<p>kubeadm init가 configmap에 대한 RBAC를 올바르게 구성하지 않음</p>

일치하지 않는 버전이 없으면 괜찮습니다.

@chuckha 잘 기억한다면 kubelet-* 구성 맵은 kube-system 이어야하며 kubeadm은 부트 스트랩 토큰 및 노드에 대한 액세스를 허용하는 규칙을 만듭니다. 하지만 마지막 변경 후 다시 확인하겠습니다.

@chuckha 마스터 + 릴리스 번호에서 v1.11.0으로 강제 빌드 된 모든 구성 요소를 사용하여 클러스터에서 성공적으로 조인을 완료했습니다.

• kubelet-config-1.11 이 (가) kube-system 에서 생성되었습니다.
• kubeadm:kubelet-config-1.11 역할이 구성 맵에 대한 권한 가져 오기로 kube-system 에서 생성되었습니다.
• system:nodes 및 system:bootstrappers:kubeadm:default-node-token 대한 역할 바인딩 kubeadm:kubelet-config-1.11 이 kube-system 에서 생성되었습니다.

그래서 IMO :

• RBAC 생성
• "버전 일관성"시나리오에 있다면 모든 것이 작동합니다.

아직 조사해야 할 부분은

init 명령은 구성 파일에 지정된 kubernetesVersion을 사용하고 join 명령은 구성 맵의 이름으로 kubelet 버전을 사용합니다 (예 : kubelet-config-1.1).

예, 버전 문제 여야합니다.

빌드 할 때 버전을 설정하지 않았으므로 바이너리가 모두 1.12.0 이상이라고 생각하지만 kubeadm을 설치하고 강제로 v1.11을 사용하도록했습니다.

이로 인해

root@ip-10-0-0-7:~# k get cm -n kube-system
NAME                                 DATA      AGE
...
kubelet-config-1.11                  1         32m

그리고 가입 할 때 :

[kubelet] Downloading configuration for the kubelet from the "kubelet-config-1.12" ConfigMap in the kube-system namespace                                                                        
configmaps "kubelet-config-1.12" is forbidden: User "system:bootstrap:u3ns6m" cannot get configmaps in the namespace "kube-system"                                                               

바이너리를 다시 빌드하고 올바른 버전으로 강제 설정하고 다시 시도합니다.

kubelet 및 kubeadm 버전이 일치하면 모든 것이 정상입니다. 구성 맵 작성과 구성 맵 가져 오기 사이의 불일치 (의도적 일 수 있음)와 관련하여 덜 긴급한 수정을 위해 종료합니다.

kubeadm init를 사용하지 않고 단계를 개별적으로 호출합니다. kube-system에는 configmap이 없으며 올바르게 설정할 수있는 권한도 없습니다. 이것은 어떤 단계입니까?

@drewwells 당신과 같은 문제가 발생했습니다. 단계를 개별적으로 실행 중이며 구성 mpas가 없습니다.

sudo kubectl get cm -n kube-system --kubeconfig=/etc/kubernetes/admin.conf
NAME                                 DATA   AGE
calico-config                        2      11m
coredns                              1      15m
extension-apiserver-authentication   6      15m
kube-proxy                           2      15m

해결책을 찾았습니까?

또한 모든 구성 요소는 1.11.4입니다.

이것은 더 나아갑니다. kubeadm init을 사용하여 클러스터를 부트 스트랩하고 이제 올바른 구성 맵이 제자리에 있습니다.

ubuntu@master-1-test2:~$ sudo kubectl get cm -n kube-system --kubeconfig=/etc/kubernetes/admin.conf
NAME                                 DATA      AGE
coredns                              1         41m
extension-apiserver-authentication   6         41m
kube-proxy                           2         41m
kubeadm-config                       1         41m
kubelet-config-1.11                  1         41m
ubuntu@master-1-test2:~$ kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.4", GitCommit:"bf9a868e8ea3d3a8fa53cbb22f566771b3f8068b", GitTreeState:"clean", BuildDate:"2018-10-25T19:13:39Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"linux/amd64"}

노드에서 :

$ sudo kubeadm -v=10 join k8s.oz.noris.de:6443 --token 36etul.nv5lz6hjfifdd4c9 --discovery-token-unsafe-skip-ca-verification                                                                                             I1107 12:57:01.340638    3631 join.go:226] [join] found NodeName empty
I1107 12:57:01.340816    3631 join.go:227] [join] considered OS hostname as NodeName
[preflight] running pre-flight checks
I1107 12:57:01.341152    3631 join.go:238] [preflight] running various checks on all nodes
I1107 12:57:01.341265    3631 checks.go:253] validating the existence and emptiness of directory /etc/kubernetes/manifests
I1107 12:57:01.341677    3631 checks.go:291] validating the existence of file /etc/kubernetes/pki/ca.crt
I1107 12:57:01.341774    3631 checks.go:291] validating the existence of file /etc/kubernetes/kubelet.conf
I1107 12:57:01.341857    3631 checks.go:291] validating the existence of file /etc/kubernetes/bootstrap-kubelet.conf
I1107 12:57:01.341947    3631 kernelcheck_linux.go:45] validating the kernel module IPVS required exists in machine or not
        [WARNING RequiredIPVSKernelModulesAvailable]: the IPVS proxier will not be used, because the following required kernel modules are not loaded: [ip_vs_sh ip_vs ip_vs_rr ip_vs_wrr] or no builtin kernel ipvs support: map[ip_vs:{} ip_
vs_rr:{} ip_vs_wrr:{} ip_vs_sh:{} nf_conntrack_ipv4:{}]
you can solve this problem with following methods:
 1. Run 'modprobe -- ' to load missing kernel modules;
2. Provide the missing builtin kernel ipvs support

I1107 12:57:01.349448    3631 checks.go:138] validating if the service is enabled and active
I1107 12:57:01.361957    3631 checks.go:340] validating the contents of file /proc/sys/net/bridge/bridge-nf-call-iptables
I1107 12:57:01.362034    3631 checks.go:340] validating the contents of file /proc/sys/net/ipv4/ip_forward
I1107 12:57:01.362076    3631 checks.go:653] validating whether swap is enabled or not
I1107 12:57:01.362134    3631 checks.go:381] validating the presence of executable crictl
I1107 12:57:01.362204    3631 checks.go:381] validating the presence of executable ip
I1107 12:57:01.362244    3631 checks.go:381] validating the presence of executable iptables
I1107 12:57:01.362281    3631 checks.go:381] validating the presence of executable mount
I1107 12:57:01.362320    3631 checks.go:381] validating the presence of executable nsenter
...
[discovery] Trying to connect to API Server "mycluster.example.com:6443"
[discovery] Created cluster-info discovery client, requesting info from "https://mycluster.example.com:6443"
I1107 12:57:01.487256    3631 round_trippers.go:386] curl -k -v -XGET  -H "Accept: application/json, */*" -H "User-Agent: kubeadm/v1.11.4 (linux/amd64) kubernetes/bf9a868" 'https://mycluster.example.com:6443/api/v1/namespaces/kube-public/config
maps/cluster-info'
I1107 12:57:01.504539    3631 round_trippers.go:405] GET https://mycluster.example.com:6443/api/v1/namespaces/kube-public/configmaps/cluster-info 200 OK in 17 milliseconds
I1107 12:57:01.504720    3631 round_trippers.go:411] Response Headers:
I1107 12:57:01.504818    3631 round_trippers.go:414]     Content-Type: application/json
I1107 12:57:01.504914    3631 round_trippers.go:414]     Content-Length: 2217
I1107 12:57:01.505003    3631 round_trippers.go:414]     Date: Wed, 07 Nov 2018 12:57:01 GMT
I1107 12:57:01.505174    3631 request.go:942] Response Body: {"kind":"ConfigMap","apiVersion":"v1","metadata":{"name":"cluster-info","namespace":"kube-public","selfLink":"/api/v1/namespaces/kube-public/configmaps/cluster-info","uid":"97e9
a3d1-e286-11e8-9272-fa163ef9e3af","resourceVersion":"425","creationTimestamp":"2018-11-07T12:13:53Z"},"data":{"jws-kubeconfig-36etul":"eyJhbGciOiJIUzI1NiIsImtpZCI6IjM2ZXR1bCJ9..zRgexonkjOpLJS0q3IignURwTcpBuQy7gv35Qhhsl_k","jws-kubeconfig-
eth6o8":"eyJhbGciOiJIUzI1NiIsImtpZCI6ImV0aDZvOCJ9..kWj4cI2j1WgKfNG07IGiIij4CSb9kWUbaM2mixlYThY","jws-kubeconfig-rbxd02":"eyJhbGciOiJIUzI1NiIsImtpZCI6InJieGQwMiJ9..HwIWDwfIbAjNM1EGbWdXYOhC8z1MxgwuzhjlJRaZ_pc","kubeconfig":"apiVersion: v1\n
clusters:\n- cluster:\n    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNE1URXdNekEwTlRrME4xb1hEVEk0TVRBek1UQTB
OVGswTjFvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTU9BCkNHQU5jUjVRQWV3MlljY2V0eWVyYktiODd4RWRPVlp2aUdneElrbkpKTTZwZFVBbzMwSWVxckRqSnlFaTFVeDcKU0c5NS9sRlBqU1htdHhhNHMvc1g1KzNTVW4zZ
EtFRWw5TFhXa0lzeTRJYzRFUTMwWE9WcnNuYTYwN1UzNmQyaAp3NHdTK1dveE5QR3dqZDM2bXQzMFR4bUluYk54ZVl5d2NnVU1tMlZFZXM4dGhVaVhZMXB1N1Y2SUNCY243cE9NCkdoT2xlRXg4SmlEVnhuSGlpSm9oYytCbGNIdHdLU1pzK2cvZUhwdGdlSDdaQlZNRC8zZVFvZXVsUGVvTEkwamEKc09jTENMTkpEVVB
LUWJqRnRNbkFZSXVvOENHSXpFTzBDaDZNeW5vb1pTL0E0bEs1MXJmTVdkTkZ4N0dVdnQxYQo5KzZzMHo2NEpHeVFBdmtBcWhVQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFEbWs1NEYzZ1BqOS91NzlRbTg2V1Mzc
k5YaFoKZG16Wmt3TXRDajRuTXdsSndGQy9iZUU4ZUdsWnFxWDcrdEpYUDVaY0xLNE1pSnM1U2JTMjd5NDF3WTRRTFFWaQpVWmRocEFHUTBOSlpHSGhWMTVDczlVQTA1ZTFNajNCaHZ6SG5VV2t1ZUhYbW84VmI4SkI5RGloeGdiUW5GY2FQCjRWcVhWY0pBemxVQ0V5aXhreVRGendZTklJbzJHdGtCdlI1YkxCM0doT2R
sQURmQzEwdzgvTmQveFFmRnRWdmYKL3lHaktpbW8rT2xERkV5YittcHVKMVdiN3Y3bnJJSzlSSy9WbVhUWENiOWZLQ3BmQ0hMU0hpa0lEWklZK0wxTQpwbWpXYXZFcjFLSlE5UEJIYmdZSHkxK1F0bkpXRDNjNnJrOUtoNU1zMFhTVmpBc2Z1RWdXaG9CYnlVdz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=\n   
 server: https://k8s.oz.noris.de:6443\n  name: \"\"\ncontexts: []\ncurrent-context: \"\"\nkind: Config\npreferences: {}\nusers: []\n"}}
[discovery] Cluster info signature and contents are valid and no TLS pinning was specified, will use API Server "k8s.oz.noris.de:6443"
[discovery] Successfully established connection with API Server "mycluster.example.com:6443"
I1107 12:57:01.509945    3631 join.go:260] [join] writing bootstrap kubelet config file at /etc/kubernetes/bootstrap-kubelet.conf
I1107 12:57:01.617006    3631 loader.go:359] Config loaded from file /etc/kubernetes/bootstrap-kubelet.conf
I1107 12:57:01.617871    3631 join.go:283] Stopping the kubelet
[kubelet] Downloading configuration for the kubelet from the "kubelet-config-1.12" ConfigMap in the kube-system namespace
I1107 12:57:01.627838    3631 round_trippers.go:386] curl -k -v -XGET  -H "Accept: application/json, */*" -H "User-Agent: kubeadm/v1.11.4 (linux/amd64) kubernetes/bf9a868" -H "Authorization: Bearer 36etul.nv5lz6hjfifdd4c9" 'https://mycluster.example.com:6443/api/v1/namespaces/kube-system/configmaps/kubelet-config-1.12'
I1107 12:57:01.639396    3631 round_trippers.go:405] GET https://mycluster.example.com:6443/api/v1/namespaces/kube-system/configmaps/kubelet-config-1.12 403 Forbidden in 11 milliseconds
I1107 12:57:01.639427    3631 round_trippers.go:411] Response Headers:
I1107 12:57:01.639443    3631 round_trippers.go:414]     Content-Length: 311
I1107 12:57:01.639464    3631 round_trippers.go:414]     Date: Wed, 07 Nov 2018 12:57:01 GMT
I1107 12:57:01.639477    3631 round_trippers.go:414]     Content-Type: application/json
I1107 12:57:01.639492    3631 round_trippers.go:414]     X-Content-Type-Options: nosniff
I1107 12:57:01.639525    3631 request.go:942] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"configmaps \"kubelet-config-1.12\" is forbidden: User \"system:bootstrap:36etul\" cannot get confi
gmaps in the namespace \"kube-system\"","reason":"Forbidden","details":{"name":"kubelet-config-1.12","kind":"configmaps"},"code":403}
configmaps "kubelet-config-1.12" is forbidden: User "system:bootstrap:36etul" cannot get configmaps in the namespace "kube-system"

이상한 물건을 보셨나요?

분명히 kubelet의 버전을 확인하면 모든 것이 만들어집니다! kubelet 버전 1.12.2가 있습니다.
코드에서 힌트를 얻었습니다.

하나의 최신 버전을 제외하고 동일한 문제가 발생합니다.

마스터에서 :

$ lsb_release -d
Description:    Ubuntu 16.04.5 LTS
$ dpkg -l | grep kub
ii  kubeadm                          1.12.1-00                                  amd64        Kubernetes Cluster Bootstrapping Tool
ii  kubectl                          1.12.1-00                                  amd64        Kubernetes Command Line Tool
ii  kubelet                          1.12.1-00                                  amd64        Kubernetes Node Agent
ii  kubernetes-cni                   0.6.0-00                                   amd64        Kubernetes CNI
$ kubectl version
Client Version: version.Info{Major:"1", Minor:"12", GitVersion:"v1.12.1", GitCommit:"4ed3216f3ec431b140b1d899130a69fc671678f4", GitTreeState:"clean", BuildDate:"2018-10-05T16:46:06Z", GoVersion:"go1.10.4", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.0", GitCommit:"ddf47ac13c1a9483ea035a79cd7c10005ff21a6d", GitTreeState:"clean", BuildDate:"2018-12-03T20:56:12Z", GoVersion:"go1.11.2", Compiler:"gc", Platform:"linux/amd64"}

그 서버 버전 1.13.0은 어디에서 왔습니까? 나는 그것을 설치하지 않았다.

어쨌든이 VM에서 kubeadm init를 실행하기 전에 복제 했으므로 클러스터의 다른 노드가 될 준비가 된 다른 VM이 있습니다. 클론이기 때문에 1.12.1도 있습니다. 가입하려고 할 때 :

$ kubeadm join --token blahblah 10.138.0.3:6443 --discovery-token-ca-cert-hash sha256:deadbeefdeadbeefetc 
[preflight] running pre-flight checks
        [WARNING RequiredIPVSKernelModulesAvailable]: the IPVS proxier will not be used, because the following required kernel modules are not loaded: [ip_vs ip_vs_rr ip_vs_wrr ip_vs_sh] or no builtin kernel ipvs support: map[ip_vs_sh:{} nf_conntrack_ipv4:{} ip_vs:{} ip_vs_rr:{} ip_vs_wrr:{}]
you can solve this problem with following methods:
 1. Run 'modprobe -- ' to load missing kernel modules;
2. Provide the missing builtin kernel ipvs support
[discovery] Trying to connect to API Server "10.138.0.3:6443"
[discovery] Created cluster-info discovery client, requesting info from "https://10.138.0.3:6443"
[discovery] Requesting info from "https://10.138.0.3:6443" again to validate TLS against the pinned public key
[discovery] Cluster info signature and contents are valid and TLS certificate validates against pinned roots, will 
use API Server "10.138.0.3:6443"
[discovery] Successfully established connection with API Server "10.138.0.3:6443"
[kubelet] Downloading configuration for the kubelet from the "kubelet-config-1.12" ConfigMap in the kube-system namespace configmaps "kubelet-config-1.12" is forbidden: User "system:bootstrap:3ai26q" cannot get resource "configmaps" in API group "" in the namespace "kube-system"

그리고 왜 kubelet-config-1.12 configmap을 얻을 수 없습니까? 하나도 없으니까. 마스터로 돌아 가기 :

$ sudo kubectl get cm -n kube-system --kubeconfig=/etc/kubernetes/admin.conf
NAME                                 DATA   AGE
calico-config                        4      26m
coredns                              1      29m
extension-apiserver-authentication   6      29m
kube-proxy                           2      29m
kubeadm-config                       2      29m
kubelet-config-1.13                  1      29m

@brianriceca : 당신과 똑같은 문제에 직면 ... 이에 대한 모든 해결책 ..

Master : ram @ k8master1 : ~ $ kubeadm 버전
kubeadm 버전 : & version.Info {Major : "1", Minor : "12", GitVersion : "v1.12.1", GitCommit : "4ed3216f3ec431b140b1d899130a69fc671678f4", GitTreeState : "clean", BuildDate : "2018-10-05T16 : 43 : 08Z ", GoVersion :"go1.10.4 ", 컴파일러 :"gc ", 플랫폼 :"linux / amd64 "}
ram @ k8master1 : ~ $ dpkg -l | grep kub
ii kubeadm 1.12.1-00 amd64 Kubernetes 클러스터 부트 스트랩 도구
ii kubectl 1.12.1-00 amd64 Kubernetes 명령 줄 도구
ii kubelet 1.12.1-00 amd64 Kubernetes 노드 에이전트
ii kubernetes-cni 0.6.0-00 amd64 Kubernetes CNI
ram @ k8master1 : ~ $ kubectl 버전
클라이언트 버전 : version.Info {Major : "1", Minor : "12", GitVersion : "v1.12.1", GitCommit : "4ed3216f3ec431b140b1d899130a69fc671678f4", GitTreeState : "clean", BuildDate : "2018-10-05T16 : 46 : 06Z ", GoVersion :"go1.10.4 ", 컴파일러 :"gc ", 플랫폼 :"linux / amd64 "}
서버 버전 : version.Info {Major : "1", Minor : "13", GitVersion : "v1.13.0", GitCommit : "ddf47ac13c1a9483ea035a79cd7c10005ff21a6d", GitTreeState : "clean", BuildDate : "2018-12-03T20 : 56 : 12Z ", GoVersion :"go1.11.2 ", 컴파일러 :"gc ", 플랫폼 :"linux / amd64 "}

ram @ k8master1 : ~ $ kubectl 노드 가져 오기
이름 상태 역할 연령 버전
k8master1.example.com 준비 마스터 101m v1.12.1
ram @ k8master1 : ~ $ kubectl get pods --all-namespaces
네임 스페이스 이름 준비 상태 다시 시작 나이
kube-system calico-node-r248v 2/2 Running 0 99m
kube-system coredns-869f847d58-72lqd 1/1 Running 0 101m
kube-system coredns-869f847d58-p2zzs 1/1 Running 0 101m
kube-system etcd-k8master1.example.com 1/1 달리기 0 100m
kube-system kube-apiserver-k8master1.example.com 1/1 달리기 0 100m
kube-system kube-controller-manager-k8master1.example.com 1/1 달리기 0 100m
kube-system kube-proxy-77qbx 1/1 Running 0 101m
kube-system kube-scheduler-k8master1.example.com 1/1 달리기 0 100m

작업자 노드 :
root @ k8worker1 : ~ # dpkg -l | grep -i kub
ii kubeadm 1.12.1-00 amd64 Kubernetes 클러스터 부트 스트랩 도구
ii kubectl 1.12.1-00 amd64 Kubernetes 명령 줄 도구
ii kubelet 1.12.1-00 amd64 Kubernetes 노드 에이전트
ii kubernetes-cni 0.6.0-00 amd64 Kubernetes CNI
root @ k8worker1 : ~ # kubectl 버전
클라이언트 버전 : version.Info {Major : "1", Minor : "12", GitVersion : "v1.12.1", GitCommit : "4ed3216f3ec431b140b1d899130a69fc671678f4", GitTreeState : "clean", BuildDate : "2018-10-05T16 : 46 : 06Z ", GoVersion :"go1.10.4 ", 컴파일러 :"gc ", 플랫폼 :"linux / amd64 "}
서버 localhost : 8080 에 대한 연결이 거부되었습니다. 올바른 호스트 또는 포트를 지정 했습니까?

root @ k8worker1 : ~ # kubeadm join 10.0.0.61:6443 --token xjxgqa.h2vnld3x9ztgf3pr --discovery-token-ca-cert-hash sha256 : 7c18b654b623ee84164bb0dfa79409c821398f1a968843446af525ec72e0fdad
[프리 플라이트] 프리 플라이트 검사 실행
[경고 필수 IPVSKernelModulesAvailable] : 다음 필수 커널 모듈이로드되지 않았으므로 IPVS 프록시가 사용되지 않습니다. [ip_vs ip_vs_rr ip_vs_wrr ip_vs_sh] 또는 내장 커널 ipvs 지원 없음 : map [nf_conntrack_iprrv4 : {} ip_vs : {} ip_vs : {} ip_vs_wrr : {} ip_vs_sh : {}]
다음 방법으로이 문제를 해결할 수 있습니다.

1. 누락 된 커널 모듈을로드하려면 'modprobe-'를 실행하십시오.
   
   
   
   1. 누락 된 내장 커널 ipvs 지원 제공
   
   

[발견] API 서버 "10.0.0.61:6443"에 접속 시도 중
[검색] 클러스터 정보 검색 클라이언트 생성, " https://10.0.0.61 : 6443"에서 정보 요청
[발견] 고정 된 공개 키에 대해 TLS의 유효성을 검사하기 위해 " https://10.0.0.61 : 6443"에서 다시 정보 요청
[발견] 클러스터 정보 서명 및 콘텐츠가 유효하며 TLS 인증서가 고정 된 루트에 대해 유효성을 검사하고 API 서버 "10.0.0.61:6443"을 사용합니다.
[발견] API 서버 "10.0.0.61:6443"과 성공적으로 연결
[kubelet] kube-system 네임 스페이스의 "kubelet-config-1.12"ConfigMap에서 kubelet 구성 다운로드
configmaps "kubelet-config-1.12"는 금지됨 : 사용자 " system : bootstrap : xjxgqa"는 네임 스페이스 "kube-system"의 API 그룹 ""에서 "configmaps"리소스를 가져올 수 없습니다.
root @ k8worker1 : ~ # kubeadm join 10.0.0.61:6443 --token xjxgqa.h2vnld3x9ztgf3pr --discovery-token-ca-cert-hash sha256 : 7c18b654b623ee84164bb0dfa79409c821398f1a968843446af525ec72e0fdad
[프리 플라이트] 프리 플라이트 검사 실행
[경고 필수 IPVSKernelModulesAvailable] : 다음 필수 커널 모듈이로드되지 않았기 때문에 IPVS 프록시가 사용되지 않습니다. [ip_vs ip_vs_rr ip_vs_wrr ip_vs_sh] 또는 내장 커널 ipvs 지원 없음 : map [ip_vs_rr : {} ip_vs_rr : {} ip_vs_rr : {} ip_vs_rr : {} nf_conntrack_ipv4 : {} ip_vs : {}]
다음 방법으로이 문제를 해결할 수 있습니다.

1. 누락 된 커널 모듈을로드하려면 'modprobe-'를 실행하십시오.
   
   
   
   1. 누락 된 내장 커널 ipvs 지원 제공
   
   

[프리 플라이트] 몇 가지 치명적인 오류가 발생했습니다.
[오류 FileAvailable--etc-kubernetes-bootstrap-kubelet.conf] : /etc/kubernetes/bootstrap-kubelet.conf가 이미 있습니다.
[오류 FileAvailable--etc-kubernetes-pki-ca.crt] : /etc/kubernetes/pki/ca.crt가 이미 있습니다.
[프리 플라이트] 수행중인 작업을 알고 있다면 --ignore-preflight-errors=... 하여 치명적이지 않은 수표를 만들 수 있습니다.

@brianriceca 및 kubelet-config-1.13 맵이 있으며 configmaps "kubelet-config-1.12" is forbidden 됩니다.

오! 내가 아직 몰랐던 것은 kubeadm이 달리 지정하지 않는 한 항상 gcr.io에서 Kubernetes 제어 플레인의 최신 버전을 다운로드한다는 것입니다. 따라서 1.13을 사용할 수 있는데도 1.12.1을 설치하려면 다음을 수행해야합니다.
kubeadm init --kubernetes-version 1.12.1 --pod-network-cidr _ 무엇이든 / 무엇이든 _

두 노드를 모두 삭제하고 모든 버전 1.12.2 를 사용하여 다시 시도했지만 이번에는 문제가 발생하지 않았습니다. 최신 버전이 있다는 출력이 있었지만 1.12로 되돌릴 것입니다 (지금 잃어 버렸습니다)

나는 (분명히) 시더에서 노드와 동일한 버전을 사용하는 동안 동일한 버그를 겪고 있습니다.

시더에서 (초기화 후) :

$ kubeadm version -o json
{
  "clientVersion": {
    "major": "1",
    "minor": "13",
    "gitVersion": "v1.13.0",
    "gitCommit": "ddf47ac13c1a9483ea035a79cd7c10005ff21a6d",
    "gitTreeState": "clean",
    "buildDate": "2018-12-11T17:03:40Z",
    "goVersion": "go1.11.2",
    "compiler": "gc",
    "platform": "linux/amd64"
  }
}
$
$ kubectl get cm --all-namespaces
NAMESPACE     NAME                                 DATA   AGE
kube-public   cluster-info                         2      174m
kube-system   coredns                              1      174m
kube-system   extension-apiserver-authentication   6      174m
kube-system   flannel-plugin-config-map            2      174m
kube-system   kube-proxy                           2      174m
kube-system   kubeadm-config                       2      174m
kube-system   kubelet-config-1.13                  1      174m
kube-system   kubic-init-config-seeder             1      174m
$
$
$ kubectl version
Client Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.0", GitCommit:"ddf47ac13c1a9483ea035a79cd7c10005ff21a6d", GitTreeState:"archive", BuildDate:"2018-12-07T12:00:00Z", GoVersion:"go1.11.2", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.0", GitCommit:"ddf47ac13c1a9483ea035a79cd7c10005ff21a6d", GitTreeState:"clean", BuildDate:"2018-12-03T20:56:12Z", GoVersion:"go1.11.2", Compiler:"gc", Platform:"linux/amd64"}

노드에서 :

$ cat config.txt 
apiVersion: kubeadm.k8s.io/v1beta1
caCertPath: /etc/kubernetes/pki/ca.crt
discovery:
  bootstrapToken:
    apiServerEndpoint: 192.168.100.1:6443
    token: 94dcda.c271f4ff502789ca
    unsafeSkipCAVerification: true
  timeout: 5m0s
  tlsBootstrapToken: 94dcda.c271f4ff502789ca
kind: JoinConfiguration
nodeRegistration:
  criSocket: /var/run/crio/crio.sock
  kubeletExtraArgs:
    cni-bin-dir: /var/lib/kubelet/cni/bin
    cni-conf-dir: /etc/cni/net.d
    container-runtime-endpoint: unix:///var/run/crio/crio.sock
    network-plugin: cni

$
$ kubeadm join --v=8 --config=config.txt 
I1220 11:55:56.879023       7 join.go:299] [join] found NodeName empty; using OS hostname as NodeName
I1220 11:55:56.880357       7 joinconfiguration.go:72] loading configuration from the given file
[preflight] Running pre-flight checks
I1220 11:55:56.890498       7 join.go:328] [preflight] Running general checks
I1220 11:55:56.891937       7 checks.go:245] validating the existence and emptiness of directory /etc/kubernetes/manifests
I1220 11:55:56.893051       7 checks.go:283] validating the existence of file /etc/kubernetes/kubelet.conf
I1220 11:55:56.894239       7 checks.go:283] validating the existence of file /etc/kubernetes/bootstrap-kubelet.conf
I1220 11:55:56.895384       7 checks.go:104] validating the container runtime
I1220 11:55:57.072517       7 checks.go:373] validating the presence of executable crictl
I1220 11:55:57.073553       7 checks.go:332] validating the contents of file /proc/sys/net/bridge/bridge-nf-call-iptables
I1220 11:55:57.074479       7 checks.go:332] validating the contents of file /proc/sys/net/ipv4/ip_forward
I1220 11:55:57.075518       7 checks.go:644] validating whether swap is enabled or not
I1220 11:55:57.076499       7 checks.go:373] validating the presence of executable ip
I1220 11:55:57.077424       7 checks.go:373] validating the presence of executable iptables
I1220 11:55:57.078594       7 checks.go:373] validating the presence of executable mount
I1220 11:55:57.079564       7 checks.go:373] validating the presence of executable nsenter
I1220 11:55:57.080425       7 checks.go:373] validating the presence of executable ebtables
I1220 11:55:57.081391       7 checks.go:373] validating the presence of executable ethtool
I1220 11:55:57.082170       7 checks.go:373] validating the presence of executable socat
I1220 11:55:57.084207       7 checks.go:373] validating the presence of executable tc
I1220 11:55:57.085250       7 checks.go:373] validating the presence of executable touch
I1220 11:55:57.086132       7 checks.go:515] running all checks
I1220 11:55:57.137681       7 checks.go:403] checking whether the given node name is reachable using net.LookupHost
I1220 11:55:57.150619       7 checks.go:613] validating kubelet version
I1220 11:55:57.450319       7 checks.go:130] validating if the service is enabled and active
I1220 11:55:57.554984       7 checks.go:208] validating availability of port 10250
I1220 11:55:57.556700       7 checks.go:283] validating the existence of file /etc/kubernetes/pki/ca.crt
I1220 11:55:57.557579       7 checks.go:430] validating if the connectivity type is via proxy or direct
[preflight] Some fatal errors occurred:
    [ERROR FileAvailable--etc-kubernetes-bootstrap-kubelet.conf]: /etc/kubernetes/bootstrap-kubelet.conf already exists
    [ERROR FileAvailable--etc-kubernetes-pki-ca.crt]: /etc/kubernetes/pki/ca.crt already exists
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
sh-4.4# rm -f /etc/kubernetes/bootstrap-kubelet.conf /etc/kubernetes/pki/ca.crt
sh-4.4# kubeadm join --v=8 --config=config.txt 
I1220 11:56:10.073469      30 join.go:299] [join] found NodeName empty; using OS hostname as NodeName
I1220 11:56:10.074575      30 joinconfiguration.go:72] loading configuration from the given file
[preflight] Running pre-flight checks
I1220 11:56:10.085937      30 join.go:328] [preflight] Running general checks
I1220 11:56:10.086871      30 checks.go:245] validating the existence and emptiness of directory /etc/kubernetes/manifests
I1220 11:56:10.087809      30 checks.go:283] validating the existence of file /etc/kubernetes/kubelet.conf
I1220 11:56:10.088573      30 checks.go:283] validating the existence of file /etc/kubernetes/bootstrap-kubelet.conf
I1220 11:56:10.089370      30 checks.go:104] validating the container runtime
I1220 11:56:10.126939      30 checks.go:373] validating the presence of executable crictl
I1220 11:56:10.128075      30 checks.go:332] validating the contents of file /proc/sys/net/bridge/bridge-nf-call-iptables
I1220 11:56:10.129096      30 checks.go:332] validating the contents of file /proc/sys/net/ipv4/ip_forward
I1220 11:56:10.129993      30 checks.go:644] validating whether swap is enabled or not
I1220 11:56:10.131006      30 checks.go:373] validating the presence of executable ip
I1220 11:56:10.132983      30 checks.go:373] validating the presence of executable iptables
I1220 11:56:10.139740      30 checks.go:373] validating the presence of executable mount
I1220 11:56:10.140267      30 checks.go:373] validating the presence of executable nsenter
I1220 11:56:10.140738      30 checks.go:373] validating the presence of executable ebtables
I1220 11:56:10.141092      30 checks.go:373] validating the presence of executable ethtool
I1220 11:56:10.141459      30 checks.go:373] validating the presence of executable socat
I1220 11:56:10.142799      30 checks.go:373] validating the presence of executable tc
I1220 11:56:10.145062      30 checks.go:373] validating the presence of executable touch
I1220 11:56:10.145954      30 checks.go:515] running all checks
I1220 11:56:10.189173      30 checks.go:403] checking whether the given node name is reachable using net.LookupHost
I1220 11:56:10.204103      30 checks.go:613] validating kubelet version
I1220 11:56:10.529594      30 checks.go:130] validating if the service is enabled and active
I1220 11:56:10.556043      30 checks.go:208] validating availability of port 10250
I1220 11:56:10.557915      30 checks.go:283] validating the existence of file /etc/kubernetes/pki/ca.crt
I1220 11:56:10.559380      30 checks.go:430] validating if the connectivity type is via proxy or direct
I1220 11:56:10.560242      30 join.go:334] [preflight] Fetching init configuration
I1220 11:56:10.561013      30 join.go:601] [join] Discovering cluster-info
[discovery] Trying to connect to API Server "192.168.100.1:6443"
[discovery] Created cluster-info discovery client, requesting info from "https://192.168.100.1:6443"
I1220 11:56:10.567171      30 round_trippers.go:383] GET https://192.168.100.1:6443/api/v1/namespaces/kube-public/configmaps/cluster-info
I1220 11:56:10.568131      30 round_trippers.go:390] Request Headers:
I1220 11:56:10.568891      30 round_trippers.go:393]     Accept: application/json, */*
I1220 11:56:10.569609      30 round_trippers.go:393]     User-Agent: kubeadm/v1.13.0 (linux/amd64) kubernetes/ddf47ac
I1220 11:56:10.586461      30 round_trippers.go:408] Response Status: 200 OK in 16 milliseconds
I1220 11:56:10.587241      30 round_trippers.go:411] Response Headers:
I1220 11:56:10.588006      30 round_trippers.go:414]     Content-Type: application/json
I1220 11:56:10.588757      30 round_trippers.go:414]     Content-Length: 1991
I1220 11:56:10.589497      30 round_trippers.go:414]     Date: Thu, 20 Dec 2018 11:56:11 GMT
I1220 11:56:10.590141      30 request.go:942] Response Body: {"kind":"ConfigMap","apiVersion":"v1","metadata":{"name":"cluster-info","namespace":"kube-public","selfLink":"/api/v1/namespaces/kube-public/configmaps/cluster-info","uid":"c8b93b6b-0436-11e9-b4e4-4845202d6379","resourceVersion":"368","creationTimestamp":"2018-12-20T09:08:15Z"},"data":{"jws-kubeconfig-94dcda":"eyJhbGciOiJIUzI1NiIsImtpZCI6Ijk0ZGNkYSJ9..qJePAaUQp5APwTC-dSSzvL3MEVE8PQxgbvipbsC1faA","kubeconfig":"apiVersion: v1\nclusters:\n- cluster:\n    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNE1USXlNREE1TURjMU0xb1hEVEk0TVRJeE56QTVNRGMxTTFvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTkF3CmRET2tVSXI4M3BDMkY2bFE2UFZMYzlMbGhtenNnc3NPMWRQZWhVWTZ0azJwNUZIdmRlNEwwdkVNWHpaZU5oSGUKNFNnd1A1cTMxd1F0Wkx3aEFKWDRDR1dzNGVFZG9LNnZqMDVJYzQ1SDZhMDNvN3RqSWhNcUsvTHVrdDAzR2Q1Lwp0OENXUllHYjV5TWtBNldIMkxDZkwvSXlYQWU1NTV0STR1RTRuTTFSUXNSMFNMdy8rR2FK [truncated 967 chars]
[discovery] Cluster info signature and contents are valid and no TLS pinning was specified, will use API Server "192.168.100.1:6443"
[discovery] Successfully established connection with API Server "192.168.100.1:6443"
I1220 11:56:10.596836      30 join.go:608] [join] Retrieving KubeConfig objects
[join] Reading configuration from the cluster...
[join] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
I1220 11:56:10.600835      30 round_trippers.go:383] GET https://192.168.100.1:6443/api/v1/namespaces/kube-system/configmaps/kubeadm-config
I1220 11:56:10.601554      30 round_trippers.go:390] Request Headers:
I1220 11:56:10.602287      30 round_trippers.go:393]     User-Agent: kubeadm/v1.13.0 (linux/amd64) kubernetes/ddf47ac
I1220 11:56:10.603124      30 round_trippers.go:393]     Accept: application/json, */*
I1220 11:56:10.603831      30 round_trippers.go:393]     Authorization: Bearer 94dcda.c271f4ff502789ca
I1220 11:56:10.633321      30 round_trippers.go:408] Response Status: 200 OK in 28 milliseconds
I1220 11:56:10.634283      30 round_trippers.go:411] Response Headers:
I1220 11:56:10.635127      30 round_trippers.go:414]     Date: Thu, 20 Dec 2018 11:56:11 GMT
I1220 11:56:10.635912      30 round_trippers.go:414]     Content-Type: application/json
I1220 11:56:10.636635      30 round_trippers.go:414]     Content-Length: 1316
I1220 11:56:10.637413      30 request.go:942] Response Body: {"kind":"ConfigMap","apiVersion":"v1","metadata":{"name":"kubeadm-config","namespace":"kube-system","selfLink":"/api/v1/namespaces/kube-system/configmaps/kubeadm-config","uid":"c8069fb3-0436-11e9-b4e4-4845202d6379","resourceVersion":"173","creationTimestamp":"2018-12-20T09:08:14Z"},"data":{"ClusterConfiguration":"apiServer:\n  certSANs:\n  - 192.168.100.1\n  extraArgs:\n    authorization-mode: Node,RBAC\n    oidc-ca-file: /etc/kubernetes/pki/ca.crt\n    oidc-client-id: kubernetes\n    oidc-groups-claim: group\n    oidc-issuer-url: https://192.168.0.154:32000\n    oidc-username-claim: email\n  timeoutForControlPlane: 4m0s\napiVersion: kubeadm.k8s.io/v1beta1\ncertificatesDir: /etc/kubernetes/pki\nclusterName: kubernetes\ncontrolPlaneEndpoint: \"\"\ncontrollerManager: {}\ndns:\n  type: CoreDNS\netcd:\n  local:\n    dataDir: /var/lib/etcd\n    imageRepository: registry.opensuse.org/devel/kubic/containers/container/kubic\n    imageTag: \"3.3\"\nimageRepository: k8s.gcr.io\nkind: ClusterConfiguration\nkubernetesVer [truncated 292 chars]
I1220 11:56:10.643565      30 round_trippers.go:383] GET https://192.168.100.1:6443/api/v1/namespaces/kube-system/configmaps/kube-proxy
I1220 11:56:10.644430      30 round_trippers.go:390] Request Headers:
I1220 11:56:10.645126      30 round_trippers.go:393]     Accept: application/json, */*
I1220 11:56:10.645791      30 round_trippers.go:393]     User-Agent: kubeadm/v1.13.0 (linux/amd64) kubernetes/ddf47ac
I1220 11:56:10.646455      30 round_trippers.go:393]     Authorization: Bearer 94dcda.c271f4ff502789ca
I1220 11:56:10.654053      30 round_trippers.go:408] Response Status: 200 OK in 6 milliseconds
I1220 11:56:10.655099      30 round_trippers.go:411] Response Headers:
I1220 11:56:10.655921      30 round_trippers.go:414]     Content-Type: application/json
I1220 11:56:10.656796      30 round_trippers.go:414]     Content-Length: 1655
I1220 11:56:10.657597      30 round_trippers.go:414]     Date: Thu, 20 Dec 2018 11:56:11 GMT
I1220 11:56:10.658883      30 request.go:942] Response Body: {"kind":"ConfigMap","apiVersion":"v1","metadata":{"name":"kube-proxy","namespace":"kube-system","selfLink":"/api/v1/namespaces/kube-system/configmaps/kube-proxy","uid":"c8de0370-0436-11e9-b4e4-4845202d6379","resourceVersion":"229","creationTimestamp":"2018-12-20T09:08:15Z","labels":{"app":"kube-proxy"}},"data":{"config.conf":"apiVersion: kubeproxy.config.k8s.io/v1alpha1\nbindAddress: 0.0.0.0\nclientConnection:\n  acceptContentTypes: \"\"\n  burst: 10\n  contentType: application/vnd.kubernetes.protobuf\n  kubeconfig: /var/lib/kube-proxy/kubeconfig.conf\n  qps: 5\nclusterCIDR: 172.16.0.0/13\nconfigSyncPeriod: 15m0s\nconntrack:\n  max: null\n  maxPerCore: 32768\n  min: 131072\n  tcpCloseWaitTimeout: 1h0m0s\n  tcpEstablishedTimeout: 24h0m0s\nenableProfiling: false\nhealthzBindAddress: 0.0.0.0:10256\nhostnameOverride: \"\"\niptables:\n  masqueradeAll: false\n  masqueradeBit: 14\n  minSyncPeriod: 0s\n  syncPeriod: 30s\nipvs:\n  excludeCIDRs: null\n  minSyncPeriod: 0s\n  scheduler: \"\"\n  syncPeriod: 30s\nkind: Kub [truncated 631 chars]
I1220 11:56:10.664746      30 round_trippers.go:383] GET https://192.168.100.1:6443/api/v1/namespaces/kube-system/configmaps/kubelet-config-1.13
I1220 11:56:10.665883      30 round_trippers.go:390] Request Headers:
I1220 11:56:10.666731      30 round_trippers.go:393]     User-Agent: kubeadm/v1.13.0 (linux/amd64) kubernetes/ddf47ac
I1220 11:56:10.667616      30 round_trippers.go:393]     Authorization: Bearer 94dcda.c271f4ff502789ca
I1220 11:56:10.668451      30 round_trippers.go:393]     Accept: application/json, */*
I1220 11:56:10.676896      30 round_trippers.go:408] Response Status: 200 OK in 7 milliseconds
I1220 11:56:10.677820      30 round_trippers.go:411] Response Headers:
I1220 11:56:10.680010      30 round_trippers.go:414]     Content-Type: application/json
I1220 11:56:10.681115      30 round_trippers.go:414]     Content-Length: 2134
I1220 11:56:10.682015      30 round_trippers.go:414]     Date: Thu, 20 Dec 2018 11:56:11 GMT
I1220 11:56:10.683204      30 request.go:942] Response Body: {"kind":"ConfigMap","apiVersion":"v1","metadata":{"name":"kubelet-config-1.13","namespace":"kube-system","selfLink":"/api/v1/namespaces/kube-system/configmaps/kubelet-config-1.13","uid":"c80c1601-0436-11e9-b4e4-4845202d6379","resourceVersion":"176","creationTimestamp":"2018-12-20T09:08:14Z"},"data":{"kubelet":"address: 0.0.0.0\napiVersion: kubelet.config.k8s.io/v1beta1\nauthentication:\n  anonymous:\n    enabled: false\n  webhook:\n    cacheTTL: 2m0s\n    enabled: true\n  x509:\n    clientCAFile: /etc/kubernetes/pki/ca.crt\nauthorization:\n  mode: Webhook\n  webhook:\n    cacheAuthorizedTTL: 5m0s\n    cacheUnauthorizedTTL: 30s\ncgroupDriver: cgroupfs\ncgroupsPerQOS: true\nclusterDNS:\n- 172.24.0.10\nclusterDomain: cluster.local\nconfigMapAndSecretChangeDetectionStrategy: Watch\ncontainerLogMaxFiles: 5\ncontainerLogMaxSize: 10Mi\ncontentType: application/vnd.kubernetes.protobuf\ncpuCFSQuota: true\ncpuCFSQuotaPeriod: 100ms\ncpuManagerPolicy: none\ncpuManagerReconcilePeriod: 10s\nenableControllerAttachDetach: tr [truncated 1110 chars]
I1220 11:56:10.688139      30 interface.go:384] Looking for default routes with IPv4 addresses
I1220 11:56:10.688797      30 interface.go:389] Default route transits interface "eth0"
I1220 11:56:10.689612      30 interface.go:196] Interface eth0 is up
I1220 11:56:10.690375      30 interface.go:244] Interface "eth0" has 2 addresses :[192.168.100.220/24 fe80::d0a8:62ff:fe54:b6e9/64].
I1220 11:56:10.690995      30 interface.go:211] Checking addr  192.168.100.220/24.
I1220 11:56:10.691796      30 interface.go:218] IP found 192.168.100.220
I1220 11:56:10.692489      30 interface.go:250] Found valid IPv4 address 192.168.100.220 for interface "eth0".
I1220 11:56:10.693168      30 interface.go:395] Found active IP 192.168.100.220 
I1220 11:56:10.694393      30 join.go:341] [preflight] Running configuration dependant checks
I1220 11:56:10.695211      30 join.go:478] [join] writing bootstrap kubelet config file at /etc/kubernetes/bootstrap-kubelet.conf
I1220 11:56:10.942159      30 loader.go:359] Config loaded from file /etc/kubernetes/bootstrap-kubelet.conf
I1220 11:56:10.943961      30 join.go:503] Stopping the kubelet
[kubelet] Downloading configuration for the kubelet from the "kubelet-config-1.12" ConfigMap in the kube-system namespace
I1220 11:56:10.977300      30 round_trippers.go:383] GET https://192.168.100.1:6443/api/v1/namespaces/kube-system/configmaps/kubelet-config-1.12
I1220 11:56:10.978035      30 round_trippers.go:390] Request Headers:
I1220 11:56:10.978844      30 round_trippers.go:393]     User-Agent: kubeadm/v1.13.0 (linux/amd64) kubernetes/ddf47ac
I1220 11:56:10.979502      30 round_trippers.go:393]     Accept: application/json, */*
I1220 11:56:10.980081      30 round_trippers.go:393]     Authorization: Bearer 94dcda.c271f4ff502789ca
I1220 11:56:10.983223      30 round_trippers.go:408] Response Status: 403 Forbidden in 2 milliseconds
I1220 11:56:10.984240      30 round_trippers.go:411] Response Headers:
I1220 11:56:10.985065      30 round_trippers.go:414]     Content-Type: application/json
I1220 11:56:10.985883      30 round_trippers.go:414]     X-Content-Type-Options: nosniff
I1220 11:56:10.987515      30 round_trippers.go:414]     Content-Length: 342
I1220 11:56:10.989207      30 round_trippers.go:414]     Date: Thu, 20 Dec 2018 11:56:11 GMT
I1220 11:56:10.990506      30 request.go:942] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"configmaps \"kubelet-config-1.12\" is forbidden: User \"system:bootstrap:94dcda\" cannot get resource \"configmaps\" in API group \"\" in the namespace \"kube-system\"","reason":"Forbidden","details":{"name":"kubelet-config-1.12","kind":"configmaps"},"code":403}
configmaps "kubelet-config-1.12" is forbidden: User "system:bootstrap:94dcda" cannot get resource "configmaps" in API group "" in the namespace "kube-system"
$
$
$ kubeadm version -o json
{
  "clientVersion": {
    "major": "1",
    "minor": "13",
    "gitVersion": "v1.13.0",
    "gitCommit": "ddf47ac13c1a9483ea035a79cd7c10005ff21a6d",
    "gitTreeState": "archive",
    "buildDate": "2018-12-07T12:00:00Z",
    "goVersion": "go1.11.2",
    "compiler": "gc",
    "platform": "linux/amd64"
  }
}

어떤 이유로 kubelet-config-1.12 를 찾고있는 반면 오른쪽 ConfigMap은 kubelet-config-1.13 이어야합니다.

kubelet --version 확인 후 다음을 확인합니다.

$ kubelet --version
Kubernetes v1.12.0

configmap 이름이 이것에서 파생 되었습니까?

@inercia configmap 이름은 kubelet 버전에서 파생됩니다. 위의 내 링크를 참조하십시오.

@ oz123을 설명해 주셔서 감사합니다.

업데이트에 어떤 일이 일어날 지 궁금합니다. 예를 들면

1) my-distribution-1.13 가 포함 된 kubeadm-1.13 my-distribution-1.13 와 함께 시더가 설치됩니다.
2) 시더가 init ialized
3) 그 후 얼마 후 동일한 배포판으로 노드가 설치되고 kubeadm-1.13 및 kubelet-1.13
4) 그러나 일부 업데이트는 설치가 끝날 때 적용되고 새로운 kubelet-1.14 가 설치됩니다.
5) kubeadm join 는 1.14에 대한 configmap을 찾으려고하지만 거기에 없습니다 ...

일치하는 kubeadm 버전으로 k8s 1.13.1을 설치하지만 kube-proxy에 격리 된이 문제가 표시됩니다.

kubeadm join --config /etc/kubernetes/kubeadm-client.conf --ignore-preflight-errors=all
[preflight] Running pre-flight checks
[discovery] Trying to connect to API Server "xxx.xxx.xxx.xxx:6443"
[discovery] Created cluster-info discovery client, requesting info from "https://xxx.xxx.xxx.xxx:6443"
[discovery] Cluster info signature and contents are valid and no TLS pinning was specified, will use API Server "xxx.xxx.xxx.xxx:6443"
[discovery] Successfully established connection with API Server "xxx.xxx.xxx.xxx:6443"
[join] Reading configuration from the cluster...
[join] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
unable to fetch the kubeadm-config ConfigMap: failed to get component configs: configmaps "kube-proxy" is forbidden: User "system:bootstrap:3tw24k" cannot get resource "configmaps" in API group "" in the namespace "kube-system"

RoleBinding 해결 방법을 수동으로 생성하면 노드에 가입 할 수 있습니다.

# on controlplane node
kubectl create rolebinding -n kube-system --role kube-proxy --group system:bootstrappers:kubeadm:default-node-token kubeadm:kube-proxy-bootstrap

# on joining node
...
[join] Reading configuration from the cluster...
[join] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet] Downloading configuration for the kubelet from the "kubelet-config-1.13" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Activating the kubelet service
[tlsbootstrap] Waiting for the kubelet to perform the TLS Bootstrap...
[patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "ci-pdk1-debug4144-k8sne-1" as an annotation

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the master to see this node join the cluster.

system:bootstrappers:kubeadm:default-node-token 그룹에 대한 kube-proxy RoleBinding이 자동으로 채워 져야합니까? 여기서 무슨 일이 일어나고 있는지 아십니까?

편집 : 또한 첫 번째 kubeadm init 이후에 명시 적으로 kubeadm init phase addon kube-proxy 실행하면 system:bootstrappers:kubeadm:default-node-token 대한 kube-proxy RoleBinding이 생성된다는 사실을 발견했습니다. 왜 내 초기 kubeadm init 에서이 RoleBinding 생성을 건너 뛰는 지 모르겠습니다.

이것은 나를 위해 일했습니다.

kubeadm 및 kubelet의 버전을 확실히 확인하고 이러한 패키지의 동일한 버전이 모든 노드에서 사용되는지 확인하십시오. 설치하기 전에 호스트에서 다음 버전을 "표시하고 유지"해야합니다.

각각의 현재 버전을 확인하십시오.
kubelet-버전

kubeadm 확인
kubeadm 버전

그들이 다르면 문제가 있습니다. 모든 노드에 동일한 버전을 다시 설치하고 다운 그레이드를 허용해야합니다. 아래 명령의 내 버전이 현재 출시 된 것보다 이전 버전 일 수 있습니다. 버전 번호를 최신 버전으로 바꿀 수 있지만이 방법은 작동합니다.
sudo apt-get install -y docker-ce = 18.06.1 ~ ce ~ 3-0 ~ ubuntu kubelet = 1.12.2-00 kubeadm = 1.12.2-00 kubectl = 1.12.2-00 --allow-downgrades

그런 다음 설치가 완료되면 자동으로 업그레이드되지 않도록 표시하고 누르고 있으면 시스템이 손상됩니다.
sudo apt-mark hold docker-ce kubelet kubeadm kubectl