From 931b2cf1b935aa45d00c44d308215d06c6584d0c Mon Sep 17 00:00:00 2001 From: jmgao Date: Sat, 9 Jun 2018 22:19:20 +0800 Subject: [PATCH] =?UTF-8?q?=E7=94=A8inventory=5Fhostname=E6=9B=BF=E6=8D=A2?= =?UTF-8?q?=E5=8F=98=E9=87=8FNODE=5FIP?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- 04.kube-master.yml | 4 ++-- 21.addmaster.yml | 4 ++-- 90.setup.yml | 4 ++-- docs/02-安装etcd集群.md | 10 ++++---- docs/04-安装kube-master节点.md | 6 ++--- docs/05-安装kube-node节点.md | 8 +++---- docs/guide/harbor.md | 4 ++-- docs/mixes/01.fix_kubelet_annoymous_access.md | 2 +- docs/op/AddMaster.md | 2 +- docs/op/AddNode.md | 2 +- example/hosts.allinone.example | 12 +++++----- example/hosts.m-masters.example | 24 +++++++++---------- example/hosts.s-master.example | 20 ++++++++-------- roles/etcd/templates/etcd-csr.json.j2 | 2 +- roles/etcd/templates/etcd.service.j2 | 8 +++---- roles/harbor/templates/harbor-csr.json.j2 | 2 +- roles/harbor/templates/harbor.cfg.j2 | 2 +- .../templates/kube-apiserver.service.j2 | 2 +- .../templates/kubernetes-csr.json.j2 | 2 +- roles/kube-node/tasks/main.yml | 4 ++-- .../kube-node/templates/kube-proxy.service.j2 | 4 ++-- roles/kube-node/templates/kubelet.service.j2 | 4 ++-- tools/change_ip_aio.yml | 2 +- 23 files changed, 67 insertions(+), 67 deletions(-) diff --git a/04.kube-master.yml b/04.kube-master.yml index 13922db..e62cdb4 100644 --- a/04.kube-master.yml +++ b/04.kube-master.yml @@ -5,10 +5,10 @@ # 禁止业务 pod调度到 master节点 tasks: - name: 禁止业务 pod调度到 master节点 - shell: "{{ bin_dir }}/kubectl cordon {{ NODE_IP }} " + shell: "{{ bin_dir }}/kubectl cordon {{ inventory_hostname }} " when: DEPLOY_MODE != "allinone" ignore_errors: true - name: 设置master节点role - shell: "{{ bin_dir }}/kubectl label node {{ NODE_IP }} kubernetes.io/role=master --overwrite" + shell: "{{ bin_dir }}/kubectl label node {{ inventory_hostname }} kubernetes.io/role=master --overwrite" ignore_errors: true diff --git a/21.addmaster.yml b/21.addmaster.yml index ed67cc1..b52f1a8 100644 --- a/21.addmaster.yml +++ b/21.addmaster.yml @@ -18,10 +18,10 @@ # 禁止业务 pod调度到 master节点 tasks: - name: 禁止业务 pod调度到 master节点 - shell: "{{ bin_dir }}/kubectl cordon {{ NODE_IP }} " + shell: "{{ bin_dir }}/kubectl cordon {{ inventory_hostname }} " when: DEPLOY_MODE != "allinone" ignore_errors: true - name: 设置master节点role - shell: "{{ bin_dir }}/kubectl label node {{ NODE_IP }} kubernetes.io/role=master --overwrite" + shell: "{{ bin_dir }}/kubectl label node {{ inventory_hostname }} kubernetes.io/role=master --overwrite" ignore_errors: true diff --git a/90.setup.yml b/90.setup.yml index 6622fc9..8eca9a4 100644 --- a/90.setup.yml +++ b/90.setup.yml @@ -38,12 +38,12 @@ # 禁止业务 pod调度到 master节点 tasks: - name: 禁止业务 pod调度到 master节点 - shell: "{{ bin_dir }}/kubectl cordon {{ NODE_IP }} " + shell: "{{ bin_dir }}/kubectl cordon {{ inventory_hostname }} " when: DEPLOY_MODE != "allinone" ignore_errors: true - name: 设置master节点role - shell: "{{ bin_dir }}/kubectl label node {{ NODE_IP }} kubernetes.io/role=master --overwrite" + shell: "{{ bin_dir }}/kubectl label node {{ inventory_hostname }} kubernetes.io/role=master --overwrite" ignore_errors: true # node 节点部署 diff --git a/docs/02-安装etcd集群.md b/docs/02-安装etcd集群.md index 1fb056e..f30c7ea 100644 --- a/docs/02-安装etcd集群.md +++ b/docs/02-安装etcd集群.md @@ -23,7 +23,7 @@ kuberntes 系统使用 etcd 存储所有数据,是最重要的组件之一, "CN": "etcd", "hosts": [ "127.0.0.1", - "{{ NODE_IP }}" + "{{ inventory_hostname }}" ], "key": { "algo": "rsa", @@ -75,10 +75,10 @@ ExecStart={{ bin_dir }}/etcd \ --peer-key-file=/etc/etcd/ssl/etcd-key.pem \ --trusted-ca-file={{ ca_dir }}/ca.pem \ --peer-trusted-ca-file={{ ca_dir }}/ca.pem \ - --initial-advertise-peer-urls=https://{{ NODE_IP }}:2380 \ - --listen-peer-urls=https://{{ NODE_IP }}:2380 \ - --listen-client-urls=https://{{ NODE_IP }}:2379,http://127.0.0.1:2379 \ - --advertise-client-urls=https://{{ NODE_IP }}:2379 \ + --initial-advertise-peer-urls=https://{{ inventory_hostname }}:2380 \ + --listen-peer-urls=https://{{ inventory_hostname }}:2380 \ + --listen-client-urls=https://{{ inventory_hostname }}:2379,http://127.0.0.1:2379 \ + --advertise-client-urls=https://{{ inventory_hostname }}:2379 \ --initial-cluster-token=etcd-cluster-0 \ --initial-cluster={{ ETCD_NODES }} \ --initial-cluster-state=new \ diff --git a/docs/04-安装kube-master节点.md b/docs/04-安装kube-master节点.md index 62f6607..a4ea4ca 100644 --- a/docs/04-安装kube-master节点.md +++ b/docs/04-安装kube-master节点.md @@ -38,7 +38,7 @@ roles/kube-master/ "hosts": [ "127.0.0.1", "{{ MASTER_IP }}", - "{{ NODE_IP }}", + "{{ inventory_hostname }}", "{{ CLUSTER_KUBERNETES_SVC_IP }}", "kubernetes", "kubernetes.default", @@ -89,7 +89,7 @@ After=network.target [Service] ExecStart={{ bin_dir }}/kube-apiserver \ --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,NodeRestriction \ - --bind-address={{ NODE_IP }} \ + --bind-address={{ inventory_hostname }} \ --insecure-bind-address=127.0.0.1 \ --authorization-mode=Node,RBAC \ --runtime-config=rbac.authorization.k8s.io/v1 \ @@ -207,7 +207,7 @@ WantedBy=multi-user.target # 禁止业务 pod调度到 master节点 tasks: - name: 禁止业务 pod调度到 master节点 - shell: "{{ bin_dir }}/kubectl cordon {{ NODE_IP }} " + shell: "{{ bin_dir }}/kubectl cordon {{ inventory_hostname }} " when: DEPLOY_MODE != "allinone" ignore_errors: true ``` diff --git a/docs/05-安装kube-node节点.md b/docs/05-安装kube-node节点.md index 8c40ab2..c7c8c75 100644 --- a/docs/05-安装kube-node节点.md +++ b/docs/05-安装kube-node节点.md @@ -49,8 +49,8 @@ Requires=docker.service WorkingDirectory=/var/lib/kubelet #--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest ExecStart={{ bin_dir }}/kubelet \ - --address={{ NODE_IP }} \ - --hostname-override={{ NODE_IP }} \ + --address={{ inventory_hostname }} \ + --hostname-override={{ inventory_hostname }} \ --pod-infra-container-image=mirrorgooglecontainers/pause-amd64:3.1 \ --experimental-bootstrap-kubeconfig=/etc/kubernetes/bootstrap.kubeconfig \ --kubeconfig=/etc/kubernetes/kubelet.kubeconfig \ @@ -102,8 +102,8 @@ After=network.target [Service] WorkingDirectory=/var/lib/kube-proxy ExecStart={{ bin_dir }}/kube-proxy \ - --bind-address={{ NODE_IP }} \ - --hostname-override={{ NODE_IP }} \ + --bind-address={{ inventory_hostname }} \ + --hostname-override={{ inventory_hostname }} \ --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig \ --logtostderr=true \ --v=2 diff --git a/docs/guide/harbor.md b/docs/guide/harbor.md index a22b016..e2ed7c0 100644 --- a/docs/guide/harbor.md +++ b/docs/guide/harbor.md @@ -19,7 +19,7 @@ mv docker-compose-Linux-x86_64 /etc/ansible/bin/docker-compose ``` bash # 如果启用harbor,请配置后面harbor相关参数 [harbor] -192.168.1.8 NODE_IP="192.168.1.8" +192.168.1.8 #私有仓库 harbor服务器 (域名或者IP) HARBOR_IP="192.168.1.8" @@ -51,7 +51,7 @@ HARBOR_DOMAIN="harbor.test.com" ### 验证harbor 1. 在harbor节点使用`docker ps -a` 查看harbor容器组件运行情况 -1. 浏览器访问harbor节点的IP地址 `https://{{ NODE_IP }}`,使用账号 admin 和 密码 Harbor12345 (harbor.cfg 配置文件中的默认)登陆系统 +1. 浏览器访问harbor节点的IP地址 `https://$NodeIP`,使用账号 admin 和 密码 Harbor12345 (harbor.cfg 配置文件中的默认)登陆系统 ### 在k8s集群使用harbor diff --git a/docs/mixes/01.fix_kubelet_annoymous_access.md b/docs/mixes/01.fix_kubelet_annoymous_access.md index 87c189d..965dbd4 100644 --- a/docs/mixes/01.fix_kubelet_annoymous_access.md +++ b/docs/mixes/01.fix_kubelet_annoymous_access.md @@ -5,7 +5,7 @@ kubelet默认启动参数`--anonymous-auth=true`风险非常大,黑客可以 ## 关于漏洞的危害 据我所知k8s v1.5+ 所有版本的kubelet组件的默认启动参数是允许匿名访问kubelet的(默认的大坑),你可以使用如下命令检查你的集群: -`curl -sk https://$NODE_IP:10250/runningpods/` +`curl -sk https://$NodeIP:10250/runningpods/` - 如果返回了运行的pod信息,说明是允许匿名访问的, - 如果返回`Unauthorized`,说明是安全的 diff --git a/docs/op/AddMaster.md b/docs/op/AddMaster.md index e192935..fd78594 100644 --- a/docs/op/AddMaster.md +++ b/docs/op/AddMaster.md @@ -27,7 +27,7 @@ master2="192.168.1.2:6443" master3="192.168.1.5:6443" # 新增 master节点 ... [new-master] -192.168.1.5 NODE_IP="192.168.1.5" # 新增 master节点 +192.168.1.5 # 新增 master节点 ``` - 修改roles/lb/templates/haproxy.cfg.j2 文件,增加新增的master节点,举例如下: diff --git a/docs/op/AddNode.md b/docs/op/AddNode.md index 2756c95..6ca54f8 100644 --- a/docs/op/AddNode.md +++ b/docs/op/AddNode.md @@ -16,7 +16,7 @@ ... # 预留组,后续添加node节点使用 [new-node] -192.168.1.6 NODE_ID=node6 NODE_IP="192.168.1.6" +192.168.1.6 NODE_ID=node6 ... ``` - 执行安装脚本 diff --git a/example/hosts.allinone.example b/example/hosts.allinone.example index e20e15b..f85ae90 100644 --- a/example/hosts.allinone.example +++ b/example/hosts.allinone.example @@ -2,23 +2,23 @@ [deploy] 192.168.1.1 -# etcd集群请提供如下NODE_NAME、NODE_IP变量,注意etcd集群必须是1,3,5,7...奇数个节点 +# etcd集群请提供如下NODE_NAME,注意etcd集群必须是1,3,5,7...奇数个节点 [etcd] -192.168.1.1 NODE_NAME=etcd1 NODE_IP="192.168.1.1" +192.168.1.1 NODE_NAME=etcd1 [kube-master] -192.168.1.1 NODE_IP="192.168.1.1" +192.168.1.1 [kube-node] -192.168.1.1 NODE_IP="192.168.1.1" +192.168.1.1 # 如果启用harbor,请配置后面harbor相关参数 [harbor] -#192.168.1.8 NODE_IP="192.168.1.8" +#192.168.1.8 # 预留组,后续添加node节点使用 [new-node] -#192.168.1.xx NODE_IP="192.168.1.xx" +#192.168.1.xx [all:vars] # ---------集群主要参数--------------- diff --git a/example/hosts.m-masters.example b/example/hosts.m-masters.example index 9628535..2c780e1 100644 --- a/example/hosts.m-masters.example +++ b/example/hosts.m-masters.example @@ -2,15 +2,15 @@ [deploy] 192.168.1.1 -# etcd集群请提供如下NODE_NAME、NODE_IP变量,注意etcd集群必须是1,3,5,7...奇数个节点 +# etcd集群请提供如下NODE_NAME,注意etcd集群必须是1,3,5,7...奇数个节点 [etcd] -192.168.1.1 NODE_NAME=etcd1 NODE_IP="192.168.1.1" -192.168.1.2 NODE_NAME=etcd2 NODE_IP="192.168.1.2" -192.168.1.3 NODE_NAME=etcd3 NODE_IP="192.168.1.3" +192.168.1.1 NODE_NAME=etcd1 +192.168.1.2 NODE_NAME=etcd2 +192.168.1.3 NODE_NAME=etcd3 [kube-master] -192.168.1.1 NODE_IP="192.168.1.1" -192.168.1.2 NODE_IP="192.168.1.2" +192.168.1.1 +192.168.1.2 # 负载均衡至少两个节点,安装 haproxy+keepalived [lb] @@ -23,21 +23,21 @@ master2="192.168.1.2:6443" # 需同步设置roles/lb/templates/haproxy.cfg.j2 ROUTER_ID=57 # 取值在0-255之间,区分多个instance的VRRP组播,同网段不能重复 [kube-node] -192.168.1.2 NODE_IP="192.168.1.2" -192.168.1.3 NODE_IP="192.168.1.3" -192.168.1.4 NODE_IP="192.168.1.4" +192.168.1.2 +192.168.1.3 +192.168.1.4 # 如果启用harbor,请配置后面harbor相关参数 [harbor] -#192.168.1.8 NODE_IP="192.168.1.8" +#192.168.1.8 # 预留组,后续添加master节点使用 [new-master] -#192.168.1.5 NODE_IP="192.168.1.5" +#192.168.1.5 # 预留组,后续添加node节点使用 [new-node] -#192.168.1.xx NODE_IP="192.168.1.xx" +#192.168.1.xx [all:vars] # ---------集群主要参数--------------- diff --git a/example/hosts.s-master.example b/example/hosts.s-master.example index bfacb74..1a20d05 100644 --- a/example/hosts.s-master.example +++ b/example/hosts.s-master.example @@ -2,27 +2,27 @@ [deploy] 192.168.1.1 -# etcd集群请提供如下NODE_NAME、NODE_IP变量,请注意etcd集群必须是1,3,5,7...奇数个节点 +# etcd集群请提供如下NODE_NAME,请注意etcd集群必须是1,3,5,7...奇数个节点 [etcd] -192.168.1.1 NODE_NAME=etcd1 NODE_IP="192.168.1.1" -192.168.1.2 NODE_NAME=etcd2 NODE_IP="192.168.1.2" -192.168.1.3 NODE_NAME=etcd3 NODE_IP="192.168.1.3" +192.168.1.1 NODE_NAME=etcd1 +192.168.1.2 NODE_NAME=etcd2 +192.168.1.3 NODE_NAME=etcd3 [kube-master] -192.168.1.1 NODE_IP="192.168.1.1" +192.168.1.1 [kube-node] -192.168.1.1 NODE_IP="192.168.1.1" -192.168.1.2 NODE_IP="192.168.1.2" -192.168.1.3 NODE_IP="192.168.1.3" +192.168.1.1 +192.168.1.2 +192.168.1.3 # 如果启用harbor,请配置后面harbor相关参数 [harbor] -#192.168.1.8 NODE_IP="192.168.1.8" +#192.168.1.8 # 预留组,后续添加node节点使用 [new-node] -#192.168.1.xx NODE_IP="192.168.1.xx" +#192.168.1.xx [all:vars] # ---------集群主要参数--------------- diff --git a/roles/etcd/templates/etcd-csr.json.j2 b/roles/etcd/templates/etcd-csr.json.j2 index f1e1bb1..674a334 100644 --- a/roles/etcd/templates/etcd-csr.json.j2 +++ b/roles/etcd/templates/etcd-csr.json.j2 @@ -2,7 +2,7 @@ "CN": "etcd", "hosts": [ "127.0.0.1", - "{{ NODE_IP }}" + "{{ inventory_hostname }}" ], "key": { "algo": "rsa", diff --git a/roles/etcd/templates/etcd.service.j2 b/roles/etcd/templates/etcd.service.j2 index 6f92c90..a79e456 100644 --- a/roles/etcd/templates/etcd.service.j2 +++ b/roles/etcd/templates/etcd.service.j2 @@ -16,10 +16,10 @@ ExecStart={{ bin_dir }}/etcd \ --peer-key-file=/etc/etcd/ssl/etcd-key.pem \ --trusted-ca-file={{ ca_dir }}/ca.pem \ --peer-trusted-ca-file={{ ca_dir }}/ca.pem \ - --initial-advertise-peer-urls=https://{{ NODE_IP }}:2380 \ - --listen-peer-urls=https://{{ NODE_IP }}:2380 \ - --listen-client-urls=https://{{ NODE_IP }}:2379,http://127.0.0.1:2379 \ - --advertise-client-urls=https://{{ NODE_IP }}:2379 \ + --initial-advertise-peer-urls=https://{{ inventory_hostname }}:2380 \ + --listen-peer-urls=https://{{ inventory_hostname }}:2380 \ + --listen-client-urls=https://{{ inventory_hostname }}:2379,http://127.0.0.1:2379 \ + --advertise-client-urls=https://{{ inventory_hostname }}:2379 \ --initial-cluster-token=etcd-cluster-0 \ --initial-cluster={{ ETCD_NODES }} \ --initial-cluster-state=new \ diff --git a/roles/harbor/templates/harbor-csr.json.j2 b/roles/harbor/templates/harbor-csr.json.j2 index ccbc82c..1247a2b 100644 --- a/roles/harbor/templates/harbor-csr.json.j2 +++ b/roles/harbor/templates/harbor-csr.json.j2 @@ -2,7 +2,7 @@ "CN": "harbor", "hosts": [ "127.0.0.1", - "{{ NODE_IP }}", + "{{ inventory_hostname }}", "{{ HARBOR_DOMAIN }}" ], "key": { diff --git a/roles/harbor/templates/harbor.cfg.j2 b/roles/harbor/templates/harbor.cfg.j2 index 1e0692b..8cfb09f 100644 --- a/roles/harbor/templates/harbor.cfg.j2 +++ b/roles/harbor/templates/harbor.cfg.j2 @@ -4,7 +4,7 @@ _version = 1.5.0 #The IP address or hostname to access admin UI and registry service. #DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. -hostname = {{ NODE_IP }} +hostname = {{ inventory_hostname }} #The protocol for accessing the UI and token/notification service, by default it is http. #It can be set to https if ssl is enabled on nginx. diff --git a/roles/kube-master/templates/kube-apiserver.service.j2 b/roles/kube-master/templates/kube-apiserver.service.j2 index fd96d83..d2cfd6d 100644 --- a/roles/kube-master/templates/kube-apiserver.service.j2 +++ b/roles/kube-master/templates/kube-apiserver.service.j2 @@ -6,7 +6,7 @@ After=network.target [Service] ExecStart={{ bin_dir }}/kube-apiserver \ --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,NodeRestriction \ - --bind-address={{ NODE_IP }} \ + --bind-address={{ inventory_hostname }} \ --insecure-bind-address=127.0.0.1 \ --authorization-mode=Node,RBAC \ --kubelet-https=true \ diff --git a/roles/kube-master/templates/kubernetes-csr.json.j2 b/roles/kube-master/templates/kubernetes-csr.json.j2 index c8a1ced..9d67676 100644 --- a/roles/kube-master/templates/kubernetes-csr.json.j2 +++ b/roles/kube-master/templates/kubernetes-csr.json.j2 @@ -3,7 +3,7 @@ "hosts": [ "127.0.0.1", "{{ MASTER_IP }}", - "{{ NODE_IP }}", + "{{ inventory_hostname }}", "{{ CLUSTER_KUBERNETES_SVC_IP }}", "kubernetes", "kubernetes.default", diff --git a/roles/kube-node/tasks/main.yml b/roles/kube-node/tasks/main.yml index 606c42d..6778ff5 100644 --- a/roles/kube-node/tasks/main.yml +++ b/roles/kube-node/tasks/main.yml @@ -84,7 +84,7 @@ run_once: true - name: 轮询等待node达到Ready状态 - shell: "{{ bin_dir }}/kubectl get node {{ NODE_IP }}|awk 'NR>1{print $2}'" + shell: "{{ bin_dir }}/kubectl get node {{ inventory_hostname }}|awk 'NR>1{print $2}'" register: node_status until: node_status.stdout == "Ready" or node_status.stdout == "Ready,SchedulingDisabled" retries: 8 @@ -92,5 +92,5 @@ tags: upgrade_k8s, restart_node - name: 设置node节点role - shell: "{{ bin_dir }}/kubectl label node {{ NODE_IP }} kubernetes.io/role=node --overwrite" + shell: "{{ bin_dir }}/kubectl label node {{ inventory_hostname }} kubernetes.io/role=node --overwrite" ignore_errors: true diff --git a/roles/kube-node/templates/kube-proxy.service.j2 b/roles/kube-node/templates/kube-proxy.service.j2 index 6a680a3..61fb597 100644 --- a/roles/kube-node/templates/kube-proxy.service.j2 +++ b/roles/kube-node/templates/kube-proxy.service.j2 @@ -8,8 +8,8 @@ After=network.target # kube-proxy 会对访问 Service IP 的请求做 SNAT,这个特性与calico 实现 network policy冲突,因此禁用 WorkingDirectory=/var/lib/kube-proxy ExecStart={{ bin_dir }}/kube-proxy \ - --bind-address={{ NODE_IP }} \ - --hostname-override={{ NODE_IP }} \ + --bind-address={{ inventory_hostname }} \ + --hostname-override={{ inventory_hostname }} \ --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig \ --logtostderr=true \ --v=2 diff --git a/roles/kube-node/templates/kubelet.service.j2 b/roles/kube-node/templates/kubelet.service.j2 index 5311e87..a6f0ba3 100644 --- a/roles/kube-node/templates/kubelet.service.j2 +++ b/roles/kube-node/templates/kubelet.service.j2 @@ -8,8 +8,8 @@ Requires=docker.service WorkingDirectory=/var/lib/kubelet #--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest ExecStart={{ bin_dir }}/kubelet \ - --address={{ NODE_IP }} \ - --hostname-override={{ NODE_IP }} \ + --address={{ inventory_hostname }} \ + --hostname-override={{ inventory_hostname }} \ --pod-infra-container-image=mirrorgooglecontainers/pause-amd64:3.1 \ --experimental-bootstrap-kubeconfig=/etc/kubernetes/bootstrap.kubeconfig \ --kubeconfig=/etc/kubernetes/kubelet.kubeconfig \ diff --git a/tools/change_ip_aio.yml b/tools/change_ip_aio.yml index bf4ffc4..74a938c 100644 --- a/tools/change_ip_aio.yml +++ b/tools/change_ip_aio.yml @@ -26,7 +26,7 @@ - hosts: deploy tasks: - name: 删除老IP地址的node - shell: "{{ bin_dir }}/kubectl get node |grep -v '{{ NODE_IP }}'|awk '{print $1}' |xargs {{ bin_dir }}/kubectl delete node" + shell: "{{ bin_dir }}/kubectl get node |grep -v '{{ inventory_hostname }}'|awk '{print $1}' |xargs {{ bin_dir }}/kubectl delete node" ignore_errors: true - name: 删除原network插件部署