更新kube-router with service-proxy

99.clean.yml

@@ -71,10 +71,12 @@
     - "/var/run/calico/"
     - "/var/log/calico/"
     - "/var/lib/docker/"
+    - "/var/lib/kube-router/"
     - "/var/run/docker/"
     - "/etc/systemd/system/calico-node.service"
     - "/etc/systemd/system/docker.service"
     - "/etc/systemd/system/docker.service.requires/"
+    - "/opt/kube/kube-system/"
 
   - name: 清理 iptables
     shell: "iptables -F && iptables -X \

example/hosts.allinone.example

@@ -38,6 +38,9 @@ BOOTSTRAP_TOKEN="d18f94b5fa585c7123f56803d925d2e7"
 # 集群网络插件，目前支持calico, flannel, kube-router
 CLUSTER_NETWORK="flannel"
 
+# 默认使用kube-proxy, 可选SERVICE_PROXY="IPVS" (前提是网络选择kube-router)
+SERVICE_PROXY="kube-proxy"
+
 # 服务网段 (Service CIDR），注意不要与内网已有网段冲突
 SERVICE_CIDR="10.68.0.0/16"
 

example/hosts.m-masters.example

@@ -51,6 +51,9 @@ BOOTSTRAP_TOKEN="c30302226d4b810e08731702d3890f50"
 # 集群网络插件，目前支持calico, flannel, kube-router
 CLUSTER_NETWORK="flannel"
 
+# 默认使用kube-proxy, 可选SERVICE_PROXY="IPVS" (前提是网络选择kube-router)
+SERVICE_PROXY="kube-proxy"
+
 # 服务网段 (Service CIDR），注意不要与内网已有网段冲突
 SERVICE_CIDR="10.68.0.0/16"
 

example/hosts.s-master.example

@@ -41,6 +41,9 @@ BOOTSTRAP_TOKEN="d18f94b5fa585c7123f56803d925d2e7"
 # 集群网络插件，目前支持calico, flannel, kube-router
 CLUSTER_NETWORK="flannel"
 
+# 默认使用kube-proxy, 可选SERVICE_PROXY="IPVS" (前提是网络选择kube-router)
+SERVICE_PROXY="kube-proxy"
+
 # 服务网段 (Service CIDR），注意不要与内网已有网段冲突
 SERVICE_CIDR="10.68.0.0/16"
 

roles/kube-router/defaults/main.yml

@@ -7,6 +7,5 @@ ROUTER_ENABLE: "true"
 FIREWALL_ENABLE: "true"
 
 # service-proxy 支持开关
-SVC_PROXY_ENABLE: "false"
-
+# 在/etc/ansible/hosts文件的变量'SERVICE_PROXY'定义
 

roles/kube-router/tasks/main.yml

@@ -12,8 +12,25 @@
   - loopback
   - portmap
 
-- name: 准备 kube-router DaemonSet yaml文件
+# kube-router 不带service proxy
+- name: 准备配置 kube-router DaemonSet (without IPVS)
   template: src=kuberouter.yaml.j2 dest=/opt/kube/kube-system/kube-router/kuberouter.yaml
+  when: 'SERVICE_PROXY == "kube-proxy"'
+
+- name: 停止 kube-proxy 服务
+  shell: "systemctl stop kube-proxy.service && systemctl disable kube-proxy.service"
+  when: 'SERVICE_PROXY == "IPVS"'
+  ignore_errors: true
+
+- name: 清理 kube-proxy产生的iptables规则
+  shell: "{{ bin_dir }}/kube-proxy --cleanup"
+  when: 'SERVICE_PROXY == "IPVS"'
+  ignore_errors: true
+
+# kube-router 带service proxy (IPVS/LVS)
+- name: 准备配置 kube-router DaemonSet (with IPVS)
+  template: src=kuberouter-all.yaml.j2 dest=/opt/kube/kube-system/kube-router/kuberouter.yaml
+  when: 'SERVICE_PROXY == "IPVS"'
 
 - name: 获取所有已经创建的POD信息
   command: "{{ bin_dir }}/kubectl get daemonset -n kube-system"
@@ -21,7 +38,7 @@
   run_once: true
 
 # 只需单节点执行一次
-- name: 运行 kube-router daemonset
+- name: 运行 kube-router DaemonSet
   shell: "{{ bin_dir }}/kubectl create -f /opt/kube/kube-system/kube-router/ && sleep 5"
   run_once: true
   when: '"kube-router" not in pod_info.stdout'

roles/kube-router/templates/kuberouter-all.yaml.j2

@@ -62,7 +62,7 @@ spec:
         imagePullPolicy: Always
         args:
         - "--run-router=true"
-        - "--run-firewall=true"
+        - "--run-firewall={{ FIREWALL_ENABLE }}"
         - "--run-service-proxy=true"
         - "--kubeconfig=/var/lib/kube-router/kubeconfig"
         env:

roles/kube-router/templates/kuberouter.yaml.j2

@@ -42,9 +42,9 @@ spec:
         image: cloudnativelabs/kube-router
         imagePullPolicy: Always
         args:
-        - "--run-router={{ ROUTER_ENABLE }}"
+        - "--run-router=true"
         - "--run-firewall={{ FIREWALL_ENABLE }}"
-        - "--run-service-proxy={{ SVC_PROXY_ENABLE }}"
+        - "--run-service-proxy=false"
         env:
         - name: NODE_NAME
           valueFrom: