更新支持containerd 1.4.3

2020-12-18 10:23:55 +08:00 · 2020-12-18 10:23:55 +08:00 · 870cc2b04a
parent 79adb50f66
commit 870cc2b04a
6 changed files with 14 additions and 17 deletions
--- a/bin/readme.md
+++ b/bin/readme.md
@ -1,5 +0,0 @@
-# Binaries for k8s clusters
-
-For kubeasz 2x and above, binaries are downloaded and managed by 'tools/easzup'.
-
-Alternatively, binaries can be downloaded from the official github repos by referring to the script 'down/download.sh'.
--- a/down/download.sh
+++ b/down/download.sh
@ -11,7 +11,7 @@ DOCKER_COMPOSE_VER=1.23.2
 HARBOR_VER=v1.9.4
 CONTAINERD_VER=1.2.6

-echo -e "\nNote: It's suggested to download using 'tools/easzup -D', everything needed will be ready in '/etc/ansible'."
+echo -e "\nNote: It's strongly recommended that downloading with 'tools/easzup -D', everything needed will be ready in '/etc/ansible'."

 echo -e "\n----download k8s binary at:"
 echo -e https://dl.k8s.io/${K8S_VER}/kubernetes-server-linux-amd64.tar.gz
--- a/roles/containerd/templates/config.toml.j2
+++ b/roles/containerd/templates/config.toml.j2
@ -48,7 +48,7 @@ oom_score = -999
    [plugins.cri.cni]
      bin_dir = "{{ bin_dir }}"
      conf_dir = "/etc/cni/net.d"
-      conf_template = ""
+      conf_template = "/etc/cni/net.d/10-default.conf"
 {% if ENABLE_MIRROR_REGISTRY %}
    [plugins.cri.registry]
      [plugins.cri.registry.mirrors]
--- a/roles/kube-master/templates/kube-apiserver.service.j2
+++ b/roles/kube-master/templates/kube-apiserver.service.j2
@ -8,6 +8,7 @@ ExecStart={{ bin_dir }}/kube-apiserver \
  --advertise-address={{ inventory_hostname }} \
  --allow-privileged=true \
  --anonymous-auth=false \
+  --api-audiences=api,istio-ca \
  --authorization-mode=Node,RBAC \
 {% if BASIC_AUTH_ENABLE == "yes" %}
  --token-auth-file={{ ca_dir }}/basic-auth.csv \
@ -22,7 +23,8 @@ ExecStart={{ bin_dir }}/kube-apiserver \
  --kubelet-certificate-authority={{ ca_dir }}/ca.pem \
  --kubelet-client-certificate={{ ca_dir }}/admin.pem \
  --kubelet-client-key={{ ca_dir }}/admin-key.pem \
-  --kubelet-https=true \
+  --service-account-issuer=kubernetes.default.svc \
+  --service-account-signing-key-file={{ ca_dir }}/ca-key.pem \
  --service-account-key-file={{ ca_dir }}/ca.pem \
  --service-cluster-ip-range={{ SERVICE_CIDR }} \
  --service-node-port-range={{ NODE_PORT_RANGE }} \
--- a/roles/kube-node/templates/cni-default.conf.j2
+++ b/roles/kube-node/templates/cni-default.conf.j2
@ -1,6 +1,6 @@
 {
 	"name": "mynet",
-   "cniVersion": "0.3.1",
+	"cniVersion": "0.3.1",
 	"type": "bridge",
 	"bridge": "mynet0",
 	"isDefaultGateway": true,
--- a/tools/easzup
+++ b/tools/easzup
@ -13,10 +13,10 @@ set -o errexit
 #set -o xtrace

 # default version, can be overridden by cmd line options, see ./easzup
-DOCKER_VER=19.03.13
+DOCKER_VER=19.03.14
 KUBEASZ_VER=2.2.2
-K8S_BIN_VER=v1.19.4
-EXT_BIN_VER=0.7.0
+K8S_BIN_VER=v1.20.0
+EXT_BIN_VER=0.8.1
 SYS_PKG_VER=0.3.3

 # images needed by k8s cluster
@ -48,16 +48,16 @@ function download_docker() {
    fi
    /bin/mv -f ./docker-${DOCKER_VER}.tgz /etc/ansible/down
  fi
-}
-
-function install_docker() {
-  # check if a container runtime is already installed
-  systemctl status docker|grep Active|grep -q running && { echo "[WARN] docker is already running."; return 0; }

  tar zxf /etc/ansible/down/docker-${DOCKER_VER}.tgz -C /etc/ansible/down && \
  /bin/cp -f /etc/ansible/down/docker/* /etc/ansible/bin && \
  /bin/mv -f /etc/ansible/down/docker/* /opt/kube/bin && \
  ln -sf /opt/kube/bin/docker /bin/docker 
+}
+
+function install_docker() {
+  # check if a container runtime is already installed
+  systemctl status docker|grep Active|grep -q running && { echo "[WARN] docker is already running."; return 0; }
 
  echo "[INFO] generate docker service file"
  cat > /etc/systemd/system/docker.service << EOF