kubeadm: certSANs not recognized by kubeadm.k8s.io/v1beta4

[ttc0419]

What happened?

W1008 14:03:05.333389    3651 initconfiguration.go:332] error unmarshaling configuration schema.GroupVersionKind{Group:"kubeadm.k8s.io", Version:"v1beta4", Kind:"ClusterConfiguration"}: strict decoding error: unknown field "certSANs"

What did you expect to happen?

certSANs should be configurable just as v1beta3: https://kubernetes.io/docs/reference/config-api/kubeadm-config.v1beta4/#kubeadm-k8s-io-v1beta4-APIServer

How can we reproduce it (as minimally and precisely as possible)?

cat << EOF > /tmp/cluster.yaml
apiVersion: kubeadm.k8s.io/v1beta4
kind: ClusterConfiguration
encryptionAlgorithm: ECDSA-P256
apiServer:
	certSANs:
	- localhost
	- 127.0.0.1
EOF
kubeadm init --config /tmp/cluster.yaml phase certs all

Anything else we need to know?

No response

Kubernetes version

$ kubectl version
Client Version: v1.31.1
Kustomize Version: v5.4.2

Cloud provider

OS version

# On Linux:
$ cat /etc/os-release
# paste output here
$ uname -a
# paste output here

# On Windows:
C:\> wmic os get Caption, Version, BuildNumber, OSArchitecture
# paste output here

Install tools

Container runtime (CRI) and version (if applicable)

Related plugins (CNI, CSI, ...) and versions (if applicable)

[k8s-ci-robot]

There are no sig labels on this issue. Please add an appropriate label by using one of the following commands:

• /sig <group-name>
• /wg <group-name>
• /committee <group-name>

Please see the group list for a listing of the SIGs, working groups, and committees available.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[k8s-ci-robot]

This issue is currently awaiting triage.

If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[neolit123]

/transfer kubeadm

[neolit123]

works fine, please check your YAML formatting.

cat >$CONFIG_FILE <<EOL
apiVersion: kubeadm.k8s.io/v1beta4
kind: ClusterConfiguration
apiServer:
  certSANs:
  - foo

sudo openssl x509 -text -in /etc/kubernetes/pki/apiserver.crt -noout
...
            X509v3 Subject Alternative Name:
                DNS:foo, DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc ...
...

• works with init phases or just init
• we use cert sans in our e2e tests