minor fix

.gitignore

@@ -8,14 +8,9 @@ bin/*
 manifests/storage/*
 !manifests/storage/test.yaml
 
-# k8s backup directory
-roles/cluster-backup/files/*
-!roles/cluster-backup/files/readme.md
-
 # role based variable settings, exclude roles/os-harden/vars/
 #/roles/*/vars/*
 #!/roles/os-harden/vars/
 
-# cluster backups
-.cluster/
+# cluster instances
 clusters/

roles/calico/tasks/main.yml

@@ -2,6 +2,7 @@
   file: name={{ item }} state=directory
   with_items:
   - /etc/cni/net.d
+  - /etc/calico/ssl
   - /opt/kube/images 
   - /opt/kube/kube-system
 
@@ -18,7 +19,7 @@
   connection: local
 
 - name: 分发calico证书相关
-  copy: src={{ cluster_dir }}/ssl/{{ item }} dest={{ ca_dir }}/{{ item }}
+  copy: src={{ cluster_dir }}/ssl/{{ item }} dest=/etc/calico/ssl/{{ item }}
   with_items:
   - ca.pem
   - calico.pem
@@ -30,7 +31,7 @@
   run_once: true
 
 - name: 创建 calico-etcd-secrets
-  shell: "cd {{ ca_dir }} && \
+  shell: "cd /etc/calico/ssl && \
         {{ bin_dir }}/kubectl create secret generic -n kube-system calico-etcd-secrets \
         --from-file=etcd-ca=ca.pem \
         --from-file=etcd-key=calico-key.pem \

roles/kube-master/templates/kube-controller-manager.service.j2

@@ -4,7 +4,7 @@ Documentation=https://github.com/GoogleCloudPlatform/kubernetes
 
 [Service]
 ExecStart={{ bin_dir }}/kube-controller-manager \
-  --address=127.0.0.1 \
+  --bind-address={{ inventory_hostname }} \
   --allocate-node-cidrs=true \
   --cluster-cidr={{ CLUSTER_CIDR }} \
   --cluster-name=kubernetes \

roles/kube-master/templates/kube-scheduler.service.j2

@@ -4,7 +4,7 @@ Documentation=https://github.com/GoogleCloudPlatform/kubernetes
 
 [Service]
 ExecStart={{ bin_dir }}/kube-scheduler \
-  --address=127.0.0.1 \
+  --bind-address={{ inventory_hostname }} \
   --kubeconfig=/etc/kubernetes/kube-scheduler.kubeconfig \
   --leader-elect=true \
   --v=2

roles/kube-node/tasks/main.yml

@@ -71,6 +71,10 @@
     regexp: "^    server"
     line: "    server: {{ KUBE_APISERVER }}"
 
+- name: 创建kube-proxy 配置
+  template: src=kube-proxy-config.yaml.j2 dest=/var/lib/kube-proxy/kube-proxy-config.yaml
+  tags: reload-kube-proxy, restart_node, upgrade_k8s
+
 - name: 创建kube-proxy 服务文件
   template: src=kube-proxy.service.j2 dest=/etc/systemd/system/kube-proxy.service
   tags: reload-kube-proxy, restart_node, upgrade_k8s

roles/kube-node/templates/kube-proxy-config.yaml.j2

@@ -0,0 +1,15 @@
+kind: KubeProxyConfiguration
+apiVersion: kubeproxy.config.k8s.io/v1alpha1
+bindAddress: {{ inventory_hostname }} 
+clientConnection:
+  kubeconfig: "/etc/kubernetes/kube-proxy.kubeconfig"
+clusterCIDR: "{{ CLUSTER_CIDR }}"
+conntrack:
+  maxPerCore: 32768
+  min: 131072
+  tcpCloseWaitTimeout: 1h0m0s
+  tcpEstablishedTimeout: 24h0m0s
+healthzBindAddress: {{ inventory_hostname }}:10256
+hostnameOverride: "{{ inventory_hostname }}"
+metricsBindAddress: {{ inventory_hostname }}:10249
+mode: "{{ PROXY_MODE }}"

roles/kube-node/templates/kube-proxy.service.j2

@@ -7,12 +7,7 @@ After=network.target
 # kube-proxy 根据 --cluster-cidr 判断集群内部和外部流量，指定 --cluster-cidr 或 --masquerade-all 选项后，kube-proxy 会对访问 Service IP 的请求做 SNAT
 WorkingDirectory=/var/lib/kube-proxy
 ExecStart={{ bin_dir }}/kube-proxy \
-  --bind-address={{ inventory_hostname }} \
-  --cluster-cidr={{ CLUSTER_CIDR }} \
-  --hostname-override={{ inventory_hostname }} \
-  --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig \
-  --logtostderr=true \
-  --proxy-mode={{ PROXY_MODE }}
+  --config=/var/lib/kube-proxy/kube-proxy-config.yaml
 Restart=always
 RestartSec=5
 LimitNOFILE=65536

tools/imgutils

@@ -12,42 +12,44 @@ set -o errexit
 #set -o xtrace
 
 function usage() {
+  echo -e "\033[33mUsage:\033[0m imgutils [options] [args]"
   cat <<EOF
-Usage: imgutils [options] [args]
   option: -{LPSdr}
-    -L         to load images from the disk
+    -L         to load images from the disk (default '/tmp/docker/images')
     -P         to pull images from CN mirrors of 'docker.io|gcr.io|k8s.gcr.io|quay.io'
-    -S         to save images to the disk 
-    -d <dir>   working directory to hold images, default '/tmp/docker/images'
+    -S         to save local images to the disk (default '/tmp/docker/images')
+    -d <dir>   change image directory (default '/tmp/docker/images')
     -r <str>   limit to images who's repo have a pattern <str>
 
 Example:
 $ ./imgutils -S -d /opt/docker/images -r gcr.io
-  - to save all images of repo 'gcr.io' into '/opt/docker/images/'
+  - to save all local images of repo 'gcr.io' into '/opt/docker/images/'
 $ ./imgutils -P k8s.gcr.io/addon-resizer:1.8.3
   - to pull images from k8s.gcr.io
 EOF
 }
 
 function logger() {
+  TIMESTAMP=$(date +'%Y-%m-%d %H:%M:%S')
   case "$1" in
     debug)
-      echo -e "[debug] \033[36m$2\033[0m"
+      echo -e "$TIMESTAMP \033[36mDEBUG\033[0m $2"
       ;;
     info)
-      echo -e "[info] \033[32m$2\033[0m"
+      echo -e "$TIMESTAMP \033[32mINFO\033[0m $2"
       ;;
     warn)
-      echo -e "[warn] \033[33m$2\033[0m"
+      echo -e "$TIMESTAMP \033[33mWARN\033[0m $2"
       ;;
     error)
-      echo -e "[error] \033[31m$2\033[0m"
+      echo -e "$TIMESTAMP \033[31mERROR\033[0m $2"
       ;;
     *)
       ;;
   esac
 }
 
+
 function save_to_disk() {
   if [[ "$REPO_PATTERN" == "" ]];then
     DOCKER_IMAGES=$(docker images|grep -v "^REPOSITORY"|awk '{print $1":"$2}')

tools/start-aio

@@ -1,35 +0,0 @@
-#!/bin/bash
-set -o nounset
-set -o errexit
-#set -o xtrace
-
-function usage() {
-    cat <<EOF
-Usage: start-aio <version>      to start an all-in-one k8s cluster with a specific kubeasz version
-
-EOF
-}
-
-[[ "$#" -eq 1 ]] || { usage >&2; exit 1; }
-
-# 
-rm -f easzup
-
-# tool
-echo "[INFO] get the tool script: easzup"
-if [[ -e /usr/bin/curl ]];then
-  curl -C- -fLO --retry 3 "https://github.com/easzlab/kubeasz/releases/download/$1/easzup" || exit 1
-else
-  wget -c "https://github.com/easzlab/kubeasz/releases/download/$1/easzup" || exit 1
-fi
-
-# download
-echo "[INFO] download everything with easzup"
-chmod +x ./easzup
-./easzup -D
-#./easzup -P
-
-# install
-echo "[INFO] install k8s using a container 'kubeasz'"
-./easzup -S
-docker exec -it kubeasz easzctl start-aio