Merge pull request #54543 from jamiehannaford/self-hosted-etcd-api

Automatic merge from submit-queue (batch tested with PRs 49840, 54937, 54543). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Add self-hosted etcd API to kubeadm **What this PR does / why we need it**: This PR is part of a larger set that implements self-hosted etcd. This PR takes a first step by adding: 1. new API types in `cmd/kubeadm/app/apis` for configuring self-hosted etcd 2. new Go types in `cmd/kubeadm/app/phases/etcd/spec` used for constructing EtcdCluster CRDs for the etcd-operator. The reason we define these in trunk is because kubeadm cannot import `github.com/coreos/etcd-operator` as a dependency until it's in its own repo. Until then, we need to redefine the structs in our codebase. **Which issue this PR fixes**: https://github.com/kubernetes/kubeadm/issues/261 https://github.com/kubernetes/kubeadm/issues/277 **Special notes for your reviewer**: This is the first step PR in order to save reviewers from a goliath PR **Release note**: ```release-note NONE ```
2025-07-23 03:41:45 +00:00 · 2017-11-01 08:20:28 -07:00 · 2017-11-01 08:20:28 -07:00 · 96067e6d7b
commit 96067e6d7b
parent 746cc43f4b c19d146f87
12 changed files with 750 additions and 5 deletions
--- a/cmd/kubeadm/app/apis/kubeadm/fuzzer/fuzzer.go
+++ b/cmd/kubeadm/app/apis/kubeadm/fuzzer/fuzzer.go
@ -43,6 +43,12 @@ func Funcs(codecs runtimeserializer.CodecFactory) []interface{} {
 			obj.CIImageRepository = ""
 			obj.UnifiedControlPlaneImage = "foo"
 			obj.FeatureGates = map[string]bool{}
+			obj.Etcd.SelfHosted = &kubeadm.SelfHostedEtcd{
+				CertificatesDir:    "/etc/kubernetes/pki/etcd",
+				ClusterServiceName: "etcd-cluster",
+				EtcdVersion:        "v0.1.0",
+				OperatorVersion:    "v0.1.0",
+			}
 		},
 		func(obj *kubeadm.NodeConfiguration, c fuzz.Continue) {
 			c.FuzzNoCustom(obj)
--- a/cmd/kubeadm/app/apis/kubeadm/types.go
+++ b/cmd/kubeadm/app/apis/kubeadm/types.go
@ -96,7 +96,21 @@ type Etcd struct {
 	DataDir   string
 	ExtraArgs map[string]string
 	// Image specifies which container image to use for running etcd. If empty, automatically populated by kubeadm using the image repository and default etcd version
-	Image string
+	Image      string
+	SelfHosted *SelfHostedEtcd
+}
+
+// SelfHostedEtcd describes options required to configure self-hosted etcd
+type SelfHostedEtcd struct {
+	// CertificatesDir represents the directory where all etcd TLS assets are stored. By default this is
+	// a dir names "etcd" in the main CertificatesDir value.
+	CertificatesDir string
+	// ClusterServiceName is the name of the service that load balances the etcd cluster
+	ClusterServiceName string
+	// EtcdVersion is the version of etcd running in the cluster.
+	EtcdVersion string
+	// OperatorVersion is the version of the etcd-operator to use.
+	OperatorVersion string
 }

 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
--- a/cmd/kubeadm/app/apis/kubeadm/v1alpha1/defaults.go
+++ b/cmd/kubeadm/app/apis/kubeadm/v1alpha1/defaults.go
@ -40,10 +40,19 @@ const (
 	DefaultCACertPath = "/etc/kubernetes/pki/ca.crt"
 	// DefaultCertificatesDir defines default certificate directory
 	DefaultCertificatesDir = "/etc/kubernetes/pki"
-	// DefaultEtcdDataDir defines default location of etcd
-	DefaultEtcdDataDir = "/var/lib/etcd"
 	// DefaultImageRepository defines default image registry
 	DefaultImageRepository = "gcr.io/google_containers"
+
+	// DefaultEtcdDataDir defines default location of etcd where static pods will save data to
+	DefaultEtcdDataDir = "/var/lib/etcd"
+	// DefaultEtcdClusterSize defines the default cluster size when using the etcd-operator
+	DefaultEtcdClusterSize = 3
+	// DefaultEtcdOperatorVersion defines the default version of the etcd-operator to use
+	DefaultEtcdOperatorVersion = "v0.6.0"
+	// DefaultEtcdCertDir represents the directory where PKI assets are stored for self-hosted etcd
+	DefaultEtcdCertDir = "/etc/kubernetes/pki/etcd"
+	// DefaultEtcdClusterServiceName is the default name of the service backing the etcd cluster
+	DefaultEtcdClusterServiceName = "etcd-cluster"
 )

 func addDefaultingFuncs(scheme *runtime.Scheme) error {
@ -89,6 +98,8 @@ func SetDefaults_MasterConfiguration(obj *MasterConfiguration) {
 	if obj.Etcd.DataDir == "" {
 		obj.Etcd.DataDir = DefaultEtcdDataDir
 	}
+
+	SetDefaultsEtcdSelfHosted(obj)
 }

 // SetDefaults_NodeConfiguration assigns default values to a regular node
@ -110,3 +121,26 @@ func SetDefaults_NodeConfiguration(obj *NodeConfiguration) {
 		}
 	}
 }
+
+// SetDefaultsEtcdSelfHosted sets defaults for self-hosted etcd
+func SetDefaultsEtcdSelfHosted(obj *MasterConfiguration) {
+	if obj.Etcd.SelfHosted == nil {
+		obj.Etcd.SelfHosted = &SelfHostedEtcd{}
+	}
+
+	if obj.Etcd.SelfHosted.ClusterServiceName == "" {
+		obj.Etcd.SelfHosted.ClusterServiceName = DefaultEtcdClusterServiceName
+	}
+
+	if obj.Etcd.SelfHosted.EtcdVersion == "" {
+		obj.Etcd.SelfHosted.EtcdVersion = constants.DefaultEtcdVersion
+	}
+
+	if obj.Etcd.SelfHosted.OperatorVersion == "" {
+		obj.Etcd.SelfHosted.OperatorVersion = DefaultEtcdOperatorVersion
+	}
+
+	if obj.Etcd.SelfHosted.CertificatesDir == "" {
+		obj.Etcd.SelfHosted.CertificatesDir = DefaultEtcdCertDir
+	}
+}
--- a/cmd/kubeadm/app/apis/kubeadm/v1alpha1/types.go
+++ b/cmd/kubeadm/app/apis/kubeadm/v1alpha1/types.go
@ -91,7 +91,21 @@ type Etcd struct {
 	DataDir   string            `json:"dataDir"`
 	ExtraArgs map[string]string `json:"extraArgs,omitempty"`
 	// Image specifies which container image to use for running etcd. If empty, automatically populated by kubeadm using the image repository and default etcd version
-	Image string `json:"image"`
+	Image      string          `json:"image"`
+	SelfHosted *SelfHostedEtcd `json:"selfHosted,omitempty"`
+}
+
+// SelfHostedEtcd describes options required to configure self-hosted etcd
+type SelfHostedEtcd struct {
+	// CertificatesDir represents the directory where all etcd TLS assets are stored. By default this is
+	// a dir names "etcd" in the main CertificatesDir value.
+	CertificatesDir string `json:"certificatesDir"`
+	// ClusterServiceName is the name of the service that load balances the etcd cluster
+	ClusterServiceName string `json:"clusterServiceName"`
+	// EtcdVersion is the version of etcd running in the cluster.
+	EtcdVersion string `json:"etcdVersion"`
+	// OperatorVersion is the version of the etcd-operator to use.
+	OperatorVersion string `json:"operatorVersion"`
 }

 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
--- a/cmd/kubeadm/app/apis/kubeadm/v1alpha1/zz_generated.conversion.go
+++ b/cmd/kubeadm/app/apis/kubeadm/v1alpha1/zz_generated.conversion.go
@ -47,6 +47,8 @@ func RegisterConversions(scheme *runtime.Scheme) error {
 		Convert_kubeadm_Networking_To_v1alpha1_Networking,
 		Convert_v1alpha1_NodeConfiguration_To_kubeadm_NodeConfiguration,
 		Convert_kubeadm_NodeConfiguration_To_v1alpha1_NodeConfiguration,
+		Convert_v1alpha1_SelfHostedEtcd_To_kubeadm_SelfHostedEtcd,
+		Convert_kubeadm_SelfHostedEtcd_To_v1alpha1_SelfHostedEtcd,
 		Convert_v1alpha1_TokenDiscovery_To_kubeadm_TokenDiscovery,
 		Convert_kubeadm_TokenDiscovery_To_v1alpha1_TokenDiscovery,
 	)
@ -82,6 +84,7 @@ func autoConvert_v1alpha1_Etcd_To_kubeadm_Etcd(in *Etcd, out *kubeadm.Etcd, s co
 	out.DataDir = in.DataDir
 	out.ExtraArgs = *(*map[string]string)(unsafe.Pointer(&in.ExtraArgs))
 	out.Image = in.Image
+	out.SelfHosted = (*kubeadm.SelfHostedEtcd)(unsafe.Pointer(in.SelfHosted))
 	return nil
 }

@ -98,6 +101,7 @@ func autoConvert_kubeadm_Etcd_To_v1alpha1_Etcd(in *kubeadm.Etcd, out *Etcd, s co
 	out.DataDir = in.DataDir
 	out.ExtraArgs = *(*map[string]string)(unsafe.Pointer(&in.ExtraArgs))
 	out.Image = in.Image
+	out.SelfHosted = (*SelfHostedEtcd)(unsafe.Pointer(in.SelfHosted))
 	return nil
 }

@ -261,6 +265,32 @@ func Convert_kubeadm_NodeConfiguration_To_v1alpha1_NodeConfiguration(in *kubeadm
 	return autoConvert_kubeadm_NodeConfiguration_To_v1alpha1_NodeConfiguration(in, out, s)
 }

+func autoConvert_v1alpha1_SelfHostedEtcd_To_kubeadm_SelfHostedEtcd(in *SelfHostedEtcd, out *kubeadm.SelfHostedEtcd, s conversion.Scope) error {
+	out.CertificatesDir = in.CertificatesDir
+	out.ClusterServiceName = in.ClusterServiceName
+	out.EtcdVersion = in.EtcdVersion
+	out.OperatorVersion = in.OperatorVersion
+	return nil
+}
+
+// Convert_v1alpha1_SelfHostedEtcd_To_kubeadm_SelfHostedEtcd is an autogenerated conversion function.
+func Convert_v1alpha1_SelfHostedEtcd_To_kubeadm_SelfHostedEtcd(in *SelfHostedEtcd, out *kubeadm.SelfHostedEtcd, s conversion.Scope) error {
+	return autoConvert_v1alpha1_SelfHostedEtcd_To_kubeadm_SelfHostedEtcd(in, out, s)
+}
+
+func autoConvert_kubeadm_SelfHostedEtcd_To_v1alpha1_SelfHostedEtcd(in *kubeadm.SelfHostedEtcd, out *SelfHostedEtcd, s conversion.Scope) error {
+	out.CertificatesDir = in.CertificatesDir
+	out.ClusterServiceName = in.ClusterServiceName
+	out.EtcdVersion = in.EtcdVersion
+	out.OperatorVersion = in.OperatorVersion
+	return nil
+}
+
+// Convert_kubeadm_SelfHostedEtcd_To_v1alpha1_SelfHostedEtcd is an autogenerated conversion function.
+func Convert_kubeadm_SelfHostedEtcd_To_v1alpha1_SelfHostedEtcd(in *kubeadm.SelfHostedEtcd, out *SelfHostedEtcd, s conversion.Scope) error {
+	return autoConvert_kubeadm_SelfHostedEtcd_To_v1alpha1_SelfHostedEtcd(in, out, s)
+}
+
 func autoConvert_v1alpha1_TokenDiscovery_To_kubeadm_TokenDiscovery(in *TokenDiscovery, out *kubeadm.TokenDiscovery, s conversion.Scope) error {
 	out.ID = in.ID
 	out.Secret = in.Secret
--- a/cmd/kubeadm/app/apis/kubeadm/v1alpha1/zz_generated.deepcopy.go
+++ b/cmd/kubeadm/app/apis/kubeadm/v1alpha1/zz_generated.deepcopy.go
@ -55,6 +55,10 @@ func GetGeneratedDeepCopyFuncs() []conversion.GeneratedDeepCopyFunc {
 			in.(*NodeConfiguration).DeepCopyInto(out.(*NodeConfiguration))
 			return nil
 		}, InType: reflect.TypeOf(&NodeConfiguration{})},
+		{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
+			in.(*SelfHostedEtcd).DeepCopyInto(out.(*SelfHostedEtcd))
+			return nil
+		}, InType: reflect.TypeOf(&SelfHostedEtcd{})},
 		{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
 			in.(*TokenDiscovery).DeepCopyInto(out.(*TokenDiscovery))
 			return nil
@ -93,6 +97,15 @@ func (in *Etcd) DeepCopyInto(out *Etcd) {
 			(*out)[key] = val
 		}
 	}
+	if in.SelfHosted != nil {
+		in, out := &in.SelfHosted, &out.SelfHosted
+		if *in == nil {
+			*out = nil
+		} else {
+			*out = new(SelfHostedEtcd)
+			**out = **in
+		}
+	}
 	return
 }

@ -257,6 +270,22 @@ func (in *NodeConfiguration) DeepCopyObject() runtime.Object {
 	}
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SelfHostedEtcd) DeepCopyInto(out *SelfHostedEtcd) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelfHostedEtcd.
+func (in *SelfHostedEtcd) DeepCopy() *SelfHostedEtcd {
+	if in == nil {
+		return nil
+	}
+	out := new(SelfHostedEtcd)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *TokenDiscovery) DeepCopyInto(out *TokenDiscovery) {
 	*out = *in
--- a/cmd/kubeadm/app/apis/kubeadm/zz_generated.deepcopy.go
+++ b/cmd/kubeadm/app/apis/kubeadm/zz_generated.deepcopy.go
@ -60,6 +60,10 @@ func RegisterDeepCopies(scheme *runtime.Scheme) error {
 			in.(*NodeConfiguration).DeepCopyInto(out.(*NodeConfiguration))
 			return nil
 		}, InType: reflect.TypeOf(&NodeConfiguration{})},
+		conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
+			in.(*SelfHostedEtcd).DeepCopyInto(out.(*SelfHostedEtcd))
+			return nil
+		}, InType: reflect.TypeOf(&SelfHostedEtcd{})},
 		conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
 			in.(*TokenDiscovery).DeepCopyInto(out.(*TokenDiscovery))
 			return nil
@ -98,6 +102,15 @@ func (in *Etcd) DeepCopyInto(out *Etcd) {
 			(*out)[key] = val
 		}
 	}
+	if in.SelfHosted != nil {
+		in, out := &in.SelfHosted, &out.SelfHosted
+		if *in == nil {
+			*out = nil
+		} else {
+			*out = new(SelfHostedEtcd)
+			**out = **in
+		}
+	}
 	return
 }

@ -262,6 +275,22 @@ func (in *NodeConfiguration) DeepCopyObject() runtime.Object {
 	}
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SelfHostedEtcd) DeepCopyInto(out *SelfHostedEtcd) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelfHostedEtcd.
+func (in *SelfHostedEtcd) DeepCopy() *SelfHostedEtcd {
+	if in == nil {
+		return nil
+	}
+	out := new(SelfHostedEtcd)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *TokenDiscovery) DeepCopyInto(out *TokenDiscovery) {
 	*out = *in
--- a/cmd/kubeadm/app/cmd/upgrade/common_test.go
+++ b/cmd/kubeadm/app/cmd/upgrade/common_test.go
@ -92,6 +92,48 @@ func TestPrintConfiguration(t *testing.T) {
 	token: ""
 	tokenTTL: 0s
 	unifiedControlPlaneImage: ""
+`),
+		},
+		{
+			cfg: &kubeadmapiext.MasterConfiguration{
+				KubernetesVersion: "v1.7.1",
+				Etcd: kubeadmapiext.Etcd{
+					SelfHosted: &kubeadmapiext.SelfHostedEtcd{
+						CertificatesDir:    "/var/foo",
+						ClusterServiceName: "foo",
+						EtcdVersion:        "v0.1.0",
+						OperatorVersion:    "v0.1.0",
+					},
+				},
+			},
+			expectedBytes: []byte(`[upgrade/config] Configuration used:
+	api:
+	  advertiseAddress: ""
+	  bindPort: 0
+	certificatesDir: ""
+	cloudProvider: ""
+	etcd:
+	  caFile: ""
+	  certFile: ""
+	  dataDir: ""
+	  endpoints: null
+	  image: ""
+	  keyFile: ""
+	  selfHosted:
+	    certificatesDir: /var/foo
+	    clusterServiceName: foo
+	    etcdVersion: v0.1.0
+	    operatorVersion: v0.1.0
+	imageRepository: ""
+	kubernetesVersion: v1.7.1
+	networking:
+	  dnsDomain: ""
+	  podSubnet: ""
+	  serviceSubnet: ""
+	nodeName: ""
+	token: ""
+	tokenTTL: 0s
+	unifiedControlPlaneImage: ""
 `),
 		},
 	}
--- a/cmd/kubeadm/app/phases/etcd/BUILD
+++ b/cmd/kubeadm/app/phases/etcd/BUILD
@ -41,6 +41,9 @@ filegroup(

 filegroup(
    name = "all-srcs",
-    srcs = [":package-srcs"],
+    srcs = [
+        ":package-srcs",
+        "//cmd/kubeadm/app/phases/etcd/spec:all-srcs",
+    ],
    tags = ["automanaged"],
 )
--- a/cmd/kubeadm/app/phases/etcd/spec/BUILD
+++ b/cmd/kubeadm/app/phases/etcd/spec/BUILD
@ -0,0 +1,32 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "spec.go",
+        "zz_generated.deepcopy.go",
+    ],
+    importpath = "k8s.io/kubernetes/cmd/kubeadm/app/phases/etcd/spec",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//vendor/k8s.io/api/core/v1:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/conversion:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
+    ],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+    visibility = ["//visibility:public"],
+)
--- a/cmd/kubeadm/app/phases/etcd/spec/spec.go
+++ b/cmd/kubeadm/app/phases/etcd/spec/spec.go
@ -0,0 +1,205 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// This file was collated from types used in:
+// https://github.com/coreos/etcd-operator/tree/e7f18696bbdc127fa028a99ca8166a8519749328/pkg/apis/etcd/v1beta2.
+// When kubeadm moves to its own repo and controls its own dependencies,
+// this file will be no longer be needed.
+
+package spec
+
+import (
+	"k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+const (
+	// CRDResourceKind is the CRD resource kind
+	CRDResourceKind = "EtcdCluster"
+	// CRDResourcePlural is the CRD resource plural
+	CRDResourcePlural = "etcdclusters"
+	groupName         = "etcd.database.coreos.com"
+)
+
+var (
+	// SchemeBuilder is a scheme builder
+	SchemeBuilder = runtime.NewSchemeBuilder(AddKnownTypes)
+	// AddToScheme adds to the scheme
+	AddToScheme = SchemeBuilder.AddToScheme
+	// SchemeGroupVersion is the scheme version
+	SchemeGroupVersion = schema.GroupVersion{Group: groupName, Version: "v1beta2"}
+	// CRDName is the name of the CRD
+	CRDName = CRDResourcePlural + "." + groupName
+)
+
+// Resource gets an EtcdCluster GroupResource for a specified resource
+func Resource(resource string) schema.GroupResource {
+	return SchemeGroupVersion.WithResource(resource).GroupResource()
+}
+
+// AddKnownTypes adds the set of types defined in this package to the supplied scheme.
+func AddKnownTypes(s *runtime.Scheme) error {
+	s.AddKnownTypes(SchemeGroupVersion,
+		&EtcdCluster{},
+		&EtcdClusterList{},
+	)
+	metav1.AddToGroupVersion(s, SchemeGroupVersion)
+	return nil
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// EtcdClusterList is a list of etcd clusters.
+type EtcdClusterList struct {
+	metav1.TypeMeta `json:",inline"`
+	// Standard list metadata
+	// More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []EtcdCluster `json:"items"`
+}
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// EtcdCluster represents an etcd cluster
+type EtcdCluster struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+	Spec              ClusterSpec `json:"spec"`
+}
+
+// ClusterSpec represents a cluster spec
+type ClusterSpec struct {
+	// Size is the expected size of the etcd cluster.
+	// The etcd-operator will eventually make the size of the running
+	// cluster equal to the expected size.
+	// The vaild range of the size is from 1 to 7.
+	Size int `json:"size"`
+
+	// BaseImage is the base etcd image name that will be used to launch
+	// etcd clusters. This is useful for private registries, etc.
+	//
+	// If image is not set, default is quay.io/coreos/etcd
+	BaseImage string `json:"baseImage"`
+
+	// Version is the expected version of the etcd cluster.
+	// The etcd-operator will eventually make the etcd cluster version
+	// equal to the expected version.
+	//
+	// The version must follow the [semver]( http://semver.org) format, for example "3.1.8".
+	// Only etcd released versions are supported: https://github.com/coreos/etcd/releases
+	//
+	// If version is not set, default is "3.1.8".
+	Version string `json:"version,omitempty"`
+
+	// Paused is to pause the control of the operator for the etcd cluster.
+	Paused bool `json:"paused,omitempty"`
+
+	// Pod defines the policy to create pod for the etcd pod.
+	//
+	// Updating Pod does not take effect on any existing etcd pods.
+	Pod *PodPolicy `json:"pod,omitempty"`
+
+	// SelfHosted determines if the etcd cluster is used for a self-hosted
+	// Kubernetes cluster.
+	//
+	// SelfHosted is a cluster initialization configuration. It cannot be updated.
+	SelfHosted *SelfHostedPolicy `json:"selfHosted,omitempty"`
+
+	// etcd cluster TLS configuration
+	TLS *TLSPolicy `json:"TLS,omitempty"`
+}
+
+// PodPolicy defines the policy to create pod for the etcd container.
+type PodPolicy struct {
+	// Labels specifies the labels to attach to pods the operator creates for the
+	// etcd cluster.
+	// "app" and "etcd_*" labels are reserved for the internal use of the etcd operator.
+	// Do not overwrite them.
+	Labels map[string]string `json:"labels,omitempty"`
+
+	// NodeSelector specifies a map of key-value pairs. For the pod to be eligible
+	// to run on a node, the node must have each of the indicated key-value pairs as
+	// labels.
+	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
+
+	// AntiAffinity determines if the etcd-operator tries to avoid putting
+	// the etcd members in the same cluster onto the same node.
+	AntiAffinity bool `json:"antiAffinity,omitempty"`
+
+	// Resources is the resource requirements for the etcd container.
+	// This field cannot be updated once the cluster is created.
+	Resources v1.ResourceRequirements `json:"resources,omitempty"`
+
+	// Tolerations specifies the pod's tolerations.
+	Tolerations []v1.Toleration `json:"tolerations,omitempty"`
+
+	// List of environment variables to set in the etcd container.
+	// This is used to configure etcd process. etcd cluster cannot be created, when
+	// bad environement variables are provided. Do not overwrite any flags used to
+	// bootstrap the cluster (for example `--initial-cluster` flag).
+	// This field cannot be updated.
+	EtcdEnv []v1.EnvVar `json:"etcdEnv,omitempty"`
+
+	// By default, kubernetes will mount a service account token into the etcd pods.
+	// AutomountServiceAccountToken indicates whether pods running with the service account should have an API token automatically mounted.
+	AutomountServiceAccountToken *bool `json:"automountServiceAccountToken,omitempty"`
+}
+
+// TLSPolicy defines the TLS policy of an etcd cluster
+type TLSPolicy struct {
+	// StaticTLS enables user to generate static x509 certificates and keys,
+	// put them into Kubernetes secrets, and specify them into here.
+	Static *StaticTLS `json:"static,omitempty"`
+}
+
+// StaticTLS represents static TLS
+type StaticTLS struct {
+	// Member contains secrets containing TLS certs used by each etcd member pod.
+	Member *MemberSecret `json:"member,omitempty"`
+	// OperatorSecret is the secret containing TLS certs used by operator to
+	// talk securely to this cluster.
+	OperatorSecret string `json:"operatorSecret,omitempty"`
+}
+
+// MemberSecret represents a member secret
+type MemberSecret struct {
+	// PeerSecret is the secret containing TLS certs used by each etcd member pod
+	// for the communication between etcd peers.
+	PeerSecret string `json:"peerSecret,omitempty"`
+	// ServerSecret is the secret containing TLS certs used by each etcd member pod
+	// for the communication between etcd server and its clients.
+	ServerSecret string `json:"serverSecret,omitempty"`
+}
+
+// SelfHostedPolicy represents a self-hosted policy
+type SelfHostedPolicy struct {
+	// BootMemberClientEndpoint specifies a bootstrap member for the cluster.
+	// If there is no bootstrap member, a completely new cluster will be created.
+	// The boot member will be removed from the cluster once the self-hosted cluster
+	// setup successfully.
+	BootMemberClientEndpoint string `json:"bootMemberClientEndpoint,omitempty"`
+
+	// SkipBootMemberRemoval specifies whether the removal of the bootstrap member
+	// should be skipped. By default the operator will automatically remove the
+	// bootstrap member from the new cluster - this happens during the pivot
+	// procedure and is the first step of decommissioning the bootstrap member.
+	// If unspecified, the default is `false`. If set to `true`, you are
+	// expected to remove the boot member yourself from the etcd cluster.
+	SkipBootMemberRemoval bool `json:"skipBootMemberRemoval,omitempty"`
+}
--- a/cmd/kubeadm/app/phases/etcd/spec/zz_generated.deepcopy.go
+++ b/cmd/kubeadm/app/phases/etcd/spec/zz_generated.deepcopy.go
@ -0,0 +1,307 @@
+// +build !ignore_autogenerated
+
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// This file was autogenerated by deepcopy-gen. Do not edit it manually!
+
+package spec
+
+import (
+	reflect "reflect"
+
+	v1 "k8s.io/api/core/v1"
+	conversion "k8s.io/apimachinery/pkg/conversion"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+func init() {
+	SchemeBuilder.Register(RegisterDeepCopies)
+}
+
+// RegisterDeepCopies adds deep-copy functions to the given scheme. Public
+// to allow building arbitrary schemes.
+//
+// Deprecated: deepcopy registration will go away when static deepcopy is fully implemented.
+func RegisterDeepCopies(scheme *runtime.Scheme) error {
+	return scheme.AddGeneratedDeepCopyFuncs(
+		conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
+			in.(*ClusterSpec).DeepCopyInto(out.(*ClusterSpec))
+			return nil
+		}, InType: reflect.TypeOf(&ClusterSpec{})},
+		conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
+			in.(*EtcdCluster).DeepCopyInto(out.(*EtcdCluster))
+			return nil
+		}, InType: reflect.TypeOf(&EtcdCluster{})},
+		conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
+			in.(*EtcdClusterList).DeepCopyInto(out.(*EtcdClusterList))
+			return nil
+		}, InType: reflect.TypeOf(&EtcdClusterList{})},
+		conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
+			in.(*MemberSecret).DeepCopyInto(out.(*MemberSecret))
+			return nil
+		}, InType: reflect.TypeOf(&MemberSecret{})},
+		conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
+			in.(*PodPolicy).DeepCopyInto(out.(*PodPolicy))
+			return nil
+		}, InType: reflect.TypeOf(&PodPolicy{})},
+		conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
+			in.(*SelfHostedPolicy).DeepCopyInto(out.(*SelfHostedPolicy))
+			return nil
+		}, InType: reflect.TypeOf(&SelfHostedPolicy{})},
+		conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
+			in.(*StaticTLS).DeepCopyInto(out.(*StaticTLS))
+			return nil
+		}, InType: reflect.TypeOf(&StaticTLS{})},
+		conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
+			in.(*TLSPolicy).DeepCopyInto(out.(*TLSPolicy))
+			return nil
+		}, InType: reflect.TypeOf(&TLSPolicy{})},
+	)
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClusterSpec) DeepCopyInto(out *ClusterSpec) {
+	*out = *in
+	if in.Pod != nil {
+		in, out := &in.Pod, &out.Pod
+		if *in == nil {
+			*out = nil
+		} else {
+			*out = new(PodPolicy)
+			(*in).DeepCopyInto(*out)
+		}
+	}
+	if in.SelfHosted != nil {
+		in, out := &in.SelfHosted, &out.SelfHosted
+		if *in == nil {
+			*out = nil
+		} else {
+			*out = new(SelfHostedPolicy)
+			**out = **in
+		}
+	}
+	if in.TLS != nil {
+		in, out := &in.TLS, &out.TLS
+		if *in == nil {
+			*out = nil
+		} else {
+			*out = new(TLSPolicy)
+			(*in).DeepCopyInto(*out)
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSpec.
+func (in *ClusterSpec) DeepCopy() *ClusterSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(ClusterSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *EtcdCluster) DeepCopyInto(out *EtcdCluster) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdCluster.
+func (in *EtcdCluster) DeepCopy() *EtcdCluster {
+	if in == nil {
+		return nil
+	}
+	out := new(EtcdCluster)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *EtcdCluster) DeepCopyObject() runtime.Object {
+	return in.DeepCopy()
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *EtcdClusterList) DeepCopyInto(out *EtcdClusterList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	out.ListMeta = in.ListMeta
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]EtcdCluster, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdClusterList.
+func (in *EtcdClusterList) DeepCopy() *EtcdClusterList {
+	if in == nil {
+		return nil
+	}
+	out := new(EtcdClusterList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *EtcdClusterList) DeepCopyObject() runtime.Object {
+	return in.DeepCopy()
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *MemberSecret) DeepCopyInto(out *MemberSecret) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MemberSecret.
+func (in *MemberSecret) DeepCopy() *MemberSecret {
+	if in == nil {
+		return nil
+	}
+	out := new(MemberSecret)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PodPolicy) DeepCopyInto(out *PodPolicy) {
+	*out = *in
+	if in.Labels != nil {
+		in, out := &in.Labels, &out.Labels
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	if in.NodeSelector != nil {
+		in, out := &in.NodeSelector, &out.NodeSelector
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	in.Resources.DeepCopyInto(&out.Resources)
+	if in.Tolerations != nil {
+		in, out := &in.Tolerations, &out.Tolerations
+		*out = make([]v1.Toleration, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.EtcdEnv != nil {
+		in, out := &in.EtcdEnv, &out.EtcdEnv
+		*out = make([]v1.EnvVar, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.AutomountServiceAccountToken != nil {
+		in, out := &in.AutomountServiceAccountToken, &out.AutomountServiceAccountToken
+		if *in == nil {
+			*out = nil
+		} else {
+			*out = new(bool)
+			**out = **in
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodPolicy.
+func (in *PodPolicy) DeepCopy() *PodPolicy {
+	if in == nil {
+		return nil
+	}
+	out := new(PodPolicy)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SelfHostedPolicy) DeepCopyInto(out *SelfHostedPolicy) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelfHostedPolicy.
+func (in *SelfHostedPolicy) DeepCopy() *SelfHostedPolicy {
+	if in == nil {
+		return nil
+	}
+	out := new(SelfHostedPolicy)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *StaticTLS) DeepCopyInto(out *StaticTLS) {
+	*out = *in
+	if in.Member != nil {
+		in, out := &in.Member, &out.Member
+		if *in == nil {
+			*out = nil
+		} else {
+			*out = new(MemberSecret)
+			**out = **in
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StaticTLS.
+func (in *StaticTLS) DeepCopy() *StaticTLS {
+	if in == nil {
+		return nil
+	}
+	out := new(StaticTLS)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *TLSPolicy) DeepCopyInto(out *TLSPolicy) {
+	*out = *in
+	if in.Static != nil {
+		in, out := &in.Static, &out.Static
+		if *in == nil {
+			*out = nil
+		} else {
+			*out = new(StaticTLS)
+			(*in).DeepCopyInto(*out)
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSPolicy.
+func (in *TLSPolicy) DeepCopy() *TLSPolicy {
+	if in == nil {
+		return nil
+	}
+	out := new(TLSPolicy)
+	in.DeepCopyInto(out)
+	return out
+}