kubernetes安装高可用集群,新增管理节点,生管理CA密钥时,在主节点执行kubeadm init phase upload-certs --upload-certs报错
root@node01:~# kubeadm init phase upload-certs --upload-certs
Found multiple CRI endpoints on the host. Please define which one define which one do you wish to use by setting the 'criSocket define which one do you wish to use by setting the 'criSocket define which one do you wish to use by setting the 'criSocket' field in the kubeadm configuration file: unix:///var/run/containerd/containerd define which one do you wish to use by setting the define which one do you wish to use by setting the 'criSocket' field in the define which one do you wish to use by define which one do you wish to use by setting the definefine which define which one do you wish to use by setting the 'criSocket' field in the kubeadm configuration define which one do you wish to use by setting the 'criSocket' field in the kubeadm configuration file: unix:///var/run/containerd/containerd.sock, unix:///var/run/cri define which one do you wish to use by setting define which one do you wish to use by setting the 'criSocket' field in the kubeadm configuration define which one do you wish to use by setting the define which one do you wish to use by setting the 'criSocket' field define which one do you define which one do you wish to use by setting the 'criSocket' field define which one do you wish to use by settingdefine which one do you wish to use by setting the 'criSocket' field in define which one do you wish to use by setting the 'criSocket' field in the kubeadm configuration define which one do you wish to use by setting the 'criSocket' field in the kubeadm definefine which define which one do you wish to use by setting the 'criSocket' field in the kubeadm configuration define which one do you wish to use by setting the 'criSocket' field in the kubeadm define which one do you wish to use by setting the 'criSocket' field in the kubeadm configuration file: unix:///var/run/containerd/containerd.sock definewhich define which one do you wish to use by setting the 'criSocket' field in the kubeadm configuration file: unix:///var/run/containerd/containerd.sock, unix:///varhich one do you wish to use by setting the 'criSocket' field in define which one do you wish to use define which one do you wish to use by setting the 'criSocket' field define which one do you wish to use by setting the 'criSocket' field in define which one do you wish to use by setting the 'criSocket' field in define which one do you wish to use by setting the 'criSocket' field define which one do you wish to use by setting the 'criSocket' field in define which one do you wish to use by setting the 'criSocket' field in the kubeadm configuration file: unix define which one do you wish to use by setting the 'criSocket' field in the kubeadm configuration file: unix:///var/run/containerd/containerd.sock, unix:///var/run/cri-dockerd.sock
To see the stack trace of this error execute with --v=5 or higher
当加上--cri-socket=unix:///var/run/cri-dockerd.sock 报下面的错误。
root@node01:~# kubeadm init phase upload-certs --upload-certs --cri-socket=unix:///var/run/cri-dockerd.sock
unknown flag: --cri-socket
To see the stack trace of this error execute with --v=5 or higher
root@node01:~#
通过 kubeadm init phase upload-certs --help 查看无此参数
root@node01:~# kubeadm init phase upload-certs --help
This command is not meant to be run on its own. See list of available subcommands.
Usage:
kubeadm init phase upload-certs [flags]
Flags:
--certificate-key string Key used to encrypt the control-plane certificates in the kubeadm-certs Secret.
--config string Path to a kubeadm configuration file.
-h, --help help for upload-certs
--kubeconfig string The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file. (default "/etc/kubernetes/admin.conf")
--skip-certificate-key-print Don't print the key used to encrypt the control-plane certificates.
--upload-certs Upload control-plane certificates to the kubeadm-certs Secret.
Global Flags:
--add-dir-header If true, adds the file directory to the header of the log messages
--log-file string If non-empty, use this log file (no effect when -logtostderr=true)
--log-file-max-size uint Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--one-output If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)
--rootfs string [EXPERIMENTAL] The path to the 'real' host root filesystem.
--skip-headers If true, avoid header prefixes in the log messages
--skip-log-headers If true, avoid headers when opening log files (no effect when -logtostderr=true)
-v, --v Level number for the log level verbosity
root@node01:~#
我该怎么办?
通过配置初始化配置文件的方式指定
--cri-socket=--cri-socket=unix:///var/run/cri-dockerd.sock1.生成kubeadm config文件
cat <<EOF > kubeadm-init-config apiVersion: kubeadm.k8s.io/v1beta3 kind: InitConfiguration nodeRegistration: criSocket: /var/run/cri-dockerd.sock #选择你所运行的CRI EOF2.通过配置文件的方式生成密钥
kubeadm init phase upload-certs --upload-certs --config kubeadm-init-configroot@node01:~# kubeadm init phase upload-certs --upload-certs --config kubeadm-init-config W0307 10:09:21.070099 1497994 initconfiguration.go:119] Usage of CRI endpoints without URL scheme is deprecated and can cause kubelet errors in the future. Automatically prepending scheme "unix" to the "criSocket" with value "/var/run/cri-dockerd.sock". Please update your configuration! I0307 10:09:22.176557 1497994 version.go:256] remote version is much newer: v1.29.2; falling back to: stable-1.25 [upload-certs] Storing the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace [upload-certs] Using certificate key: e6ac58fc026702302a3562fd1056be091c9ab87edd4cccd83a4c8a457e8ce9d8 # 此处是新的密钥3.通过新的密钥添加管理节点
kubeadm join xx.xx.xx.xxx:6443 \ --token ********* \ --discovery-token-ca-cert-hash sha256:********* \ --control-plane \ --certificate-key e6ac58fc026702302a3562fd1056be091c9ab87edd4cccd83a4c8a457e8ce9d8 \ --cri-socket unix:///var/run/cri-dockerd.sock你的答案