From 253f109e47ef9a3da83d19453c9043846b1689e9 Mon Sep 17 00:00:00 2001
From: jmgao <jmgaozz@163.com>
Date: Sun, 12 Nov 2017 14:54:20 +0800
Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B090.setup.yml=2095.clean.yml?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 90.setup.yml                                 | 21 ++++++----
 95.clean.yml                                 | 41 +++++++++++++-------
 down/download.sh                             |  8 +---
 roles/kube-node/templates/kubelet.service.j2 |  1 +
 4 files changed, 44 insertions(+), 27 deletions(-)

diff --git a/90.setup.yml b/90.setup.yml
index 8b27580..f29697b 100644
--- a/90.setup.yml
+++ b/90.setup.yml
@@ -1,8 +1,21 @@
+# 在deploy节点生成CA相关证书，以供整个集群使用
+- hosts: deploy
+  gather_facts: False
+  roles:
+  - ca
+
+# 集群节点的公共配置任务
 - hosts: kube-cluster
   gather_facts: False
   roles:
   - prepare
 
+# 可选，多master部署时的负载均衡配置
+- hosts: lb
+  gather_facts: False
+  roles:
+  - lb
+
 - hosts: etcd
   gather_facts: False
   roles:
@@ -12,15 +25,7 @@
   gather_facts: False
   roles:
   - kubectl
-
-- hosts: kube-cluster
-  gather_facts: False
-  roles:
   - docker
-
-- hosts: kube-cluster
-  gather_facts: False
-  roles:
   - calico
 
 - hosts: kube-master
diff --git a/95.clean.yml b/95.clean.yml
index 7de7a04..33914a1 100644
--- a/95.clean.yml
+++ b/95.clean.yml
@@ -1,8 +1,34 @@
+- hosts: kube-cluster
+  gather_facts: False
+  tasks:
+  - name: stop calico-node service
+    shell: "systemctl stop calico-node docker"
+    ignore_errors: true
+
+  - name: 清理目录和文件
+    file: name={{ item }} state=absent
+    with_items:
+    - "/etc/cni/"
+    - "/etc/calico/ssl/"
+    - "/var/run/calico/"
+    - "/var/log/calico/"
+    - "/var/lib/docker/"
+    - "/var/run/docker/"
+    - "/etc/systemd/system/calico-node.service"
+    - "/etc/systemd/system/docker.service"
+
+  - name: 清理 iptables
+    shell: iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat
+
+  - name: 清理网络
+    shell: "ip link del docker0; ip link del tunl0"
+    ignore_errors: true
+
 - hosts: kube-node
   gather_facts: False
   tasks:
   - name: stop kube-node service
-    shell: "systemctl stop kubelet kube-proxy calico-node docker"
+    shell: "systemctl stop kubelet kube-proxy"
     ignore_errors: true
 
   - name: umount kubelet 挂载的目录
@@ -13,27 +39,16 @@
     file: name={{ item }} state=absent
     with_items:
     - "/var/lib/kubelet/"
-    - "/var/lib/docker/"
-    - "/var/run/docker/"
     - "/etc/kubernetes/"
     - "/etc/systemd/system/kubelet.service"
-    - "/etc/systemd/system/docker.service"
     - "/etc/systemd/system/kube-proxy.service"
-    - "/etc/systemd/system/calico-node.service"
    # - "/root/local/bin/"
 
-  - name: 清理 iptables
-    shell: iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat
-
-  - name: 清理网络
-    shell: "ip link del docker0; ip link del tunl0"
-    ignore_errors: true
-
 - hosts: kube-master
   gather_facts: False
   tasks:
   - name: stop kube-master service
-    shell: "systemctl stop kube-apiserver kube-controller-manager kube-scheduler calico-node"
+    shell: "systemctl stop kube-apiserver kube-controller-manager kube-scheduler"
     ignore_errors: true
 
   - name: 清理目录和文件
diff --git a/down/download.sh b/down/download.sh
index 40267f2..f5755be 100644
--- a/down/download.sh
+++ b/down/download.sh
@@ -1,10 +1,9 @@
 #!/bin/bash
 #主要组件版本如下
-export K8S_VER=v1.7.7
+export K8S_VER=v1.7.6
 export ETCD_VER=v3.2.8
-export FLANNEL_VER=v0.9.0
 export DOCKER_VER=17.09.0-ce
-export CALICO_VER=v1.6.1
+export CALICO_VER=v1.6.2
 
 echo "\n----download k8s binary at:"
 echo https://dl.k8s.io/${K8S_VER}/kubernetes-server-linux-amd64.tar.gz
@@ -13,9 +12,6 @@ echo "\n----download etcd binary at:"
 echo https://github.com/coreos/etcd/releases/download/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz
 echo https://storage.googleapis.com/etcd/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz
 
-echo "\n----download flannel binary at:"
-echo https://github.com/coreos/flannel/releases/download/${FLANNEL_VER}/flannel-${FLANNEL_VER}-linux-amd64.tar.gz
-
 echo "\n----download calicoctl binary at:"
 echo https://github.com/projectcalico/calicoctl/releases/download/${CALICO_VER}/calicoctl
 
diff --git a/roles/kube-node/templates/kubelet.service.j2 b/roles/kube-node/templates/kubelet.service.j2
index cae5df2..d53c53a 100644
--- a/roles/kube-node/templates/kubelet.service.j2
+++ b/roles/kube-node/templates/kubelet.service.j2
@@ -22,6 +22,7 @@ ExecStart={{ bin_dir }}/kubelet \
   --cluster-domain={{ CLUSTER_DNS_DOMAIN }} \
   --hairpin-mode promiscuous-bridge \
   --allow-privileged=true \
+  --fail-swap-on=false
   --serialize-image-pulls=false \
   --logtostderr=true \
   --v=2