From 2a916c0ad16b952bad522aa0a2bfed9d73d88996 Mon Sep 17 00:00:00 2001
From: gjmzj <gaojianming.zj@139.com>
Date: Mon, 9 Jul 2018 17:43:12 +0800
Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0kube-proxy=E4=BD=BF=E7=94=A8i?=
 =?UTF-8?q?pvs=E6=A8=A1=E5=BC=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docs/06.kube-router.md                          |  2 +-
 roles/kube-node/tasks/main.yml                  |  2 --
 roles/kube-node/templates/kube-proxy.service.j2 |  2 +-
 roles/kube-router/defaults/main.yml             |  4 ++--
 roles/prepare/tasks/main.yml                    | 11 +++++++++--
 5 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/docs/06.kube-router.md b/docs/06.kube-router.md
index 858106c..6285097 100644
--- a/docs/06.kube-router.md
+++ b/docs/06.kube-router.md
@@ -87,7 +87,7 @@ Members:
 ...
 ```
 
-- 6.ipvs虚拟服务器查看 (/etc/ansible/hosts需配置`SERVICE_PROXY="IPVS"`)
+- 6.ipvs虚拟服务器查看 (roles/kube-router/defaults/main.yml 需配置`SERVICE_PROXY="true"`)
 
 ``` bash
 # 首先创建测试应用
diff --git a/roles/kube-node/tasks/main.yml b/roles/kube-node/tasks/main.yml
index 19ef573..56da46e 100644
--- a/roles/kube-node/tasks/main.yml
+++ b/roles/kube-node/tasks/main.yml
@@ -59,12 +59,10 @@
 - name: 开机启用kube-proxy 服务
   shell: systemctl enable kube-proxy
   ignore_errors: true
-  when: CLUSTER_NETWORK != 'kube-router' or SERVICE_PROXY != 'IPVS'
 
 - name: 开启kube-proxy 服务
   shell: systemctl daemon-reload && systemctl restart kube-proxy
   tags: reload-kube-proxy, upgrade_k8s, restart_node
-  when: CLUSTER_NETWORK != 'kube-router' or SERVICE_PROXY != 'IPVS'
 
 # 批准 node 节点，首先轮询等待kubelet启动完成
 - name: 轮询等待kubelet启动
diff --git a/roles/kube-node/templates/kube-proxy.service.j2 b/roles/kube-node/templates/kube-proxy.service.j2
index 61fb597..910e04d 100644
--- a/roles/kube-node/templates/kube-proxy.service.j2
+++ b/roles/kube-node/templates/kube-proxy.service.j2
@@ -12,7 +12,7 @@ ExecStart={{ bin_dir }}/kube-proxy \
   --hostname-override={{ inventory_hostname }} \
   --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig \
   --logtostderr=true \
-  --v=2
+  --proxy-mode={{ PROXY_MODE }}
 Restart=on-failure
 RestartSec=5
 LimitNOFILE=65536
diff --git a/roles/kube-router/defaults/main.yml b/roles/kube-router/defaults/main.yml
index 737b76e..4b25f14 100644
--- a/roles/kube-router/defaults/main.yml
+++ b/roles/kube-router/defaults/main.yml
@@ -6,8 +6,8 @@ ROUTER_ENABLE: "true"
 # NetworkPolicy 支持开关
 FIREWALL_ENABLE: "true"
 
-# service-proxy 支持开关
-# 在/etc/ansible/hosts文件的变量'SERVICE_PROXY'定义
+# service-proxy 支持开关，如选择 'false' 即使用k8s集群默认的kube-proxy
+SERVICE_PROXY: "false"
 
 # kube-router 镜像版本
 IMAGE: "cloudnativelabs/kube-router"
diff --git a/roles/prepare/tasks/main.yml b/roles/prepare/tasks/main.yml
index eec381f..b949e89 100644
--- a/roles/prepare/tasks/main.yml
+++ b/roles/prepare/tasks/main.yml
@@ -97,8 +97,15 @@
 - name: 设置系统参数
   copy: src=95-k8s-sysctl.conf dest=/etc/sysctl.d/95-k8s-sysctl.conf
 
-- name: 加载br_netfilter模块
-  modprobe: name=br_netfilter state=present
+- name: 加载内核模块
+  modprobe: name={{ item }} state=present
+  with_items:
+    - br_netfilter
+    - ip_vs
+    - ip_vs_rr
+    - ip_vs_wrr
+    - ip_vs_sh
+    - nf_conntrack_ipv4
   ignore_errors: true
   
 - name: 生效系统参数