kubeadm init --token = xyz或kubeadm init --token xyz?

时间:2017-12-12 10:37:00

标签: kubernetes kubeadm

问题

哪种格式的kubeadm init --token是正确的?

(2/4) Initializing your master显示" - 令牌xyz"。

kubeadm join --token <token> <master-ip>:<master-port> --discovery-token-ca-cert-hash sha256:<hash>

kubeadm init显示&#34; - 令牌= xyz&#34;。

kubeadm join --token=abcdef.1234567890abcdef --discovery-token-ca-cert-hash sha256:1234..cdef 192.168.1.1:6443

执行日志(使用Ansible)显示了几条错误消息。不知道这是否与格式有关。

changed: [192.168.99.12] => {...
  "[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.",
  "[preflight] Running pre-flight checks",
  "[preflight] Starting the kubelet service",
  "[discovery] Trying to connect to API Server \"192.168.99.10:6443\"",
  "[discovery] Created cluster-info discovery client, requesting info from \"https://192.168.99.10:6443\"",
  "[discovery] Failed to connect to API Server \"192.168.99.10:6443\": there is no JWS signed token in the cluster-info ConfigMap. This token id \"7ae0ed\" is invalid for this cluster, can't connect",
  "[discovery] Trying to connect to API Server \"192.168.99.10:6443\"",
  "[discovery] Created cluster-info discovery client, requesting info from \"https://192.168.99.10:6443\"",
  "[discovery] Failed to connect to API Server \"192.168.99.10:6443\": there is no JWS signed token in the cluster-info ConfigMap. This token id \"7ae0ed\" is invalid for this cluster, can't connect",
  "[discovery] Trying to connect to API Server \"192.168.99.10:6443\"",
  "[discovery] Created cluster-info discovery client, requesting info from \"https://192.168.99.10:6443\"",
  "[discovery] Requesting info from \"https://192.168.99.10:6443\" again to validate TLS against the pinned public key",
  "[discovery] Cluster info signature and contents are valid and TLS certificate validates against pinned roots, will use API Server \"192.168.99.10:6443\"",
  "[discovery] Successfully established connection with API Server \"192.168.99.10:6443\"",
  "[bootstrap] Detected server version: v1.8.5",
  "[bootstrap] The server supports the Certificates API (certificates.k8s.io/v1beta1)",
  "",
  "Node join complete:",
  "* Certificate signing request sent to master and response",
  "  received.",
  "* Kubelet informed of new secure connection details.",
  "",
  "Run 'kubectl get nodes' on the master to see this machine join."

2 个答案:

答案 0 :(得分:1)

kubeadm使用spf13/pflag,其中两种表示法都是正确的。

来自docs

--flag    // boolean flags, or flags with no option default values
--flag x  // only on flags without a default value
--flag=x

答案 1 :(得分:0)

据我所知,格式并不重要。它的输出是推荐的

You can now join any number of machines by running the following on each node as root:

kubeadm join --token <token> <master-ip>:<master-port> --discovery-token-ca-cert-hash sha256:<hash>

我认为Token用于安全性(ssl或tls)目的,因此主节点和工作节点可以使用加密进行通信。它是TLS Handshake的一部分。

由于工作节点中的Kubelet需要自己的令牌与主节点上的kube-api服务器通信。