q and secret %q\n\texpected: %v\n\t  actual: %v",
+				rt.id,
+				rt.secret,
+				rt.bts,
+				actual,
+			)
+		}
+	}
+}

cmd/kubeadm/app/apis/kubeadm/v1beta1/defaults.go

@@ -0,0 +1,202 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+import (
+	"net/url"
+	"time"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/kubernetes/cmd/kubeadm/app/constants"
+)
+
+const (
+	// DefaultServiceDNSDomain defines default cluster-internal domain name for Services and Pods
+	DefaultServiceDNSDomain = "cluster.local"
+	// DefaultServicesSubnet defines default service subnet range
+	DefaultServicesSubnet = "10.96.0.0/12"
+	// DefaultClusterDNSIP defines default DNS IP
+	DefaultClusterDNSIP = "10.96.0.10"
+	// DefaultKubernetesVersion defines default kubernetes version
+	DefaultKubernetesVersion = "stable-1"
+	// DefaultAPIBindPort defines default API port
+	DefaultAPIBindPort = 6443
+	// DefaultCertificatesDir defines default certificate directory
+	DefaultCertificatesDir = "/etc/kubernetes/pki"
+	// DefaultImageRepository defines default image registry
+	DefaultImageRepository = "k8s.gcr.io"
+	// DefaultManifestsDir defines default manifests directory
+	DefaultManifestsDir = "/etc/kubernetes/manifests"
+	// DefaultClusterName defines the default cluster name
+	DefaultClusterName = "kubernetes"
+
+	// DefaultEtcdDataDir defines default location of etcd where static pods will save data to
+	DefaultEtcdDataDir = "/var/lib/etcd"
+	// DefaultProxyBindAddressv4 is the default bind address when the advertise address is v4
+	DefaultProxyBindAddressv4 = "0.0.0.0"
+	// DefaultProxyBindAddressv6 is the default bind address when the advertise address is v6
+	DefaultProxyBindAddressv6 = "::"
+	// DefaultDiscoveryTimeout specifies the default discovery timeout for kubeadm (used unless one is specified in the JoinConfiguration)
+	DefaultDiscoveryTimeout = 5 * time.Minute
+)
+
+var (
+	// DefaultAuditPolicyLogMaxAge is defined as a var so its address can be taken
+	// It is the number of days to store audit logs
+	DefaultAuditPolicyLogMaxAge = int32(2)
+)
+
+func addDefaultingFuncs(scheme *runtime.Scheme) error {
+	return RegisterDefaults(scheme)
+}
+
+// SetDefaults_InitConfiguration assigns default values for the InitConfiguration
+func SetDefaults_InitConfiguration(obj *InitConfiguration) {
+	SetDefaults_ClusterConfiguration(&obj.ClusterConfiguration)
+	SetDefaults_NodeRegistrationOptions(&obj.NodeRegistration)
+	SetDefaults_BootstrapTokens(obj)
+	SetDefaults_APIEndpoint(&obj.APIEndpoint)
+}
+
+// SetDefaults_ClusterConfiguration assigns default values for the ClusterConfiguration
+func SetDefaults_ClusterConfiguration(obj *ClusterConfiguration) {
+	if obj.KubernetesVersion == "" {
+		obj.KubernetesVersion = DefaultKubernetesVersion
+	}
+
+	if obj.Networking.ServiceSubnet == "" {
+		obj.Networking.ServiceSubnet = DefaultServicesSubnet
+	}
+
+	if obj.Networking.DNSDomain == "" {
+		obj.Networking.DNSDomain = DefaultServiceDNSDomain
+	}
+
+	if obj.CertificatesDir == "" {
+		obj.CertificatesDir = DefaultCertificatesDir
+	}
+
+	if obj.ImageRepository == "" {
+		obj.ImageRepository = DefaultImageRepository
+	}
+
+	if obj.ClusterName == "" {
+		obj.ClusterName = DefaultClusterName
+	}
+
+	SetDefaults_Etcd(obj)
+	SetDefaults_AuditPolicyConfiguration(obj)
+}
+
+// SetDefaults_Etcd assigns default values for the Proxy
+func SetDefaults_Etcd(obj *ClusterConfiguration) {
+	if obj.Etcd.External == nil && obj.Etcd.Local == nil {
+		obj.Etcd.Local = &LocalEtcd{}
+	}
+	if obj.Etcd.Local != nil {
+		if obj.Etcd.Local.DataDir == "" {
+			obj.Etcd.Local.DataDir = DefaultEtcdDataDir
+		}
+	}
+}
+
+// SetDefaults_JoinConfiguration assigns default values to a regular node
+func SetDefaults_JoinConfiguration(obj *JoinConfiguration) {
+	if obj.CACertPath == "" {
+		obj.CACertPath = DefaultCACertPath
+	}
+	if len(obj.TLSBootstrapToken) == 0 {
+		obj.TLSBootstrapToken = obj.Token
+	}
+	if len(obj.DiscoveryToken) == 0 && len(obj.DiscoveryFile) == 0 {
+		obj.DiscoveryToken = obj.Token
+	}
+	// Make sure file URLs become paths
+	if len(obj.DiscoveryFile) != 0 {
+		u, err := url.Parse(obj.DiscoveryFile)
+		if err == nil && u.Scheme == "file" {
+			obj.DiscoveryFile = u.Path
+		}
+	}
+	if obj.DiscoveryTimeout == nil {
+		obj.DiscoveryTimeout = &metav1.Duration{
+			Duration: DefaultDiscoveryTimeout,
+		}
+	}
+	if obj.ClusterName == "" {
+		obj.ClusterName = DefaultClusterName
+	}
+
+	SetDefaults_NodeRegistrationOptions(&obj.NodeRegistration)
+	SetDefaults_APIEndpoint(&obj.APIEndpoint)
+}
+
+func SetDefaults_NodeRegistrationOptions(obj *NodeRegistrationOptions) {
+	if obj.CRISocket == "" {
+		obj.CRISocket = DefaultCRISocket
+	}
+}
+
+// SetDefaults_AuditPolicyConfiguration sets default values for the AuditPolicyConfiguration
+func SetDefaults_AuditPolicyConfiguration(obj *ClusterConfiguration) {
+	if obj.AuditPolicyConfiguration.LogDir == "" {
+		obj.AuditPolicyConfiguration.LogDir = constants.StaticPodAuditPolicyLogDir
+	}
+	if obj.AuditPolicyConfiguration.LogMaxAge == nil {
+		obj.AuditPolicyConfiguration.LogMaxAge = &DefaultAuditPolicyLogMaxAge
+	}
+}
+
+// SetDefaults_BootstrapTokens sets the defaults for the .BootstrapTokens field
+// If the slice is empty, it's defaulted with one token. Otherwise it just loops
+// through the slice and sets the defaults for the omitempty fields that are TTL,
+// Usages and Groups. Token is NOT defaulted with a random one in the API defaulting
+// layer, but set to a random value later at runtime if not set before.
+func SetDefaults_BootstrapTokens(obj *InitConfiguration) {
+
+	if obj.BootstrapTokens == nil || len(obj.BootstrapTokens) == 0 {
+		obj.BootstrapTokens = []BootstrapToken{{}}
+	}
+
+	for i := range obj.BootstrapTokens {
+		SetDefaults_BootstrapToken(&obj.BootstrapTokens[i])
+	}
+}
+
+// SetDefaults_BootstrapToken sets the defaults for an individual Bootstrap Token
+func SetDefaults_BootstrapToken(bt *BootstrapToken) {
+	if bt.TTL == nil {
+		bt.TTL = &metav1.Duration{
+			Duration: constants.DefaultTokenDuration,
+		}
+	}
+	if len(bt.Usages) == 0 {
+		bt.Usages = constants.DefaultTokenUsages
+	}
+
+	if len(bt.Groups) == 0 {
+		bt.Groups = constants.DefaultTokenGroups
+	}
+}
+
+// SetDefaults_APIEndpoint sets the defaults for the API server instance deployed on a node.
+func SetDefaults_APIEndpoint(obj *APIEndpoint) {
+	if obj.BindPort == 0 {
+		obj.BindPort = DefaultAPIBindPort
+	}
+}

cmd/kubeadm/app/apis/kubeadm/v1beta1/defaults_unix.go

@@ -0,0 +1,28 @@
+// +build !windows
+
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+const (
+	// DefaultCACertPath defines default location of CA certificate on Linux
+	DefaultCACertPath = "/etc/kubernetes/pki/ca.crt"
+	// DefaultSocketUrlScheme defines default socket url prefix
+	DefaultUrlScheme = "unix"
+	// DefaultCRISocket defines the default cri socket
+	DefaultCRISocket = "/var/run/dockershim.sock"
+)

cmd/kubeadm/app/apis/kubeadm/v1beta1/defaults_windows.go

@@ -0,0 +1,28 @@
+// +build windows
+
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+const (
+	// DefaultCACertPath defines default location of CA certificate on Windows
+	DefaultCACertPath = "C:/etc/kubernetes/pki/ca.crt"
+	// DefaultSocketUrlScheme defines default socket url prefix
+	DefaultUrlScheme = "tcp"
+	// DefaultCRISocket defines the default cri socket
+	DefaultCRISocket = "tcp://localhost:2375"
+)

cmd/kubeadm/app/apis/kubeadm/v1beta1/doc.go

@@ -0,0 +1,145 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// +k8s:defaulter-gen=TypeMeta
+// +groupName=kubeadm.k8s.io
+// +k8s:deepcopy-gen=package
+// +k8s:conversion-gen=k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm
+
+// Package v1beta1 is the API (config file) for driving the kubeadm binary.
+// Some of these options are also available as command line flags, but
+// the preferred way to configure kubeadm is to pass a single YAML file with
+// multiple configuration types in with the --config option.
+// The configuration types should be separated by a line with `---`.
+//
+// kubeadm uses several API types:
+// * InitConfiguration
+// https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1#InitConfiguration
+// * JoinConfiguration
+// https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1#JoinConfiguration
+// * ClusterConfiguration
+// https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1#ClusterConfiguration
+// * KubeProxyConfiguration
+// https://godoc.org/k8s.io/kube-proxy/config/v1alpha1#KubeProxyConfiguration
+// * KubeletConfiguration
+// https://godoc.org/k8s.io/kubelet/config/v1beta1#KubeletConfiguration
+//
+// For `kubeadm init` you can include the following types:
+//   InitConfiguration, ClusterConfiguration, KubeProxyConfiguration, KubeletConfiguration
+//
+// For `kubeadm join` you can include the following types:
+//   JoinConfiguration, KubeProxyConfiguration, KubeletConfiguration
+//
+// To print the default values for certain API type you can use:
+//   kubeadm config print-default --api-objects=<type1>,<type2>
+//
+//  Here is a fully populated example of a single YAML file containing multiple
+//  configuration types to be used during a `kubeadm init` run.
+//
+//	apiVersion: kubeadm.k8s.io/v1beta1
+//	kind: InitConfiguration
+//	bootstrapTokens:
+//	- token: "9a08jv.c0izixklcxtmnze7"
+//	  description: "kubeadm bootstrap token"
+//	  ttl: "24h"
+//	- token: "783bde.3f89s0fje9f38fhf"
+//	  description: "another bootstrap token"
+//	  usages:
+//	  - signing
+//	  groups:
+//	  - system:anonymous
+//	nodeRegistration:
+//	  name: "ec2-10-100-0-1"
+//	  criSocket: "/var/run/dockershim.sock"
+//	  taints:
+//	  - key: "kubeadmNode"
+//	    value: "master"
+//	    effect: "NoSchedule"
+//	  kubeletExtraArgs:
+//	    cgroupDriver: "cgroupfs"
+//	apiEndpoint:
+//	  advertiseAddress: "10.100.0.1"
+//	  bindPort: 6443
+//	---
+//	apiVersion: kubeadm.k8s.io/v1beta1
+//	kind: ClusterConfiguration
+//	etcd:
+//	  # one of local or external
+//	  local:
+//	    image: "k8s.gcr.io/etcd-amd64:3.2.18"
+//	    dataDir: "/var/lib/etcd"
+//	    extraArgs:
+//	      listen-client-urls: "http://10.100.0.1:2379"
+//	    serverCertSANs:
+//	    -  "ec2-10-100-0-1.compute-1.amazonaws.com"
+//	    peerCertSANs:
+//	    - "10.100.0.1"
+//	  external:
+//	    endpoints:
+//	    - "10.100.0.1:2379"
+//	    - "10.100.0.2:2379"
+//	    caFile: "/etcd/kubernetes/pki/etcd/etcd-ca.crt"
+//	    certFile: "/etcd/kubernetes/pki/etcd/etcd.crt"
+//	    certKey: "/etcd/kubernetes/pki/etcd/etcd.key"
+//	networking:
+//	  serviceSubnet: "10.96.0.0/12"
+//	  podSubnet: "10.100.0.1/24"
+//	  dnsDomain: "cluster.local"
+//	kubernetesVersion: "v1.12.0"
+//	controlPlaneEndpoint: "10.100.0.1:6443"
+//	apiServerExtraArgs:
+//	  authorization-mode: "Node,RBAC"
+//	controlManagerExtraArgs:
+//	  node-cidr-mask-size: 20
+//	schedulerExtraArgs:
+//	  address: "10.100.0.1"
+//	apiServerExtraVolumes:
+//	- name: "some-volume"
+//	  hostPath: "/etc/some-path"
+//	  mountPath: "/etc/some-pod-path"
+//	  writable: true
+//	  pathType: File
+//	controllerManagerExtraVolumes:
+//	- name: "some-volume"
+//	  hostPath: "/etc/some-path"
+//	  mountPath: "/etc/some-pod-path"
+//	  writable: true
+//	  pathType: File
+//	schedulerExtraVolumes:
+//	- name: "some-volume"
+//	  hostPath: "/etc/some-path"
+//	  mountPath: "/etc/some-pod-path"
+//	  writable: true
+//	  pathType: File
+//	apiServerCertSANs:
+//	- "10.100.1.1"
+//	- "ec2-10-100-0-1.compute-1.amazonaws.com"
+//	certificatesDir: "/etc/kubernetes/pki"
+//	imageRepository: "k8s.gcr.io"
+//	unifiedControlPlaneImage: "k8s.gcr.io/controlplane:v1.12.0"
+//	auditPolicy:
+//	  # https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#audit-policy
+//	  path: "/var/log/audit/audit.json"
+//	  logDir: "/var/log/audit"
+//	  logMaxAge: 7 # in days
+//	featureGates:
+//	  selfhosting: false
+//	clusterName: "example-cluster"
+//
+// TODO: The BootstrapTokenString object should move out to either k8s.io/client-go or k8s.io/api in the future
+// (probably as part of Bootstrap Tokens going GA). It should not be staged under the kubeadm API as it is now.
+//
+package v1beta1 // import "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1"

cmd/kubeadm/app/apis/kubeadm/v1beta1/register.go

@@ -0,0 +1,68 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+// GroupName is the group name use in this package
+const GroupName = "kubeadm.k8s.io"
+
+// SchemeGroupVersion is group version used to register these objects
+var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"}
+
+var (
+	// TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api.
+	// localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes.
+
+	// SchemeBuilder points to a list of functions added to Scheme.
+	SchemeBuilder      runtime.SchemeBuilder
+	localSchemeBuilder = &SchemeBuilder
+	// AddToScheme applies all the stored functions to the scheme.
+	AddToScheme = localSchemeBuilder.AddToScheme
+)
+
+func init() {
+	// We only register manually written functions here. The registration of the
+	// generated functions takes place in the generated files. The separation
+	// makes the code compile even when the generated files are missing.
+	localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs)
+}
+
+// Kind takes an unqualified kind and returns a Group qualified GroupKind
+func Kind(kind string) schema.GroupKind {
+	return SchemeGroupVersion.WithKind(kind).GroupKind()
+}
+
+// Resource takes an unqualified resource and returns a Group qualified GroupResource
+func Resource(resource string) schema.GroupResource {
+	return SchemeGroupVersion.WithResource(resource).GroupResource()
+}
+
+func addKnownTypes(scheme *runtime.Scheme) error {
+	scheme.AddKnownTypes(SchemeGroupVersion,
+		&InitConfiguration{},
+		&ClusterConfiguration{},
+		&ClusterStatus{},
+		&JoinConfiguration{},
+	)
+	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
+	return nil
+}

cmd/kubeadm/app/apis/kubeadm/v1beta1/types.go

@@ -0,0 +1,333 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+import (
+	"k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// InitConfiguration contains a list of elements that is specific "kubeadm init"-only runtime
+// information.
+type InitConfiguration struct {
+	metav1.TypeMeta `json:",inline"`
+
+	// ClusterConfiguration holds the cluster-wide information, and embeds that struct (which can be (un)marshalled separately as well)
+	// When InitConfiguration is marshalled to bytes in the external version, this information IS NOT preserved (which can be seen from
+	// the `json:"-"` tag. This is due to that when InitConfiguration is (un)marshalled, it turns into two YAML documents, one for the
+	// InitConfiguration and ClusterConfiguration. Hence, the information must not be duplicated, and is therefore omitted here.
+	ClusterConfiguration `json:"-"`
+
+	// `kubeadm init`-only information. These fields are solely used the first time `kubeadm init` runs.
+	// After that, the information in the fields ARE NOT uploaded to the `kubeadm-config` ConfigMap
+	// that is used by `kubeadm upgrade` for instance. These fields must be omitempty.
+
+	// BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
+	// This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
+	BootstrapTokens []BootstrapToken `json:"bootstrapTokens,omitempty"`
+
+	// NodeRegistration holds fields that relate to registering the new master node to the cluster
+	NodeRegistration NodeRegistrationOptions `json:"nodeRegistration,omitempty"`
+
+	// APIEndpoint represents the endpoint of the instance of the API server to be deployed on this node.
+	APIEndpoint APIEndpoint `json:"apiEndpoint,omitempty"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// ClusterConfiguration contains cluster-wide configuration for a kubeadm cluster
+type ClusterConfiguration struct {
+	metav1.TypeMeta `json:",inline"`
+
+	// Etcd holds configuration for etcd.
+	Etcd Etcd `json:"etcd"`
+
+	// Networking holds configuration for the networking topology of the cluster.
+	Networking Networking `json:"networking"`
+
+	// KubernetesVersion is the target version of the control plane.
+	KubernetesVersion string `json:"kubernetesVersion"`
+
+	// ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
+	// can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
+	// In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
+	// are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
+	// the BindPort is used.
+	// Possible usages are:
+	// e.g. In an cluster with more than one control plane instances, this field should be
+	// assigned the address of the external load balancer in front of the
+	// control plane instances.
+	// e.g.  in environments with enforced node recycling, the ControlPlaneEndpoint
+	// could be used for assigning a stable DNS to the control plane.
+	ControlPlaneEndpoint string `json:"controlPlaneEndpoint"`
+
+	// APIServerExtraArgs is a set of extra flags to pass to the API Server or override
+	// default ones in form of <flagname>=<value>.
+	// TODO: This is temporary and ideally we would like to switch all components to
+	// use ComponentConfig + ConfigMaps.
+	APIServerExtraArgs map[string]string `json:"apiServerExtraArgs,omitempty"`
+	// ControllerManagerExtraArgs is a set of extra flags to pass to the Controller Manager
+	// or override default ones in form of <flagname>=<value>
+	// TODO: This is temporary and ideally we would like to switch all components to
+	// use ComponentConfig + ConfigMaps.
+	ControllerManagerExtraArgs map[string]string `json:"controllerManagerExtraArgs,omitempty"`
+	// SchedulerExtraArgs is a set of extra flags to pass to the Scheduler or override
+	// default ones in form of <flagname>=<value>
+	// TODO: This is temporary and ideally we would like to switch all components to
+	// use ComponentConfig + ConfigMaps.
+	SchedulerExtraArgs map[string]string `json:"schedulerExtraArgs,omitempty"`
+
+	// APIServerExtraVolumes is an extra set of host volumes mounted to the API server.
+	APIServerExtraVolumes []HostPathMount `json:"apiServerExtraVolumes,omitempty"`
+	// ControllerManagerExtraVolumes is an extra set of host volumes mounted to the
+	// Controller Manager.
+	ControllerManagerExtraVolumes []HostPathMount `json:"controllerManagerExtraVolumes,omitempty"`
+	// SchedulerExtraVolumes is an extra set of host volumes mounted to the scheduler.
+	SchedulerExtraVolumes []HostPathMount `json:"schedulerExtraVolumes,omitempty"`
+
+	// APIServerCertSANs sets extra Subject Alternative Names for the API Server signing cert.
+	APIServerCertSANs []string `json:"apiServerCertSANs,omitempty"`
+	// CertificatesDir specifies where to store or look for all required certificates.
+	CertificatesDir string `json:"certificatesDir"`
+
+	// ImageRepository what container registry to pull control plane images from
+	ImageRepository string `json:"imageRepository"`
+	// UnifiedControlPlaneImage specifies if a specific container image should
+	// be used for all control plane components.
+	UnifiedControlPlaneImage string `json:"unifiedControlPlaneImage"`
+
+	// AuditPolicyConfiguration defines the options for the api server audit system
+	AuditPolicyConfiguration AuditPolicyConfiguration `json:"auditPolicy"`
+
+	// FeatureGates enabled by the user.
+	FeatureGates map[string]bool `json:"featureGates,omitempty"`
+
+	// The cluster name
+	ClusterName string `json:"clusterName,omitempty"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// ClusterStatus contains the cluster status. The ClusterStatus will be stored in the kubeadm-config
+// ConfigMap in the cluster, and then updated by kubeadm when additional control plane instance joins or leaves the cluster.
+type ClusterStatus struct {
+	metav1.TypeMeta `json:",inline"`
+
+	// APIEndpoints currently available in the cluster, one for each control plane/api server instance.
+	// The key of the map is the IP of the host's default interface
+	APIEndpoints map[string]APIEndpoint `json:"apiEndpoints"`
+}
+
+// APIEndpoint struct contains elements of API server instance deployed on a node.
+type APIEndpoint struct {
+	// AdvertiseAddress sets the IP address for the API server to advertise.
+	AdvertiseAddress string `json:"advertiseAddress"`
+
+	// BindPort sets the secure port for the API Server to bind to.
+	// Defaults to 6443.
+	BindPort int32 `json:"bindPort"`
+}
+
+// NodeRegistrationOptions holds fields that relate to registering a new master or node to the cluster, either via "kubeadm init" or "kubeadm join"
+type NodeRegistrationOptions struct {
+
+	// Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm joiń` operation.
+	// This field is also used in the CommonName field of the kubelet's client certificate to the API server.
+	// Defaults to the hostname of the node if not provided.
+	Name string `json:"name,omitempty"`
+
+	// CRISocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use
+	CRISocket string `json:"criSocket,omitempty"`
+
+	// Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
+	// it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your master node, set this field to an
+	// empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
+	Taints []v1.Taint `json:"taints,omitempty"`
+
+	// KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
+	// kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
+	// Flags have higher higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
+	KubeletExtraArgs map[string]string `json:"kubeletExtraArgs,omitempty"`
+}
+
+// Networking contains elements describing cluster's networking configuration
+type Networking struct {
+	// ServiceSubnet is the subnet used by k8s services. Defaults to "10.96.0.0/12".
+	ServiceSubnet string `json:"serviceSubnet"`
+	// PodSubnet is the subnet used by pods.
+	PodSubnet string `json:"podSubnet"`
+	// DNSDomain is the dns domain used by k8s services. Defaults to "cluster.local".
+	DNSDomain string `json:"dnsDomain"`
+}
+
+// BootstrapToken describes one bootstrap token, stored as a Secret in the cluster
+type BootstrapToken struct {
+	// Token is used for establishing bidirectional trust between nodes and masters.
+	// Used for joining nodes in the cluster.
+	Token *BootstrapTokenString `json:"token"`
+	// Description sets a human-friendly message why this token exists and what it's used
+	// for, so other administrators can know its purpose.
+	Description string `json:"description,omitempty"`
+	// TTL defines the time to live for this token. Defaults to 24h.
+	// Expires and TTL are mutually exclusive.
+	TTL *metav1.Duration `json:"ttl,omitempty"`
+	// Expires specifies the timestamp when this token expires. Defaults to being set
+	// dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
+	Expires *metav1.Time `json:"expires,omitempty"`
+	// Usages describes the ways in which this token can be used. Can by default be used
+	// for establishing bidirectional trust, but that can be changed here.
+	Usages []string `json:"usages,omitempty"`
+	// Groups specifies the extra groups that this token will authenticate as when/if
+	// used for authentication
+	Groups []string `json:"groups,omitempty"`
+}
+
+// Etcd contains elements describing Etcd configuration.
+type Etcd struct {
+
+	// Local provides configuration knobs for configuring the local etcd instance
+	// Local and External are mutually exclusive
+	Local *LocalEtcd `json:"local,omitempty"`
+
+	// External describes how to connect to an external etcd cluster
+	// Local and External are mutually exclusive
+	External *ExternalEtcd `json:"external,omitempty"`
+}
+
+// LocalEtcd describes that kubeadm should run an etcd cluster locally
+type LocalEtcd struct {
+
+	// Image specifies which container image to use for running etcd.
+	// If empty, automatically populated by kubeadm using the image
+	// repository and default etcd version.
+	Image string `json:"image"`
+
+	// DataDir is the directory etcd will place its data.
+	// Defaults to "/var/lib/etcd".
+	DataDir string `json:"dataDir"`
+
+	// ExtraArgs are extra arguments provided to the etcd binary
+	// when run inside a static pod.
+	ExtraArgs map[string]string `json:"extraArgs,omitempty"`
+
+	// ServerCertSANs sets extra Subject Alternative Names for the etcd server signing cert.
+	ServerCertSANs []string `json:"serverCertSANs,omitempty"`
+	// PeerCertSANs sets extra Subject Alternative Names for the etcd peer signing cert.
+	PeerCertSANs []string `json:"peerCertSANs,omitempty"`
+}
+
+// ExternalEtcd describes an external etcd cluster
+type ExternalEtcd struct {
+	// Endpoints of etcd members. Required for ExternalEtcd.
+	Endpoints []string `json:"endpoints"`
+	// CAFile is an SSL Certificate Authority file used to secure etcd communication.
+	CAFile string `json:"caFile"`
+	// CertFile is an SSL certification file used to secure etcd communication.
+	CertFile string `json:"certFile"`
+	// KeyFile is an SSL key file used to secure etcd communication.
+	KeyFile string `json:"keyFile"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// JoinConfiguration contains elements describing a particular node.
+// TODO: This struct should be replaced by dynamic kubelet configuration.
+type JoinConfiguration struct {
+	metav1.TypeMeta `json:",inline"`
+
+	// NodeRegistration holds fields that relate to registering the new master node to the cluster
+	NodeRegistration NodeRegistrationOptions `json:"nodeRegistration"`
+
+	// CACertPath is the path to the SSL certificate authority used to
+	// secure comunications between node and master.
+	// Defaults to "/etc/kubernetes/pki/ca.crt".
+	CACertPath string `json:"caCertPath"`
+	// DiscoveryFile is a file or url to a kubeconfig file from which to
+	// load cluster information.
+	DiscoveryFile string `json:"discoveryFile"`
+	// DiscoveryToken is a token used to validate cluster information
+	// fetched from the master.
+	DiscoveryToken string `json:"discoveryToken"`
+	// DiscoveryTokenAPIServers is a set of IPs to API servers from which info
+	// will be fetched. Currently we only pay attention to one API server but
+	// hope to support >1 in the future.
+	DiscoveryTokenAPIServers []string `json:"discoveryTokenAPIServers,omitempty"`
+	// DiscoveryTimeout modifies the discovery timeout
+	DiscoveryTimeout *metav1.Duration `json:"discoveryTimeout,omitempty"`
+	// TLSBootstrapToken is a token used for TLS bootstrapping.
+	// Defaults to Token.
+	TLSBootstrapToken string `json:"tlsBootstrapToken"`
+	// Token is used for both discovery and TLS bootstrapping.
+	Token string `json:"token"`
+
+	// ClusterName is the name for the cluster in kubeconfig.
+	ClusterName string `json:"clusterName,omitempty"`
+
+	// DiscoveryTokenCACertHashes specifies a set of public key pins to verify
+	// when token-based discovery is used. The root CA found during discovery
+	// must match one of these values. Specifying an empty set disables root CA
+	// pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
+	// where the only currently supported type is "sha256". This is a hex-encoded
+	// SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
+	// ASN.1. These hashes can be calculated using, for example, OpenSSL:
+	// openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
+	DiscoveryTokenCACertHashes []string `json:"discoveryTokenCACertHashes,omitempty"`
+
+	// DiscoveryTokenUnsafeSkipCAVerification allows token-based discovery
+	// without CA verification via DiscoveryTokenCACertHashes. This can weaken
+	// the security of kubeadm since other nodes can impersonate the master.
+	DiscoveryTokenUnsafeSkipCAVerification bool `json:"discoveryTokenUnsafeSkipCAVerification"`
+
+	// ControlPlane flag specifies that the joining node should host an additional
+	// control plane instance.
+	ControlPlane bool `json:"controlPlane,omitempty"`
+
+	// APIEndpoint represents the endpoint of the instance of the API server eventually to be deployed on this node.
+	APIEndpoint APIEndpoint `json:"apiEndpoint,omitempty"`
+
+	// FeatureGates enabled by the user.
+	FeatureGates map[string]bool `json:"featureGates,omitempty"`
+}
+
+// HostPathMount contains elements describing volumes that are mounted from the
+// host.
+type HostPathMount struct {
+	// Name of the volume inside the pod template.
+	Name string `json:"name"`
+	// HostPath is the path in the host that will be mounted inside
+	// the pod.
+	HostPath string `json:"hostPath"`
+	// MountPath is the path inside the pod where hostPath will be mounted.
+	MountPath string `json:"mountPath"`
+	// Writable controls write access to the volume
+	Writable bool `json:"writable,omitempty"`
+	// PathType is the type of the HostPath.
+	PathType v1.HostPathType `json:"pathType,omitempty"`
+}
+
+// AuditPolicyConfiguration holds the options for configuring the api server audit policy.
+type AuditPolicyConfiguration struct {
+	// Path is the local path to an audit policy.
+	Path string `json:"path"`
+	// LogDir is the local path to the directory where logs should be stored.
+	LogDir string `json:"logDir"`
+	// LogMaxAge is the number of days logs will be stored for. 0 indicates forever.
+	LogMaxAge *int32 `json:"logMaxAge,omitempty"`
+	//TODO(chuckha) add other options for audit policy.
+}

cmd/kubeadm/app/cmd/config.go

@@ -33,6 +33,7 @@ import (
 	kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
 	kubeadmscheme "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/scheme"
 	kubeadmapiv1alpha3 "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1alpha3"
+	kubeadmapiv1beta1 "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1"
 	"k8s.io/kubernetes/cmd/kubeadm/app/cmd/options"
 	phaseutil "k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases"
 	cmdutil "k8s.io/kubernetes/cmd/kubeadm/app/cmd/util"
@@ -230,6 +231,7 @@ func NewCmdConfigMigrate(out io.Writer) *cobra.Command {
 			locally in the CLI tool without ever touching anything in the cluster.
 			In this version of kubeadm, the following API versions are supported:
 			- %s
+			- %s
 
 			Further, kubeadm can only write out config of version %q, but read both types.
 			So regardless of what version you pass to the --old-config parameter here, the API object will be
@@ -238,7 +240,7 @@ func NewCmdConfigMigrate(out io.Writer) *cobra.Command {
 
 			In other words, the output of this command is what kubeadm actually would read internally if you
 			submitted this file to "kubeadm init"
-		`), kubeadmapiv1alpha3.SchemeGroupVersion.String(), kubeadmapiv1alpha3.SchemeGroupVersion.String()),
+		`), kubeadmapiv1alpha3.SchemeGroupVersion.String(), kubeadmapiv1beta1.SchemeGroupVersion.String(), kubeadmapiv1beta1.SchemeGroupVersion.String()),
 		Run: func(cmd *cobra.Command, args []string) {
 			if len(oldCfgPath) == 0 {
 				kubeadmutil.CheckErr(fmt.Errorf("The --old-config flag is mandatory"))