[09:11:47 root@ceshi-01 ~ $]kubeadm init --help
Run this command in order to set up the Kubernetes control plane
运行此命令以设置Kubernetes控制平面
The "init" command executes the following phases:
init 命令执行以下阶段
```
preflight Run pre-flight checks
运行飞行前检查
kubelet-start Write kubelet settings and (re)start the kubelet
写入 kubelet 设置并启动或重新启动 kubelet
certs Certificate generation
生成证书
/ca Generate the self-signed Kubernetes CA to provision identities for other Kubernetes components
生成自签名 Kubernetes CA 证书以为其他 Kubernetes 组件配置标识
/apiserver Generate the certificate for serving the Kubernetes API
生成用于 Kubernetes API 的证书
/apiserver-kubelet-client Generate the certificate for the API server to connect to kubelet
生成客户端证书以连接到 API server
/front-proxy-ca Generate the self-signed CA to provision identities for front proxy
为 proxy 生成自签名 CA 证书
/front-proxy-client Generate the certificate for the front proxy client
为 proxy 客户端生成证书
/etcd-ca Generate the self-signed CA to provision identities for etcd
为 etcd 生成证书
/etcd-peer Generate the certificate for etcd nodes to communicate with each other
生成 etcd 节点间互信证书
/etcd-healthcheck-client Generate the certificate for liveness probes to healtcheck etcd
/etcd-server Generate the certificate for serving etcd
生成 etcd 服务证书
/apiserver-etcd-client Generate the certificate the apiserver uses to access etcd
生成 apiserver 用于访问 etcd 的证书
/sa Generate a private key for signing service account tokens along with its public key
kubeconfig Generate all kubeconfig files necessary to establish the control plane and the admin kubeconfig file
/admin Generate a kubeconfig file for the admin to use and for kubeadm itself
/kubelet Generate a kubeconfig file for the kubelet to use *only* for cluster bootstrapping purposes
/controller-manager Generate a kubeconfig file for the controller manager to use
/scheduler Generate a kubeconfig file for the scheduler to use
control-plane Generate all static Pod manifest files necessary to establish the control plane
/apiserver Generates the kube-apiserver static Pod manifest
/controller-manager Generates the kube-controller-manager static Pod manifest
/scheduler Generates the kube-scheduler static Pod manifest
etcd Generate static Pod manifest file for local etcd
/local Generate the static Pod manifest file for a local, single-node local etcd instance
upload-config Upload the kubeadm and kubelet configuration to a ConfigMap
/kubeadm Upload the kubeadm ClusterConfiguration to a ConfigMap
/kubelet Upload the kubelet component config to a ConfigMap
upload-certs Upload certificates to kubeadm-certs
mark-control-plane Mark a node as a control-plane
bootstrap-token Generates bootstrap tokens used to join a node to a cluster
addon Install required addons for passing Conformance tests
/coredns Install the CoreDNS addon to a Kubernetes cluster
/kube-proxy Install the kube-proxy addon to a Kubernetes cluster
```
用法:
kubeadm init [flags]
kubeadm init [command]
可用命令:
phase Use this command to invoke single phase of the init workflow
Flags:
--apiserver-advertise-address string The IP address the API Server will advertise it's listening on.
这个 IP 地址用于 API Server 的监听地址
If not set the default network interface will be used.
如果没有设置,将使用默认的网络接口
--apiserver-bind-port int32 Port for the API Server to bind to. (default 6443)
指定 API Server 绑定端口(默认6443)
--apiserver-cert-extra-sans strings Optional extra Subject Alternative Names (SANs) to use for the API Server serving certificate.
用于 API 服务器证书的可选额外主题备用名称(SANs)
Can be both IP addresses and DNS names.
可以是 IP 地址和 DNS 名称
--cert-dir string The path where to save and store the certificates. (default "/etc/kubernetes/pki")
保存证书的路径(default "/etc/kubernetes/pki")
--certificate-key string Key used to encrypt the control-plane certificates in the kubeadm-certs Secret.
用于加密证书的秘钥
--config string Path to a kubeadm configuration file.\
kubeadm 配置文件路径
--cri-socket string Path to the CRI socket to connect. If empty kubeadm will try to auto-detect this value;
要连接的CRI套接字的路径。 如果空kubeadm将尝试自动检测此值;
use this option only if you have more than one CRI installed or if you have non-standard CRI socket.
仅当您安装了多个CRI或具有非标准CRI套接字时才使用此选项。
--dry-run Don't apply any changes; just output what would be done.
不要应用更改,只输出要做的事
--feature-gates string A set of key=value pairs that describe feature gates for various features.
一组 key=value 对,用于描述各种功能的功能门。
No feature gates are available in this release.
此版本中没有功能门。
-h, --help help for init
显示帮助信息
--ignore-preflight-errors strings A list of checks whose errors will be shown as warnings.
将错误显示为警告,也就是忽略某些错误以继续安装
Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.
例如:IsPrivilegedUser,Swap,如果值为 all 将忽略所有错误
--image-repository string Choose a container registry to pull control plane images from (default "k8s.gcr.io")
指定 image 仓库地址(default "k8s.gcr.io")
--kubernetes-version string Choose a specific Kubernetes version for the control plane. (default "stable-1")
为控制平面选择特定的 Kubernetes 版本 (default "stable-1")
--node-name string Specify the node name.
指定节点名称
--pod-network-cidr string Specify range of IP addresses for the pod network.
指定 Pod 网络的 IP 范围
If set, the control plane will automatically allocate CIDRs for every node.
如果设置,控制平面将自动为每个节点分配 CIDRs
--service-cidr string Use alternative range of IP address for service VIPs. (default "10.96.0.0/12")
为服务 VIPs 使用备用 IP 地址范围(default "10.96.0.0/12")
--service-dns-domain string Use alternative domain for services, e.g. "myorg.internal". (default "cluster.local")
为服务使用域名,例如:myorg.internal (default "cluster.local")
--skip-certificate-key-print Don't print the key used to encrypt the control-plane certificates.
不要打印用于加密控制平面证书的密钥。
--skip-phases strings List of phases to be skipped
要跳过的阶段列表
--skip-token-print Skip printing of the default bootstrap token generated by 'kubeadm init'.
跳过打印 bootstrap token
--token string The token to use for establishing bidirectional trust between nodes and control-plane nodes. The format is [a-z0-9]{6}\.[a-z0-9]{16} - e.g. abcdef.0123456789abcdef
--token-ttl duration The duration before the token is automatically deleted (e.g. 1s, 2m, 3h).
token 过期时间(例如 1s, 2m, 3h)
If set to '0', the token will never expire (default 24h0m0s)
如果设置为0,将永不过期(默认24小时)
--upload-certs Upload control-plane certificates to the kubeadm-certs Secret.
将控制平面证书上载到 kubeadm-certs
Global Flags:
--log-file string If non-empty, use this log file
--log-file-max-size uint Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--rootfs string [EXPERIMENTAL] The path to the 'real' host root filesystem.
--skip-headers If true, avoid header prefixes in the log messages
--skip-log-headers If true, avoid headers when opening log files
-v, --v Level number for the log level verbosity
Use "kubeadm init [command] --help" for more information about a command.
网友评论