修正一些 kubelet/apiserver启动参数

2017-11-21 11:27:06 +08:00 · 2017-11-21 11:27:06 +08:00 · 22d95cd779
parent 95f70eb5e7
commit 22d95cd779
6 changed files with 25 additions and 9 deletions
--- a/01.prepare.yml
+++ b/01.prepare.yml
@ -4,11 +4,14 @@
  - ca

 # 集群节点的公共配置任务
- hosts: kube-cluster
+- hosts:
+  - kube-cluster
+  - etcd
+  - lb
  roles:
  - prepare

-# 可选，多master部署时的负载均衡配置
+# [可选]多master部署时的负载均衡配置
 - hosts: lb
  roles:
  - lb
--- a/03.kubectl.yml
+++ b/03.kubectl.yml
@ -1,3 +1,5 @@
- hosts: kube-cluster
+- hosts: 
+  - kube-cluster
+  - lb
  roles:
  - kubectl
--- a/90.setup.yml
+++ b/90.setup.yml
@ -4,11 +4,14 @@
  - ca

 # 集群节点的公共配置任务
- hosts: kube-cluster
+- hosts:
+  - kube-cluster
+  - etcd
+  - lb
  roles:
  - prepare

-# 可选，多master部署时的负载均衡配置
+# [可选]多master部署时的负载均衡配置
 - hosts: lb
  roles:
  - lb
@ -17,10 +20,18 @@
  roles:
  - etcd

- hosts: kube-cluster
+- hosts: 
+  - kube-cluster
+  - lb
  roles:
  - kubectl
+
+- hosts: kube-cluster
+  roles:
  - docker
+
+- hosts: kube-cluster
+  roles:
  - calico

 - hosts: kube-master
--- a/95.clean.yml
+++ b/95.clean.yml
@ -28,7 +28,7 @@
    shell: iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat

  - name: 清理网络
-    shell: "ip link del docker0; ip link del tunl0"
+    shell: "ip link del docker0; ip link del tunl0; systemctl restart networking"
    ignore_errors: true

 - hosts: kube-node
--- a/roles/kube-master/templates/kube-apiserver.service.j2
+++ b/roles/kube-master/templates/kube-apiserver.service.j2
@ -9,7 +9,7 @@ ExecStart={{ bin_dir }}/kube-apiserver \
  --bind-address={{ NODE_IP }} \
  --insecure-bind-address=127.0.0.1 \
  --authorization-mode=Node,RBAC \
-  --runtime-config=rbac.authorization.k8s.io/v1beta1 \
+  --runtime-config=rbac.authorization.k8s.io/v1 \
  --kubelet-https=true \
  --anonymous-auth=false \
  --basic-auth-file={{ ca_dir }}/basic-auth.csv \
--- a/roles/kube-node/templates/kubelet.service.j2
+++ b/roles/kube-node/templates/kubelet.service.j2
@ -13,7 +13,6 @@ ExecStart={{ bin_dir }}/kubelet \
  --pod-infra-container-image=mirrorgooglecontainers/pause-amd64:3.0 \
  --experimental-bootstrap-kubeconfig=/etc/kubernetes/bootstrap.kubeconfig \
  --kubeconfig=/etc/kubernetes/kubelet.kubeconfig \
-  --require-kubeconfig \
  --cert-dir={{ ca_dir }} \
  --network-plugin=cni \
  --cni-conf-dir=/etc/cni/net.d \
@ -22,6 +21,7 @@ ExecStart={{ bin_dir }}/kubelet \
  --cluster-domain={{ CLUSTER_DNS_DOMAIN }} \
  --hairpin-mode promiscuous-bridge \
  --allow-privileged=true \
+  --fail-swap-on=false \
  --logtostderr=true \
  --v=2
 #kubelet cAdvisor 默认在所有接口监听 4194 端口的请求, 以下iptables限制内网访问