更新90.setup.yml 95.clean.yml

90.setup.yml

@@ -1,8 +1,21 @@
+# 在deploy节点生成CA相关证书，以供整个集群使用
+- hosts: deploy
+  gather_facts: False
+  roles:
+  - ca
+
+# 集群节点的公共配置任务
 - hosts: kube-cluster
   gather_facts: False
   roles:
   - prepare
 
+# 可选，多master部署时的负载均衡配置
+- hosts: lb
+  gather_facts: False
+  roles:
+  - lb
+
 - hosts: etcd
   gather_facts: False
   roles:
@@ -12,15 +25,7 @@
   gather_facts: False
   roles:
   - kubectl
-
-- hosts: kube-cluster
-  gather_facts: False
-  roles:
   - docker
-
-- hosts: kube-cluster
-  gather_facts: False
-  roles:
   - calico
 
 - hosts: kube-master

95.clean.yml

@@ -1,8 +1,34 @@
+- hosts: kube-cluster
+  gather_facts: False
+  tasks:
+  - name: stop calico-node service
+    shell: "systemctl stop calico-node docker"
+    ignore_errors: true
+
+  - name: 清理目录和文件
+    file: name={{ item }} state=absent
+    with_items:
+    - "/etc/cni/"
+    - "/etc/calico/ssl/"
+    - "/var/run/calico/"
+    - "/var/log/calico/"
+    - "/var/lib/docker/"
+    - "/var/run/docker/"
+    - "/etc/systemd/system/calico-node.service"
+    - "/etc/systemd/system/docker.service"
+
+  - name: 清理 iptables
+    shell: iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat
+
+  - name: 清理网络
+    shell: "ip link del docker0; ip link del tunl0"
+    ignore_errors: true
+
 - hosts: kube-node
   gather_facts: False
   tasks:
   - name: stop kube-node service
-    shell: "systemctl stop kubelet kube-proxy calico-node docker"
+    shell: "systemctl stop kubelet kube-proxy"
     ignore_errors: true
 
   - name: umount kubelet 挂载的目录
@@ -13,27 +39,16 @@
     file: name={{ item }} state=absent
     with_items:
     - "/var/lib/kubelet/"
-    - "/var/lib/docker/"
-    - "/var/run/docker/"
     - "/etc/kubernetes/"
     - "/etc/systemd/system/kubelet.service"
-    - "/etc/systemd/system/docker.service"
     - "/etc/systemd/system/kube-proxy.service"
-    - "/etc/systemd/system/calico-node.service"
    # - "/root/local/bin/"
 
-  - name: 清理 iptables
-    shell: iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat
-
-  - name: 清理网络
-    shell: "ip link del docker0; ip link del tunl0"
-    ignore_errors: true
-
 - hosts: kube-master
   gather_facts: False
   tasks:
   - name: stop kube-master service
-    shell: "systemctl stop kube-apiserver kube-controller-manager kube-scheduler calico-node"
+    shell: "systemctl stop kube-apiserver kube-controller-manager kube-scheduler"
     ignore_errors: true
 
   - name: 清理目录和文件

down/download.sh

@@ -1,10 +1,9 @@
 #!/bin/bash
 #主要组件版本如下
-export K8S_VER=v1.7.7
+export K8S_VER=v1.7.6
 export ETCD_VER=v3.2.8
-export FLANNEL_VER=v0.9.0
 export DOCKER_VER=17.09.0-ce
-export CALICO_VER=v1.6.1
+export CALICO_VER=v1.6.2
 
 echo "\n----download k8s binary at:"
 echo https://dl.k8s.io/${K8S_VER}/kubernetes-server-linux-amd64.tar.gz
@@ -13,9 +12,6 @@ echo "\n----download etcd binary at:"
 echo https://github.com/coreos/etcd/releases/download/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz
 echo https://storage.googleapis.com/etcd/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz
 
-echo "\n----download flannel binary at:"
-echo https://github.com/coreos/flannel/releases/download/${FLANNEL_VER}/flannel-${FLANNEL_VER}-linux-amd64.tar.gz
-
 echo "\n----download calicoctl binary at:"
 echo https://github.com/projectcalico/calicoctl/releases/download/${CALICO_VER}/calicoctl
 

roles/kube-node/templates/kubelet.service.j2

@@ -22,6 +22,7 @@ ExecStart={{ bin_dir }}/kubelet \
   --cluster-domain={{ CLUSTER_DNS_DOMAIN }} \
   --hairpin-mode promiscuous-bridge \
   --allow-privileged=true \
+  --fail-swap-on=false
   --serialize-image-pulls=false \
   --logtostderr=true \
   --v=2