K8S重新生成管理节点上传证书时,报 unknown flag: --cri-socket

Lance.Wu 发表于: 2024-03-07   最后更新时间: 2024-03-07 11:47:24   658 游览

kubernetes安装高可用集群,新增管理节点,生管理CA密钥时,在主节点执行kubeadm init phase upload-certs --upload-certs报错

root@node01:~# kubeadm init phase upload-certs --upload-certs
Found multiple CRI endpoints on the host. Please define which one do you wish to use by setting the 'criSocket' field in the kubeadm configuration file: unix:///var/run/containerd/containerd.sock, unix:///var/run/cri-dockerd.sock
To see the stack trace of this error execute with --v=5 or higher

当加上--cri-socket=unix:///var/run/cri-dockerd.sock 报下面的错误。

root@node01:~# kubeadm init phase upload-certs --upload-certs --cri-socket=unix:///var/run/cri-dockerd.sock
unknown flag: --cri-socket
To see the stack trace of this error execute with --v=5 or higher

通过 kubeadm init phase upload-certs --help 查看无此参数

root@node01:~# kubeadm init phase upload-certs --help
This command is not meant to be run on its own. See list of available subcommands.

  kubeadm init phase upload-certs [flags]

      --certificate-key string       Key used to encrypt the control-plane certificates in the kubeadm-certs Secret.
      --config string                Path to a kubeadm configuration file.
  -h, --help                         help for upload-certs
      --kubeconfig string            The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file. (default "/etc/kubernetes/admin.conf")
      --skip-certificate-key-print   Don't print the key used to encrypt the control-plane certificates.
      --upload-certs                 Upload control-plane certificates to the kubeadm-certs Secret.

Global Flags:
      --add-dir-header           If true, adds the file directory to the header of the log messages
      --log-file string          If non-empty, use this log file (no effect when -logtostderr=true)
      --log-file-max-size uint   Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
      --one-output               If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)
      --rootfs string            [EXPERIMENTAL] The path to the 'real' host root filesystem.
      --skip-headers             If true, avoid header prefixes in the log messages
      --skip-log-headers         If true, avoid headers when opening log files (no effect when -logtostderr=true)
  -v, --v Level                  number for the log level verbosity


发表于 2024-03-07

通过配置初始化配置文件的方式指定 --cri-socket=--cri-socket=unix:///var/run/cri-dockerd.sock

1.生成kubeadm config文件

cat <<EOF > kubeadm-init-config
apiVersion: kubeadm.k8s.io/v1beta3
kind: InitConfiguration
  criSocket: /var/run/cri-dockerd.sock   #选择你所运行的CRI

2.通过配置文件的方式生成密钥kubeadm init phase upload-certs --upload-certs --config kubeadm-init-config

root@node01:~# kubeadm init phase upload-certs --upload-certs --config kubeadm-init-config
W0307 10:09:21.070099 1497994 initconfiguration.go:119] Usage of CRI endpoints without URL scheme is deprecated and can cause kubelet errors in the future. Automatically prepending scheme "unix" to the "criSocket" with value "/var/run/cri-dockerd.sock". Please update your configuration!
I0307 10:09:22.176557 1497994 version.go:256] remote version is much newer: v1.29.2; falling back to: stable-1.25
[upload-certs] Storing the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace
[upload-certs] Using certificate key:
e6ac58fc026702302a3562fd1056be091c9ab87edd4cccd83a4c8a457e8ce9d8 # 此处是新的密钥


kubeadm join xx.xx.xx.xxx:6443 \
--token ********* \
--discovery-token-ca-cert-hash sha256:********* \
--control-plane \
--certificate-key e6ac58fc026702302a3562fd1056be091c9ab87edd4cccd83a4c8a457e8ce9d8 \
--cri-socket unix:///var/run/cri-dockerd.sock