From 9048ef00baccbb00155790dc3ba1d7be661f4142 Mon Sep 17 00:00:00 2001
From: jmgao <jmgaozz@163.com>
Date: Tue, 5 Dec 2017 21:31:28 +0800
Subject: [PATCH] =?UTF-8?q?=E8=AE=BE=E7=BD=AEkube-proxy=E5=8F=82=E6=95=B0-?=
 =?UTF-8?q?-masquerade-all=3Dfalse?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 roles/docker/files/daemon.json                |  3 ++-
 roles/kube-node/tasks/main.yml                | 24 ++++++-------------
 .../kube-node/templates/kube-proxy.service.j2 |  1 +
 3 files changed, 10 insertions(+), 18 deletions(-)

diff --git a/roles/docker/files/daemon.json b/roles/docker/files/daemon.json
index 5e66623..87eb35a 100644
--- a/roles/docker/files/daemon.json
+++ b/roles/docker/files/daemon.json
@@ -1,3 +1,4 @@
 {
-  "registry-mirrors": ["https://registry.docker-cn.com"] 
+  "registry-mirrors": ["https://registry.docker-cn.com"], 
+  "max-concurrent-downloads": 6
 }
diff --git a/roles/kube-node/tasks/main.yml b/roles/kube-node/tasks/main.yml
index cca7a5a..3c4c0ce 100644
--- a/roles/kube-node/tasks/main.yml
+++ b/roles/kube-node/tasks/main.yml
@@ -42,14 +42,8 @@
 - name: 创建kubelet的systemd unit文件
   template: src=kubelet.service.j2 dest=/etc/systemd/system/kubelet.service
 
-- name: daemon-reload
-  shell: systemctl daemon-reload
-
-- name: enable-kubelet
-  shell: systemctl enable kubelet
-
-- name: start-kubelet
-  shell: systemctl restart kubelet
+- name: 开启kubelet 服务
+  shell: systemctl daemon-reload && systemctl enable kubelet && systemctl restart kubelet
 
 - name: approve-kubelet-csr
   shell: "sleep 15 && {{ bin_dir }}/kubectl get csr|grep 'Pending' | awk 'NR>0{print $1}'| xargs {{ bin_dir }}/kubectl certificate approve"
@@ -94,17 +88,13 @@
 - name: 创建kube-proxy的工作目录
   file: name=/var/lib/kube-proxy state=directory
 
-- name: 创建kube-proxy的systemd unit文件
+- name: 创建kube-proxy 服务文件
+  tags: reload-kube-proxy
   template: src=kube-proxy.service.j2 dest=/etc/systemd/system/kube-proxy.service
 
-- name: daemon-reload
-  shell: systemctl daemon-reload
-
-- name: enable-kube-proxy
-  shell: systemctl enable kube-proxy
-
-- name: start-kube-proxy
-  shell: systemctl restart kube-proxy
+- name: 开启kube-proxy 服务
+  tags: reload-kube-proxy
+  shell: systemctl daemon-reload && systemctl enable kube-proxy && systemctl restart kube-proxy
 
 ##-------calico-kube-controllers部分----------------
 #
diff --git a/roles/kube-node/templates/kube-proxy.service.j2 b/roles/kube-node/templates/kube-proxy.service.j2
index a17d4b5..0fe5223 100644
--- a/roles/kube-node/templates/kube-proxy.service.j2
+++ b/roles/kube-node/templates/kube-proxy.service.j2
@@ -10,6 +10,7 @@ ExecStart={{ bin_dir }}/kube-proxy \
   --hostname-override={{ NODE_IP }} \
   --cluster-cidr={{ SERVICE_CIDR }} \
   --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig \
+  --masquerade-all=false \
   --logtostderr=true \
   --v=2
 Restart=on-failure