mirror of https://github.com/easzlab/kubeasz.git
update kube-router v1.5.4
gjmzj
parent
94839ffccb
commit
b8b88fdb92
|
|
@ -160,7 +160,6 @@ FIREWALL_ENABLE: true
|
||||||
|
|
||||||
# [kube-router]kube-router 镜像版本
|
# [kube-router]kube-router 镜像版本
|
||||||
kube_router_ver: "__kube_router__"
|
kube_router_ver: "__kube_router__"
|
||||||
busybox_ver: "1.28.4"
|
|
||||||
|
|
||||||
|
|
||||||
############################
|
############################
|
||||||
|
|
|
||||||
10
ezctl
10
ezctl
|
|
@ -239,15 +239,15 @@ function setup() {
|
||||||
|
|
||||||
k8s_ver=$(bin/kube-apiserver --version|cut -d' ' -f2)
|
k8s_ver=$(bin/kube-apiserver --version|cut -d' ' -f2)
|
||||||
etcd_ver=v$(bin/etcd --version|grep 'etcd Version'|cut -d' ' -f3)
|
etcd_ver=v$(bin/etcd --version|grep 'etcd Version'|cut -d' ' -f3)
|
||||||
network_cni=$(grep CLUSTER_NETWORK "clusters/$1/hosts"|cut -d'"' -f2)
|
network_cni=$(grep CLUSTER_NETWORK "clusters/$1/hosts"|cut -d'"' -f2|sed 's/-//g')
|
||||||
network_cni_ver=$(grep "${network_cni}Ver" ezdown|cut -d'=' -f2|head -n1)
|
network_cni_ver=$(grep -i "${network_cni}Ver" ezdown|cut -d'=' -f2|head -n1)
|
||||||
|
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
*** Component Version *********************
|
*** Component Version *********************
|
||||||
*******************************************
|
*******************************************
|
||||||
* kubernetes: ${k8s_ver}
|
* kubernetes: ${k8s_ver}
|
||||||
* etcd: ${etcd_ver}
|
* etcd: ${etcd_ver}
|
||||||
* ${network_cni}: ${network_cni_ver}
|
* ${network_cni}: ${network_cni_ver}
|
||||||
*******************************************
|
*******************************************
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
|
|
||||||
14
ezdown
14
ezdown
|
|
@ -33,7 +33,7 @@ pauseVer=3.9
|
||||||
# images not downloaded by default(only download with '-X')
|
# images not downloaded by default(only download with '-X')
|
||||||
ciliumVer=1.13.2
|
ciliumVer=1.13.2
|
||||||
flannelVer=v0.21.4
|
flannelVer=v0.21.4
|
||||||
kubeRouterVer=v0.3.1
|
kubeRouterVer=v1.5.4
|
||||||
kubeOvnVer=v1.11.5
|
kubeOvnVer=v1.11.5
|
||||||
nfsProvisionerVer=v4.0.2
|
nfsProvisionerVer=v4.0.2
|
||||||
promChartVer=45.23.0
|
promChartVer=45.23.0
|
||||||
|
|
@ -479,6 +479,18 @@ function get_extra_images() {
|
||||||
docker push "easzlab.io.local:5000/kubeovn/kube-ovn:$kubeOvnVer"
|
docker push "easzlab.io.local:5000/kubeovn/kube-ovn:$kubeOvnVer"
|
||||||
;;
|
;;
|
||||||
|
|
||||||
|
# kube-router images
|
||||||
|
kube-router)
|
||||||
|
if [[ ! -f "$imageDir/kube-router_$kubeRouterVer.tar" ]];then
|
||||||
|
docker pull "cloudnativelabs/kube-router:$kubeRouterVer" && \
|
||||||
|
docker save -o "$imageDir/kube-router_$kubeRouterVer.tar" "cloudnativelabs/kube-router:$kubeRouterVer"
|
||||||
|
else
|
||||||
|
docker load -i "$imageDir/kube-router_$kubeRouterVer.tar"
|
||||||
|
fi
|
||||||
|
docker tag "cloudnativelabs/kube-router:$kubeRouterVer" "easzlab.io.local:5000/cloudnativelabs/kube-router:$kubeRouterVer"
|
||||||
|
docker push "easzlab.io.local:5000/cloudnativelabs/kube-router:$kubeRouterVer"
|
||||||
|
;;
|
||||||
|
|
||||||
# network-check images
|
# network-check images
|
||||||
network-check)
|
network-check)
|
||||||
if [[ ! -f "$imageDir/network-check.tar" ]];then
|
if [[ ! -f "$imageDir/network-check.tar" ]];then
|
||||||
|
|
|
||||||
|
|
@ -1,18 +1,14 @@
|
||||||
- name: 准备配置 kube-router DaemonSet (without IPVS)
|
- block:
|
||||||
template: src=kuberouter.yaml.j2 dest={{ cluster_dir }}/yml/kube-router.yaml
|
- name: 准备配置 kube-router DaemonSet
|
||||||
run_once: true
|
template: src=kuberouter.yaml.j2 dest={{ cluster_dir }}/yml/kube-router.yaml
|
||||||
connection: local
|
|
||||||
|
|
||||||
- name: 删除 kube-router DaemonSet
|
- name: 删除 kube-router DaemonSet
|
||||||
shell: "{{ base_dir }}/bin/kubectl delete -f {{ cluster_dir }}/yml/kube-router.yaml || echo true; sleep 3"
|
shell: "{{ base_dir }}/bin/kubectl delete -f {{ cluster_dir }}/yml/kube-router.yaml || echo true; sleep 3"
|
||||||
run_once: true
|
when: 'CHANGE_CA|bool'
|
||||||
connection: local
|
|
||||||
tags: force_change_certs
|
|
||||||
when: 'CHANGE_CA|bool'
|
|
||||||
|
|
||||||
# 只需单节点执行一次
|
# 只需单节点执行一次
|
||||||
- name: 运行 kube-router DaemonSet
|
- name: 运行 kube-router DaemonSet
|
||||||
shell: "{{ base_dir }}/bin/kubectl apply -f {{ cluster_dir }}/yml/kube-router.yaml"
|
shell: "{{ base_dir }}/bin/kubectl apply -f {{ cluster_dir }}/yml/kube-router.yaml"
|
||||||
run_once: true
|
run_once: true
|
||||||
connection: local
|
connection: local
|
||||||
tags: force_change_certs
|
tags: force_change_certs
|
||||||
|
|
|
||||||
|
|
@ -25,7 +25,7 @@ data:
|
||||||
}
|
}
|
||||||
|
|
||||||
---
|
---
|
||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
kind: DaemonSet
|
kind: DaemonSet
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
|
|
@ -37,17 +37,18 @@ spec:
|
||||||
selector:
|
selector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
k8s-app: kube-router
|
k8s-app: kube-router
|
||||||
|
tier: node
|
||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
k8s-app: kube-router
|
k8s-app: kube-router
|
||||||
tier: node
|
tier: node
|
||||||
spec:
|
spec:
|
||||||
priorityClassName: system-cluster-critical
|
priorityClassName: system-node-critical
|
||||||
serviceAccountName: kube-router
|
serviceAccountName: kube-router
|
||||||
containers:
|
containers:
|
||||||
- name: kube-router
|
- name: kube-router
|
||||||
image: cloudnativelabs/kube-router:{{ kube_router_ver }}
|
image: easzlab.io.local:5000/cloudnativelabs/kube-router:{{ kube_router_ver }}
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
args:
|
args:
|
||||||
- "--hostname-override=RT-{{ inventory_hostname }}"
|
- "--hostname-override=RT-{{ inventory_hostname }}"
|
||||||
|
|
@ -55,6 +56,7 @@ spec:
|
||||||
- "--run-router=true"
|
- "--run-router=true"
|
||||||
- "--run-firewall={{ FIREWALL_ENABLE }}"
|
- "--run-firewall={{ FIREWALL_ENABLE }}"
|
||||||
- "--run-service-proxy=false"
|
- "--run-service-proxy=false"
|
||||||
|
- "--bgp-graceful-restart=true"
|
||||||
env:
|
env:
|
||||||
- name: NODE_NAME
|
- name: NODE_NAME
|
||||||
valueFrom:
|
valueFrom:
|
||||||
|
|
@ -80,9 +82,12 @@ spec:
|
||||||
readOnly: true
|
readOnly: true
|
||||||
- name: cni-conf-dir
|
- name: cni-conf-dir
|
||||||
mountPath: /etc/cni/net.d
|
mountPath: /etc/cni/net.d
|
||||||
|
- name: xtables-lock
|
||||||
|
mountPath: /run/xtables.lock
|
||||||
|
readOnly: false
|
||||||
initContainers:
|
initContainers:
|
||||||
- name: install-cni
|
- name: install-cni
|
||||||
image: busybox:{{ busybox_ver }}
|
image: easzlab.io.local:5000/cloudnativelabs/kube-router:{{ kube_router_ver }}
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
command:
|
command:
|
||||||
- /bin/sh
|
- /bin/sh
|
||||||
|
|
@ -100,16 +105,14 @@ spec:
|
||||||
- mountPath: /etc/cni/net.d
|
- mountPath: /etc/cni/net.d
|
||||||
name: cni-conf-dir
|
name: cni-conf-dir
|
||||||
- mountPath: /etc/kube-router
|
- mountPath: /etc/kube-router
|
||||||
name: kube-router-cfg
|
name: kube-router-cfg
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
tolerations:
|
tolerations:
|
||||||
|
- effect: NoSchedule
|
||||||
|
operator: Exists
|
||||||
- key: CriticalAddonsOnly
|
- key: CriticalAddonsOnly
|
||||||
operator: Exists
|
operator: Exists
|
||||||
- effect: NoSchedule
|
- effect: NoExecute
|
||||||
key: node-role.kubernetes.io/master
|
|
||||||
operator: Exists
|
|
||||||
- effect: NoSchedule
|
|
||||||
key: node.kubernetes.io/not-ready
|
|
||||||
operator: Exists
|
operator: Exists
|
||||||
volumes:
|
volumes:
|
||||||
- name: lib-modules
|
- name: lib-modules
|
||||||
|
|
@ -121,6 +124,10 @@ spec:
|
||||||
- name: kube-router-cfg
|
- name: kube-router-cfg
|
||||||
configMap:
|
configMap:
|
||||||
name: kube-router-cfg
|
name: kube-router-cfg
|
||||||
|
- name: xtables-lock
|
||||||
|
hostPath:
|
||||||
|
path: /run/xtables.lock
|
||||||
|
type: FileOrCreate
|
||||||
|
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
|
|
@ -131,7 +138,7 @@ metadata:
|
||||||
|
|
||||||
---
|
---
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
metadata:
|
metadata:
|
||||||
name: kube-router
|
name: kube-router
|
||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
|
|
@ -156,10 +163,18 @@ rules:
|
||||||
- list
|
- list
|
||||||
- get
|
- get
|
||||||
- watch
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- extensions
|
||||||
|
resources:
|
||||||
|
- networkpolicies
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
|
||||||
---
|
---
|
||||||
kind: ClusterRoleBinding
|
kind: ClusterRoleBinding
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
metadata:
|
metadata:
|
||||||
name: kube-router
|
name: kube-router
|
||||||
roleRef:
|
roleRef:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue