From f22625bc61e6820e83830cd23b80ef90d5ce2415 Mon Sep 17 00:00:00 2001
From: rasmus <rasmus@k-space.ee>
Date: Mon, 5 Jan 2026 00:22:04 +0200
Subject: [PATCH] kubeadm-config to git

---
 kube-system/kubeadm-config.yaml | 48 +++++++++++++++++++++++++++++++++
 kube-system/kustomization.yaml  |  1 +
 2 files changed, 49 insertions(+)
 create mode 100644 kube-system/kubeadm-config.yaml

diff --git a/kube-system/kubeadm-config.yaml b/kube-system/kubeadm-config.yaml
new file mode 100644
index 0000000..a9c3b2a
--- /dev/null
+++ b/kube-system/kubeadm-config.yaml
@@ -0,0 +1,48 @@
+# changes are rolled out manually with most $ kubeadm upgrade commands
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: kubeadm-config
+  namespace: kube-system
+data:
+  ClusterConfiguration: |
+    apiServer:
+      certSANs:
+      - master.kube.k-space.ee
+      extraArgs:
+      - name: authorization-mode
+        value: Node,RBAC
+      - name: oidc-client-id
+        value: passmower.kubelogin
+      - name: oidc-groups-claim
+        value: groups
+      - name: oidc-issuer-url
+        value: https://auth.k-space.ee/
+      - name: oidc-username-claim
+        value: sub
+    apiVersion: kubeadm.k8s.io/v1beta4
+    caCertificateValidityPeriod: 87600h0m0s
+    certificateValidityPeriod: 8760h0m0s
+    certificatesDir: /etc/kubernetes/pki
+    clusterName: kubernetes
+    controlPlaneEndpoint: master.kube.k-space.ee:6443
+    controllerManager:
+      extraArgs:
+      - name: node-cidr-mask-size-ipv4
+        value: "20"
+      - name: node-cidr-mask-size-ipv6
+        value: "96"
+    dns: {}
+    encryptionAlgorithm: RSA-2048
+    etcd:
+      local:
+        dataDir: /var/lib/etcd
+    imageRepository: registry.k8s.io
+    kind: ClusterConfiguration
+    kubernetesVersion: v1.34.3
+    networking:
+      dnsDomain: cluster.local
+      podSubnet: 10.244.0.0/16,2001:bb8:4008:21:244::/80
+      serviceSubnet: 10.96.0.0/12
+    proxy: {}
+    scheduler: {}
diff --git a/kube-system/kustomization.yaml b/kube-system/kustomization.yaml
index ed056d8..1e9c827 100644
--- a/kube-system/kustomization.yaml
+++ b/kube-system/kustomization.yaml
@@ -4,6 +4,7 @@ kind: Kustomization
 namespace: kube-system
 
 resources:
+- ./kubeadm-config.yaml
 - ./descheduler.yaml
 - ./kube-state-metrics.yaml
 - ./metrics-server.yaml