mirror of https://github.com/easzlab/kubeasz.git
增加flannel网络支持
parent
331bf56cb6
commit
4c1f7bceed
|
@ -14,6 +14,5 @@
|
|||
|
||||
# [可选]多master部署时的负载均衡配置
|
||||
- hosts: lb
|
||||
gather_facts: True
|
||||
roles:
|
||||
- lb
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
- hosts: kube-cluster
|
||||
roles:
|
||||
- flannel
|
17
90.setup.yml
17
90.setup.yml
|
@ -1,4 +1,5 @@
|
|||
# 在deploy节点生成CA相关证书,以供整个集群使用
|
||||
# 以及初始化kubedns.yaml配置文件
|
||||
- hosts: deploy
|
||||
roles:
|
||||
- deploy
|
||||
|
@ -8,6 +9,7 @@
|
|||
- kube-cluster
|
||||
- deploy
|
||||
- etcd
|
||||
- lb
|
||||
roles:
|
||||
- prepare
|
||||
|
||||
|
@ -16,28 +18,35 @@
|
|||
roles:
|
||||
- lb
|
||||
|
||||
# 创建etcd集群
|
||||
- hosts: etcd
|
||||
roles:
|
||||
- etcd
|
||||
|
||||
# kubectl 客户端配置
|
||||
- hosts:
|
||||
- kube-cluster
|
||||
- deploy
|
||||
roles:
|
||||
- kubectl
|
||||
|
||||
# docker服务安装
|
||||
- hosts: kube-cluster
|
||||
roles:
|
||||
- docker
|
||||
|
||||
- hosts: kube-cluster
|
||||
roles:
|
||||
- calico
|
||||
|
||||
# master 节点部署
|
||||
- hosts: kube-master
|
||||
roles:
|
||||
- kube-master
|
||||
|
||||
# node 节点部署
|
||||
- hosts: kube-node
|
||||
roles:
|
||||
- kube-node
|
||||
|
||||
# 集群网络插件部署
|
||||
- hosts: kube-cluster
|
||||
roles:
|
||||
- { role: calico, when: "CLUSTER_NETWORK == 'calico'" }
|
||||
- { role: flannel, when: "CLUSTER_NETWORK == 'flannel'" }
|
||||
|
|
|
@ -17,6 +17,7 @@
|
|||
file: name={{ item }} state=absent
|
||||
with_items:
|
||||
- "/var/lib/kubelet/"
|
||||
- "/var/lib/kube-proxy/"
|
||||
- "/etc/kubernetes/"
|
||||
- "/etc/systemd/system/kubelet.service"
|
||||
- "/etc/systemd/system/kube-proxy.service"
|
||||
|
@ -42,8 +43,8 @@
|
|||
- new-node
|
||||
- deploy
|
||||
tasks:
|
||||
- name: stop calico-node service
|
||||
shell: "systemctl stop calico-node docker"
|
||||
- name: stop docker service
|
||||
shell: "systemctl stop docker"
|
||||
ignore_errors: true
|
||||
|
||||
# 因为calico-kube-controller使用了host网络,相当于使用了docker -net=host,需要
|
||||
|
@ -59,6 +60,7 @@
|
|||
with_items:
|
||||
- "/etc/cni/"
|
||||
- "/root/.kube/"
|
||||
- "/run/flannel/"
|
||||
- "/etc/calico/"
|
||||
- "/var/run/calico/"
|
||||
- "/var/log/calico/"
|
||||
|
|
|
@ -40,6 +40,9 @@ POD_INFRA_CONTAINER_IMAGE=mirrorgooglecontainers/pause-amd64:3.0
|
|||
#TLS Bootstrapping 使用的 Token,使用 head -c 16 /dev/urandom | od -An -t x | tr -d ' ' 生成
|
||||
BOOTSTRAP_TOKEN="d18f94b5fa585c7123f56803d925d2e7"
|
||||
|
||||
# 集群网络插件,目前支持calico和flannel
|
||||
CLUSTER_NETWORK="calico"
|
||||
|
||||
# 服务网段 (Service CIDR),部署前路由不可达,部署后集群内使用 IP:Port 可达
|
||||
SERVICE_CIDR="10.68.0.0/16"
|
||||
|
||||
|
|
|
@ -55,6 +55,9 @@ POD_INFRA_CONTAINER_IMAGE=mirrorgooglecontainers/pause-amd64:3.0
|
|||
#TLS Bootstrapping 使用的 Token,使用 head -c 16 /dev/urandom | od -An -t x | tr -d ' ' 生成
|
||||
BOOTSTRAP_TOKEN="c30302226d4b810e08731702d3890f50"
|
||||
|
||||
# 集群网络插件,目前支持calico和flannel
|
||||
CLUSTER_NETWORK="calico"
|
||||
|
||||
# 服务网段 (Service CIDR),部署前路由不可达,部署后集群内使用 IP:Port 可达
|
||||
SERVICE_CIDR="10.68.0.0/16"
|
||||
|
||||
|
|
|
@ -44,6 +44,9 @@ POD_INFRA_CONTAINER_IMAGE=mirrorgooglecontainers/pause-amd64:3.0
|
|||
#TLS Bootstrapping 使用的 Token,使用 head -c 16 /dev/urandom | od -An -t x | tr -d ' ' 生成
|
||||
BOOTSTRAP_TOKEN="d18f94b5fa585c7123f56803d925d2e7"
|
||||
|
||||
# 集群网络插件,目前支持calico和flannel
|
||||
CLUSTER_NETWORK="calico"
|
||||
|
||||
# 服务网段 (Service CIDR),部署前路由不可达,部署后集群内使用 IP:Port 可达
|
||||
SERVICE_CIDR="10.68.0.0/16"
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
file: name={{ item }} state=directory
|
||||
with_items:
|
||||
- /etc/calico/ssl
|
||||
- /etc/cni/net.d
|
||||
- /root/local/kube-system/calico
|
||||
|
||||
- name: 复制CA 证书到calico 证书目录
|
||||
copy: src={{ ca_dir }}/ca.pem dest=/etc/calico/ssl/ca.pem
|
||||
|
@ -17,22 +17,30 @@
|
|||
-config={{ ca_dir }}/ca-config.json \
|
||||
-profile=kubernetes calico-csr.json | {{ bin_dir }}/cfssljson -bare calico"
|
||||
|
||||
- name: 创建 calico 的 systemd unit 文件
|
||||
template: src=calico-node.service.j2 dest=/etc/systemd/system/calico-node.service
|
||||
- name: 准备 calico DaemonSet yaml文件
|
||||
template: src=calico.yaml.j2 dest=/root/local/kube-system/calico/calico.yaml
|
||||
|
||||
- name: 启动calico 服务
|
||||
shell: systemctl daemon-reload && systemctl enable calico-node && systemctl restart calico-node
|
||||
- name: 准备 calico rbac文件
|
||||
template: src=calico-rbac.yaml.j2 dest=/root/local/kube-system/calico/calico-rbac.yaml
|
||||
|
||||
- name: 下载calico cni plugins和calicoctl 客户端
|
||||
# 只需单节点执行一次,重复执行的报错可以忽略
|
||||
- name: 运行 calico网络
|
||||
shell: "{{ bin_dir }}/kubectl create -f /root/local/kube-system/calico/ && sleep 15"
|
||||
when: NODE_ID is defined and NODE_ID == "node1"
|
||||
ignore_errors: true
|
||||
|
||||
# 删除原有cni配置
|
||||
- name: 删除默认cni配置
|
||||
file: path=/etc/cni/net.d/10-default.conf state=absent
|
||||
|
||||
# [可选]cni calico plugins 已经在calico.yaml完成安装
|
||||
- name: 下载calicoctl 客户端
|
||||
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
|
||||
with_items:
|
||||
- calico
|
||||
- calico-ipam
|
||||
- loopback
|
||||
#- calico
|
||||
#- calico-ipam
|
||||
#- loopback
|
||||
- calicoctl
|
||||
|
||||
- name: 准备 calicoctl配置文件
|
||||
template: src=calicoctl.cfg.j2 dest=/etc/calico/calicoctl.cfg
|
||||
|
||||
- name: 准备 cni配置文件
|
||||
template: src=cni-calico.conf.j2 dest=/etc/cni/net.d/10-calico.conf
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
- name: 创建flannel cni 相关目录
|
||||
file: name={{ item }} state=directory
|
||||
with_items:
|
||||
- /etc/cni/net.d
|
||||
- /root/local/kube-system/flannel
|
||||
|
||||
- name: 下载flannel cni plugins
|
||||
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
|
||||
with_items:
|
||||
- bridge
|
||||
- flannel
|
||||
- host-local
|
||||
- loopback
|
||||
- portmap
|
||||
|
||||
- name: 准备 flannel DaemonSet yaml文件
|
||||
template: src=kube-flannel.yaml.j2 dest=/root/local/kube-system/flannel/kube-flannel.yaml
|
||||
|
||||
# 只需单节点执行一次,重复执行的报错可以忽略
|
||||
- name: 运行 flannel网络
|
||||
shell: "{{ bin_dir }}/kubectl create -f /root/local/kube-system/flannel/ && sleep 15"
|
||||
when: NODE_ID is defined and NODE_ID == "node1"
|
||||
ignore_errors: true
|
||||
|
||||
# 删除原有cni配置
|
||||
- name: 删除默认cni配置
|
||||
file: path=/etc/cni/net.d/10-default.conf state=absent
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
{
|
||||
"name": "calico-k8s-network",
|
||||
"cniVersion": "0.1.0",
|
||||
"type": "calico",
|
||||
"etcd_endpoints": "{{ ETCD_ENDPOINTS }}",
|
||||
"etcd_key_file": "/etc/calico/ssl/calico-key.pem",
|
||||
"etcd_cert_file": "/etc/calico/ssl/calico.pem",
|
||||
"etcd_ca_cert_file": "/etc/calico/ssl/ca.pem",
|
||||
"log_level": "info",
|
||||
"mtu": 1500,
|
||||
"ipam": {
|
||||
"type": "calico-ipam"
|
||||
},
|
||||
"policy": {
|
||||
"type": "k8s"
|
||||
},
|
||||
"kubernetes": {
|
||||
"kubeconfig": "/root/.kube/config"
|
||||
}
|
||||
}
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: flannel
|
||||
rules:
|
||||
|
@ -25,7 +25,7 @@ rules:
|
|||
- patch
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: flannel
|
||||
roleRef:
|
||||
|
@ -73,7 +73,7 @@ data:
|
|||
}
|
||||
net-conf.json: |
|
||||
{
|
||||
"Network": "172.30.0.0/16",
|
||||
"Network": "{{ CLUSTER_CIDR }}",
|
||||
"Backend": {
|
||||
"Type": "vxlan"
|
||||
}
|
||||
|
@ -104,7 +104,8 @@ spec:
|
|||
serviceAccountName: flannel
|
||||
initContainers:
|
||||
- name: install-cni
|
||||
image: quay.io/coreos/flannel:v0.9.1-amd64
|
||||
image: harbor.tf56.lo/k8s/flannel:v0.9.1-amd64
|
||||
#image: quay.io/coreos/flannel:v0.9.1-amd64
|
||||
command:
|
||||
- cp
|
||||
args:
|
||||
|
@ -118,7 +119,8 @@ spec:
|
|||
mountPath: /etc/kube-flannel/
|
||||
containers:
|
||||
- name: kube-flannel
|
||||
image: quay.io/coreos/flannel:v0.9.1-amd64
|
||||
#image: quay.io/coreos/flannel:v0.9.1-amd64
|
||||
image: harbor.tf56.lo/k8s/flannel:v0.9.1-amd64
|
||||
command:
|
||||
- /opt/bin/flanneld
|
||||
args:
|
|
@ -1,10 +1,21 @@
|
|||
##----------kubelet 配置部分--------------
|
||||
- name: 下载 kubelet和kube-proxy 二进制
|
||||
# 创建kubelet,kube-proxy工作目录和cni配置目录
|
||||
- name: 创建kube-node 相关目录
|
||||
file: name={{ item }} state=directory
|
||||
with_items:
|
||||
- /var/lib/kubelet
|
||||
- /var/lib/kube-proxy
|
||||
- /etc/cni/net.d
|
||||
|
||||
- name: 下载 kubelet,kube-proxy 二进制和基础 cni plugins
|
||||
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
|
||||
with_items:
|
||||
- kubelet
|
||||
- kube-proxy
|
||||
|
||||
- bridge
|
||||
- host-local
|
||||
- loopback
|
||||
|
||||
##----------kubelet 配置部分--------------
|
||||
# kubelet 启动时向 kube-apiserver 发送 TLS bootstrapping 请求,需要绑定该角色
|
||||
# 只需单节点执行一次,重复执行的报错可以忽略
|
||||
# 增加15s等待kube-apiserver正常工作
|
||||
|
@ -36,8 +47,8 @@
|
|||
- name: 安装bootstrap.kubeconfig配置文件
|
||||
shell: "mv $HOME/bootstrap.kubeconfig /etc/kubernetes/bootstrap.kubeconfig"
|
||||
|
||||
- name: 创建kubelet的工作目录
|
||||
file: name=/var/lib/kubelet state=directory
|
||||
- name: 准备 cni配置文件
|
||||
template: src=cni-default.conf.j2 dest=/etc/cni/net.d/10-default.conf
|
||||
|
||||
- name: 创建kubelet的systemd unit文件
|
||||
template: src=kubelet.service.j2 dest=/etc/systemd/system/kubelet.service
|
||||
|
@ -87,9 +98,6 @@
|
|||
- name: 安装kube-proxy.kubeconfig配置文件
|
||||
shell: "mv $HOME/kube-proxy.kubeconfig /etc/kubernetes/kube-proxy.kubeconfig"
|
||||
|
||||
- name: 创建kube-proxy的工作目录
|
||||
file: name=/var/lib/kube-proxy state=directory
|
||||
|
||||
- name: 创建kube-proxy 服务文件
|
||||
tags: reload-kube-proxy
|
||||
template: src=kube-proxy.service.j2 dest=/etc/systemd/system/kube-proxy.service
|
||||
|
@ -98,25 +106,3 @@
|
|||
tags: reload-kube-proxy
|
||||
shell: systemctl daemon-reload && systemctl enable kube-proxy && systemctl restart kube-proxy
|
||||
|
||||
##-------calico-kube-controllers部分----------------
|
||||
#
|
||||
#- name: 创建calico-kube-controllers目录
|
||||
# tags: calico-controller
|
||||
# file: name=/root/local/kube-system/calico state=directory
|
||||
|
||||
#- name: 准备RBAC 配置文件
|
||||
# tags: calico-controller
|
||||
# copy: src=rbac.yaml dest=/root/local/kube-system/calico/rbac.yaml
|
||||
|
||||
#- name: 准备calico-kube-controllers.yaml 文件
|
||||
# tags: calico-controller
|
||||
# template: src=calico-kube-controllers.yaml.j2 dest=/root/local/kube-system/calico/calico-kube-controllers.yaml
|
||||
|
||||
# 只需单节点执行一次,重复执行的报错可以忽略
|
||||
# 增加15s等待node ready
|
||||
#- name: 运行calico-kube-controllers
|
||||
# tags: calico-controller
|
||||
# shell: "sleep 15 && {{ bin_dir }}/kubectl create -f /root/local/kube-system/calico/rbac.yaml && \
|
||||
# {{ bin_dir }}/kubectl create -f /root/local/kube-system/calico/calico-kube-controllers.yaml"
|
||||
# when: NODE_ID is defined and NODE_ID == "node1"
|
||||
# ignore_errors: true
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
{
|
||||
"name": "mynet",
|
||||
"type": "bridge",
|
||||
"bridge": "mynet0",
|
||||
"isDefaultGateway": true,
|
||||
"ipMasq": true,
|
||||
"hairpinMode": true,
|
||||
"ipam": {
|
||||
"type": "host-local",
|
||||
"subnet": "{{ CLUSTER_CIDR }}"
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue