kubernetes安装高可用集群,新增管理节点,生管理CA密钥时,在主节点执行kubeadm init phase upload-certs --upload-certs报错
root@node01:~# kubeadm init phase upload-certs --upload-certs
Found multiple CRI endpoints on the host. Please define which one do you wish to use by setting the 'criSocket' field in the kubeadm configuration file: unix:///var/run/containerd/containerd.sock, unix:///var/run/cri-dockerd.sock
To see the stack trace of this error execute with --v=5 or higher
当加上--cri-socket=unix:///var/run/cri-dockerd.sock 报下面的错误。
root@node01:~# kubeadm init phase upload-certs --upload-certs --cri-socket=unix:///var/run/cri-dockerd.sock
unknown flag: --cri-socket
To see the stack trace of this error execute with --v=5 or higher
root@node01:~#
通过 kubeadm init phase upload-certs --help 查看无此参数
root@node01:~# kubeadm init phase upload-certs --help
This command is not meant to be run on its own. See list of available subcommands.
Usage:
kubeadm init phase upload-certs [flags]
Flags:
--certificate-key string Key used to encrypt the control-plane certificates in the kubeadm-certs Secret.
--config string Path to a kubeadm configuration file.
-h, --help help for upload-certs
--kubeconfig string The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file. (default "/etc/kubernetes/admin.conf")
--skip-certificate-key-print Don't print the key used to encrypt the control-plane certificates.
--upload-certs Upload control-plane certificates to the kubeadm-certs Secret.
Global Flags:
--add-dir-header If true, adds the file directory to the header of the log messages
--log-file string If non-empty, use this log file (no effect when -logtostderr=true)
--log-file-max-size uint Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--one-output If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)
--rootfs string [EXPERIMENTAL] The path to the 'real' host root filesystem.
--skip-headers If true, avoid header prefixes in the log messages
--skip-log-headers If true, avoid headers when opening log files (no effect when -logtostderr=true)
-v, --v Level number for the log level verbosity
root@node01:~#
我该怎么办?
通过配置初始化配置文件的方式指定
--cri-socket=--cri-socket=unix:///var/run/cri-dockerd.sock1.生成kubeadm config文件
cat <<EOF > kubeadm-init-config apiVersion: kubeadm.k8s.io/v1beta3 kind: InitConfiguration nodeRegistration: criSocket: /var/run/cri-dockerd.sock #选择你所运行的CRI EOF2.通过配置文件的方式生成密钥
kubeadm init phase upload-certs --upload-certs --config kubeadm-init-configroot@node01:~# kubeadm init phase upload-certs --upload-certs --config kubeadm-init-config W0307 10:09:21.070099 1497994 initconfiguration.go:119] Usage of CRI endpoints without URL scheme is deprecated and can cause kubelet errors in the future. Automatically prepending scheme "unix" to the "criSocket" with value "/var/run/cri-dockerd.sock". Please update your configuration! I0307 10:09:22.176557 1497994 version.go:256] remote version is much newer: v1.29.2; falling back to: stable-1.25 [upload-certs] Storing the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace [upload-certs] Using certificate key: e6ac58fc026702302a3562fd1056be091c9ab87edd4cccd83a4c8a457e8ce9d8 # 此处是新的密钥3.通过新的密钥添加管理节点
kubeadm join xx.xx.xx.xxx:6443 \ --token ********* \ --discovery-token-ca-cert-hash sha256:********* \ --control-plane \ --certificate-key e6ac58fc026702302a3562fd1056be091c9ab87edd4cccd83a4c8a457e8ce9d8 \ --cri-socket unix:///var/run/cri-dockerd.sock你的答案