easzlab
/
kubeasz
mirror of https://github.com/easzlab/kubeasz.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

minor fix

pull/992/head
gjmzj 2021-01-10 21:25:05 +08:00
parent a85c649805
commit 4b296cf087
9 changed files with 41 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.gitignore vendored
View File

@ -8,14 +8,9 @@ bin/*
manifests/storage/* manifests/storage/*
!manifests/storage/test.yaml !manifests/storage/test.yaml
# k8s backup directory
roles/cluster-backup/files/*
!roles/cluster-backup/files/readme.md
# role based variable settings, exclude roles/os-harden/vars/ # role based variable settings, exclude roles/os-harden/vars/
#/roles/*/vars/* #/roles/*/vars/*
#!/roles/os-harden/vars/ #!/roles/os-harden/vars/
# cluster backups # cluster instances
.cluster/
clusters/ clusters/

5
roles/calico/tasks/main.yml
View File

@ -2,6 +2,7 @@
file: name={{ item }} state=directory file: name={{ item }} state=directory
with_items: with_items:
- /etc/cni/net.d - /etc/cni/net.d
- /etc/calico/ssl
- /opt/kube/images - /opt/kube/images
- /opt/kube/kube-system - /opt/kube/kube-system
@ -18,7 +19,7 @@
connection: local connection: local
- name: 分发calico证书相关 - name: 分发calico证书相关
copy: src={{ cluster_dir }}/ssl/{{ item }} dest={{ ca_dir }}/{{ item }} copy: src={{ cluster_dir }}/ssl/{{ item }} dest=/etc/calico/ssl/{{ item }}
with_items: with_items:
- ca.pem - ca.pem
- calico.pem - calico.pem
@ -30,7 +31,7 @@
run_once: true run_once: true
- name: 创建 calico-etcd-secrets - name: 创建 calico-etcd-secrets
shell: "cd {{ ca_dir }} && \ shell: "cd /etc/calico/ssl && \
{{ bin_dir }}/kubectl create secret generic -n kube-system calico-etcd-secrets \ {{ bin_dir }}/kubectl create secret generic -n kube-system calico-etcd-secrets \
--from-file=etcd-ca=ca.pem \ --from-file=etcd-ca=ca.pem \
--from-file=etcd-key=calico-key.pem \ --from-file=etcd-key=calico-key.pem \

2
roles/kube-master/templates/kube-controller-manager.service.j2
View File

@ -4,7 +4,7 @@ Documentation=https://github.com/GoogleCloudPlatform/kubernetes
[Service] [Service]
ExecStart={{ bin_dir }}/kube-controller-manager \ ExecStart={{ bin_dir }}/kube-controller-manager \
--address=127.0.0.1 \ --bind-address={{ inventory_hostname }} \
--allocate-node-cidrs=true \ --allocate-node-cidrs=true \
--cluster-cidr={{ CLUSTER_CIDR }} \ --cluster-cidr={{ CLUSTER_CIDR }} \
--cluster-name=kubernetes \ --cluster-name=kubernetes \

2
roles/kube-master/templates/kube-scheduler.service.j2
View File

@ -4,7 +4,7 @@ Documentation=https://github.com/GoogleCloudPlatform/kubernetes
[Service] [Service]
ExecStart={{ bin_dir }}/kube-scheduler \ ExecStart={{ bin_dir }}/kube-scheduler \
--address=127.0.0.1 \ --bind-address={{ inventory_hostname }} \
--kubeconfig=/etc/kubernetes/kube-scheduler.kubeconfig \ --kubeconfig=/etc/kubernetes/kube-scheduler.kubeconfig \
--leader-elect=true \ --leader-elect=true \
--v=2 --v=2

4
roles/kube-node/tasks/main.yml
View File

@ -71,6 +71,10 @@
regexp: "^ server" regexp: "^ server"
line: " server: {{ KUBE_APISERVER }}" line: " server: {{ KUBE_APISERVER }}"
- name: 创建kube-proxy 配置
template: src=kube-proxy-config.yaml.j2 dest=/var/lib/kube-proxy/kube-proxy-config.yaml
tags: reload-kube-proxy, restart_node, upgrade_k8s
- name: 创建kube-proxy 服务文件 - name: 创建kube-proxy 服务文件
template: src=kube-proxy.service.j2 dest=/etc/systemd/system/kube-proxy.service template: src=kube-proxy.service.j2 dest=/etc/systemd/system/kube-proxy.service
tags: reload-kube-proxy, restart_node, upgrade_k8s tags: reload-kube-proxy, restart_node, upgrade_k8s

15
roles/kube-node/templates/kube-proxy-config.yaml.j2 100644
View File

@ -0,0 +1,15 @@
kind: KubeProxyConfiguration
apiVersion: kubeproxy.config.k8s.io/v1alpha1
bindAddress: {{ inventory_hostname }}
clientConnection:
kubeconfig: "/etc/kubernetes/kube-proxy.kubeconfig"
clusterCIDR: "{{ CLUSTER_CIDR }}"
conntrack:
maxPerCore: 32768
min: 131072
tcpCloseWaitTimeout: 1h0m0s
tcpEstablishedTimeout: 24h0m0s
healthzBindAddress: {{ inventory_hostname }}:10256
hostnameOverride: "{{ inventory_hostname }}"
metricsBindAddress: {{ inventory_hostname }}:10249
mode: "{{ PROXY_MODE }}"

7
roles/kube-node/templates/kube-proxy.service.j2
View File

@ -7,12 +7,7 @@ After=network.target
# kube-proxy 根据 --cluster-cidr 判断集群内部和外部流量,指定 --cluster-cidr 或 --masquerade-all 选项后kube-proxy 会对访问 Service IP 的请求做 SNAT # kube-proxy 根据 --cluster-cidr 判断集群内部和外部流量,指定 --cluster-cidr 或 --masquerade-all 选项后kube-proxy 会对访问 Service IP 的请求做 SNAT
WorkingDirectory=/var/lib/kube-proxy WorkingDirectory=/var/lib/kube-proxy
ExecStart={{ bin_dir }}/kube-proxy \ ExecStart={{ bin_dir }}/kube-proxy \
--bind-address={{ inventory_hostname }} \ --config=/var/lib/kube-proxy/kube-proxy-config.yaml
--cluster-cidr={{ CLUSTER_CIDR }} \
--hostname-override={{ inventory_hostname }} \
--kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig \
--logtostderr=true \
--proxy-mode={{ PROXY_MODE }}
Restart=always Restart=always
RestartSec=5 RestartSec=5
LimitNOFILE=65536 LimitNOFILE=65536

20
tools/imgutils
View File

@ -12,42 +12,44 @@ set -o errexit
#set -o xtrace #set -o xtrace
function usage() { function usage() {
echo -e "\033[33mUsage:\033[0m imgutils [options] [args]"
cat <<EOF cat <<EOF
Usage: imgutils [options] [args]
option: -{LPSdr} option: -{LPSdr}
-L to load images from the disk -L to load images from the disk (default '/tmp/docker/images')
-P to pull images from CN mirrors of 'docker.io|gcr.io|k8s.gcr.io|quay.io' -P to pull images from CN mirrors of 'docker.io|gcr.io|k8s.gcr.io|quay.io'
-S to save images to the disk -S to save local images to the disk (default '/tmp/docker/images')
-d <dir> working directory to hold images, default '/tmp/docker/images' -d <dir> change image directory (default '/tmp/docker/images')
-r <str> limit to images who's repo have a pattern <str> -r <str> limit to images who's repo have a pattern <str>
Example: Example:
$ ./imgutils -S -d /opt/docker/images -r gcr.io $ ./imgutils -S -d /opt/docker/images -r gcr.io
- to save all images of repo 'gcr.io' into '/opt/docker/images/' - to save all local images of repo 'gcr.io' into '/opt/docker/images/'
$ ./imgutils -P k8s.gcr.io/addon-resizer:1.8.3 $ ./imgutils -P k8s.gcr.io/addon-resizer:1.8.3
- to pull images from k8s.gcr.io - to pull images from k8s.gcr.io
EOF EOF
} }
function logger() { function logger() {
TIMESTAMP=$(date +'%Y-%m-%d %H:%M:%S')
case "$1" in case "$1" in
debug) debug)
echo -e "[debug] \033[36m$2\033[0m" echo -e "$TIMESTAMP \033[36mDEBUG\033[0m $2"
;; ;;
info) info)
echo -e "[info] \033[32m$2\033[0m" echo -e "$TIMESTAMP \033[32mINFO\033[0m $2"
;; ;;
warn) warn)
echo -e "[warn] \033[33m$2\033[0m" echo -e "$TIMESTAMP \033[33mWARN\033[0m $2"
;; ;;
error) error)
echo -e "[error] \033[31m$2\033[0m" echo -e "$TIMESTAMP \033[31mERROR\033[0m $2"
;; ;;
*) *)
;; ;;
esac esac
} }
function save_to_disk() { function save_to_disk() {
if [[ "$REPO_PATTERN" == "" ]];then if [[ "$REPO_PATTERN" == "" ]];then
DOCKER_IMAGES=$(docker images|grep -v "^REPOSITORY"|awk '{print $1":"$2}') DOCKER_IMAGES=$(docker images|grep -v "^REPOSITORY"|awk '{print $1":"$2}')

35
tools/start-aio
View File

@ -1,35 +0,0 @@
#!/bin/bash
set -o nounset
set -o errexit
#set -o xtrace
function usage() {
cat <<EOF
Usage: start-aio <version> to start an all-in-one k8s cluster with a specific kubeasz version
EOF
}
[[ "$#" -eq 1 ]] || { usage >&2; exit 1; }
#
rm -f easzup
# tool
echo "[INFO] get the tool script: easzup"
if [[ -e /usr/bin/curl ]];then
curl -C- -fLO --retry 3 "https://github.com/easzlab/kubeasz/releases/download/$1/easzup" || exit 1
else
wget -c "https://github.com/easzlab/kubeasz/releases/download/$1/easzup" || exit 1
fi
# download
echo "[INFO] download everything with easzup"
chmod +x ./easzup
./easzup -D
#./easzup -P
# install
echo "[INFO] install k8s using a container 'kubeasz'"
./easzup -S
docker exec -it kubeasz easzctl start-aio