执行添加节点命令
kubeadm join 192.168.254.8:6443 --token abcdef.0123456789abcdef  --discovery-token-ca-cert-hash sha256:fb86033a0162fd9758713c7e771912d964c08508ad9d89146575ab774bf54cf0

重复报错：

It seems like the kubelet isn't running or healthy
The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp 127.0.0.1:10248: connect: connection refused.

网上的解决方法：

swapoff -a
kubeadm reset
systemctl daemon-reload
systemctl restart kubelet
iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X

都试过还是不行

根据 systemctl  status kubelet 找到报错信息

 F0816 14:26:20.134416   66442 server.go:269] failed to run Kubelet: misconfiguration: kubelet cgroup driver: "cgroupfs" is different from docker cgroup driver: "systemd"

执行 docker info 发现master01 和 其他节点默认cgroup不一致，发现 docker 版本不一致，其他节点重装docker 后添加node 无异常。

但是添加 master 节点还是会报错

error execution phase preflight: 
One or more conditions for hosting a new control plane instance is not satisfied.

unable to add a new control plane instance a cluster that doesn't have a stable controlPlaneEndpoint address

Please ensure that:
* The cluster has a stable controlPlaneEndpoint address.
* The certificates that must be shared among control plane instances are provided.

再初始化master01时 把 controlplaneEndpoint 参数写进去了，但是初始化后没有写入配置文件

使用 kubectl -n kube-system edit cm kubeadm-config 命令将 controlplaneEndpoint重新写入

 重新加入后还是报错

经搜索发现是 大小写的问题，连接：

can't get the controlPlaneEndPoint info · Issue #2167 · kubernetes/kubeadm · GitHub

正确写法应该是 controlPlaneEndpoint

修改后 重新加入集群

kubeadm join 192.168.254.8:6443 --token abcdef.0123456789abcdef     --discovery-token-ca-cert-hash sha256:fb86033a0162fd9758713c7e771912d964c08508ad9d89146575ab774bf54cf0 --control-plane --certificate-key 0c0fb845934a666a4a52771930123dde95fc97020aff6cc2cfbf928dd822f0a6

又报证书的错误

[download-certs] Downloading the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace
error execution phase control-plane-prepare/download-certs: error downloading certs: the Secret does not include the required certificate or key - name: external-etcd-ca.crt, path: /opt/etcd/ssl/ca.pem

一波三折呀

因为是 master节点  需要加 --control-plane --certificate-key 参数 --certificate-key 参数可以在主master节点使用 

kubeadm init phase upload-certs --upload-certs

命令来生成

这里又因为是etcd集群外安装，需要 加入配置文件生成 --certificate-key，排错知识来源：

kubernetes 集群安装（kubeadm）_Docker_小小文_InfoQ写作社区 

kubeadm init phase upload-certs --upload-certs --config kubeadm-config.yaml

再重新加入

kubeadm join 192.168.254.8:6443 --token abcdef.0123456789abcdef     --discovery-token-ca-cert-hash sha256:fb86033a0162fd9758713c7e771912d964c08508ad9d89146575ab774bf54cf0 --control-plane --certificate-key c5e57ec1b4be2f0fa054f0bd586d1032006fe90ceef797b710a9fb4a59cb7412

执行成功 

完美撒花，再继续后面的操作