Merge pull request #70371 from rosti/control-plane-substructs

kubeadm: Control plane config moved to substructs
2025-07-29 22:46:12 +00:00 · 2018-11-02 08:38:47 -07:00 · 2018-11-02 08:38:47 -07:00 · b83a947ee9
commit b83a947ee9
parent 77fd16e0e7 d14c27a347
25 changed files with 456 additions and 267 deletions
--- a/cmd/kubeadm/app/apis/kubeadm/types.go
+++ b/cmd/kubeadm/app/apis/kubeadm/types.go
@ -81,33 +81,15 @@ type ClusterConfiguration struct {
 	// could be used for assigning a stable DNS to the control plane.
 	ControlPlaneEndpoint string

-	// APIServerExtraArgs is a set of extra flags to pass to the API Server or override
-	// default ones in form of <flagname>=<value>.
-	// TODO: This is temporary and ideally we would like to switch all components to
-	// use ComponentConfig + ConfigMaps.
-	APIServerExtraArgs map[string]string
-	// ControllerManagerExtraArgs is a set of extra flags to pass to the Controller Manager
-	// or override default ones in form of <flagname>=<value>
-	// TODO: This is temporary and ideally we would like to switch all components to
-	// use ComponentConfig + ConfigMaps.
-	ControllerManagerExtraArgs map[string]string
-	// SchedulerExtraArgs is a set of extra flags to pass to the Scheduler or override
-	// default ones in form of <flagname>=<value>
-	// TODO: This is temporary and ideally we would like to switch all components to
-	// use ComponentConfig + ConfigMaps.
-	SchedulerExtraArgs map[string]string
+	// APIServer contains extra settings for the API server control plane component
+	APIServer APIServer

-	// APIServerExtraVolumes is an extra set of host volumes mounted to the API server.
-	APIServerExtraVolumes []HostPathMount
-	// ControllerManagerExtraVolumes is an extra set of host volumes mounted to the
-	// Controller Manager.
-	ControllerManagerExtraVolumes []HostPathMount
-	// SchedulerExtraVolumes is an extra set of host volumes mounted to the scheduler.
-	SchedulerExtraVolumes []HostPathMount
+	// ControllerManager contains extra settings for the controller manager control plane component
+	ControllerManager ControlPlaneComponent
+
+	// Scheduler contains extra settings for the scheduler control plane component
+	Scheduler ControlPlaneComponent

-	// APIServerCertSANs sets extra Subject Alternative Names for the API Server
-	// signing cert.
-	APIServerCertSANs []string
 	// CertificatesDir specifies where to store or look for all required certificates.
 	CertificatesDir string

@ -133,6 +115,23 @@ type ClusterConfiguration struct {
 	ClusterName string
 }

+// ControlPlaneComponent holds settings common to control plane component of the cluster
+type ControlPlaneComponent struct {
+	// ExtraArgs is an extra set of flags to pass to the control plane component.
+	ExtraArgs map[string]string
+
+	// ExtraVolumes is an extra set of host volumes, mounted to the control plane component.
+	ExtraVolumes []HostPathMount
+}
+
+// APIServer holds settings necessary for API server deployments in the cluster
+type APIServer struct {
+	ControlPlaneComponent
+
+	// CertSANs sets extra Subject Alternative Names for the API Server signing cert.
+	CertSANs []string
+}
+
 // ComponentConfigs holds known internal ComponentConfig types for other components
 type ComponentConfigs struct {
 	// Kubelet holds the ComponentConfiguration for the kubelet
--- a/cmd/kubeadm/app/apis/kubeadm/v1alpha3/conversion.go
+++ b/cmd/kubeadm/app/apis/kubeadm/v1alpha3/conversion.go
@ -17,6 +17,8 @@ limitations under the License.
 package v1alpha3

 import (
+	"unsafe"
+
 	"k8s.io/apimachinery/pkg/conversion"
 	"k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
 )
@ -76,3 +78,39 @@ func Convert_kubeadm_JoinConfiguration_To_v1alpha3_JoinConfiguration(in *kubeadm

 	return nil
 }
+
+func Convert_v1alpha3_ClusterConfiguration_To_kubeadm_ClusterConfiguration(in *ClusterConfiguration, out *kubeadm.ClusterConfiguration, s conversion.Scope) error {
+	if err := autoConvert_v1alpha3_ClusterConfiguration_To_kubeadm_ClusterConfiguration(in, out, s); err != nil {
+		return err
+	}
+
+	out.APIServer.ExtraArgs = in.APIServerExtraArgs
+	out.APIServer.ExtraVolumes = *(*[]kubeadm.HostPathMount)(unsafe.Pointer(&in.APIServerExtraVolumes))
+	out.APIServer.CertSANs = in.APIServerCertSANs
+
+	out.ControllerManager.ExtraArgs = in.ControllerManagerExtraArgs
+	out.ControllerManager.ExtraVolumes = *(*[]kubeadm.HostPathMount)(unsafe.Pointer(&in.ControllerManagerExtraVolumes))
+
+	out.Scheduler.ExtraArgs = in.SchedulerExtraArgs
+	out.Scheduler.ExtraVolumes = *(*[]kubeadm.HostPathMount)(unsafe.Pointer(&in.SchedulerExtraVolumes))
+
+	return nil
+}
+
+func Convert_kubeadm_ClusterConfiguration_To_v1alpha3_ClusterConfiguration(in *kubeadm.ClusterConfiguration, out *ClusterConfiguration, s conversion.Scope) error {
+	if err := autoConvert_kubeadm_ClusterConfiguration_To_v1alpha3_ClusterConfiguration(in, out, s); err != nil {
+		return err
+	}
+
+	out.APIServerExtraArgs = in.APIServer.ExtraArgs
+	out.APIServerExtraVolumes = *(*[]HostPathMount)(unsafe.Pointer(&in.APIServer.ExtraVolumes))
+	out.APIServerCertSANs = in.APIServer.CertSANs
+
+	out.ControllerManagerExtraArgs = in.ControllerManager.ExtraArgs
+	out.ControllerManagerExtraVolumes = *(*[]HostPathMount)(unsafe.Pointer(&in.ControllerManager.ExtraVolumes))
+
+	out.SchedulerExtraArgs = in.Scheduler.ExtraArgs
+	out.SchedulerExtraVolumes = *(*[]HostPathMount)(unsafe.Pointer(&in.Scheduler.ExtraVolumes))
+
+	return nil
+}
--- a/cmd/kubeadm/app/apis/kubeadm/v1alpha3/zz_generated.conversion.go
+++ b/cmd/kubeadm/app/apis/kubeadm/v1alpha3/zz_generated.conversion.go
@ -177,11 +177,21 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
+	if err := s.AddConversionFunc((*kubeadm.ClusterConfiguration)(nil), (*ClusterConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_kubeadm_ClusterConfiguration_To_v1alpha3_ClusterConfiguration(a.(*kubeadm.ClusterConfiguration), b.(*ClusterConfiguration), scope)
+	}); err != nil {
+		return err
+	}
 	if err := s.AddConversionFunc((*kubeadm.JoinConfiguration)(nil), (*JoinConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_kubeadm_JoinConfiguration_To_v1alpha3_JoinConfiguration(a.(*kubeadm.JoinConfiguration), b.(*JoinConfiguration), scope)
 	}); err != nil {
 		return err
 	}
+	if err := s.AddConversionFunc((*ClusterConfiguration)(nil), (*kubeadm.ClusterConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_v1alpha3_ClusterConfiguration_To_kubeadm_ClusterConfiguration(a.(*ClusterConfiguration), b.(*kubeadm.ClusterConfiguration), scope)
+	}); err != nil {
+		return err
+	}
 	if err := s.AddConversionFunc((*JoinConfiguration)(nil), (*kubeadm.JoinConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_v1alpha3_JoinConfiguration_To_kubeadm_JoinConfiguration(a.(*JoinConfiguration), b.(*kubeadm.JoinConfiguration), scope)
 	}); err != nil {
@ -297,13 +307,13 @@ func autoConvert_v1alpha3_ClusterConfiguration_To_kubeadm_ClusterConfiguration(i
 	}
 	out.KubernetesVersion = in.KubernetesVersion
 	out.ControlPlaneEndpoint = in.ControlPlaneEndpoint
-	out.APIServerExtraArgs = *(*map[string]string)(unsafe.Pointer(&in.APIServerExtraArgs))
-	out.ControllerManagerExtraArgs = *(*map[string]string)(unsafe.Pointer(&in.ControllerManagerExtraArgs))
-	out.SchedulerExtraArgs = *(*map[string]string)(unsafe.Pointer(&in.SchedulerExtraArgs))
-	out.APIServerExtraVolumes = *(*[]kubeadm.HostPathMount)(unsafe.Pointer(&in.APIServerExtraVolumes))
-	out.ControllerManagerExtraVolumes = *(*[]kubeadm.HostPathMount)(unsafe.Pointer(&in.ControllerManagerExtraVolumes))
-	out.SchedulerExtraVolumes = *(*[]kubeadm.HostPathMount)(unsafe.Pointer(&in.SchedulerExtraVolumes))
-	out.APIServerCertSANs = *(*[]string)(unsafe.Pointer(&in.APIServerCertSANs))
+	// WARNING: in.APIServerExtraArgs requires manual conversion: does not exist in peer-type
+	// WARNING: in.ControllerManagerExtraArgs requires manual conversion: does not exist in peer-type
+	// WARNING: in.SchedulerExtraArgs requires manual conversion: does not exist in peer-type
+	// WARNING: in.APIServerExtraVolumes requires manual conversion: does not exist in peer-type
+	// WARNING: in.ControllerManagerExtraVolumes requires manual conversion: does not exist in peer-type
+	// WARNING: in.SchedulerExtraVolumes requires manual conversion: does not exist in peer-type
+	// WARNING: in.APIServerCertSANs requires manual conversion: does not exist in peer-type
 	out.CertificatesDir = in.CertificatesDir
 	out.ImageRepository = in.ImageRepository
 	out.UnifiedControlPlaneImage = in.UnifiedControlPlaneImage
@ -315,11 +325,6 @@ func autoConvert_v1alpha3_ClusterConfiguration_To_kubeadm_ClusterConfiguration(i
 	return nil
 }

-// Convert_v1alpha3_ClusterConfiguration_To_kubeadm_ClusterConfiguration is an autogenerated conversion function.
-func Convert_v1alpha3_ClusterConfiguration_To_kubeadm_ClusterConfiguration(in *ClusterConfiguration, out *kubeadm.ClusterConfiguration, s conversion.Scope) error {
-	return autoConvert_v1alpha3_ClusterConfiguration_To_kubeadm_ClusterConfiguration(in, out, s)
-}
-
 func autoConvert_kubeadm_ClusterConfiguration_To_v1alpha3_ClusterConfiguration(in *kubeadm.ClusterConfiguration, out *ClusterConfiguration, s conversion.Scope) error {
 	// INFO: in.ComponentConfigs opted out of conversion generation
 	if err := Convert_kubeadm_Etcd_To_v1alpha3_Etcd(&in.Etcd, &out.Etcd, s); err != nil {
@ -330,13 +335,9 @@ func autoConvert_kubeadm_ClusterConfiguration_To_v1alpha3_ClusterConfiguration(i
 	}
 	out.KubernetesVersion = in.KubernetesVersion
 	out.ControlPlaneEndpoint = in.ControlPlaneEndpoint
-	out.APIServerExtraArgs = *(*map[string]string)(unsafe.Pointer(&in.APIServerExtraArgs))
-	out.ControllerManagerExtraArgs = *(*map[string]string)(unsafe.Pointer(&in.ControllerManagerExtraArgs))
-	out.SchedulerExtraArgs = *(*map[string]string)(unsafe.Pointer(&in.SchedulerExtraArgs))
-	out.APIServerExtraVolumes = *(*[]HostPathMount)(unsafe.Pointer(&in.APIServerExtraVolumes))
-	out.ControllerManagerExtraVolumes = *(*[]HostPathMount)(unsafe.Pointer(&in.ControllerManagerExtraVolumes))
-	out.SchedulerExtraVolumes = *(*[]HostPathMount)(unsafe.Pointer(&in.SchedulerExtraVolumes))
-	out.APIServerCertSANs = *(*[]string)(unsafe.Pointer(&in.APIServerCertSANs))
+	// WARNING: in.APIServer requires manual conversion: does not exist in peer-type
+	// WARNING: in.ControllerManager requires manual conversion: does not exist in peer-type
+	// WARNING: in.Scheduler requires manual conversion: does not exist in peer-type
 	out.CertificatesDir = in.CertificatesDir
 	out.ImageRepository = in.ImageRepository
 	// INFO: in.CIImageRepository opted out of conversion generation
@ -349,11 +350,6 @@ func autoConvert_kubeadm_ClusterConfiguration_To_v1alpha3_ClusterConfiguration(i
 	return nil
 }

-// Convert_kubeadm_ClusterConfiguration_To_v1alpha3_ClusterConfiguration is an autogenerated conversion function.
-func Convert_kubeadm_ClusterConfiguration_To_v1alpha3_ClusterConfiguration(in *kubeadm.ClusterConfiguration, out *ClusterConfiguration, s conversion.Scope) error {
-	return autoConvert_kubeadm_ClusterConfiguration_To_v1alpha3_ClusterConfiguration(in, out, s)
-}
-
 func autoConvert_v1alpha3_ClusterStatus_To_kubeadm_ClusterStatus(in *ClusterStatus, out *kubeadm.ClusterStatus, s conversion.Scope) error {
 	out.APIEndpoints = *(*map[string]kubeadm.APIEndpoint)(unsafe.Pointer(&in.APIEndpoints))
 	return nil
--- a/cmd/kubeadm/app/apis/kubeadm/v1beta1/doc.go
+++ b/cmd/kubeadm/app/apis/kubeadm/v1beta1/doc.go
@ -200,44 +200,47 @@ limitations under the License.
 // 	  dnsDomain: "cluster.local"
 // 	kubernetesVersion: "v1.12.0"
 // 	controlPlaneEndpoint: "10.100.0.1:6443"
-// 	apiServerExtraArgs:
-// 	  authorization-mode: "Node,RBAC"
-// 	controllerManagerExtraArgs:
-// 	  node-cidr-mask-size: 20
-// 	schedulerExtraArgs:
-// 	  address: "10.100.0.1"
-// 	apiServerExtraVolumes:
-// 	- name: "some-volume"
-// 	  hostPath: "/etc/some-path"
-// 	  mountPath: "/etc/some-pod-path"
-// 	  writable: true
-// 	  pathType: File
-// 	controllerManagerExtraVolumes:
-// 	- name: "some-volume"
-// 	  hostPath: "/etc/some-path"
-// 	  mountPath: "/etc/some-pod-path"
-// 	  writable: true
-// 	  pathType: File
-// 	schedulerExtraVolumes:
-// 	- name: "some-volume"
-// 	  hostPath: "/etc/some-path"
-// 	  mountPath: "/etc/some-pod-path"
-// 	  writable: true
-// 	  pathType: File
-// 	apiServerCertSANs:
-// 	- "10.100.1.1"
-// 	- "ec2-10-100-0-1.compute-1.amazonaws.com"
-// 	certificatesDir: "/etc/kubernetes/pki"
-// 	imageRepository: "k8s.gcr.io"
-// 	unifiedControlPlaneImage: "k8s.gcr.io/controlplane:v1.12.0"
-// 	auditPolicy:
-// 	  # https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#audit-policy
-// 	  path: "/var/log/audit/audit.json"
-// 	  logDir: "/var/log/audit"
-// 	  logMaxAge: 7 # in days
-// 	featureGates:
-// 	  selfhosting: false
-// 	clusterName: "example-cluster"
+//	apiServer:
+//	  extraArgs:
+//	    authorization-mode: "Node,RBAC"
+//	  extraVolumes:
+//	  - name: "some-volume"
+//	    hostPath: "/etc/some-path"
+//	    mountPath: "/etc/some-pod-path"
+//	    writable: true
+//	    pathType: File
+//	  certSANs:
+//	  - "10.100.1.1"
+//	  - "ec2-10-100-0-1.compute-1.amazonaws.com"
+//	controllerManager:
+//	  extraArgs:
+//	    node-cidr-mask-size: 20
+//	  extraVolumes:
+//	  - name: "some-volume"
+//	    hostPath: "/etc/some-path"
+//	    mountPath: "/etc/some-pod-path"
+//	    writable: true
+//	    pathType: File
+//	scheduler:
+//	  extraArgs:
+//	    address: "10.100.0.1"
+//	  extraVolumes:
+//	  - name: "some-volume"
+//	    hostPath: "/etc/some-path"
+//	    mountPath: "/etc/some-pod-path"
+//	    writable: true
+//	    pathType: File
+//	certificatesDir: "/etc/kubernetes/pki"
+//	imageRepository: "k8s.gcr.io"
+//	unifiedControlPlaneImage: "k8s.gcr.io/controlplane:v1.12.0"
+//	auditPolicy:
+//	  # https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#audit-policy
+//	  path: "/var/log/audit/audit.json"
+//	  logDir: "/var/log/audit"
+//	  logMaxAge: 7 # in days
+//	featureGates:
+//	  selfhosting: false
+//	clusterName: "example-cluster"
 //
 // Kubeadm join configuration types
 //
--- a/cmd/kubeadm/app/apis/kubeadm/v1beta1/types.go
+++ b/cmd/kubeadm/app/apis/kubeadm/v1beta1/types.go
@ -77,32 +77,15 @@ type ClusterConfiguration struct {
 	// could be used for assigning a stable DNS to the control plane.
 	ControlPlaneEndpoint string `json:"controlPlaneEndpoint"`

-	// APIServerExtraArgs is a set of extra flags to pass to the API Server or override
-	// default ones in form of <flagname>=<value>.
-	// TODO: This is temporary and ideally we would like to switch all components to
-	// use ComponentConfig + ConfigMaps.
-	APIServerExtraArgs map[string]string `json:"apiServerExtraArgs,omitempty"`
-	// ControllerManagerExtraArgs is a set of extra flags to pass to the Controller Manager
-	// or override default ones in form of <flagname>=<value>
-	// TODO: This is temporary and ideally we would like to switch all components to
-	// use ComponentConfig + ConfigMaps.
-	ControllerManagerExtraArgs map[string]string `json:"controllerManagerExtraArgs,omitempty"`
-	// SchedulerExtraArgs is a set of extra flags to pass to the Scheduler or override
-	// default ones in form of <flagname>=<value>
-	// TODO: This is temporary and ideally we would like to switch all components to
-	// use ComponentConfig + ConfigMaps.
-	SchedulerExtraArgs map[string]string `json:"schedulerExtraArgs,omitempty"`
+	// APIServer contains extra settings for the API server control plane component
+	APIServer APIServer `json:"apiServer,omitempty"`

-	// APIServerExtraVolumes is an extra set of host volumes mounted to the API server.
-	APIServerExtraVolumes []HostPathMount `json:"apiServerExtraVolumes,omitempty"`
-	// ControllerManagerExtraVolumes is an extra set of host volumes mounted to the
-	// Controller Manager.
-	ControllerManagerExtraVolumes []HostPathMount `json:"controllerManagerExtraVolumes,omitempty"`
-	// SchedulerExtraVolumes is an extra set of host volumes mounted to the scheduler.
-	SchedulerExtraVolumes []HostPathMount `json:"schedulerExtraVolumes,omitempty"`
+	// ControllerManager contains extra settings for the controller manager control plane component
+	ControllerManager ControlPlaneComponent `json:"controllerManager,omitempty"`
+
+	// Scheduler contains extra settings for the scheduler control plane component
+	Scheduler ControlPlaneComponent `json:"scheduler,omitempty"`

-	// APIServerCertSANs sets extra Subject Alternative Names for the API Server signing cert.
-	APIServerCertSANs []string `json:"apiServerCertSANs,omitempty"`
 	// CertificatesDir specifies where to store or look for all required certificates.
 	CertificatesDir string `json:"certificatesDir"`

@ -122,6 +105,23 @@ type ClusterConfiguration struct {
 	ClusterName string `json:"clusterName,omitempty"`
 }

+// ControlPlaneComponent holds settings common to control plane component of the cluster
+type ControlPlaneComponent struct {
+	// ExtraArgs is an extra set of flags to pass to the control plane component.
+	ExtraArgs map[string]string `json:"extraArgs,omitempty"`
+
+	// ExtraVolumes is an extra set of host volumes, mounted to the control plane component.
+	ExtraVolumes []HostPathMount `json:"extraVolumes,omitempty"`
+}
+
+// APIServer holds settings necessary for API server deployments in the cluster
+type APIServer struct {
+	ControlPlaneComponent `json:",inline"`
+
+	// CertSANs sets extra Subject Alternative Names for the API Server signing cert.
+	CertSANs []string `json:"certSANs,omitempty"`
+}
+
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

 // ClusterStatus contains the cluster status. The ClusterStatus will be stored in the kubeadm-config
--- a/cmd/kubeadm/app/apis/kubeadm/v1beta1/zz_generated.conversion.go
+++ b/cmd/kubeadm/app/apis/kubeadm/v1beta1/zz_generated.conversion.go
@ -47,6 +47,16 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
+	if err := s.AddGeneratedConversionFunc((*APIServer)(nil), (*kubeadm.APIServer)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_v1beta1_APIServer_To_kubeadm_APIServer(a.(*APIServer), b.(*kubeadm.APIServer), scope)
+	}); err != nil {
+		return err
+	}
+	if err := s.AddGeneratedConversionFunc((*kubeadm.APIServer)(nil), (*APIServer)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_kubeadm_APIServer_To_v1beta1_APIServer(a.(*kubeadm.APIServer), b.(*APIServer), scope)
+	}); err != nil {
+		return err
+	}
 	if err := s.AddGeneratedConversionFunc((*AuditPolicyConfiguration)(nil), (*kubeadm.AuditPolicyConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_v1beta1_AuditPolicyConfiguration_To_kubeadm_AuditPolicyConfiguration(a.(*AuditPolicyConfiguration), b.(*kubeadm.AuditPolicyConfiguration), scope)
 	}); err != nil {
@ -107,6 +117,16 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
+	if err := s.AddGeneratedConversionFunc((*ControlPlaneComponent)(nil), (*kubeadm.ControlPlaneComponent)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_v1beta1_ControlPlaneComponent_To_kubeadm_ControlPlaneComponent(a.(*ControlPlaneComponent), b.(*kubeadm.ControlPlaneComponent), scope)
+	}); err != nil {
+		return err
+	}
+	if err := s.AddGeneratedConversionFunc((*kubeadm.ControlPlaneComponent)(nil), (*ControlPlaneComponent)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_kubeadm_ControlPlaneComponent_To_v1beta1_ControlPlaneComponent(a.(*kubeadm.ControlPlaneComponent), b.(*ControlPlaneComponent), scope)
+	}); err != nil {
+		return err
+	}
 	if err := s.AddGeneratedConversionFunc((*Discovery)(nil), (*kubeadm.Discovery)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_v1beta1_Discovery_To_kubeadm_Discovery(a.(*Discovery), b.(*kubeadm.Discovery), scope)
 	}); err != nil {
@ -232,6 +252,32 @@ func Convert_kubeadm_APIEndpoint_To_v1beta1_APIEndpoint(in *kubeadm.APIEndpoint,
 	return autoConvert_kubeadm_APIEndpoint_To_v1beta1_APIEndpoint(in, out, s)
 }

+func autoConvert_v1beta1_APIServer_To_kubeadm_APIServer(in *APIServer, out *kubeadm.APIServer, s conversion.Scope) error {
+	if err := Convert_v1beta1_ControlPlaneComponent_To_kubeadm_ControlPlaneComponent(&in.ControlPlaneComponent, &out.ControlPlaneComponent, s); err != nil {
+		return err
+	}
+	out.CertSANs = *(*[]string)(unsafe.Pointer(&in.CertSANs))
+	return nil
+}
+
+// Convert_v1beta1_APIServer_To_kubeadm_APIServer is an autogenerated conversion function.
+func Convert_v1beta1_APIServer_To_kubeadm_APIServer(in *APIServer, out *kubeadm.APIServer, s conversion.Scope) error {
+	return autoConvert_v1beta1_APIServer_To_kubeadm_APIServer(in, out, s)
+}
+
+func autoConvert_kubeadm_APIServer_To_v1beta1_APIServer(in *kubeadm.APIServer, out *APIServer, s conversion.Scope) error {
+	if err := Convert_kubeadm_ControlPlaneComponent_To_v1beta1_ControlPlaneComponent(&in.ControlPlaneComponent, &out.ControlPlaneComponent, s); err != nil {
+		return err
+	}
+	out.CertSANs = *(*[]string)(unsafe.Pointer(&in.CertSANs))
+	return nil
+}
+
+// Convert_kubeadm_APIServer_To_v1beta1_APIServer is an autogenerated conversion function.
+func Convert_kubeadm_APIServer_To_v1beta1_APIServer(in *kubeadm.APIServer, out *APIServer, s conversion.Scope) error {
+	return autoConvert_kubeadm_APIServer_To_v1beta1_APIServer(in, out, s)
+}
+
 func autoConvert_v1beta1_AuditPolicyConfiguration_To_kubeadm_AuditPolicyConfiguration(in *AuditPolicyConfiguration, out *kubeadm.AuditPolicyConfiguration, s conversion.Scope) error {
 	out.Path = in.Path
 	out.LogDir = in.LogDir
@ -343,13 +389,15 @@ func autoConvert_v1beta1_ClusterConfiguration_To_kubeadm_ClusterConfiguration(in
 	}
 	out.KubernetesVersion = in.KubernetesVersion
 	out.ControlPlaneEndpoint = in.ControlPlaneEndpoint
-	out.APIServerExtraArgs = *(*map[string]string)(unsafe.Pointer(&in.APIServerExtraArgs))
-	out.ControllerManagerExtraArgs = *(*map[string]string)(unsafe.Pointer(&in.ControllerManagerExtraArgs))
-	out.SchedulerExtraArgs = *(*map[string]string)(unsafe.Pointer(&in.SchedulerExtraArgs))
-	out.APIServerExtraVolumes = *(*[]kubeadm.HostPathMount)(unsafe.Pointer(&in.APIServerExtraVolumes))
-	out.ControllerManagerExtraVolumes = *(*[]kubeadm.HostPathMount)(unsafe.Pointer(&in.ControllerManagerExtraVolumes))
-	out.SchedulerExtraVolumes = *(*[]kubeadm.HostPathMount)(unsafe.Pointer(&in.SchedulerExtraVolumes))
-	out.APIServerCertSANs = *(*[]string)(unsafe.Pointer(&in.APIServerCertSANs))
+	if err := Convert_v1beta1_APIServer_To_kubeadm_APIServer(&in.APIServer, &out.APIServer, s); err != nil {
+		return err
+	}
+	if err := Convert_v1beta1_ControlPlaneComponent_To_kubeadm_ControlPlaneComponent(&in.ControllerManager, &out.ControllerManager, s); err != nil {
+		return err
+	}
+	if err := Convert_v1beta1_ControlPlaneComponent_To_kubeadm_ControlPlaneComponent(&in.Scheduler, &out.Scheduler, s); err != nil {
+		return err
+	}
 	out.CertificatesDir = in.CertificatesDir
 	out.ImageRepository = in.ImageRepository
 	out.UnifiedControlPlaneImage = in.UnifiedControlPlaneImage
@ -376,13 +424,15 @@ func autoConvert_kubeadm_ClusterConfiguration_To_v1beta1_ClusterConfiguration(in
 	}
 	out.KubernetesVersion = in.KubernetesVersion
 	out.ControlPlaneEndpoint = in.ControlPlaneEndpoint
-	out.APIServerExtraArgs = *(*map[string]string)(unsafe.Pointer(&in.APIServerExtraArgs))
-	out.ControllerManagerExtraArgs = *(*map[string]string)(unsafe.Pointer(&in.ControllerManagerExtraArgs))
-	out.SchedulerExtraArgs = *(*map[string]string)(unsafe.Pointer(&in.SchedulerExtraArgs))
-	out.APIServerExtraVolumes = *(*[]HostPathMount)(unsafe.Pointer(&in.APIServerExtraVolumes))
-	out.ControllerManagerExtraVolumes = *(*[]HostPathMount)(unsafe.Pointer(&in.ControllerManagerExtraVolumes))
-	out.SchedulerExtraVolumes = *(*[]HostPathMount)(unsafe.Pointer(&in.SchedulerExtraVolumes))
-	out.APIServerCertSANs = *(*[]string)(unsafe.Pointer(&in.APIServerCertSANs))
+	if err := Convert_kubeadm_APIServer_To_v1beta1_APIServer(&in.APIServer, &out.APIServer, s); err != nil {
+		return err
+	}
+	if err := Convert_kubeadm_ControlPlaneComponent_To_v1beta1_ControlPlaneComponent(&in.ControllerManager, &out.ControllerManager, s); err != nil {
+		return err
+	}
+	if err := Convert_kubeadm_ControlPlaneComponent_To_v1beta1_ControlPlaneComponent(&in.Scheduler, &out.Scheduler, s); err != nil {
+		return err
+	}
 	out.CertificatesDir = in.CertificatesDir
 	out.ImageRepository = in.ImageRepository
 	// INFO: in.CIImageRepository opted out of conversion generation
@ -420,6 +470,28 @@ func Convert_kubeadm_ClusterStatus_To_v1beta1_ClusterStatus(in *kubeadm.ClusterS
 	return autoConvert_kubeadm_ClusterStatus_To_v1beta1_ClusterStatus(in, out, s)
 }

+func autoConvert_v1beta1_ControlPlaneComponent_To_kubeadm_ControlPlaneComponent(in *ControlPlaneComponent, out *kubeadm.ControlPlaneComponent, s conversion.Scope) error {
+	out.ExtraArgs = *(*map[string]string)(unsafe.Pointer(&in.ExtraArgs))
+	out.ExtraVolumes = *(*[]kubeadm.HostPathMount)(unsafe.Pointer(&in.ExtraVolumes))
+	return nil
+}
+
+// Convert_v1beta1_ControlPlaneComponent_To_kubeadm_ControlPlaneComponent is an autogenerated conversion function.
+func Convert_v1beta1_ControlPlaneComponent_To_kubeadm_ControlPlaneComponent(in *ControlPlaneComponent, out *kubeadm.ControlPlaneComponent, s conversion.Scope) error {
+	return autoConvert_v1beta1_ControlPlaneComponent_To_kubeadm_ControlPlaneComponent(in, out, s)
+}
+
+func autoConvert_kubeadm_ControlPlaneComponent_To_v1beta1_ControlPlaneComponent(in *kubeadm.ControlPlaneComponent, out *ControlPlaneComponent, s conversion.Scope) error {
+	out.ExtraArgs = *(*map[string]string)(unsafe.Pointer(&in.ExtraArgs))
+	out.ExtraVolumes = *(*[]HostPathMount)(unsafe.Pointer(&in.ExtraVolumes))
+	return nil
+}
+
+// Convert_kubeadm_ControlPlaneComponent_To_v1beta1_ControlPlaneComponent is an autogenerated conversion function.
+func Convert_kubeadm_ControlPlaneComponent_To_v1beta1_ControlPlaneComponent(in *kubeadm.ControlPlaneComponent, out *ControlPlaneComponent, s conversion.Scope) error {
+	return autoConvert_kubeadm_ControlPlaneComponent_To_v1beta1_ControlPlaneComponent(in, out, s)
+}
+
 func autoConvert_v1beta1_Discovery_To_kubeadm_Discovery(in *Discovery, out *kubeadm.Discovery, s conversion.Scope) error {
 	out.BootstrapToken = (*kubeadm.BootstrapTokenDiscovery)(unsafe.Pointer(in.BootstrapToken))
 	out.File = (*kubeadm.FileDiscovery)(unsafe.Pointer(in.File))
--- a/cmd/kubeadm/app/apis/kubeadm/v1beta1/zz_generated.deepcopy.go
+++ b/cmd/kubeadm/app/apis/kubeadm/v1beta1/zz_generated.deepcopy.go
@ -42,6 +42,28 @@ func (in *APIEndpoint) DeepCopy() *APIEndpoint {
 	return out
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *APIServer) DeepCopyInto(out *APIServer) {
+	*out = *in
+	in.ControlPlaneComponent.DeepCopyInto(&out.ControlPlaneComponent)
+	if in.CertSANs != nil {
+		in, out := &in.CertSANs, &out.CertSANs
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIServer.
+func (in *APIServer) DeepCopy() *APIServer {
+	if in == nil {
+		return nil
+	}
+	out := new(APIServer)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *AuditPolicyConfiguration) DeepCopyInto(out *AuditPolicyConfiguration) {
 	*out = *in
@ -146,47 +168,9 @@ func (in *ClusterConfiguration) DeepCopyInto(out *ClusterConfiguration) {
 	out.TypeMeta = in.TypeMeta
 	in.Etcd.DeepCopyInto(&out.Etcd)
 	out.Networking = in.Networking
-	if in.APIServerExtraArgs != nil {
-		in, out := &in.APIServerExtraArgs, &out.APIServerExtraArgs
-		*out = make(map[string]string, len(*in))
-		for key, val := range *in {
-			(*out)[key] = val
-		}
-	}
-	if in.ControllerManagerExtraArgs != nil {
-		in, out := &in.ControllerManagerExtraArgs, &out.ControllerManagerExtraArgs
-		*out = make(map[string]string, len(*in))
-		for key, val := range *in {
-			(*out)[key] = val
-		}
-	}
-	if in.SchedulerExtraArgs != nil {
-		in, out := &in.SchedulerExtraArgs, &out.SchedulerExtraArgs
-		*out = make(map[string]string, len(*in))
-		for key, val := range *in {
-			(*out)[key] = val
-		}
-	}
-	if in.APIServerExtraVolumes != nil {
-		in, out := &in.APIServerExtraVolumes, &out.APIServerExtraVolumes
-		*out = make([]HostPathMount, len(*in))
-		copy(*out, *in)
-	}
-	if in.ControllerManagerExtraVolumes != nil {
-		in, out := &in.ControllerManagerExtraVolumes, &out.ControllerManagerExtraVolumes
-		*out = make([]HostPathMount, len(*in))
-		copy(*out, *in)
-	}
-	if in.SchedulerExtraVolumes != nil {
-		in, out := &in.SchedulerExtraVolumes, &out.SchedulerExtraVolumes
-		*out = make([]HostPathMount, len(*in))
-		copy(*out, *in)
-	}
-	if in.APIServerCertSANs != nil {
-		in, out := &in.APIServerCertSANs, &out.APIServerCertSANs
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
+	in.APIServer.DeepCopyInto(&out.APIServer)
+	in.ControllerManager.DeepCopyInto(&out.ControllerManager)
+	in.Scheduler.DeepCopyInto(&out.Scheduler)
 	in.AuditPolicyConfiguration.DeepCopyInto(&out.AuditPolicyConfiguration)
 	if in.FeatureGates != nil {
 		in, out := &in.FeatureGates, &out.FeatureGates
@ -248,6 +232,34 @@ func (in *ClusterStatus) DeepCopyObject() runtime.Object {
 	return nil
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ControlPlaneComponent) DeepCopyInto(out *ControlPlaneComponent) {
+	*out = *in
+	if in.ExtraArgs != nil {
+		in, out := &in.ExtraArgs, &out.ExtraArgs
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	if in.ExtraVolumes != nil {
+		in, out := &in.ExtraVolumes, &out.ExtraVolumes
+		*out = make([]HostPathMount, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControlPlaneComponent.
+func (in *ControlPlaneComponent) DeepCopy() *ControlPlaneComponent {
+	if in == nil {
+		return nil
+	}
+	out := new(ControlPlaneComponent)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Discovery) DeepCopyInto(out *Discovery) {
 	*out = *in
--- a/cmd/kubeadm/app/apis/kubeadm/validation/validation.go
+++ b/cmd/kubeadm/app/apis/kubeadm/validation/validation.go
@ -57,7 +57,7 @@ func ValidateInitConfiguration(c *kubeadm.InitConfiguration) field.ErrorList {
 func ValidateClusterConfiguration(c *kubeadm.ClusterConfiguration) field.ErrorList {
 	allErrs := field.ErrorList{}
 	allErrs = append(allErrs, ValidateNetworking(&c.Networking, field.NewPath("networking"))...)
-	allErrs = append(allErrs, ValidateCertSANs(c.APIServerCertSANs, field.NewPath("apiServerCertSANs"))...)
+	allErrs = append(allErrs, ValidateAPIServer(&c.APIServer, field.NewPath("apiServer"))...)
 	allErrs = append(allErrs, ValidateAbsolutePath(c.CertificatesDir, field.NewPath("certificatesDir"))...)
 	allErrs = append(allErrs, ValidateFeatureGates(c.FeatureGates, field.NewPath("featureGates"))...)
 	allErrs = append(allErrs, ValidateHostPort(c.ControlPlaneEndpoint, field.NewPath("controlPlaneEndpoint"))...)
@ -66,6 +66,13 @@ func ValidateClusterConfiguration(c *kubeadm.ClusterConfiguration) field.ErrorLi
 	return allErrs
 }

+// ValidateAPIServer validates a APIServer object and collects all encountered errors
+func ValidateAPIServer(a *kubeadm.APIServer, fldPath *field.Path) field.ErrorList {
+	allErrs := field.ErrorList{}
+	allErrs = append(allErrs, ValidateCertSANs(a.CertSANs, fldPath.Child("certSANs"))...)
+	return allErrs
+}
+
 // ValidateJoinConfiguration validates node configuration and collects all encountered errors
 func ValidateJoinConfiguration(c *kubeadm.JoinConfiguration) field.ErrorList {
 	allErrs := field.ErrorList{}
--- a/cmd/kubeadm/app/apis/kubeadm/zz_generated.deepcopy.go
+++ b/cmd/kubeadm/app/apis/kubeadm/zz_generated.deepcopy.go
@ -44,6 +44,28 @@ func (in *APIEndpoint) DeepCopy() *APIEndpoint {
 	return out
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *APIServer) DeepCopyInto(out *APIServer) {
+	*out = *in
+	in.ControlPlaneComponent.DeepCopyInto(&out.ControlPlaneComponent)
+	if in.CertSANs != nil {
+		in, out := &in.CertSANs, &out.CertSANs
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIServer.
+func (in *APIServer) DeepCopy() *APIServer {
+	if in == nil {
+		return nil
+	}
+	out := new(APIServer)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *AuditPolicyConfiguration) DeepCopyInto(out *AuditPolicyConfiguration) {
 	*out = *in
@ -149,47 +171,9 @@ func (in *ClusterConfiguration) DeepCopyInto(out *ClusterConfiguration) {
 	in.ComponentConfigs.DeepCopyInto(&out.ComponentConfigs)
 	in.Etcd.DeepCopyInto(&out.Etcd)
 	out.Networking = in.Networking
-	if in.APIServerExtraArgs != nil {
-		in, out := &in.APIServerExtraArgs, &out.APIServerExtraArgs
-		*out = make(map[string]string, len(*in))
-		for key, val := range *in {
-			(*out)[key] = val
-		}
-	}
-	if in.ControllerManagerExtraArgs != nil {
-		in, out := &in.ControllerManagerExtraArgs, &out.ControllerManagerExtraArgs
-		*out = make(map[string]string, len(*in))
-		for key, val := range *in {
-			(*out)[key] = val
-		}
-	}
-	if in.SchedulerExtraArgs != nil {
-		in, out := &in.SchedulerExtraArgs, &out.SchedulerExtraArgs
-		*out = make(map[string]string, len(*in))
-		for key, val := range *in {
-			(*out)[key] = val
-		}
-	}
-	if in.APIServerExtraVolumes != nil {
-		in, out := &in.APIServerExtraVolumes, &out.APIServerExtraVolumes
-		*out = make([]HostPathMount, len(*in))
-		copy(*out, *in)
-	}
-	if in.ControllerManagerExtraVolumes != nil {
-		in, out := &in.ControllerManagerExtraVolumes, &out.ControllerManagerExtraVolumes
-		*out = make([]HostPathMount, len(*in))
-		copy(*out, *in)
-	}
-	if in.SchedulerExtraVolumes != nil {
-		in, out := &in.SchedulerExtraVolumes, &out.SchedulerExtraVolumes
-		*out = make([]HostPathMount, len(*in))
-		copy(*out, *in)
-	}
-	if in.APIServerCertSANs != nil {
-		in, out := &in.APIServerCertSANs, &out.APIServerCertSANs
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
+	in.APIServer.DeepCopyInto(&out.APIServer)
+	in.ControllerManager.DeepCopyInto(&out.ControllerManager)
+	in.Scheduler.DeepCopyInto(&out.Scheduler)
 	in.AuditPolicyConfiguration.DeepCopyInto(&out.AuditPolicyConfiguration)
 	if in.FeatureGates != nil {
 		in, out := &in.FeatureGates, &out.FeatureGates
@ -277,6 +261,34 @@ func (in *ComponentConfigs) DeepCopy() *ComponentConfigs {
 	return out
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ControlPlaneComponent) DeepCopyInto(out *ControlPlaneComponent) {
+	*out = *in
+	if in.ExtraArgs != nil {
+		in, out := &in.ExtraArgs, &out.ExtraArgs
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	if in.ExtraVolumes != nil {
+		in, out := &in.ExtraVolumes, &out.ExtraVolumes
+		*out = make([]HostPathMount, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControlPlaneComponent.
+func (in *ControlPlaneComponent) DeepCopy() *ControlPlaneComponent {
+	if in == nil {
+		return nil
+	}
+	out := new(ControlPlaneComponent)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Discovery) DeepCopyInto(out *Discovery) {
 	*out = *in
--- a/cmd/kubeadm/app/cmd/init.go
+++ b/cmd/kubeadm/app/cmd/init.go
@ -214,7 +214,7 @@ func AddInitConfigFlags(flagSet *flag.FlagSet, cfg *kubeadmapiv1beta1.InitConfig
 		`The path where to save and store the certificates.`,
 	)
 	flagSet.StringSliceVar(
-		&cfg.APIServerCertSANs, "apiserver-cert-extra-sans", cfg.APIServerCertSANs,
+		&cfg.APIServer.CertSANs, "apiserver-cert-extra-sans", cfg.APIServer.CertSANs,
 		`Optional extra Subject Alternative Names (SANs) to use for the API Server serving certificate. Can be both IP addresses and DNS names.`,
 	)
 	flagSet.StringVar(
--- a/cmd/kubeadm/app/cmd/upgrade/common_test.go
+++ b/cmd/kubeadm/app/cmd/upgrade/common_test.go
@ -43,12 +43,14 @@ func TestPrintConfiguration(t *testing.T) {
 				},
 			},
 			expectedBytes: []byte(`[upgrade/config] Configuration used:
+	apiServer: {}
 	apiVersion: kubeadm.k8s.io/v1beta1
 	auditPolicy:
 	  logDir: ""
 	  path: ""
 	certificatesDir: ""
 	controlPlaneEndpoint: ""
+	controllerManager: {}
 	etcd:
 	  local:
 	    dataDir: /some/path
@ -60,6 +62,7 @@ func TestPrintConfiguration(t *testing.T) {
 	  dnsDomain: ""
 	  podSubnet: ""
 	  serviceSubnet: ""
+	scheduler: {}
 	unifiedControlPlaneImage: ""
 `),
 		},
@ -76,12 +79,14 @@ func TestPrintConfiguration(t *testing.T) {
 				},
 			},
 			expectedBytes: []byte(`[upgrade/config] Configuration used:
+	apiServer: {}
 	apiVersion: kubeadm.k8s.io/v1beta1
 	auditPolicy:
 	  logDir: ""
 	  path: ""
 	certificatesDir: ""
 	controlPlaneEndpoint: ""
+	controllerManager: {}
 	etcd:
 	  external:
 	    caFile: ""
@ -96,6 +101,7 @@ func TestPrintConfiguration(t *testing.T) {
 	  dnsDomain: ""
 	  podSubnet: ""
 	  serviceSubnet: 10.96.0.1/12
+	scheduler: {}
 	unifiedControlPlaneImage: ""
 `),
 		},
--- a/cmd/kubeadm/app/phases/certs/doc.go
+++ b/cmd/kubeadm/app/phases/certs/doc.go
@ -23,7 +23,7 @@ package certs
 	INPUTS:
 		From InitConfiguration
 			.API.AdvertiseAddress is an optional parameter that can be passed for an extra addition to the SAN IPs
-			.APIServerCertSANs is an optional parameter for adding DNS names and IPs to the API Server serving cert SAN
+			.APIServer.CertSANs is an optional parameter for adding DNS names and IPs to the API Server serving cert SAN
 			.Etcd.Local.ServerCertSANs is an optional parameter for adding DNS names and IPs to the etcd serving cert SAN
 			.Etcd.Local.PeerCertSANs is an optional parameter for adding DNS names and IPs to the etcd peer cert SAN
 			.Networking.DNSDomain is needed for knowing which DNS name the internal Kubernetes service has
--- a/cmd/kubeadm/app/phases/controlplane/manifests.go
+++ b/cmd/kubeadm/app/phases/controlplane/manifests.go
@ -193,11 +193,11 @@ func getAPIServerCommand(cfg *kubeadmapi.InitConfiguration) []string {
 			defaultArguments["audit-log-maxage"] = fmt.Sprintf("%d", *cfg.AuditPolicyConfiguration.LogMaxAge)
 		}
 	}
-	if cfg.APIServerExtraArgs == nil {
-		cfg.APIServerExtraArgs = map[string]string{}
+	if cfg.APIServer.ExtraArgs == nil {
+		cfg.APIServer.ExtraArgs = map[string]string{}
 	}
-	cfg.APIServerExtraArgs["authorization-mode"] = getAuthzModes(cfg.APIServerExtraArgs["authorization-mode"])
-	command = append(command, kubeadmutil.BuildArgumentListFromMap(defaultArguments, cfg.APIServerExtraArgs)...)
+	cfg.APIServer.ExtraArgs["authorization-mode"] = getAuthzModes(cfg.APIServer.ExtraArgs["authorization-mode"])
+	command = append(command, kubeadmutil.BuildArgumentListFromMap(defaultArguments, cfg.APIServer.ExtraArgs)...)

 	return command
 }
@ -302,7 +302,7 @@ func getControllerManagerCommand(cfg *kubeadmapi.InitConfiguration, k8sVersion *
 	}

 	command := []string{"kube-controller-manager"}
-	command = append(command, kubeadmutil.BuildArgumentListFromMap(defaultArguments, cfg.ControllerManagerExtraArgs)...)
+	command = append(command, kubeadmutil.BuildArgumentListFromMap(defaultArguments, cfg.ControllerManager.ExtraArgs)...)

 	return command
 }
@ -316,7 +316,7 @@ func getSchedulerCommand(cfg *kubeadmapi.InitConfiguration) []string {
 	}

 	command := []string{"kube-scheduler"}
-	command = append(command, kubeadmutil.BuildArgumentListFromMap(defaultArguments, cfg.SchedulerExtraArgs)...)
+	command = append(command, kubeadmutil.BuildArgumentListFromMap(defaultArguments, cfg.Scheduler.ExtraArgs)...)
 	return command
 }

--- a/cmd/kubeadm/app/phases/controlplane/manifests_test.go
+++ b/cmd/kubeadm/app/phases/controlplane/manifests_test.go
@ -444,18 +444,22 @@ func TestGetAPIServerCommand(t *testing.T) {
 			},
 		},
 		{
-			name: "test APIServerExtraArgs works as expected",
+			name: "test APIServer.ExtraArgs works as expected",
 			cfg: &kubeadmapi.InitConfiguration{
 				APIEndpoint: kubeadmapi.APIEndpoint{BindPort: 123, AdvertiseAddress: "1.2.3.4"},
 				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
 					Networking:      kubeadmapi.Networking{ServiceSubnet: "bar"},
 					CertificatesDir: testCertsDir,
 					FeatureGates:    map[string]bool{features.DynamicKubeletConfig: true, features.Auditing: true},
-					APIServerExtraArgs: map[string]string{
-						"service-cluster-ip-range": "baz",
-						"advertise-address":        "9.9.9.9",
-						"audit-policy-file":        "/etc/config/audit.yaml",
-						"audit-log-path":           "/var/log/kubernetes",
+					APIServer: kubeadmapi.APIServer{
+						ControlPlaneComponent: kubeadmapi.ControlPlaneComponent{
+							ExtraArgs: map[string]string{
+								"service-cluster-ip-range": "baz",
+								"advertise-address":        "9.9.9.9",
+								"audit-policy-file":        "/etc/config/audit.yaml",
+								"audit-log-path":           "/var/log/kubernetes",
+							},
+						},
 					},
 				},
 			},
@ -500,8 +504,12 @@ func TestGetAPIServerCommand(t *testing.T) {
 				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
 					Networking:      kubeadmapi.Networking{ServiceSubnet: "bar"},
 					CertificatesDir: testCertsDir,
-					APIServerExtraArgs: map[string]string{
-						"authorization-mode": authzmodes.ModeABAC,
+					APIServer: kubeadmapi.APIServer{
+						ControlPlaneComponent: kubeadmapi.ControlPlaneComponent{
+							ExtraArgs: map[string]string{
+								"authorization-mode": authzmodes.ModeABAC,
+							},
+						},
 					},
 				},
 			},
@ -542,8 +550,12 @@ func TestGetAPIServerCommand(t *testing.T) {
 				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
 					Networking:      kubeadmapi.Networking{ServiceSubnet: "bar"},
 					CertificatesDir: testCertsDir,
-					APIServerExtraArgs: map[string]string{
-						"insecure-port": "1234",
+					APIServer: kubeadmapi.APIServer{
+						ControlPlaneComponent: kubeadmapi.ControlPlaneComponent{
+							ExtraArgs: map[string]string{
+								"insecure-port": "1234",
+							},
+						},
 					},
 				},
 			},
@ -584,8 +596,12 @@ func TestGetAPIServerCommand(t *testing.T) {
 				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
 					Networking:      kubeadmapi.Networking{ServiceSubnet: "bar"},
 					CertificatesDir: testCertsDir,
-					APIServerExtraArgs: map[string]string{
-						"authorization-mode": authzmodes.ModeWebhook,
+					APIServer: kubeadmapi.APIServer{
+						ControlPlaneComponent: kubeadmapi.ControlPlaneComponent{
+							ExtraArgs: map[string]string{
+								"authorization-mode": authzmodes.ModeWebhook,
+							},
+						},
 					},
 				},
 			},
@ -710,10 +726,12 @@ func TestGetControllerManagerCommand(t *testing.T) {
 		{
 			name: "custom extra-args for v1.12.0-beta.2",
 			cfg: &kubeadmapi.ClusterConfiguration{
-				Networking:                 kubeadmapi.Networking{PodSubnet: "10.0.1.15/16"},
-				ControllerManagerExtraArgs: map[string]string{"node-cidr-mask-size": "20"},
-				CertificatesDir:            testCertsDir,
-				KubernetesVersion:          "v1.12.0-beta.2",
+				Networking: kubeadmapi.Networking{PodSubnet: "10.0.1.15/16"},
+				ControllerManager: kubeadmapi.ControlPlaneComponent{
+					ExtraArgs: map[string]string{"node-cidr-mask-size": "20"},
+				},
+				CertificatesDir:   testCertsDir,
+				KubernetesVersion: "v1.12.0-beta.2",
 			},
 			expected: []string{
 				"kube-controller-manager",
@ -807,10 +825,12 @@ func TestGetControllerManagerCommand(t *testing.T) {
 		{
 			name: "custom extra-args for v1.11.3",
 			cfg: &kubeadmapi.ClusterConfiguration{
-				Networking:                 kubeadmapi.Networking{PodSubnet: "10.0.1.15/16"},
-				ControllerManagerExtraArgs: map[string]string{"node-cidr-mask-size": "20"},
-				CertificatesDir:            testCertsDir,
-				KubernetesVersion:          "v1.11.3",
+				Networking: kubeadmapi.Networking{PodSubnet: "10.0.1.15/16"},
+				ControllerManager: kubeadmapi.ControlPlaneComponent{
+					ExtraArgs: map[string]string{"node-cidr-mask-size": "20"},
+				},
+				CertificatesDir:   testCertsDir,
+				KubernetesVersion: "v1.11.3",
 			},
 			expected: []string{
 				"kube-controller-manager",
--- a/cmd/kubeadm/app/phases/controlplane/volumes.go
+++ b/cmd/kubeadm/app/phases/controlplane/volumes.go
@ -99,9 +99,9 @@ func getHostPathVolumesForTheControlPlane(cfg *kubeadmapi.InitConfiguration) con

 	// Merge user defined mounts and ensure unique volume and volume mount
 	// names
-	mounts.AddExtraHostPathMounts(kubeadmconstants.KubeAPIServer, cfg.APIServerExtraVolumes)
-	mounts.AddExtraHostPathMounts(kubeadmconstants.KubeControllerManager, cfg.ControllerManagerExtraVolumes)
-	mounts.AddExtraHostPathMounts(kubeadmconstants.KubeScheduler, cfg.SchedulerExtraVolumes)
+	mounts.AddExtraHostPathMounts(kubeadmconstants.KubeAPIServer, cfg.APIServer.ExtraVolumes)
+	mounts.AddExtraHostPathMounts(kubeadmconstants.KubeControllerManager, cfg.ControllerManager.ExtraVolumes)
+	mounts.AddExtraHostPathMounts(kubeadmconstants.KubeScheduler, cfg.Scheduler.ExtraVolumes)

 	return mounts
 }
--- a/cmd/kubeadm/app/phases/upgrade/staticpods_test.go
+++ b/cmd/kubeadm/app/phases/upgrade/staticpods_test.go
@ -63,8 +63,9 @@ apiEndpoint:
 apiVersion: kubeadm.k8s.io/v1beta1
 kind: ClusterConfiguration

-apiServerCertSANs: null
-apiServerExtraArgs: null
+apiServer:
+  certSANs: null
+  extraArgs: null
 certificatesDir: %s
 controllerManagerExtraArgs: null
 etcd:
--- a/cmd/kubeadm/app/util/config/common_test.go
+++ b/cmd/kubeadm/app/util/config/common_test.go
@ -228,19 +228,21 @@ func TestLowercaseSANs(t *testing.T) {
 		t.Run(test.name, func(t *testing.T) {
 			cfg := &kubeadmapiv1beta1.InitConfiguration{
 				ClusterConfiguration: kubeadmapiv1beta1.ClusterConfiguration{
-					APIServerCertSANs: test.in,
+					APIServer: kubeadmapiv1beta1.APIServer{
+						CertSANs: test.in,
+					},
 				},
 			}

-			LowercaseSANs(cfg.APIServerCertSANs)
+			LowercaseSANs(cfg.APIServer.CertSANs)

-			if len(cfg.APIServerCertSANs) != len(test.out) {
-				t.Fatalf("expected %d elements, got %d", len(test.out), len(cfg.APIServerCertSANs))
+			if len(cfg.APIServer.CertSANs) != len(test.out) {
+				t.Fatalf("expected %d elements, got %d", len(test.out), len(cfg.APIServer.CertSANs))
 			}

 			for i, expected := range test.out {
-				if cfg.APIServerCertSANs[i] != expected {
-					t.Errorf("expected element %d to be %q, got %q", i, expected, cfg.APIServerCertSANs[i])
+				if cfg.APIServer.CertSANs[i] != expected {
+					t.Errorf("expected element %d to be %q, got %q", i, expected, cfg.APIServer.CertSANs[i])
 				}
 			}
 		})
--- a/cmd/kubeadm/app/util/config/initconfiguration.go
+++ b/cmd/kubeadm/app/util/config/initconfiguration.go
@ -150,7 +150,7 @@ func SetClusterDynamicDefaults(cfg *kubeadmapi.ClusterConfiguration, advertiseAd
 	}

 	// Downcase SANs. Some domain names (like ELBs) have capitals in them.
-	LowercaseSANs(cfg.APIServerCertSANs)
+	LowercaseSANs(cfg.APIServer.CertSANs)
 	return nil
 }

--- a/cmd/kubeadm/app/util/config/testdata/conversion/master/internal.yaml
+++ b/cmd/kubeadm/app/util/config/testdata/conversion/master/internal.yaml
@ -1,10 +1,11 @@
 APIEndpoint:
  AdvertiseAddress: 192.168.2.2
  BindPort: 6443
-APIServerCertSANs: null
-APIServerExtraArgs:
-  authorization-mode: Node,RBAC,Webhook
-APIServerExtraVolumes: null
+APIServer:
+  CertSANs: null
+  ExtraArgs:
+    authorization-mode: Node,RBAC,Webhook
+  ExtraVolumes: null
 AuditPolicyConfiguration:
  LogDir: /var/log/kubernetes/audit
  LogMaxAge: 2
@ -159,8 +160,9 @@ ComponentConfigs:
    TLSPrivateKeyFile: ""
    VolumeStatsAggPeriod: 1m0s
 ControlPlaneEndpoint: ""
-ControllerManagerExtraArgs: null
-ControllerManagerExtraVolumes: null
+ControllerManager:
+  ExtraArgs: null
+  ExtraVolumes: null
 Etcd:
  External: null
  Local:
@ -183,6 +185,7 @@ NodeRegistration:
  Taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
-SchedulerExtraArgs: null
-SchedulerExtraVolumes: null
+Scheduler:
+  ExtraArgs: null
+  ExtraVolumes: null
 UnifiedControlPlaneImage: ""
--- a/cmd/kubeadm/app/util/config/testdata/conversion/master/v1beta1.yaml
+++ b/cmd/kubeadm/app/util/config/testdata/conversion/master/v1beta1.yaml
@ -18,8 +18,9 @@ nodeRegistration:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
 ---
-apiServerExtraArgs:
-  authorization-mode: Node,RBAC,Webhook
+apiServer:
+  extraArgs:
+    authorization-mode: Node,RBAC,Webhook
 apiVersion: kubeadm.k8s.io/v1beta1
 auditPolicy:
  logDir: /var/log/kubernetes/audit
@ -28,6 +29,7 @@ auditPolicy:
 certificatesDir: /etc/kubernetes/pki
 clusterName: kubernetes
 controlPlaneEndpoint: ""
+controllerManager: {}
 etcd:
  local:
    dataDir: /var/lib/etcd
@ -39,6 +41,7 @@ networking:
  dnsDomain: cluster.local
  podSubnet: ""
  serviceSubnet: 10.96.0.0/12
+scheduler: {}
 unifiedControlPlaneImage: ""
 ---
 apiVersion: kubeproxy.config.k8s.io/v1alpha1
--- a/cmd/kubeadm/app/util/config/testdata/defaulting/master/defaulted.yaml
+++ b/cmd/kubeadm/app/util/config/testdata/defaulting/master/defaulted.yaml
@ -18,6 +18,7 @@ nodeRegistration:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
 ---
+apiServer: {}
 apiVersion: kubeadm.k8s.io/v1beta1
 auditPolicy:
  logDir: /var/log/kubernetes/audit
@ -26,6 +27,7 @@ auditPolicy:
 certificatesDir: /var/lib/kubernetes/pki
 clusterName: kubernetes
 controlPlaneEndpoint: ""
+controllerManager: {}
 etcd:
  local:
    dataDir: /var/lib/etcd
@ -37,6 +39,7 @@ networking:
  dnsDomain: cluster.global
  podSubnet: 10.148.0.0/16
  serviceSubnet: 10.196.0.0/12
+scheduler: {}
 unifiedControlPlaneImage: ""
 ---
 apiVersion: kubeproxy.config.k8s.io/v1alpha1
--- a/cmd/kubeadm/app/util/pkiutil/pki_helpers.go
+++ b/cmd/kubeadm/app/util/pkiutil/pki_helpers.go
@ -301,7 +301,7 @@ func GetAPIServerAltNames(cfg *kubeadmapi.InitConfiguration) (*certutil.AltNames
 		}
 	}

-	appendSANsToAltNames(altNames, cfg.APIServerCertSANs, kubeadmconstants.APIServerCertName)
+	appendSANsToAltNames(altNames, cfg.APIServer.CertSANs, kubeadmconstants.APIServerCertName)

 	return altNames, nil
 }
--- a/cmd/kubeadm/app/util/pkiutil/pki_helpers_test.go
+++ b/cmd/kubeadm/app/util/pkiutil/pki_helpers_test.go
@ -450,7 +450,9 @@ func TestGetAPIServerAltNames(t *testing.T) {
 				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
 					ControlPlaneEndpoint: "api.k8s.io:6443",
 					Networking:           kubeadmapi.Networking{ServiceSubnet: "10.96.0.0/12", DNSDomain: "cluster.local"},
-					APIServerCertSANs:    []string{"10.1.245.94", "10.1.245.95", "1.2.3.L", "invalid,commas,in,DNS"},
+					APIServer: kubeadmapi.APIServer{
+						CertSANs: []string{"10.1.245.94", "10.1.245.95", "1.2.3.L", "invalid,commas,in,DNS"},
+					},
 				},
 				NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: "valid-hostname"},
 			},
@ -464,7 +466,9 @@ func TestGetAPIServerAltNames(t *testing.T) {
 				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
 					ControlPlaneEndpoint: "4.5.6.7:6443",
 					Networking:           kubeadmapi.Networking{ServiceSubnet: "10.96.0.0/12", DNSDomain: "cluster.local"},
-					APIServerCertSANs:    []string{"10.1.245.94", "10.1.245.95", "1.2.3.L", "invalid,commas,in,DNS"},
+					APIServer: kubeadmapi.APIServer{
+						CertSANs: []string{"10.1.245.94", "10.1.245.95", "1.2.3.L", "invalid,commas,in,DNS"},
+					},
 				},
 				NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: "valid-hostname"},
 			},
--- a/cmd/kubeadm/app/util/staticpod/utils.go
+++ b/cmd/kubeadm/app/util/staticpod/utils.go
@ -246,11 +246,11 @@ func GetProbeAddress(cfg *kubeadmapi.InitConfiguration, componentName string) st
 			return cfg.APIEndpoint.AdvertiseAddress
 		}
 	case componentName == kubeadmconstants.KubeControllerManager:
-		if addr, exists := cfg.ControllerManagerExtraArgs[kubeControllerManagerAddressArg]; exists {
+		if addr, exists := cfg.ControllerManager.ExtraArgs[kubeControllerManagerAddressArg]; exists {
 			return addr
 		}
 	case componentName == kubeadmconstants.KubeScheduler:
-		if addr, exists := cfg.SchedulerExtraArgs[kubeSchedulerAddressArg]; exists {
+		if addr, exists := cfg.Scheduler.ExtraArgs[kubeSchedulerAddressArg]; exists {
 			return addr
 		}
 	case componentName == kubeadmconstants.Etcd:
--- a/cmd/kubeadm/app/util/staticpod/utils_test.go
+++ b/cmd/kubeadm/app/util/staticpod/utils_test.go
@ -128,7 +128,9 @@ func TestComponentProbe(t *testing.T) {
 			name: "valid IPv4 controller-manager probe",
 			cfg: &kubeadmapi.InitConfiguration{
 				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-					ControllerManagerExtraArgs: map[string]string{"address": "1.2.3.4"},
+					ControllerManager: kubeadmapi.ControlPlaneComponent{
+						ExtraArgs: map[string]string{"address": "1.2.3.4"},
+					},
 				},
 			},
 			component: kubeadmconstants.KubeControllerManager,
@ -141,7 +143,9 @@ func TestComponentProbe(t *testing.T) {
 			name: "valid IPv6 controller-manager probe",
 			cfg: &kubeadmapi.InitConfiguration{
 				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-					ControllerManagerExtraArgs: map[string]string{"address": "2001:db8::1"},
+					ControllerManager: kubeadmapi.ControlPlaneComponent{
+						ExtraArgs: map[string]string{"address": "2001:db8::1"},
+					},
 				},
 			},
 			component: kubeadmconstants.KubeControllerManager,
@ -154,7 +158,9 @@ func TestComponentProbe(t *testing.T) {
 			name: "valid IPv4 scheduler probe",
 			cfg: &kubeadmapi.InitConfiguration{
 				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-					SchedulerExtraArgs: map[string]string{"address": "1.2.3.4"},
+					Scheduler: kubeadmapi.ControlPlaneComponent{
+						ExtraArgs: map[string]string{"address": "1.2.3.4"},
+					},
 				},
 			},
 			component: kubeadmconstants.KubeScheduler,
@ -167,7 +173,9 @@ func TestComponentProbe(t *testing.T) {
 			name: "valid IPv6 scheduler probe",
 			cfg: &kubeadmapi.InitConfiguration{
 				ClusterConfiguration: kubeadmapi.ClusterConfiguration{
-					SchedulerExtraArgs: map[string]string{"address": "2001:db8::1"},
+					Scheduler: kubeadmapi.ControlPlaneComponent{
+						ExtraArgs: map[string]string{"address": "2001:db8::1"},
+					},
 				},
 			},
 			component: kubeadmconstants.KubeScheduler,