Black lives matter.
We stand in solidarity with the Black community.
Racism is unacceptable.
It conflicts with the core values of the Kubernetes project and our community does not tolerate it.
概要
运行此命令来搭建 Kubernetes 控制平面节点。
"init" 命令执行以下阶段:
preflight Run pre-flight checks
kubelet-start Write kubelet settings and (re)start the kubelet
certs Certificate generation
/ca Generate the self-signed Kubernetes CA to provision identities for other Kubernetes components
/apiserver Generate the certificate for serving the Kubernetes API
/apiserver-kubelet-client Generate the certificate for the API server to connect to kubelet
/front-proxy-ca Generate the self-signed CA to provision identities for front proxy
/front-proxy-client Generate the certificate for the front proxy client
/etcd-ca Generate the self-signed CA to provision identities for etcd
/etcd-server Generate the certificate for serving etcd
/etcd-peer Generate the certificate for etcd nodes to communicate with each other
/etcd-healthcheck-client Generate the certificate for liveness probes to healthcheck etcd
/apiserver-etcd-client Generate the certificate the apiserver uses to access etcd
/sa Generate a private key for signing service account tokens along with its public key
kubeconfig Generate all kubeconfig files necessary to establish the control plane and the admin kubeconfig file
/admin Generate a kubeconfig file for the admin to use and for kubeadm itself
/kubelet Generate a kubeconfig file for the kubelet to use *only* for cluster bootstrapping purposes
/controller-manager Generate a kubeconfig file for the controller manager to use
/scheduler Generate a kubeconfig file for the scheduler to use
control-plane Generate all static Pod manifest files necessary to establish the control plane
/apiserver Generates the kube-apiserver static Pod manifest
/controller-manager Generates the kube-controller-manager static Pod manifest
/scheduler Generates the kube-scheduler static Pod manifest
etcd Generate static Pod manifest file for local etcd
/local Generate the static Pod manifest file for a local, single-node local etcd instance
upload-config Upload the kubeadm and kubelet configuration to a ConfigMap
/kubeadm Upload the kubeadm ClusterConfiguration to a ConfigMap
/kubelet Upload the kubelet component config to a ConfigMap
upload-certs Upload certificates to kubeadm-certs
mark-control-plane Mark a node as a control-plane
bootstrap-token Generates bootstrap tokens used to join a node to a cluster
addon Install required addons for passing Conformance tests
/coredns Install the CoreDNS addon to a Kubernetes cluster
/kube-proxy Install the kube-proxy addon to a Kubernetes cluster
kubeadm init [flags]
选项
| --apiserver-advertise-address string | |
| API 服务器所公布的其正在监听的 IP 地址。如果未设置,则使用默认网络接口。 | |
| --apiserver-bind-port int32 默认值:6443 | |
| API 服务器绑定的端口。 | |
| --apiserver-cert-extra-sans stringSlice | |
| 用于 API Server 服务证书的可选附加主题备用名称(SAN)。可以是 IP 地址和 DNS 名称。 | |
| --cert-dir string 默认值:"/etc/kubernetes/pki" | |
| 保存和存储证书的路径。 | |
| --certificate-key string | |
| 用于加密 kubeadm-certs Secret 中的控制平面证书的密钥。 | |
| --config string | |
| kubeadm 配置文件的路径。 | |
| --control-plane-endpoint string | |
| 为控制平面指定一个稳定的 IP 地址或 DNS 名称。 | |
| --cri-socket string | |
| 要连接的 CRI 套接字的路径。如果为空,则 kubeadm 将尝试自动检测此值;仅当安装了多个 CRI 或具有非标准 CRI 插槽时,才使用此选项。 | |
| --dry-run | |
| 不要应用任何更改;只是输出将要执行的操作。 | |
| -k, --experimental-kustomize string | |
| 用于存储 kustomize 为静态 pod 清单所提供的补丁的路径。 | |
| --feature-gates string | |
|
一组用来描述各种功能特性的键值(key=value)对。选项是: IPv6DualStack=true|false (ALPHA - default=false) |
|
| -h, --help | |
| init 操作的帮助命令 | |
| --ignore-preflight-errors stringSlice | |
| 错误将显示为警告的检查列表;例如:'IsPrivilegedUser,Swap'。取值为 'all' 时将忽略检查中的所有错误。 | |
| --image-repository string 默认值:"k8s.gcr.io" | |
| 选择用于拉取控制平面镜像的容器仓库 | |
| --kubernetes-version string 默认值:"stable-1" | |
| 为控制平面选择一个特定的 Kubernetes 版本。 | |
| --node-name string | |
| 指定节点的名称。 | |
| --pod-network-cidr string | |
| 指明 pod 网络可以使用的 IP 地址段。如果设置了这个参数,控制平面将会为每一个节点自动分配 CIDRs。 | |
| --service-cidr string 默认值:"10.96.0.0/12" | |
| 为服务的虚拟 IP 地址另外指定 IP 地址段 | |
| --service-dns-domain string 默认值:"cluster.local" | |
| 为服务另外指定域名,例如:"myorg.internal"。 | |
| --skip-certificate-key-print | |
| 不要打印用于加密控制平面证书的密钥。 | |
| --skip-phases stringSlice | |
| 要跳过的阶段列表 | |
| --skip-token-print | |
| 跳过打印 'kubeadm init' 生成的默认引导令牌。 | |
| --token string | |
| 这个令牌用于建立控制平面节点与工作节点间的双向通信。格式为 [a-z0-9]{6}\.[a-z0-9]{16} - 示例:abcdef.0123456789abcdef | |
| --token-ttl duration 默认值:24h0m0s | |
| 令牌被自动删除之前的持续时间(例如 1 s,2 m,3 h)。如果设置为 '0',则令牌将永不过期 | |
| --upload-certs | |
| 将控制平面证书上传到 kubeadm-certs Secret。 | |
从父命令继承的选项
| --rootfs string | |
| [实验] 到 '真实' 主机根文件系统的路径。 | |