From 1d737f6477e605216aa92e5d1c7962e90595d507 Mon Sep 17 00:00:00 2001 From: gjmzj Date: Thu, 14 Jun 2018 21:38:39 +0800 Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0kube-router=20with=20service-?= =?UTF-8?q?proxy?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- 99.clean.yml | 2 ++ example/hosts.allinone.example | 3 +++ example/hosts.m-masters.example | 3 +++ example/hosts.s-master.example | 3 +++ roles/kube-router/defaults/main.yml | 3 +-- roles/kube-router/tasks/main.yml | 21 +++++++++++++++++-- .../templates/kuberouter-all.yaml.j2 | 2 +- .../kube-router/templates/kuberouter.yaml.j2 | 4 ++-- 8 files changed, 34 insertions(+), 7 deletions(-) diff --git a/99.clean.yml b/99.clean.yml index fe509e1..3a338eb 100644 --- a/99.clean.yml +++ b/99.clean.yml @@ -71,10 +71,12 @@ - "/var/run/calico/" - "/var/log/calico/" - "/var/lib/docker/" + - "/var/lib/kube-router/" - "/var/run/docker/" - "/etc/systemd/system/calico-node.service" - "/etc/systemd/system/docker.service" - "/etc/systemd/system/docker.service.requires/" + - "/opt/kube/kube-system/" - name: 清理 iptables shell: "iptables -F && iptables -X \ diff --git a/example/hosts.allinone.example b/example/hosts.allinone.example index 6b4614e..460b24b 100644 --- a/example/hosts.allinone.example +++ b/example/hosts.allinone.example @@ -38,6 +38,9 @@ BOOTSTRAP_TOKEN="d18f94b5fa585c7123f56803d925d2e7" # 集群网络插件,目前支持calico, flannel, kube-router CLUSTER_NETWORK="flannel" +# 默认使用kube-proxy, 可选SERVICE_PROXY="IPVS" (前提是网络选择kube-router) +SERVICE_PROXY="kube-proxy" + # 服务网段 (Service CIDR),注意不要与内网已有网段冲突 SERVICE_CIDR="10.68.0.0/16" diff --git a/example/hosts.m-masters.example b/example/hosts.m-masters.example index 82ae758..d8dec5e 100644 --- a/example/hosts.m-masters.example +++ b/example/hosts.m-masters.example @@ -51,6 +51,9 @@ BOOTSTRAP_TOKEN="c30302226d4b810e08731702d3890f50" # 集群网络插件,目前支持calico, flannel, kube-router CLUSTER_NETWORK="flannel" +# 默认使用kube-proxy, 可选SERVICE_PROXY="IPVS" (前提是网络选择kube-router) +SERVICE_PROXY="kube-proxy" + # 服务网段 (Service CIDR),注意不要与内网已有网段冲突 SERVICE_CIDR="10.68.0.0/16" diff --git a/example/hosts.s-master.example b/example/hosts.s-master.example index 14649c4..357f866 100644 --- a/example/hosts.s-master.example +++ b/example/hosts.s-master.example @@ -41,6 +41,9 @@ BOOTSTRAP_TOKEN="d18f94b5fa585c7123f56803d925d2e7" # 集群网络插件,目前支持calico, flannel, kube-router CLUSTER_NETWORK="flannel" +# 默认使用kube-proxy, 可选SERVICE_PROXY="IPVS" (前提是网络选择kube-router) +SERVICE_PROXY="kube-proxy" + # 服务网段 (Service CIDR),注意不要与内网已有网段冲突 SERVICE_CIDR="10.68.0.0/16" diff --git a/roles/kube-router/defaults/main.yml b/roles/kube-router/defaults/main.yml index fcecfa6..84cd1ec 100644 --- a/roles/kube-router/defaults/main.yml +++ b/roles/kube-router/defaults/main.yml @@ -7,6 +7,5 @@ ROUTER_ENABLE: "true" FIREWALL_ENABLE: "true" # service-proxy 支持开关 -SVC_PROXY_ENABLE: "false" - +# 在/etc/ansible/hosts文件的变量'SERVICE_PROXY'定义 diff --git a/roles/kube-router/tasks/main.yml b/roles/kube-router/tasks/main.yml index 0e8d230..35f5649 100644 --- a/roles/kube-router/tasks/main.yml +++ b/roles/kube-router/tasks/main.yml @@ -12,8 +12,25 @@ - loopback - portmap -- name: 准备 kube-router DaemonSet yaml文件 +# kube-router 不带service proxy +- name: 准备配置 kube-router DaemonSet (without IPVS) template: src=kuberouter.yaml.j2 dest=/opt/kube/kube-system/kube-router/kuberouter.yaml + when: 'SERVICE_PROXY == "kube-proxy"' + +- name: 停止 kube-proxy 服务 + shell: "systemctl stop kube-proxy.service && systemctl disable kube-proxy.service" + when: 'SERVICE_PROXY == "IPVS"' + ignore_errors: true + +- name: 清理 kube-proxy产生的iptables规则 + shell: "{{ bin_dir }}/kube-proxy --cleanup" + when: 'SERVICE_PROXY == "IPVS"' + ignore_errors: true + +# kube-router 带service proxy (IPVS/LVS) +- name: 准备配置 kube-router DaemonSet (with IPVS) + template: src=kuberouter-all.yaml.j2 dest=/opt/kube/kube-system/kube-router/kuberouter.yaml + when: 'SERVICE_PROXY == "IPVS"' - name: 获取所有已经创建的POD信息 command: "{{ bin_dir }}/kubectl get daemonset -n kube-system" @@ -21,7 +38,7 @@ run_once: true # 只需单节点执行一次 -- name: 运行 kube-router daemonset +- name: 运行 kube-router DaemonSet shell: "{{ bin_dir }}/kubectl create -f /opt/kube/kube-system/kube-router/ && sleep 5" run_once: true when: '"kube-router" not in pod_info.stdout' diff --git a/roles/kube-router/templates/kuberouter-all.yaml.j2 b/roles/kube-router/templates/kuberouter-all.yaml.j2 index e6bde5c..21b5cfc 100644 --- a/roles/kube-router/templates/kuberouter-all.yaml.j2 +++ b/roles/kube-router/templates/kuberouter-all.yaml.j2 @@ -62,7 +62,7 @@ spec: imagePullPolicy: Always args: - "--run-router=true" - - "--run-firewall=true" + - "--run-firewall={{ FIREWALL_ENABLE }}" - "--run-service-proxy=true" - "--kubeconfig=/var/lib/kube-router/kubeconfig" env: diff --git a/roles/kube-router/templates/kuberouter.yaml.j2 b/roles/kube-router/templates/kuberouter.yaml.j2 index a053247..7194983 100644 --- a/roles/kube-router/templates/kuberouter.yaml.j2 +++ b/roles/kube-router/templates/kuberouter.yaml.j2 @@ -42,9 +42,9 @@ spec: image: cloudnativelabs/kube-router imagePullPolicy: Always args: - - "--run-router={{ ROUTER_ENABLE }}" + - "--run-router=true" - "--run-firewall={{ FIREWALL_ENABLE }}" - - "--run-service-proxy={{ SVC_PROXY_ENABLE }}" + - "--run-service-proxy=false" env: - name: NODE_NAME valueFrom: