所以这是我的云configuration
#cloud-config coreos: etcd2: discovery: "https://discovery.etcd.io/tocken" advertise-client-urls: "http://$private_ipv4:2379" initial-advertise-peer-urls: "http://$private_ipv4:2380" listen-client-urls: "http://0.0.0.0:2379,http://0.0.0.0:4001" listen-peer-urls: "http://$private_ipv4:2380,http://$private_ipv4:7001" flannel: interface: $private_ipv4 units: - name: etcd2.service command: start - name: flanneld.service drop-ins: - name: 50-network-config.conf content: | [Service] ExecStartPre=/usr/bin/etcdctl set /coreos.com/network/config '{ "Network": "10.1.0.0/16" }' command: start - name: sshd.socket command: restart runtime: true content: | [Unit] Description=OpenSSH server daemon Conflicts=sshd.service [Socket] ListenStream=65321 FreeBind=true Accept=yes [Install] WantedBy=sockets.target - name: kubelet.service command: restart runtime: true content: | [Service] Environment=KUBELET_VERSION=v1.6.1_coreos.0 ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/manifests ExecStart=/usr/lib/coreos/kubelet-wrapper \ --api-servers=http://127.0.0.1:8080 \ --allow-privileged=true \ --config=/etc/kubernetes/manifests \ --hostname-override=$private_ipv4 \ --cluster-dns=10.13.0.10 \ --cluster-domain=cluster.local Restart=always RestartSec=10 [Install] WantedBy=multi-user.target users: - name: admin ssh-authorized-keys: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuCXgeT7kQfSikcU1BWRyMFi8izN+1WHPNopaaXQV2xune6nKOHN8yhGVRKaE9iQHY+6jSjxWd5SY9CEyWlIST5dxfffRkWZiuJISHAxl6+E+fI0kNsUG2AXTXuJnXBQllqkgsggfBJ+5BxNf35IyfILTqkDu99ZNBNbeTNSPJmbYgMs71fWB2TiGx8ugsZrIOzqbcEfu9KNTD+RszrLaCRAZNl1sANEk7N7ZIUaIIlBBxmaPWW1voXor4AP/SAnHMEouX25ZlruL7nCEH9BybVYT8xFVEBl0fJIoj/c1TYkk/80P7JLJg0pIAxMCWqy0NzBwEcXbef1yIlO6meDuZ Kirill@NOUTKIR groups: - "sudo" shell: /bin/bash write_files: - path: "/etc/ssh/sshd_config" permissions: 0600 owner: root:root content: | HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key UsePrivilegeSeparation yes KeyRegenerationInterval 3600 ServerKeyBits 1024 SyslogFacility AUTH LogLevel INFO LoginGraceTime 120 PermitRootLogin no StrictModes yes RSAAuthentication yes PubkeyAuthentication yes IgnoreRhosts yes RhostsRSAAuthentication no HostbasedAuthentication no PermitEmptyPasswords no ChallengeResponseAuthentication no X11Forwarding yes X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server UsePAM yes AllowUsers admin PasswordAuthentication no - path: "/etc/kubernetes/manifests/kube-apiserver.yaml # permissions: ?? # owner: ?? content: | apiVersion: v1 kind: Pod metadata: name: kube-apiserver namespace: kube-system spec: hostNetwork: true containers: - name: kube-apiserver image: quay.io/coreos/hyperkube:v1.6.1_coreos.0 command: - /hyperkube - apiserver - --bind-address=0.0.0.0 - --etcd-servers=http://<master private IP>:2379,http://<node1 private IP>:2379,http://<node2 private IP>:2379 - --allow-privileged=true - --service-cluster-ip-range=10.13.0.0/24 - --secure-port=443 - --advertise-address=<master private IP> - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota # - --tls-cert-file=/etc/kubernetes/ssl/apiserver.pem # - --tls-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem # - --client-ca-file=/etc/kubernetes/ssl/ca.pem - --service-account-key-file=/etc/kubernetes/ssl/apiserver-key.pem - --runtime-config=extensions/v1beta1=true,extensions/v1beta1/networkpolicies=true ports: - containerPort: 443 hostPort: 443 name: https - containerPort: 8080 hostPort: 8080 name: local # volumeMounts: # - mountPath: /etc/kubernetes/ssl # name: ssl-certs-kubernetes # readOnly: true # - mountPath: /etc/ssl/certs # name: ssl-certs-host # readOnly: true # volumes: # - hostPath: # path: /etc/kubernetes/ssl # name: ssl-certs-kubernetes # - hostPath: # path: /usr/share/ca-certificates # name: ssl-certs-host - path: /etc/kubernetes/manifests/kube-proxy.yaml # permissions: ?? # owner: ?? content: | apiVersion: v1 kind: Pod metadata: name: kube-proxy namespace: kube-system spec: hostNetwork: true containers: - name: kube-proxy image: quay.io/coreos/hyperkube:v1.6.1_coreos.0 command: - /hyperkube - proxy - --master=http://127.0.0.1:8080 - --proxy-mode=iptables securityContext: privileged: true # volumeMounts: # - mountPath: /etc/ssl/certs # name: ssl-certs-host # readOnly: true # volumes: # - hostPath: # path: /usr/share/ca-certificates # name: ssl-certs-host - path: /etc/kubernetes/manifests/kube-controller-manager.yaml # permissions: ?? # owner: ?? content: | apiVersion: v1 kind: Pod metadata: name: kube-controller-manager namespace: kube-system spec: hostNetwork: true containers: - name: kube-controller-manager image: quay.io/coreos/hyperkube:v1.6.1_coreos.0 command: - /hyperkube - controller-manager - --master=http://127.0.0.1:8080 - --leader-elect=true # - --service-account-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem # - --root-ca-file=/etc/kubernetes/ssl/ca.pem livenessProbe: httpGet: host: 127.0.0.1 path: /healthz port: 10252 initialDelaySeconds: 15 timeoutSeconds: 1 # volumeMounts: # - mountPath: /etc/kubernetes/ssl # name: ssl-certs-kubernetes # readOnly: true # - mountPath: /etc/ssl/certs # name: ssl-certs-host # readOnly: true # volumes: # - hostPath: # path: /etc/kubernetes/ssl # name: ssl-certs-kubernetes # - hostPath: # path: /usr/share/ca-certificates # name: ssl-certs-host - path: /etc/kubernetes/manifests/kube-scheduler.yaml # permissions: ?? # owner: ?? content: | apiVersion: v1 kind: Pod metadata: name: kube-scheduler namespace: kube-system spec: hostNetwork: true containers: - name: kube-scheduler image: quay.io/coreos/hyperkube:v1.6.1_coreos.0 command: - /hyperkube - scheduler - --master=http://127.0.0.1:8080 - --leader-elect=true livenessProbe: httpGet: host: 127.0.0.1 path: /healthz port: 10251 initialDelaySeconds: 15 timeoutSeconds: 1 有人以前面对过这个? 我已经失去了4个小时的谷歌search,并试图拉屎
PS:在预制线上出现错误
99行:
- path: "/etc/kubernetes/manifests/kube-apiserver.yaml
…缺less一个报价。
仅供参考,在YAMLlint的帮助下,我在5秒左右就发现了这个问题 。