+--------+------+------+---------+----------+-------+-------+-----------+--------+------------+-------------+------------------+--------------+
| name   | sudo | curl | openssl | ebtables | socat | ipset | conntrack | docker | nfs client | ceph client | glusterfs client | time         |
+--------+------+------+---------+----------+-------+-------+-----------+--------+------------+-------------+------------------+--------------+
| master | y    | y    | y       | y        | y     | y     | y         | y      |            |             |                  | CST 20:28:11 |
| node2  | y    | y    | y       | y        | y     | y     | y         | y      |            |             |                  | CST 20:28:11 |
| node1  | y    | y    | y       | y        | y     | y     | y         | y      |            |             |                  | CST 20:28:11 |
+--------+------+------+---------+----------+-------+-------+-----------+--------+------------+-------------+------------------+--------------+

This is a simple check of your environment.
Before installation, you should ensure that your machines meet all requirements specified at
https://github.com/kubesphere/kubekey#requirements-and-recommendations

Continue this installation? [yes/no]: yes
INFO[20:28:14 CST] Downloading Installation Files
INFO[20:28:14 CST] Downloading kubeadm ...
INFO[20:28:14 CST] Downloading kubelet ...
INFO[20:28:15 CST] Downloading kubectl ...
INFO[20:28:15 CST] Downloading helm ...
INFO[20:28:15 CST] Downloading kubecni ...
INFO[20:28:15 CST] Configurating operating system ...
[node2 10.246.196.52] MSG:
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-arptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_local_reserved_ports = 30000-32767
[master 10.246.195.10] MSG:
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-arptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_local_reserved_ports = 30000-32767
[node1 10.246.200.186] MSG:
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-arptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_local_reserved_ports = 30000-32767
INFO[20:28:17 CST] Installing docker ...
INFO[20:28:18 CST] Start to download images on all nodes
[node2] Downloading image: kubesphere/pause:3.2
[master] Downloading image: kubesphere/etcd:v3.3.12
[node1] Downloading image: kubesphere/pause:3.2
[node2] Downloading image: kubesphere/kube-proxy:v1.18.6
[node1] Downloading image: kubesphere/kube-proxy:v1.18.6
[node2] Downloading image: coredns/coredns:1.6.9
[node1] Downloading image: coredns/coredns:1.6.9
[master] Downloading image: kubesphere/pause:3.2
[node1] Downloading image: kubesphere/k8s-dns-node-cache:1.15.12
[node2] Downloading image: kubesphere/k8s-dns-node-cache:1.15.12
[node2] Downloading image: calico/kube-controllers:v3.15.1
[node2] Downloading image: calico/cni:v3.15.1
[node2] Downloading image: calico/node:v3.15.1
[node2] Downloading image: calico/pod2daemon-flexvol:v3.15.1
[master] Downloading image: kubesphere/kube-apiserver:v1.18.6
[master] Downloading image: kubesphere/kube-controller-manager:v1.18.6
[node1] Downloading image: calico/kube-controllers:v3.15.1
[master] Downloading image: kubesphere/kube-scheduler:v1.18.6
[node1] Downloading image: calico/cni:v3.15.1
[master] Downloading image: kubesphere/kube-proxy:v1.18.6
[node1] Downloading image: calico/node:v3.15.1
[node1] Downloading image: calico/pod2daemon-flexvol:v3.15.1
[master] Downloading image: coredns/coredns:1.6.9
[master] Downloading image: kubesphere/k8s-dns-node-cache:1.15.12
[master] Downloading image: calico/kube-controllers:v3.15.1
[master] Downloading image: calico/cni:v3.15.1
[master] Downloading image: calico/node:v3.15.1
[master] Downloading image: calico/pod2daemon-flexvol:v3.15.1
INFO[20:30:07 CST] Generating etcd certs
INFO[20:30:08 CST] Synchronizing etcd certs
INFO[20:30:08 CST] Creating etcd service
[master 10.246.195.10] MSG:
Created symlink /etc/systemd/system/multi-user.target.wants/etcd.service → /etc/systemd/system/etcd.service.
INFO[20:30:17 CST] Starting etcd cluster
[master 10.246.195.10] MSG:
Configuration file will be created
INFO[20:30:17 CST] Refreshing etcd configuration
Waiting for etcd to start
INFO[20:30:22 CST] Backup etcd data regularly
INFO[20:30:23 CST] Get cluster status
[master 10.246.195.10] MSG:
Cluster will be created.
INFO[20:30:23 CST] Installing kube binaries
Push /root/kubekey/v1.18.6/amd64/kubeadm to 10.246.196.52:/tmp/kubekey/kubeadm   Done
Push /root/kubekey/v1.18.6/amd64/kubeadm to 10.246.200.186:/tmp/kubekey/kubeadm   Done
Push /root/kubekey/v1.18.6/amd64/kubeadm to 10.246.195.10:/tmp/kubekey/kubeadm   Done
Push /root/kubekey/v1.18.6/amd64/kubelet to 10.246.196.52:/tmp/kubekey/kubelet   Done
Push /root/kubekey/v1.18.6/amd64/kubelet to 10.246.200.186:/tmp/kubekey/kubelet   Done
Push /root/kubekey/v1.18.6/amd64/kubelet to 10.246.195.10:/tmp/kubekey/kubelet   Done
Push /root/kubekey/v1.18.6/amd64/kubectl to 10.246.200.186:/tmp/kubekey/kubectl   Done
Push /root/kubekey/v1.18.6/amd64/kubectl to 10.246.196.52:/tmp/kubekey/kubectl   Done
Push /root/kubekey/v1.18.6/amd64/kubectl to 10.246.195.10:/tmp/kubekey/kubectl   Done
Push /root/kubekey/v1.18.6/amd64/helm to 10.246.200.186:/tmp/kubekey/helm   Done
Push /root/kubekey/v1.18.6/amd64/helm to 10.246.196.52:/tmp/kubekey/helm   Done
Push /root/kubekey/v1.18.6/amd64/helm to 10.246.195.10:/tmp/kubekey/helm   Done
Push /root/kubekey/v1.18.6/amd64/cni-plugins-linux-amd64-v0.8.6.tgz to 10.246.196.52:/tmp/kubekey/cni-plugins-linux-amd64-v0.8.6.tgz   Done
Push /root/kubekey/v1.18.6/amd64/cni-plugins-linux-amd64-v0.8.6.tgz to 10.246.200.186:/tmp/kubekey/cni-plugins-linux-amd64-v0.8.6.tgz   Done
Push /root/kubekey/v1.18.6/amd64/cni-plugins-linux-amd64-v0.8.6.tgz to 10.246.195.10:/tmp/kubekey/cni-plugins-linux-amd64-v0.8.6.tgz   Done
INFO[20:30:27 CST] Initializing kubernetes cluster
[master 10.246.195.10] MSG:
W0323 20:30:28.002467   15905 utils.go:26] The recommended value for "clusterDNS" in "KubeletConfiguration" is: [10.233.0.10]; the provided value is: [169.254.25.10]
W0323 20:30:28.002610   15905 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
[init] Using Kubernetes version: v1.18.6
[preflight] Running pre-flight checks
        [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
        [WARNING FileExisting-ethtool]: ethtool not found in system path
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [master kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local lb.kubesphere.local kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local localhost lb.kubesphere.local master master.cluster.local node1 node1.cluster.local node2 node2.cluster.local] and IPs [10.233.0.1 10.246.195.10 127.0.0.1 10.246.195.10 10.246.200.186 10.246.196.52 10.233.0.1]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] External etcd mode: Skipping etcd/ca certificate authority generation
[certs] External etcd mode: Skipping etcd/server certificate generation
[certs] External etcd mode: Skipping etcd/peer certificate generation
[certs] External etcd mode: Skipping etcd/healthcheck-client certificate generation
[certs] External etcd mode: Skipping apiserver-etcd-client certificate generation
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
W0323 20:30:32.542402   15905 manifests.go:225] the default kube-apiserver authorization-mode is "Node,RBAC"; using "Node,RBAC"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
W0323 20:30:32.548081   15905 manifests.go:225] the default kube-apiserver authorization-mode is "Node,RBAC"; using "Node,RBAC"
[control-plane] Creating static Pod manifest for "kube-scheduler"
W0323 20:30:32.548999   15905 manifests.go:225] the default kube-apiserver authorization-mode is "Node,RBAC"; using "Node,RBAC"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 25.003819 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.18" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node master as control-plane by adding the label "node-role.kubernetes.io/master=''"
[mark-control-plane] Marking the node master as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: obtmiy.f0z3x48wuc9z4nky
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of control-plane nodes by copying certificate authorities
and service account keys on each node and then running the following as root:

  kubeadm join lb.kubesphere.local:6443 --token obtmiy.f0z3x48wuc9z4nky \
    --discovery-token-ca-cert-hash sha256:a38911508820f218a6626291a4d11e8c986cc69d32919a57f97ed4561b542053 \
    --control-plane

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join lb.kubesphere.local:6443 --token obtmiy.f0z3x48wuc9z4nky \
    --discovery-token-ca-cert-hash sha256:a38911508820f218a6626291a4d11e8c986cc69d32919a57f97ed4561b542053
[master 10.246.195.10] MSG:
service "kube-dns" deleted
[master 10.246.195.10] MSG:
service/coredns created
[master 10.246.195.10] MSG:
serviceaccount/nodelocaldns created
daemonset.apps/nodelocaldns created
[master 10.246.195.10] MSG:
configmap/nodelocaldns created
[master 10.246.195.10] MSG:
I0323 20:31:23.233210   17789 version.go:252] remote version is much newer: v1.20.5; falling back to: stable-1.18
W0323 20:31:24.004292   17789 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
[upload-certs] Storing the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace
[upload-certs] Using certificate key:
bd23951d80e39bc36ff0716fc46dc22af41a8417900723557d6936931e961f91
[master 10.246.195.10] MSG:
secret/kubeadm-certs patched
[master 10.246.195.10] MSG:
secret/kubeadm-certs patched
[master 10.246.195.10] MSG:
secret/kubeadm-certs patched
[master 10.246.195.10] MSG:
W0323 20:31:25.046223   17825 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
kubeadm join lb.kubesphere.local:6443 --token mlilvt.e0w92b18r8y8qt15     --discovery-token-ca-cert-hash sha256:a38911508820f218a6626291a4d11e8c986cc69d32919a57f97ed4561b542053
[master 10.246.195.10] MSG:
NAME     STATUS     ROLES    AGE   VERSION   INTERNAL-IP     EXTERNAL-IP   OS-IMAGE                       KERNEL-VERSION         CONTAINER-RUNTIME
master   NotReady   master   30s   v1.18.6   10.246.195.10   <none>        Debian GNU/Linux 10 (buster)   4.19.0-8-cloud-amd64   docker://19.3.8
INFO[20:31:25 CST] Deploying network plugin ...
[master 10.246.195.10] MSG:
configmap/calico-config created
customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/felixconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/globalnetworkpolicies.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/globalnetworksets.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/hostendpoints.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamblocks.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamconfigs.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamhandles.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ippools.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/kubecontrollersconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/networksets.crd.projectcalico.org created
clusterrole.rbac.authorization.k8s.io/calico-kube-controllers created
clusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers created
clusterrole.rbac.authorization.k8s.io/calico-node created
clusterrolebinding.rbac.authorization.k8s.io/calico-node created
daemonset.apps/calico-node created
serviceaccount/calico-node created
deployment.apps/calico-kube-controllers created
serviceaccount/calico-kube-controllers created
INFO[20:31:28 CST] Joining nodes to cluster
[node1 10.246.200.186] MSG:
[preflight] Running pre-flight checks
W0323 20:36:37.579995   15467 removeetcdmember.go:79] [reset] No kubeadm config, using etcd pod spec to get data directory
[reset] No etcd config found. Assuming external etcd
[reset] Please, manually reset etcd to prevent further issues
[reset] Stopping the kubelet service
[reset] Unmounting mounted directories in "/var/lib/kubelet"
W0323 20:36:37.585887   15467 cleanupnode.go:99] [reset] Failed to evaluate the "/var/lib/kubelet" directory. Skipping its unmount and cleanup: lstat /var/lib/kubelet: no such file or directory
[reset] Deleting contents of config directories: [/etc/kubernetes/manifests /etc/kubernetes/pki]
[reset] Deleting files: [/etc/kubernetes/admin.conf /etc/kubernetes/kubelet.conf /etc/kubernetes/bootstrap-kubelet.conf /etc/kubernetes/controller-manager.conf /etc/kubernetes/scheduler.conf]
[reset] Deleting contents of stateful directories: [/var/lib/dockershim /var/run/kubernetes /var/lib/cni]

The reset process does not clean CNI configuration. To do so, you must remove /etc/cni/net.d

The reset process does not reset or clean up iptables rules or IPVS tables.
If you wish to reset iptables, you must do so manually by using the "iptables" command.

If your cluster was setup to utilize IPVS, run ipvsadm --clear (or similar)
to reset your system's IPVS tables.

The reset process does not clean your kubeconfig files and you must remove them manually.
Please, check the contents of the $HOME/.kube/config file.
[node2 10.246.196.52] MSG:
[preflight] Running pre-flight checks
W0323 20:36:38.113925   15669 removeetcdmember.go:79] [reset] No kubeadm config, using etcd pod spec to get data directory
[reset] No etcd config found. Assuming external etcd
[reset] Please, manually reset etcd to prevent further issues
[reset] Stopping the kubelet service
[reset] Unmounting mounted directories in "/var/lib/kubelet"
W0323 20:36:38.119339   15669 cleanupnode.go:99] [reset] Failed to evaluate the "/var/lib/kubelet" directory. Skipping its unmount and cleanup: lstat /var/lib/kubelet: no such file or directory
[reset] Deleting contents of config directories: [/etc/kubernetes/manifests /etc/kubernetes/pki]
[reset] Deleting files: [/etc/kubernetes/admin.conf /etc/kubernetes/kubelet.conf /etc/kubernetes/bootstrap-kubelet.conf /etc/kubernetes/controller-manager.conf /etc/kubernetes/scheduler.conf]
[reset] Deleting contents of stateful directories: [/var/lib/dockershim /var/run/kubernetes /var/lib/cni]

The reset process does not clean CNI configuration. To do so, you must remove /etc/cni/net.d

The reset process does not reset or clean up iptables rules or IPVS tables.
If you wish to reset iptables, you must do so manually by using the "iptables" command.

If your cluster was setup to utilize IPVS, run ipvsadm --clear (or similar)
to reset your system's IPVS tables.

The reset process does not clean your kubeconfig files and you must remove them manually.
Please, check the contents of the $HOME/.kube/config file.
[node1 10.246.200.186] MSG:
[preflight] Running pre-flight checks
W0323 20:41:45.791394   15820 removeetcdmember.go:79] [reset] No kubeadm config, using etcd pod spec to get data directory
[reset] No etcd config found. Assuming external etcd
[reset] Please, manually reset etcd to prevent further issues
[reset] Stopping the kubelet service
[reset] Unmounting mounted directories in "/var/lib/kubelet"
W0323 20:41:45.801339   15820 cleanupnode.go:99] [reset] Failed to evaluate the "/var/lib/kubelet" directory. Skipping its unmount and cleanup: lstat /var/lib/kubelet: no such file or directory
[reset] Deleting contents of config directories: [/etc/kubernetes/manifests /etc/kubernetes/pki]
[reset] Deleting files: [/etc/kubernetes/admin.conf /etc/kubernetes/kubelet.conf /etc/kubernetes/bootstrap-kubelet.conf /etc/kubernetes/controller-manager.conf /etc/kubernetes/scheduler.conf]
[reset] Deleting contents of stateful directories: [/var/lib/dockershim /var/run/kubernetes /var/lib/cni]

The reset process does not clean CNI configuration. To do so, you must remove /etc/cni/net.d

The reset process does not reset or clean up iptables rules or IPVS tables.
If you wish to reset iptables, you must do so manually by using the "iptables" command.

If your cluster was setup to utilize IPVS, run ipvsadm --clear (or similar)
to reset your system's IPVS tables.

The reset process does not clean your kubeconfig files and you must remove them manually.
Please, check the contents of the $HOME/.kube/config file.
[node2 10.246.196.52] MSG:
[preflight] Running pre-flight checks
W0323 20:41:46.409269   15889 removeetcdmember.go:79] [reset] No kubeadm config, using etcd pod spec to get data directory
[reset] No etcd config found. Assuming external etcd
[reset] Please, manually reset etcd to prevent further issues
[reset] Stopping the kubelet service
[reset] Unmounting mounted directories in "/var/lib/kubelet"
W0323 20:41:46.417228   15889 cleanupnode.go:99] [reset] Failed to evaluate the "/var/lib/kubelet" directory. Skipping its unmount and cleanup: lstat /var/lib/kubelet: no such file or directory
[reset] Deleting contents of config directories: [/etc/kubernetes/manifests /etc/kubernetes/pki]
[reset] Deleting files: [/etc/kubernetes/admin.conf /etc/kubernetes/kubelet.conf /etc/kubernetes/bootstrap-kubelet.conf /etc/kubernetes/controller-manager.conf /etc/kubernetes/scheduler.conf]
[reset] Deleting contents of stateful directories: [/var/lib/dockershim /var/run/kubernetes /var/lib/cni]

The reset process does not clean CNI configuration. To do so, you must remove /etc/cni/net.d

The reset process does not reset or clean up iptables rules or IPVS tables.
If you wish to reset iptables, you must do so manually by using the "iptables" command.

If your cluster was setup to utilize IPVS, run ipvsadm --clear (or similar)
to reset your system's IPVS tables.

The reset process does not clean your kubeconfig files and you must remove them manually.
Please, check the contents of the $HOME/.kube/config file.

    potatomato0

    可以检查下worker节点是否可以正常连通master的6443端口

    curl -k https://lb.kubesphere.local:6443
    curl -k https://10.246.195.10:6443