From f17b62d44f4f2b9ec8723932e66fd4ef038d3e89 Mon Sep 17 00:00:00 2001 From: lusyoe Date: Sun, 15 Jul 2018 16:43:19 +0800 Subject: [PATCH 01/12] update jenkins and plugins --- manifests/jenkins/Chart.yaml | 4 +-- manifests/jenkins/README.md | 25 ++++++------- manifests/jenkins/templates/config.yaml | 11 +++--- .../templates/jenkins-master-deployment.yaml | 13 +++++-- manifests/jenkins/values.yaml | 36 +++++++++++++------ 5 files changed, 59 insertions(+), 30 deletions(-) diff --git a/manifests/jenkins/Chart.yaml b/manifests/jenkins/Chart.yaml index f0d5390..c6033f3 100644 --- a/manifests/jenkins/Chart.yaml +++ b/manifests/jenkins/Chart.yaml @@ -1,7 +1,7 @@ name: jenkins home: https://jenkins.io/ -version: 0.16.1 -appVersion: 2.107 +version: 0.16.6 +appVersion: 2.121.1 description: Open source continuous integration server. It supports multiple SCM tools including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based projects as well as arbitrary scripts. diff --git a/manifests/jenkins/README.md b/manifests/jenkins/README.md index ce9b5e3..8757c39 100644 --- a/manifests/jenkins/README.md +++ b/manifests/jenkins/README.md @@ -33,23 +33,24 @@ The following tables list the configurable parameters of the Jenkins chart and t | `Master.Name` | Jenkins master name | `jenkins-master` | | `Master.Image` | Master image name | `jenkinsci/jenkins` | | `Master.ImageTag` | Master image tag | `lts` | -| `Master.ImagePullPolicy` | Master image pull policy | `IfNotPresent` | +| `Master.ImagePullPolicy` | Master image pull policy | `Always` | | `Master.ImagePullSecret` | Master image pull secret | Not set | | `Master.Component` | k8s selector key | `jenkins-master` | | `Master.UseSecurity` | Use basic security | `true` | | `Master.AdminUser` | Admin username (and password) created as a secret if useSecurity is true | `admin` | -| `Master.Cpu` | Master requested cpu | `200m` | -| `Master.Memory` | Master requested memory | `512Mi` | +| `Master.resources` | Resources allocation (Requests and Limits) | `{requests: {cpu: 50m, memory: 256Mi}, limits: {cpu: 2000m, memory: 2048Mi}}`| | `Master.InitContainerEnv` | Environment variables for Init Container | Not set | | `Master.ContainerEnv` | Environment variables for Jenkins Container | Not set | +| `Master.UsePodSecurityContext` | Enable pod security context (must be `true` if `RunAsUser` or `FsGroup` are set) | `true` | | `Master.RunAsUser` | uid that jenkins runs with | `0` | | `Master.FsGroup` | uid that will be used for persistent volume | `0` | | `Master.ServiceAnnotations` | Service annotations | `{}` | -| `Master.ServiceType` | k8s service type | `ClusterIP` | +| `Master.ServiceType` | k8s service type | `LoadBalancer` | | `Master.ServicePort` | k8s service port | `8080` | | `Master.NodePort` | k8s node port | Not set | | `Master.HealthProbes` | Enable k8s liveness and readiness probes | `true` | -| `Master.HealthProbesTimeout` | Set the timeout for the liveness and readiness probes | `120` | +| `Master.HealthProbesLivenessTimeout` | Set the timeout for the liveness probe | `120` | +| `Master.HealthProbesReadinessTimeout` | Set the timeout for the readiness probe | `60` | | `Master.HealthProbeLivenessFailureThreshold` | Set the failure threshold for the liveness probe | `12` | | `Master.ContainerPort` | Master listening port | `8080` | | `Master.SlaveListenerPort` | Listening port for agents | `50000` | @@ -72,10 +73,11 @@ The following tables list the configurable parameters of the Jenkins chart and t | `Master.NodeSelector` | Node labels for pod assignment | `{}` | | `Master.Affinity` | Affinity settings | `{}` | | `Master.Tolerations` | Toleration labels for pod assignment | `{}` | +| `Master.PodAnnotations` | Annotations for master pod | `{}` | | `NetworkPolicy.Enabled` | Enable creation of NetworkPolicy resources. | `false` | | `NetworkPolicy.ApiVersion` | NetworkPolicy ApiVersion | `extensions/v1beta1` | -| `rbac.install` | Create service account and ClusterRoleBinding for Kubernetes plugin | `true` | -| `rbac.apiVersion` | RBAC API version | `v1` | +| `rbac.install` | Create service account and ClusterRoleBinding for Kubernetes plugin | `false` | +| `rbac.apiVersion` | RBAC API version | `v1beta1` | | `rbac.roleRef` | Cluster role name to bind to | `cluster-admin` | ### Jenkins Agent @@ -84,12 +86,11 @@ The following tables list the configurable parameters of the Jenkins chart and t | ----------------------- | ----------------------------------------------- | ---------------------- | | `Agent.AlwaysPullImage` | Always pull agent container image before build | `false` | | `Agent.Enabled` | Enable Kubernetes plugin jnlp-agent podTemplate | `true` | -| `Agent.Image` | Agent image name | `jenkins/jnlp-slave` | +| `Agent.Image` | Agent image name | `jenkinsci/jnlp-slave` | | `Agent.ImagePullSecret` | Agent image pull secret | Not set | -| `Agent.ImageTag` | Agent image tag | `latest` | +| `Agent.ImageTag` | Agent image tag | `2.62` | | `Agent.Privileged` | Agent privileged container | `false` | -| `Agent.Cpu` | Agent requested cpu | `200m` | -| `Agent.Memory` | Agent requested memory | `256Mi` | +| `Agent.resources` | Resources allocation (Requests and Limits) | `{requests: {cpu: 200m, memory: 256Mi}, limits: {cpu: 200m, memory: 256Mi}}`| | `Agent.volumes` | Additional volumes | `nil` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. @@ -149,7 +150,7 @@ It is possible to mount several volumes using `Persistence.volumes` and `Persist | `Persistence.Size` | The size of the PVC | `8Gi` | | `Persistence.volumes` | Additional volumes | `nil` | | `Persistence.mounts` | Additional mounts | `nil` | -| `Persistence.StorageClass` | The PV Provisioner | `nfs-dynamic-class`| +| `Persistence.StorageClass` | The PV Provisioner | `nfs-dynamic-class`| #### Existing PersistentVolumeClaim diff --git a/manifests/jenkins/templates/config.yaml b/manifests/jenkins/templates/config.yaml index 03d69fb..bdcf238 100644 --- a/manifests/jenkins/templates/config.yaml +++ b/manifests/jenkins/templates/config.yaml @@ -67,10 +67,13 @@ data: ${computer.jnlpmac} ${computer.name} false - {{.Values.Agent.Cpu}} - {{.Values.Agent.Memory}} - {{.Values.Agent.Cpu}} - {{.Values.Agent.Memory}} + # Resources configuration is a little hacky. This was to prevent breaking + # changes, and should be cleanned up in the future once everybody had + # enough time to migrate. + {{.Values.Agent.Cpu | default .Values.Agent.resources.requests.cpu}} + {{.Values.Agent.Memory | default .Values.Agent.resources.requests.memory}} + {{.Values.Agent.Cpu | default .Values.Agent.resources.limits.cpu}} + {{.Values.Agent.Memory | default .Values.Agent.resources.limits.memory}} diff --git a/manifests/jenkins/templates/jenkins-master-deployment.yaml b/manifests/jenkins/templates/jenkins-master-deployment.yaml index 798f415..fcda373 100644 --- a/manifests/jenkins/templates/jenkins-master-deployment.yaml +++ b/manifests/jenkins/templates/jenkins-master-deployment.yaml @@ -24,6 +24,9 @@ spec: component: "{{ .Release.Name }}-{{ .Values.Master.Component }}" annotations: checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }} + {{- if .Values.Master.PodAnnotations }} +{{ toYaml .Values.Master.PodAnnotations | indent 8 }} + {{- end }} spec: {{- if .Values.Master.NodeSelector }} nodeSelector: @@ -37,12 +40,14 @@ spec: affinity: {{ toYaml .Values.Master.Affinity | indent 8 }} {{- end }} +{{- if .Values.Master.UsePodSecurityContext }} securityContext: runAsUser: {{ default 0 .Values.Master.RunAsUser }} {{- if and (.Values.Master.RunAsUser) (.Values.Master.FsGroup) }} {{- if not (eq .Values.Master.RunAsUser 0.0) }} fsGroup: {{ .Values.Master.FsGroup }} {{- end }} +{{- end }} {{- end }} serviceAccountName: {{ if .Values.rbac.install }}{{ template "jenkins.fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }} initContainers: @@ -128,19 +133,23 @@ spec: httpGet: path: /login port: http - initialDelaySeconds: {{ .Values.Master.HealthProbesTimeout }} + initialDelaySeconds: {{ .Values.Master.HealthProbesLivenessTimeout }} timeoutSeconds: 5 failureThreshold: {{ .Values.Master.HealthProbeLivenessFailureThreshold }} readinessProbe: httpGet: path: /login port: http - initialDelaySeconds: {{ .Values.Master.HealthProbesTimeout }} + initialDelaySeconds: {{ .Values.Master.HealthProbesReadinessTimeout }} {{- end }} resources: +{{ if or .Values.Master.Cpu .Values.Master.Memory }} requests: cpu: "{{ .Values.Master.Cpu }}" memory: "{{ .Values.Master.Memory }}" +{{ else }} +{{ toYaml .Values.Master.resources | indent 12 }} +{{ end }} volumeMounts: {{- if .Values.Persistence.mounts }} {{ toYaml .Values.Persistence.mounts | indent 12 }} diff --git a/manifests/jenkins/values.yaml b/manifests/jenkins/values.yaml index c2c6c66..9585da5 100644 --- a/manifests/jenkins/values.yaml +++ b/manifests/jenkins/values.yaml @@ -18,8 +18,13 @@ Master: UseSecurity: true AdminUser: admin AdminPassword: admin - Cpu: "200m" - Memory: "512Mi" + resources: + requests: + cpu: "50m" + memory: "256Mi" + limits: + cpu: "2000m" + memory: "2048Mi" # Environment variables that get added to the init container (useful for e.g. http_proxy) # InitContainerEnv: # - name: http_proxy @@ -31,6 +36,10 @@ Master: # JavaOpts: "-Xms512m -Xmx512m" # JenkinsOpts: "" # JenkinsUriPrefix: "/jenkins" + + # Enable pod security context (must be `true` if RunAsUser or FsGroup are set) + # UsePodSecurityContext: true + # Set RunAsUser to 1000 to let Jenkins run as non-root user 'jenkins' which exists in 'jenkins/jenkins' docker image. # When setting RunAsUser to a different value than 0 also set FsGroup to the same value: # RunAsUser: @@ -47,9 +56,10 @@ Master: # NodePort: Date: Thu, 19 Jul 2018 23:39:29 +0800 Subject: [PATCH 02/12] =?UTF-8?q?=E8=B0=83=E6=95=B4=E9=99=84=E5=8A=A0?= =?UTF-8?q?=E7=BB=84=E4=BB=B6dns=E7=9B=AE=E5=BD=95=E7=BB=93=E6=9E=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/cluster-addon/tasks/main.yml | 4 ++-- roles/cluster-addon/templates/{ => dns}/coredns.yaml.j2 | 0 roles/cluster-addon/templates/{ => dns}/kubedns.yaml.j2 | 0 3 files changed, 2 insertions(+), 2 deletions(-) rename roles/cluster-addon/templates/{ => dns}/coredns.yaml.j2 (100%) rename roles/cluster-addon/templates/{ => dns}/kubedns.yaml.j2 (100%) diff --git a/roles/cluster-addon/tasks/main.yml b/roles/cluster-addon/tasks/main.yml index 94d433c..cfee385 100644 --- a/roles/cluster-addon/tasks/main.yml +++ b/roles/cluster-addon/tasks/main.yml @@ -1,12 +1,12 @@ #-------------kube-dns 插件参数初始化 # kubedns.yaml文件中部分参数根据hosts文件设置而定,因此需要用template模块替换参数 - name: 准备 kubedns的部署文件 kubedns.yaml - template: src=kubedns.yaml.j2 dest={{ base_dir }}/manifests/kubedns/kubedns.yaml + template: src=dns/kubedns.yaml.j2 dest={{ base_dir }}/manifests/kubedns/kubedns.yaml when: "hostvars[inventory_hostname]['group_names'].count('deploy') == 1" # coredns.yaml文件中部分参数根据hosts文件设置而定,因此需要用template模块替换参数 - name: 准备 coredns的部署文件 coredns.yaml - template: src=coredns.yaml.j2 dest={{ base_dir }}/manifests/coredns/coredns.yaml + template: src=dns/coredns.yaml.j2 dest={{ base_dir }}/manifests/coredns/coredns.yaml when: "hostvars[inventory_hostname]['group_names'].count('deploy') == 1" - name: 获取所有已经创建的POD信息 diff --git a/roles/cluster-addon/templates/coredns.yaml.j2 b/roles/cluster-addon/templates/dns/coredns.yaml.j2 similarity index 100% rename from roles/cluster-addon/templates/coredns.yaml.j2 rename to roles/cluster-addon/templates/dns/coredns.yaml.j2 diff --git a/roles/cluster-addon/templates/kubedns.yaml.j2 b/roles/cluster-addon/templates/dns/kubedns.yaml.j2 similarity index 100% rename from roles/cluster-addon/templates/kubedns.yaml.j2 rename to roles/cluster-addon/templates/dns/kubedns.yaml.j2 From 2fa3805244be4689386ce5a29a6514d7348b7f1e Mon Sep 17 00:00:00 2001 From: lusyoe Date: Fri, 20 Jul 2018 10:26:27 +0800 Subject: [PATCH 03/12] =?UTF-8?q?nfs=E5=AD=98=E5=82=A8=E9=87=8D=E6=9E=84,?= =?UTF-8?q?=E8=B0=83=E6=95=B4=E7=9B=AE=E5=BD=95=E7=BB=93=E6=9E=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../nfs-dynamic-storageclass.yaml | 6 ------ .../test/test-claim.yaml | 2 +- .../test/test-pod.yaml | 0 .../test/test.yaml | 2 +- roles/cluster-addon/defaults/main.yml | 4 ++++ roles/cluster-addon/tasks/main.yml | 18 ++++++++++++++++++ .../storage/dynamic-storageclass.yaml.j2 | 5 +++++ .../storage/nfs/nfs-client-provisioner.yaml.j2 | 12 +++++------- 8 files changed, 34 insertions(+), 15 deletions(-) delete mode 100644 manifests/nfs-provisioner/nfs-dynamic-storageclass.yaml rename manifests/{nfs-provisioner => storage}/test/test-claim.yaml (80%) rename manifests/{nfs-provisioner => storage}/test/test-pod.yaml (100%) rename manifests/{nfs-provisioner => storage}/test/test.yaml (93%) create mode 100644 roles/cluster-addon/templates/storage/dynamic-storageclass.yaml.j2 rename manifests/nfs-provisioner/nfs-client-provisioner.yaml => roles/cluster-addon/templates/storage/nfs/nfs-client-provisioner.yaml.j2 (91%) diff --git a/manifests/nfs-provisioner/nfs-dynamic-storageclass.yaml b/manifests/nfs-provisioner/nfs-dynamic-storageclass.yaml deleted file mode 100644 index bc505d5..0000000 --- a/manifests/nfs-provisioner/nfs-dynamic-storageclass.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: nfs-dynamic-class -#此处引用nfs-client-provisioner里面的 nfs-prov-1 -provisioner: nfs-prov-1 diff --git a/manifests/nfs-provisioner/test/test-claim.yaml b/manifests/storage/test/test-claim.yaml similarity index 80% rename from manifests/nfs-provisioner/test/test-claim.yaml rename to manifests/storage/test/test-claim.yaml index 1956623..92d6344 100644 --- a/manifests/nfs-provisioner/test/test-claim.yaml +++ b/manifests/storage/test/test-claim.yaml @@ -3,7 +3,7 @@ apiVersion: v1 metadata: name: test-claim spec: - storageClassName: nfs-dynamic-class + storageClassName: alicloud-nas accessModes: - ReadWriteMany resources: diff --git a/manifests/nfs-provisioner/test/test-pod.yaml b/manifests/storage/test/test-pod.yaml similarity index 100% rename from manifests/nfs-provisioner/test/test-pod.yaml rename to manifests/storage/test/test-pod.yaml diff --git a/manifests/nfs-provisioner/test/test.yaml b/manifests/storage/test/test.yaml similarity index 93% rename from manifests/nfs-provisioner/test/test.yaml rename to manifests/storage/test/test.yaml index 04eeeb9..a78ef2e 100644 --- a/manifests/nfs-provisioner/test/test.yaml +++ b/manifests/storage/test/test.yaml @@ -3,7 +3,7 @@ apiVersion: v1 metadata: name: test spec: - storageClassName: nfs-dynamic-class + storageClassName: alicloud-nas accessModes: - ReadWriteMany resources: diff --git a/roles/cluster-addon/defaults/main.yml b/roles/cluster-addon/defaults/main.yml index a8ffe85..6aa34d0 100644 --- a/roles/cluster-addon/defaults/main.yml +++ b/roles/cluster-addon/defaults/main.yml @@ -26,3 +26,7 @@ heapster_offline: "heapster_v1.5.1.tar" # prometheus 自动安装 #prometheus_install: "no" + +# nfs 动态存储自动安装 +nfsclient_install: "no" +storage_install: "no" diff --git a/roles/cluster-addon/tasks/main.yml b/roles/cluster-addon/tasks/main.yml index cfee385..9e909b5 100644 --- a/roles/cluster-addon/tasks/main.yml +++ b/roles/cluster-addon/tasks/main.yml @@ -79,3 +79,21 @@ when: '"heapster" not in pod_info.stdout and heapster_install == "yes"' ignore_errors: true +- block: + - name: 准备部署nfs-client动态存储 + template: + src: storage/nfs/nfs-client-provisioner.yaml.j2 + dest: "{{ base_dir }}/manifests/storage/nfs/nfs-client-provisioner.yaml" + - name: 开始部署nfs-client动态存储 + shell: "{{ bin_dir }}/kubectl apply -f {{ base_dir }}/manifests/storage/nfs/nfs-client-provisioner.yaml" + when: 'nfsclient_install == "yes"' + +- block: + - name: 准备部署动态存储类 + template: + src: storage/dynamic-storageclass.yaml.j2 + dest: "{{ base_dir }}/manifests/storage/dynamic-storageclass.yaml" + - name: 开始部署动态存储类 + shell: "{{ bin_dir }}/kubectl apply -f {{ base_dir }}/manifests/storage/dynamic-storageclass.yaml" + when: 'storage_install == "yes"' + diff --git a/roles/cluster-addon/templates/storage/dynamic-storageclass.yaml.j2 b/roles/cluster-addon/templates/storage/dynamic-storageclass.yaml.j2 new file mode 100644 index 0000000..e7ad14d --- /dev/null +++ b/roles/cluster-addon/templates/storage/dynamic-storageclass.yaml.j2 @@ -0,0 +1,5 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: {{ STORAGE_CLASS_NAME }} +provisioner: prov diff --git a/manifests/nfs-provisioner/nfs-client-provisioner.yaml b/roles/cluster-addon/templates/storage/nfs/nfs-client-provisioner.yaml.j2 similarity index 91% rename from manifests/nfs-provisioner/nfs-client-provisioner.yaml rename to roles/cluster-addon/templates/storage/nfs/nfs-client-provisioner.yaml.j2 index b74bad0..ac8877f 100644 --- a/manifests/nfs-provisioner/nfs-client-provisioner.yaml +++ b/roles/cluster-addon/templates/storage/nfs/nfs-client-provisioner.yaml.j2 @@ -67,15 +67,13 @@ spec: env: - name: PROVISIONER_NAME # 此处供应者名字供storageclass调用 - value: nfs-prov-1 + value: prov - name: NFS_SERVER - value: 10.1.241.230 + value: {{ STORAGE_SERVER }} - name: NFS_PATH - value: /home/share/k8s-pv + value: {{ STORAGE_PATH }} volumes: - name: nfs-client-root nfs: - server: 10.1.241.230 - path: /home/share/k8s-pv - ---- + server: {{ STORAGE_SERVER }} + path: {{ STORAGE_PATH }} From 09794870a32783fe07893a3e3ca3c5cd6a631594 Mon Sep 17 00:00:00 2001 From: lusyoe Date: Fri, 20 Jul 2018 10:28:59 +0800 Subject: [PATCH 04/12] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E5=AD=98=E5=82=A8?= =?UTF-8?q?=E5=8F=98=E9=87=8F=E7=A4=BA=E4=BE=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- example/hosts.allinone.example | 5 +++++ example/hosts.m-masters.example | 5 +++++ example/hosts.s-master.example | 5 +++++ 3 files changed, 15 insertions(+) diff --git a/example/hosts.allinone.example b/example/hosts.allinone.example index b6b45fb..93ab5e7 100644 --- a/example/hosts.allinone.example +++ b/example/hosts.allinone.example @@ -81,3 +81,8 @@ base_dir="/etc/ansible" #私有仓库 harbor服务器 (域名或者IP) #HARBOR_IP="192.168.1.8" #HARBOR_DOMAIN="harbor.yourdomain.com" + +#部署动态存储 +#STORAGE_SERVER="192.168.1.1" +#STORAGE_PATH="/data/nfs" +#STORAGE_CLASS_NAME="nfs-dynamic-class" diff --git a/example/hosts.m-masters.example b/example/hosts.m-masters.example index b4be42e..6828125 100644 --- a/example/hosts.m-masters.example +++ b/example/hosts.m-masters.example @@ -95,3 +95,8 @@ base_dir="/etc/ansible" #私有仓库 harbor服务器 (域名或者IP) #HARBOR_IP="192.168.1.8" #HARBOR_DOMAIN="harbor.yourdomain.com" + +#部署动态存储 +#STORAGE_SERVER="192.168.1.1" +#STORAGE_PATH="/data/nfs" +#STORAGE_CLASS_NAME="nfs-dynamic-class" diff --git a/example/hosts.s-master.example b/example/hosts.s-master.example index 3967d65..cfabd8a 100644 --- a/example/hosts.s-master.example +++ b/example/hosts.s-master.example @@ -82,3 +82,8 @@ base_dir="/etc/ansible" #私有仓库 harbor服务器 (域名或者IP) #HARBOR_IP="192.168.1.8" #HARBOR_DOMAIN="harbor.yourdomain.com" + +#部署动态存储 +#STORAGE_SERVER="192.168.1.1" +#STORAGE_PATH="/data/nfs" +#STORAGE_CLASS_NAME="nfs-dynamic-class" From 5a7d610a297a2868ee2c847cb68490b0d6c29689 Mon Sep 17 00:00:00 2001 From: lusyoe Date: Fri, 20 Jul 2018 10:55:03 +0800 Subject: [PATCH 05/12] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E9=98=BF=E9=87=8C?= =?UTF-8?q?=E4=BA=91NAS=E5=AD=98=E5=82=A8=E6=94=AF=E6=8C=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../storage/alicloud-nas/alicloud-disk.yaml | 99 +++++++++++++++++++ roles/cluster-addon/defaults/main.yml | 3 +- roles/cluster-addon/tasks/main.yml | 11 +++ .../storage/alicloud-nas/alicloud-nas.yaml.j2 | 58 +++++++++++ 4 files changed, 170 insertions(+), 1 deletion(-) create mode 100644 manifests/storage/alicloud-nas/alicloud-disk.yaml create mode 100644 roles/cluster-addon/templates/storage/alicloud-nas/alicloud-nas.yaml.j2 diff --git a/manifests/storage/alicloud-nas/alicloud-disk.yaml b/manifests/storage/alicloud-nas/alicloud-disk.yaml new file mode 100644 index 0000000..42a9b3d --- /dev/null +++ b/manifests/storage/alicloud-nas/alicloud-disk.yaml @@ -0,0 +1,99 @@ +kind: StorageClass +apiVersion: storage.k8s.io/v1beta1 +metadata: + name: alicloud-disk-common +provisioner: alicloud/disk +parameters: + type: cloud +--- +kind: StorageClass +apiVersion: storage.k8s.io/v1beta1 +metadata: + name: alicloud-disk-efficiency +provisioner: alicloud/disk +parameters: + type: cloud_efficiency +--- +kind: StorageClass +apiVersion: storage.k8s.io/v1beta1 +metadata: + name: alicloud-disk-ssd +provisioner: alicloud/disk +parameters: + type: cloud_ssd +--- +kind: StorageClass +apiVersion: storage.k8s.io/v1beta1 +metadata: + name: alicloud-disk-available +provisioner: alicloud/disk +parameters: + type: available +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: alicloud-disk-controller-runner +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: alicloud-disk-controller + namespace: kube-system +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: run-alicloud-disk-controller +subjects: + - kind: ServiceAccount + name: alicloud-disk-controller + namespace: kube-system +roleRef: + kind: ClusterRole + name: alicloud-disk-controller-runner + apiGroup: rbac.authorization.k8s.io +--- +kind: Deployment +apiVersion: extensions/v1beta1 +metadata: + name: alicloud-disk-controller + namespace: kube-system +spec: + replicas: 1 + strategy: + type: Recreate + template: + metadata: + labels: + app: alicloud-disk-controller + spec: + serviceAccount: alicloud-disk-controller + containers: + - name: alicloud-disk-controller + image: registry.cn-hangzhou.aliyuncs.com/acs/alicloud-disk-controller:v1.9.3-ed710ce + volumeMounts: + - name: cloud-config + mountPath: /etc/kubernetes/ + - name: logdir + mountPath: /var/log/alicloud/ + volumes: + - name: cloud-config + hostPath: + path: /etc/kubernetes/ + - name: logdir + hostPath: + path: /var/log/alicloud/ diff --git a/roles/cluster-addon/defaults/main.yml b/roles/cluster-addon/defaults/main.yml index 6aa34d0..e34ab75 100644 --- a/roles/cluster-addon/defaults/main.yml +++ b/roles/cluster-addon/defaults/main.yml @@ -27,6 +27,7 @@ heapster_offline: "heapster_v1.5.1.tar" # prometheus 自动安装 #prometheus_install: "no" -# nfs 动态存储自动安装 +# 动态存储自动安装 nfsclient_install: "no" +alicloudnas_install: "no" storage_install: "no" diff --git a/roles/cluster-addon/tasks/main.yml b/roles/cluster-addon/tasks/main.yml index 9e909b5..022b2d4 100644 --- a/roles/cluster-addon/tasks/main.yml +++ b/roles/cluster-addon/tasks/main.yml @@ -88,6 +88,17 @@ shell: "{{ bin_dir }}/kubectl apply -f {{ base_dir }}/manifests/storage/nfs/nfs-client-provisioner.yaml" when: 'nfsclient_install == "yes"' +- block: + - name: 准备部署alicloud-nas动态存储 + template: + src: storage/alicloud-nas/alicloud-nas.yaml.j2 + dest: "{{ base_dir }}/manifests/storage/alicloud-nas/alicloud-nas.yaml" + - name: 开始部署alicloud-disk存储 + shell: "{{ bin_dir }}/kubectl apply -f {{ base_dir }}/manifests/storage/alicloud-nas/alicloud-disk.yaml" + - name: 开始部署alicloud-nas动态存储 + shell: "{{ bin_dir }}/kubectl apply -f {{ base_dir }}/manifests/storage/alicloud-nas/alicloud-nas.yaml" + when: 'alicloudnas_install == "yes"' + - block: - name: 准备部署动态存储类 template: diff --git a/roles/cluster-addon/templates/storage/alicloud-nas/alicloud-nas.yaml.j2 b/roles/cluster-addon/templates/storage/alicloud-nas/alicloud-nas.yaml.j2 new file mode 100644 index 0000000..5dece7c --- /dev/null +++ b/roles/cluster-addon/templates/storage/alicloud-nas/alicloud-nas.yaml.j2 @@ -0,0 +1,58 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: alicloud-nas +provisioner: alicloud/nas +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: alicloud-nas-controller + namespace: kube-system +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: run-alicloud-nas-controller +subjects: + - kind: ServiceAccount + name: alicloud-nas-controller + namespace: kube-system +roleRef: + kind: ClusterRole + name: alicloud-disk-controller-runner + apiGroup: rbac.authorization.k8s.io +--- +kind: Deployment +apiVersion: apps/v1beta1 +metadata: + name: alicloud-nas-controller + namespace: kube-system +spec: + replicas: 1 + strategy: + type: Recreate + template: + metadata: + labels: + app: alicloud-nas-controller + spec: + serviceAccount: alicloud-nas-controller + containers: + - name: alicloud-nas-controller + image: registry.cn-hangzhou.aliyuncs.com/acs/alicloud-nas-controller:v1.8.4 + volumeMounts: + - mountPath: /persistentvolumes + name: nfs-client-root + env: + - name: PROVISIONER_NAME + value: alicloud/nas + - name: NFS_SERVER + value: {{ STORAGE_SERVER }} + - name: NFS_PATH + value: {{ STORAGE_PATH }} + volumes: + - name: nfs-client-root + nfs: + server: {{ STORAGE_SERVER }} + path: {{ STORAGE_PATH }} From 4750465c8165a6e2e6804ce3f57d060cbec8563b Mon Sep 17 00:00:00 2001 From: lusyoe Date: Wed, 25 Jul 2018 18:25:38 +0800 Subject: [PATCH 06/12] =?UTF-8?q?=E6=B7=BB=E5=8A=A0cluster-storage=20roles?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- 08.cluster-storage.yml | 5 ++++ roles/cluster-addon/defaults/main.yml | 5 ---- roles/cluster-addon/tasks/main.yml | 29 ------------------- roles/cluster-storage/cluster-storage.yml | 8 +++++ roles/cluster-storage/defaults/main.yml | 5 ++++ roles/cluster-storage/tasks/main.yml | 27 +++++++++++++++++ .../alicloud-nas/alicloud-nas.yaml.j2 | 8 ++--- .../templates}/dynamic-storageclass.yaml.j2 | 2 +- .../nfs/nfs-client-provisioner.yaml.j2 | 8 ++--- 9 files changed, 54 insertions(+), 43 deletions(-) create mode 100644 08.cluster-storage.yml create mode 100644 roles/cluster-storage/cluster-storage.yml create mode 100644 roles/cluster-storage/defaults/main.yml create mode 100644 roles/cluster-storage/tasks/main.yml rename roles/{cluster-addon/templates/storage => cluster-storage/templates}/alicloud-nas/alicloud-nas.yaml.j2 (88%) rename roles/{cluster-addon/templates/storage => cluster-storage/templates}/dynamic-storageclass.yaml.j2 (69%) rename roles/{cluster-addon/templates/storage => cluster-storage/templates}/nfs/nfs-client-provisioner.yaml.j2 (92%) diff --git a/08.cluster-storage.yml b/08.cluster-storage.yml new file mode 100644 index 0000000..f88ff12 --- /dev/null +++ b/08.cluster-storage.yml @@ -0,0 +1,5 @@ +- hosts: + - deploy + - kube-node + roles: + - cluster-storage diff --git a/roles/cluster-addon/defaults/main.yml b/roles/cluster-addon/defaults/main.yml index e34ab75..a8ffe85 100644 --- a/roles/cluster-addon/defaults/main.yml +++ b/roles/cluster-addon/defaults/main.yml @@ -26,8 +26,3 @@ heapster_offline: "heapster_v1.5.1.tar" # prometheus 自动安装 #prometheus_install: "no" - -# 动态存储自动安装 -nfsclient_install: "no" -alicloudnas_install: "no" -storage_install: "no" diff --git a/roles/cluster-addon/tasks/main.yml b/roles/cluster-addon/tasks/main.yml index 022b2d4..cfee385 100644 --- a/roles/cluster-addon/tasks/main.yml +++ b/roles/cluster-addon/tasks/main.yml @@ -79,32 +79,3 @@ when: '"heapster" not in pod_info.stdout and heapster_install == "yes"' ignore_errors: true -- block: - - name: 准备部署nfs-client动态存储 - template: - src: storage/nfs/nfs-client-provisioner.yaml.j2 - dest: "{{ base_dir }}/manifests/storage/nfs/nfs-client-provisioner.yaml" - - name: 开始部署nfs-client动态存储 - shell: "{{ bin_dir }}/kubectl apply -f {{ base_dir }}/manifests/storage/nfs/nfs-client-provisioner.yaml" - when: 'nfsclient_install == "yes"' - -- block: - - name: 准备部署alicloud-nas动态存储 - template: - src: storage/alicloud-nas/alicloud-nas.yaml.j2 - dest: "{{ base_dir }}/manifests/storage/alicloud-nas/alicloud-nas.yaml" - - name: 开始部署alicloud-disk存储 - shell: "{{ bin_dir }}/kubectl apply -f {{ base_dir }}/manifests/storage/alicloud-nas/alicloud-disk.yaml" - - name: 开始部署alicloud-nas动态存储 - shell: "{{ bin_dir }}/kubectl apply -f {{ base_dir }}/manifests/storage/alicloud-nas/alicloud-nas.yaml" - when: 'alicloudnas_install == "yes"' - -- block: - - name: 准备部署动态存储类 - template: - src: storage/dynamic-storageclass.yaml.j2 - dest: "{{ base_dir }}/manifests/storage/dynamic-storageclass.yaml" - - name: 开始部署动态存储类 - shell: "{{ bin_dir }}/kubectl apply -f {{ base_dir }}/manifests/storage/dynamic-storageclass.yaml" - when: 'storage_install == "yes"' - diff --git a/roles/cluster-storage/cluster-storage.yml b/roles/cluster-storage/cluster-storage.yml new file mode 100644 index 0000000..e0b6d2b --- /dev/null +++ b/roles/cluster-storage/cluster-storage.yml @@ -0,0 +1,8 @@ +hosts: deploy + roles: + - cluster-storage + vars: + storage_type: nfs + storage_server: 172.16.3.86 + storage_path: /data/nfs + storage_class_name: nfs-dynamic-class diff --git a/roles/cluster-storage/defaults/main.yml b/roles/cluster-storage/defaults/main.yml new file mode 100644 index 0000000..86fbe2d --- /dev/null +++ b/roles/cluster-storage/defaults/main.yml @@ -0,0 +1,5 @@ +# 动态存储类型, 目前支持nfs和alicloud-nas +storage_type: nfs +storage_server: 172.16.3.86 +storage_path: /data/nfs +storage_class_name: nfs-dynamic-class diff --git a/roles/cluster-storage/tasks/main.yml b/roles/cluster-storage/tasks/main.yml new file mode 100644 index 0000000..73d6975 --- /dev/null +++ b/roles/cluster-storage/tasks/main.yml @@ -0,0 +1,27 @@ +- block: + - name: 准备部署nfs-client动态存储 + template: + src: nfs/nfs-client-provisioner.yaml.j2 + dest: "{{ base_dir }}/manifests/storage/nfs/nfs-client-provisioner.yaml" + - name: 开始部署nfs-client动态存储 + shell: "{{ bin_dir }}/kubectl apply -f {{ base_dir }}/manifests/storage/nfs/nfs-client-provisioner.yaml" + when: 'storage_type == "nfs"' + +- block: + - name: 准备部署alicloud-nas动态存储 + template: + src: alicloud-nas/alicloud-nas.yaml.j2 + dest: "{{ base_dir }}/manifests/storage/alicloud-nas/alicloud-nas.yaml" + - name: 开始部署alicloud-disk存储 + shell: "{{ bin_dir }}/kubectl apply -f {{ base_dir }}/manifests/storage/alicloud-nas/alicloud-disk.yaml" + - name: 开始部署alicloud-nas动态存储 + shell: "{{ bin_dir }}/kubectl apply -f {{ base_dir }}/manifests/storage/alicloud-nas/alicloud-nas.yaml" + when: 'storage_type == "alicloud-nas"' + +- block: + - name: 准备部署动态存储类 + template: + src: dynamic-storageclass.yaml.j2 + dest: "{{ base_dir }}/manifests/storage/dynamic-storageclass.yaml" + - name: 开始部署动态存储类 + shell: "{{ bin_dir }}/kubectl apply -f {{ base_dir }}/manifests/storage/dynamic-storageclass.yaml" diff --git a/roles/cluster-addon/templates/storage/alicloud-nas/alicloud-nas.yaml.j2 b/roles/cluster-storage/templates/alicloud-nas/alicloud-nas.yaml.j2 similarity index 88% rename from roles/cluster-addon/templates/storage/alicloud-nas/alicloud-nas.yaml.j2 rename to roles/cluster-storage/templates/alicloud-nas/alicloud-nas.yaml.j2 index 5dece7c..ea2d5e4 100644 --- a/roles/cluster-addon/templates/storage/alicloud-nas/alicloud-nas.yaml.j2 +++ b/roles/cluster-storage/templates/alicloud-nas/alicloud-nas.yaml.j2 @@ -48,11 +48,11 @@ spec: - name: PROVISIONER_NAME value: alicloud/nas - name: NFS_SERVER - value: {{ STORAGE_SERVER }} + value: {{ storage_server }} - name: NFS_PATH - value: {{ STORAGE_PATH }} + value: {{ storage_path }} volumes: - name: nfs-client-root nfs: - server: {{ STORAGE_SERVER }} - path: {{ STORAGE_PATH }} + server: {{ storage_server }} + path: {{ storage_path }} diff --git a/roles/cluster-addon/templates/storage/dynamic-storageclass.yaml.j2 b/roles/cluster-storage/templates/dynamic-storageclass.yaml.j2 similarity index 69% rename from roles/cluster-addon/templates/storage/dynamic-storageclass.yaml.j2 rename to roles/cluster-storage/templates/dynamic-storageclass.yaml.j2 index e7ad14d..a8a21cd 100644 --- a/roles/cluster-addon/templates/storage/dynamic-storageclass.yaml.j2 +++ b/roles/cluster-storage/templates/dynamic-storageclass.yaml.j2 @@ -1,5 +1,5 @@ apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: - name: {{ STORAGE_CLASS_NAME }} + name: {{ storage_class_name }} provisioner: prov diff --git a/roles/cluster-addon/templates/storage/nfs/nfs-client-provisioner.yaml.j2 b/roles/cluster-storage/templates/nfs/nfs-client-provisioner.yaml.j2 similarity index 92% rename from roles/cluster-addon/templates/storage/nfs/nfs-client-provisioner.yaml.j2 rename to roles/cluster-storage/templates/nfs/nfs-client-provisioner.yaml.j2 index ac8877f..cd3351d 100644 --- a/roles/cluster-addon/templates/storage/nfs/nfs-client-provisioner.yaml.j2 +++ b/roles/cluster-storage/templates/nfs/nfs-client-provisioner.yaml.j2 @@ -69,11 +69,11 @@ spec: # 此处供应者名字供storageclass调用 value: prov - name: NFS_SERVER - value: {{ STORAGE_SERVER }} + value: {{ storage_server }} - name: NFS_PATH - value: {{ STORAGE_PATH }} + value: {{ storage_path }} volumes: - name: nfs-client-root nfs: - server: {{ STORAGE_SERVER }} - path: {{ STORAGE_PATH }} + server: {{ storage_server }} + path: {{ storage_path }} From c53b41155af55e8f99f786c360666de3b2d1d472 Mon Sep 17 00:00:00 2001 From: lusyoe Date: Wed, 25 Jul 2018 18:33:37 +0800 Subject: [PATCH 07/12] =?UTF-8?q?=E7=A7=BB=E9=99=A408.cluster-storage.yml?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- 08.cluster-storage.yml | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 08.cluster-storage.yml diff --git a/08.cluster-storage.yml b/08.cluster-storage.yml deleted file mode 100644 index f88ff12..0000000 --- a/08.cluster-storage.yml +++ /dev/null @@ -1,5 +0,0 @@ -- hosts: - - deploy - - kube-node - roles: - - cluster-storage From 3876c904a648f6a3a20ad70cf8a61b033aa8f655 Mon Sep 17 00:00:00 2001 From: lusyoe Date: Wed, 25 Jul 2018 18:41:43 +0800 Subject: [PATCH 08/12] =?UTF-8?q?=E4=BF=AE=E6=94=B9storage=20yml=E8=AF=AD?= =?UTF-8?q?=E6=B3=95=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/cluster-storage/cluster-storage.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/cluster-storage/cluster-storage.yml b/roles/cluster-storage/cluster-storage.yml index e0b6d2b..72378b3 100644 --- a/roles/cluster-storage/cluster-storage.yml +++ b/roles/cluster-storage/cluster-storage.yml @@ -1,4 +1,4 @@ -hosts: deploy +- hosts: deploy roles: - cluster-storage vars: From 88a150e69bbba8462b777c73c4f5f774df1ce18a Mon Sep 17 00:00:00 2001 From: lusyoe Date: Wed, 25 Jul 2018 18:45:46 +0800 Subject: [PATCH 09/12] =?UTF-8?q?=E7=A7=BB=E9=99=A4=E7=A4=BA=E4=BE=8B?= =?UTF-8?q?=E4=B8=AD=E7=9A=84storage=E5=8F=98=E9=87=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- example/hosts.allinone.example | 5 ----- example/hosts.m-masters.example | 5 ----- example/hosts.s-master.example | 5 ----- 3 files changed, 15 deletions(-) diff --git a/example/hosts.allinone.example b/example/hosts.allinone.example index 93ab5e7..b6b45fb 100644 --- a/example/hosts.allinone.example +++ b/example/hosts.allinone.example @@ -81,8 +81,3 @@ base_dir="/etc/ansible" #私有仓库 harbor服务器 (域名或者IP) #HARBOR_IP="192.168.1.8" #HARBOR_DOMAIN="harbor.yourdomain.com" - -#部署动态存储 -#STORAGE_SERVER="192.168.1.1" -#STORAGE_PATH="/data/nfs" -#STORAGE_CLASS_NAME="nfs-dynamic-class" diff --git a/example/hosts.m-masters.example b/example/hosts.m-masters.example index 6828125..b4be42e 100644 --- a/example/hosts.m-masters.example +++ b/example/hosts.m-masters.example @@ -95,8 +95,3 @@ base_dir="/etc/ansible" #私有仓库 harbor服务器 (域名或者IP) #HARBOR_IP="192.168.1.8" #HARBOR_DOMAIN="harbor.yourdomain.com" - -#部署动态存储 -#STORAGE_SERVER="192.168.1.1" -#STORAGE_PATH="/data/nfs" -#STORAGE_CLASS_NAME="nfs-dynamic-class" diff --git a/example/hosts.s-master.example b/example/hosts.s-master.example index cfabd8a..3967d65 100644 --- a/example/hosts.s-master.example +++ b/example/hosts.s-master.example @@ -82,8 +82,3 @@ base_dir="/etc/ansible" #私有仓库 harbor服务器 (域名或者IP) #HARBOR_IP="192.168.1.8" #HARBOR_DOMAIN="harbor.yourdomain.com" - -#部署动态存储 -#STORAGE_SERVER="192.168.1.1" -#STORAGE_PATH="/data/nfs" -#STORAGE_CLASS_NAME="nfs-dynamic-class" From f25c9109f780d3085dd03682e2d317ea91fa4cbd Mon Sep 17 00:00:00 2001 From: gjmzj Date: Thu, 26 Jul 2018 10:59:06 +0800 Subject: [PATCH 10/12] =?UTF-8?q?=E6=9B=B4=E6=96=B0=E8=87=AA=E5=AE=9A?= =?UTF-8?q?=E4=B9=89=E9=85=8D=E7=BD=AE=E5=B7=A5=E5=85=B7=E8=84=9A=E6=9C=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/op/config_guide.md | 19 +++++++++++++++++++ tools/init_vars.yml | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 docs/op/config_guide.md create mode 100644 tools/init_vars.yml diff --git a/docs/op/config_guide.md b/docs/op/config_guide.md new file mode 100644 index 0000000..bac3a4d --- /dev/null +++ b/docs/op/config_guide.md @@ -0,0 +1,19 @@ +# 个性化集群参数配置 + +`kubeasz`创建集群主要在以下两个地方进行配置: + +- ansible hosts 文件(模板在examples目录):集群主要节点定义和主要参数配置 +- roles/xxx/vars/main.yml 文件:其他参数配置或者部分组件参数配置 + +这些文件都在.gitignore忽略范围,因此修改后项目目录能够保持`git status | clean` + +## ansible hosts + +项目尽量保持`ansible hosts`简单、灵活,在[快速指南](../quickStart.md)或者[集群规划与安装概览](../00-集群规划和基础参数设定.md)已经介绍过,主要包括集群节点定义和集群范围的主要参数配置;目前提供三种集群部署模板。 + +尽量保持配置项稳定。 + +## roles/xxx/vars/main.yml + +主要包括集群某个具体组件的个性化配置,具体组件的配置项可能会不断增加;项目初始时该配置与 roles/xxx/defaults/main.yml 一致,确保在不做任何配置情况下可以使用默认值创建集群;因 ansilbe 变量优先级关系,后续如果对 roles/xxx/vars/main.yml变量修改,那么它将覆盖默认配置。 + diff --git a/tools/init_vars.yml b/tools/init_vars.yml new file mode 100644 index 0000000..b732a71 --- /dev/null +++ b/tools/init_vars.yml @@ -0,0 +1,32 @@ +# [可选]初始化集群设置脚本,使用请参考docs/op/config_guide.md +# 如果创建集群时需要修改项目roles中默认配置,请执行本脚本后,编辑roles/xxx/vars/main.yml修改 + +- hosts: deploy + tasks: + - name: 创建变量配置目录 roles/xxx/vars + file: name={{ base_dir }}/roles/{{ item }}/vars state=directory + with_items: + - calico + - cluster-addon + - cluster-restore + - flannel + - helm + - kube-node + - kube-router + - lb + + - name: 复制默认配置以备修改 + copy: + src: "{{ base_dir }}/roles/{{ item }}/defaults/main.yml" + dest: "{{ base_dir }}/roles/{{ item }}/vars/main.yml" + force: "no" + with_items: + - calico + - cluster-addon + - cluster-restore + - flannel + - helm + - kube-node + - kube-router + - lb + From 93e041c825112db692901a5575bb85327fb27e81 Mon Sep 17 00:00:00 2001 From: Sun~shell Date: Thu, 26 Jul 2018 14:10:40 +0800 Subject: [PATCH 11/12] =?UTF-8?q?=E5=A2=9E=E5=8A=A0centos7=E5=85=B3?= =?UTF-8?q?=E9=97=ADSelinux,Firewalld,swap=E4=BA=A4=E6=8D=A2=E5=86=85?= =?UTF-8?q?=E5=AD=98=20(#270)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/deploy/tasks/main.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/roles/deploy/tasks/main.yml b/roles/deploy/tasks/main.yml index 344f8f0..81f1784 100644 --- a/roles/deploy/tasks/main.yml +++ b/roles/deploy/tasks/main.yml @@ -1,3 +1,29 @@ +- name: close centos7 Firewalld + shell: systemctl stop firewalld && systemctl disable firewalld + when: + - ansible_distribution == "CentOS" + - ansible_distribution_major_version == "7" +- name: close centos7 Selinux + lineinfile: + path: /etc/selinux/config + regexp: '^SELINUX=' + line: 'SELINUX=disabled' + when: + - ansible_distribution == "CentOS" + - ansible_distribution_major_version == "7" +- name: close swap system + shell: swapoff -a && sysctl -w vm.swappiness=0 + when: + - ansible_distribution == "CentOS" + - ansible_distribution_major_version == "7" +- name: delete swap configuration + lineinfile: + path: /etc/fstab + regexp: 'swap' + state: absent + when: + - ansible_distribution == "CentOS" + - ansible_distribution_major_version == "7" - name: prepare some dirs file: name={{ item }} state=directory with_items: From c1719b784ce947e9e757cfcc69d7086fa9f51499 Mon Sep 17 00:00:00 2001 From: gjmzj Date: Thu, 26 Jul 2018 14:27:26 +0800 Subject: [PATCH 12/12] =?UTF-8?q?=E7=A6=81=E6=AD=A2=E8=8A=82=E7=82=B9?= =?UTF-8?q?=E4=BD=BF=E7=94=A8=E7=B3=BB=E7=BB=9Fswap?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/deploy/tasks/main.yml | 26 -------------------------- roles/prepare/files/95-k8s-sysctl.conf | 1 + roles/prepare/tasks/main.yml | 12 ++++++++++++ 3 files changed, 13 insertions(+), 26 deletions(-) diff --git a/roles/deploy/tasks/main.yml b/roles/deploy/tasks/main.yml index 81f1784..344f8f0 100644 --- a/roles/deploy/tasks/main.yml +++ b/roles/deploy/tasks/main.yml @@ -1,29 +1,3 @@ -- name: close centos7 Firewalld - shell: systemctl stop firewalld && systemctl disable firewalld - when: - - ansible_distribution == "CentOS" - - ansible_distribution_major_version == "7" -- name: close centos7 Selinux - lineinfile: - path: /etc/selinux/config - regexp: '^SELINUX=' - line: 'SELINUX=disabled' - when: - - ansible_distribution == "CentOS" - - ansible_distribution_major_version == "7" -- name: close swap system - shell: swapoff -a && sysctl -w vm.swappiness=0 - when: - - ansible_distribution == "CentOS" - - ansible_distribution_major_version == "7" -- name: delete swap configuration - lineinfile: - path: /etc/fstab - regexp: 'swap' - state: absent - when: - - ansible_distribution == "CentOS" - - ansible_distribution_major_version == "7" - name: prepare some dirs file: name={{ item }} state=directory with_items: diff --git a/roles/prepare/files/95-k8s-sysctl.conf b/roles/prepare/files/95-k8s-sysctl.conf index c0277b8..f58fdd0 100644 --- a/roles/prepare/files/95-k8s-sysctl.conf +++ b/roles/prepare/files/95-k8s-sysctl.conf @@ -2,3 +2,4 @@ net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-arptables = 1 +vm.swappiness = 0 diff --git a/roles/prepare/tasks/main.yml b/roles/prepare/tasks/main.yml index b949e89..f2057df 100644 --- a/roles/prepare/tasks/main.yml +++ b/roles/prepare/tasks/main.yml @@ -92,6 +92,18 @@ regexp: 'kubectl completion' line: 'source <(kubectl completion bash)' +# 禁用系统swap +- name: 禁用系统 swap + shell: "swapoff -a && sysctl -w vm.swappiness=0" + ignore_errors: true + +- name: 删除fstab swap 相关配置 + lineinfile: + path: /etc/fstab + regexp: 'swap' + state: absent + backup: 'yes' + # 设置系统参数for k8s # 消除docker info 警告WARNING: bridge-nf-call-ip[6]tables is disabled - name: 设置系统参数