5, 初始化 Master
5.1 执行上述 shell 脚本, 等待下载完成后, 执行 kubeadm init
kubeadm init --kubernetes-version=v1.10.0 --pod-network-cidr=10.244.0.0/16
提示: 选项 - kubernetes-version=v1.10.0 是必须的, 否则会因为访问 google 网站被墙而无法执行命令. 这里使用 v1.10.0 版本, 刚才前面也说到了下载的容器镜像版本必须与 K8S 版本一致否则会出现 time out.
--pod-network-cidr 指定 Pod 网络的范围. Kubernetes 支持多种网络方案, 而且不同网络方案对 --pod-network-cidr 有自己的要求, 这里设置为 10.244.0.0/16 是因为我们将使用 flannel 网络方案, 必须设置成这个 CIDR. 在后面的实践中我们会切换到其他网络方案, 比如 Canal.
上面的命令大约需要 1 分钟的过程, 期间可以观察下 tail -f /var/log/message 日志文件的输出, 掌握该配置过程和进度. 上面最后一段的输出信息保存一份, 后续添加工作节点还要用到.
- [root@k8s-m1 ~]# kubeadm init --kubernetes-version=v1.10.0 --pod-network-cidr=10.244.0.0/16
- [init] Using Kubernetes version: v1.10.0
- [init] Using Authorization modes: [Node RBAC]
[preflight] Running pre-flight checks.
[WARNING SystemVerification]: docker version is greater than the most recently validated version. Docker version: 17.09.0-ce. Max validated version: 17.03
- [WARNING FileExisting-crictl]: crictl not found in system path
- Suggestion: go get github.com/kubernetes-incubator/cri-tools/cmd/crictl
[preflight] Starting the kubelet service
[certificates] Using the existing ca certificate and key.
[certificates] Using the existing apiserver certificate and key.
[certificates] Using the existing apiserver-kubelet-client certificate and key.
[certificates] Using the existing etcd/ca certificate and key.
[certificates] Using the existing etcd/server certificate and key.
[certificates] Using the existing etcd/peer certificate and key.
[certificates] Using the existing etcd/healthcheck-client certificate and key.
[certificates] Using the existing apiserver-etcd-client certificate and key.
[certificates] Using the existing sa key.
[certificates] Using the existing front-proxy-ca certificate and key.
[certificates] Using the existing front-proxy-client certificate and key.
- [certificates] Valid certificates and keys now exist in "/etc/kubernetes/pki"
- [kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf"
- [kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"
- [kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/controller-manager.conf"
- [kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/scheduler.conf"
- [controlplane] Wrote Static Pod manifest for component kube-apiserver to "/etc/kubernetes/manifests/kube-apiserver.yaml"
- [controlplane] Wrote Static Pod manifest for component kube-controller-manager to "/etc/kubernetes/manifests/kube-controller-manager.yaml"
- [controlplane] Wrote Static Pod manifest for component kube-scheduler to "/etc/kubernetes/manifests/kube-scheduler.yaml"
- [etcd] Wrote Static Pod manifest for a local etcd instance to "/etc/kubernetes/manifests/etcd.yaml"
[init] Waiting for the kubelet to boot up the control plane as Static Pods from directory "/etc/kubernetes/manifests".
[init] This might take a minute or longer if the control plane images have to be pulled.
[apiclient] All control plane components are healthy after 23.503191 seconds
[uploadconfig]?Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[markmaster] Will mark node k8s-m1 as master by adding a label and a taint
[markmaster] Master k8s-m1 tainted and labelled with key/value: node-role.kubernetes.io/master=""
[bootstraptoken] Using token: 0ivtjg.t670zkbmni8b8qsw
[bootstraptoken] Configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstraptoken] Configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstraptoken] Configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstraptoken] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[addons] Applied essential addon: kube-dns
[addons] Applied essential addon: kube-proxy
来源: http://www.bubuko.com/infodetail-2633591.html