code=13 按照官方的定义，应该是INTERNAL，即来自内部的错误，但有时也是自己配置上的错误.

在Ubuntu 16.04上安装kubernetes，etcd是直接apt-get安装的,当前版本为2.2.5，而kubernetes在1.5版本后默认使用etcd3的配置项。

因此在创建kube-apiserver.service配置文件时，需要指定etcd版本只需加入--storage-backend=etcd2参数即可.

Ubuntu16.04的kube-apiserver.service配置文件示例,其中192.168.1.220替换为本机IP:

[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target

[Service]
User=root
ExecStart=/usr/bin/kube-apiserver \
  --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota \
  --advertise-address=192.168.1.220 \
  --allow-privileged=true \
  --apiserver-count=1 \
  --audit-log-maxage=30 \
  --audit-log-maxbackup=1 \
  --audit-log-maxsize=100 \
  --audit-log-path=/var/lib/audit.log \
  --authorization-mode=RBAC \
  --bind-address=192.168.1.220 \
  --client-ca-file=/etc/kubernetes/ssl/ca.pem \
  --enable-swagger-ui=true \
  --etcd-cafile=/etc/kubernetes/ssl/ca.pem \
  --etcd-certfile=/etc/kubernetes/ssl/etcd.pem \
  --etcd-keyfile=/etc/kubernetes/ssl/etcd-key.pem \
  --etcd-servers=https://192.168.1.220:2379 \
  --event-ttl=1h \
  --kubelet-https=true \
  --insecure-bind-address=192.168.1.220 \
  --runtime-config=rbac.authorization.k8s.io/v1alpha1 \
  --service-account-key-file=/etc/kubernetes/ssl/ca-key.pem \
  --service-cluster-ip-range=10.254.0.0/16 \
  --service-node-port-range=8081-32000 \
  --tls-cert-file=/etc/kubernetes/ssl/kubernetes.pem \
  --tls-private-key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
  --experimental-bootstrap-token-auth \
  --token-auth-file=/etc/kubernetes/token.csv \
  --storage-backend=etcd2
  --v=2
Restart=on-failure
RestartSec=5s
Type=notify
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

参考:
– kube-apiserver is not working with etcd2 when enable with client-cert-auth