add calico-kube-controllers

roles/kube-node/files/rbac.yaml

@@ -0,0 +1,41 @@
+# Calico Version v2.6.2
+# https://docs.projectcalico.org/v2.6/releases#v2.6.2
+
+---
+
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: calico-kube-controllers
+rules:
+  - apiGroups:
+    - ""
+    - extensions
+    resources:
+      - pods
+      - namespaces
+      - networkpolicies
+    verbs:
+      - watch
+      - list
+---
+
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: calico-kube-controllers
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: calico-kube-controllers
+subjects:
+- kind: ServiceAccount
+  name: calico-kube-controllers
+  namespace: kube-system
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: calico-kube-controllers
+  namespace: kube-system

roles/kube-node/tasks/main.yml

@@ -104,3 +104,25 @@
 
 - name: start-kube-proxy
   shell: systemctl restart kube-proxy
+
+##-------calico-kube-controllers部分----------------
+#
+- name: 创建calico-kube-controllers目录
+  tags: calico-controller
+  file: name=/root/local/kube-system/calico state=directory
+
+- name: 准备RBAC 配置文件
+  tags: calico-controller
+  copy: src=rbac.yaml dest=/root/local/kube-system/calico/rbac.yaml
+
+- name: 准备calico-kube-controllers.yaml 文件
+  tags: calico-controller
+  template: src=calico-kube-controllers.yaml.j2 dest=/root/local/kube-system/calico/calico-kube-controllers.yaml
+
+# 只需单节点执行一次，重复执行的报错可以忽略
+- name: 运行calico-kube-controllers
+  tags: calico-controller
+  shell: "{{ bin_dir }}/kubectl create -f /root/local/kube-system/calico/rbac.yaml && \ 
+	{{ bin_dir }}/kubectl create -f /root/local/kube-system/calico/calico-kube-controllers.yaml"
+  when: NODE_ID is defined and NODE_ID == "node1"
+  ignore_errors: true

roles/kube-node/templates/calico-kube-controllers.yaml.j2

@@ -0,0 +1,60 @@
+# Calico Version v2.6.2
+# https://docs.projectcalico.org/v2.6/releases#v2.6.2
+# This manifest includes the following component versions:
+#   calico/kube-controllers:v1.0.0
+
+# Create this manifest using kubectl to deploy
+# the Calico Kubernetes controllers.
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: calico-kube-controllers
+  namespace: kube-system
+  labels:
+    k8s-app: calico-kube-controllers
+spec:
+  # Only a single instance of the this pod should be
+  # active at a time.  Since this pod is run as a Deployment,
+  # Kubernetes will ensure the pod is recreated in case of failure,
+  # removing the need for passive backups.
+  replicas: 1
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      name: calico-kube-controllers
+      namespace: kube-system
+      labels:
+        k8s-app: calico-kube-controllers
+    spec:
+      hostNetwork: true
+      serviceAccountName: calico-kube-controllers
+      containers:
+        - name: calico-kube-controllers
+          #image: quay.io/calico/kube-controllers:v1.0.0
+          image: calico/kube-controllers:v1.0.0
+          env:
+            # Configure the location of your etcd cluster.
+            - name: ETCD_ENDPOINTS
+              value: "{{ ETCD_ENDPOINTS }}"
+            # Location of the CA certificate for etcd.
+            - name: ETCD_CA_CERT_FILE
+              value: "/calico-secrets/ca.pem"
+            # Location of the client key for etcd.
+            - name: ETCD_KEY_FILE
+              value: "/calico-secrets/etcd-key.pem"
+            # Location of the client certificate for etcd.
+            - name: ETCD_CERT_FILE
+              value: "/calico-secrets/etcd.pem"
+          volumeMounts:
+            # Mount in the etcd TLS secrets.
+            - mountPath: /calico-secrets
+              name: etcd-certs
+      volumes:
+        # Mount in the etcd TLS secrets.
+        - name: etcd-certs
+          hostPath:
+            path: /etc/calico/ssl
+
+---
+