From f17b62d44f4f2b9ec8723932e66fd4ef038d3e89 Mon Sep 17 00:00:00 2001 From: lusyoe Date: Sun, 15 Jul 2018 16:43:19 +0800 Subject: [PATCH 1/9] update jenkins and plugins --- manifests/jenkins/Chart.yaml | 4 +-- manifests/jenkins/README.md | 25 ++++++------- manifests/jenkins/templates/config.yaml | 11 +++--- .../templates/jenkins-master-deployment.yaml | 13 +++++-- manifests/jenkins/values.yaml | 36 +++++++++++++------ 5 files changed, 59 insertions(+), 30 deletions(-) diff --git a/manifests/jenkins/Chart.yaml b/manifests/jenkins/Chart.yaml index f0d5390..c6033f3 100644 --- a/manifests/jenkins/Chart.yaml +++ b/manifests/jenkins/Chart.yaml @@ -1,7 +1,7 @@ name: jenkins home: https://jenkins.io/ -version: 0.16.1 -appVersion: 2.107 +version: 0.16.6 +appVersion: 2.121.1 description: Open source continuous integration server. It supports multiple SCM tools including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based projects as well as arbitrary scripts. diff --git a/manifests/jenkins/README.md b/manifests/jenkins/README.md index ce9b5e3..8757c39 100644 --- a/manifests/jenkins/README.md +++ b/manifests/jenkins/README.md @@ -33,23 +33,24 @@ The following tables list the configurable parameters of the Jenkins chart and t | `Master.Name` | Jenkins master name | `jenkins-master` | | `Master.Image` | Master image name | `jenkinsci/jenkins` | | `Master.ImageTag` | Master image tag | `lts` | -| `Master.ImagePullPolicy` | Master image pull policy | `IfNotPresent` | +| `Master.ImagePullPolicy` | Master image pull policy | `Always` | | `Master.ImagePullSecret` | Master image pull secret | Not set | | `Master.Component` | k8s selector key | `jenkins-master` | | `Master.UseSecurity` | Use basic security | `true` | | `Master.AdminUser` | Admin username (and password) created as a secret if useSecurity is true | `admin` | -| `Master.Cpu` | Master requested cpu | `200m` | -| `Master.Memory` | Master requested memory | `512Mi` | +| `Master.resources` | Resources allocation (Requests and Limits) | `{requests: {cpu: 50m, memory: 256Mi}, limits: {cpu: 2000m, memory: 2048Mi}}`| | `Master.InitContainerEnv` | Environment variables for Init Container | Not set | | `Master.ContainerEnv` | Environment variables for Jenkins Container | Not set | +| `Master.UsePodSecurityContext` | Enable pod security context (must be `true` if `RunAsUser` or `FsGroup` are set) | `true` | | `Master.RunAsUser` | uid that jenkins runs with | `0` | | `Master.FsGroup` | uid that will be used for persistent volume | `0` | | `Master.ServiceAnnotations` | Service annotations | `{}` | -| `Master.ServiceType` | k8s service type | `ClusterIP` | +| `Master.ServiceType` | k8s service type | `LoadBalancer` | | `Master.ServicePort` | k8s service port | `8080` | | `Master.NodePort` | k8s node port | Not set | | `Master.HealthProbes` | Enable k8s liveness and readiness probes | `true` | -| `Master.HealthProbesTimeout` | Set the timeout for the liveness and readiness probes | `120` | +| `Master.HealthProbesLivenessTimeout` | Set the timeout for the liveness probe | `120` | +| `Master.HealthProbesReadinessTimeout` | Set the timeout for the readiness probe | `60` | | `Master.HealthProbeLivenessFailureThreshold` | Set the failure threshold for the liveness probe | `12` | | `Master.ContainerPort` | Master listening port | `8080` | | `Master.SlaveListenerPort` | Listening port for agents | `50000` | @@ -72,10 +73,11 @@ The following tables list the configurable parameters of the Jenkins chart and t | `Master.NodeSelector` | Node labels for pod assignment | `{}` | | `Master.Affinity` | Affinity settings | `{}` | | `Master.Tolerations` | Toleration labels for pod assignment | `{}` | +| `Master.PodAnnotations` | Annotations for master pod | `{}` | | `NetworkPolicy.Enabled` | Enable creation of NetworkPolicy resources. | `false` | | `NetworkPolicy.ApiVersion` | NetworkPolicy ApiVersion | `extensions/v1beta1` | -| `rbac.install` | Create service account and ClusterRoleBinding for Kubernetes plugin | `true` | -| `rbac.apiVersion` | RBAC API version | `v1` | +| `rbac.install` | Create service account and ClusterRoleBinding for Kubernetes plugin | `false` | +| `rbac.apiVersion` | RBAC API version | `v1beta1` | | `rbac.roleRef` | Cluster role name to bind to | `cluster-admin` | ### Jenkins Agent @@ -84,12 +86,11 @@ The following tables list the configurable parameters of the Jenkins chart and t | ----------------------- | ----------------------------------------------- | ---------------------- | | `Agent.AlwaysPullImage` | Always pull agent container image before build | `false` | | `Agent.Enabled` | Enable Kubernetes plugin jnlp-agent podTemplate | `true` | -| `Agent.Image` | Agent image name | `jenkins/jnlp-slave` | +| `Agent.Image` | Agent image name | `jenkinsci/jnlp-slave` | | `Agent.ImagePullSecret` | Agent image pull secret | Not set | -| `Agent.ImageTag` | Agent image tag | `latest` | +| `Agent.ImageTag` | Agent image tag | `2.62` | | `Agent.Privileged` | Agent privileged container | `false` | -| `Agent.Cpu` | Agent requested cpu | `200m` | -| `Agent.Memory` | Agent requested memory | `256Mi` | +| `Agent.resources` | Resources allocation (Requests and Limits) | `{requests: {cpu: 200m, memory: 256Mi}, limits: {cpu: 200m, memory: 256Mi}}`| | `Agent.volumes` | Additional volumes | `nil` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. @@ -149,7 +150,7 @@ It is possible to mount several volumes using `Persistence.volumes` and `Persist | `Persistence.Size` | The size of the PVC | `8Gi` | | `Persistence.volumes` | Additional volumes | `nil` | | `Persistence.mounts` | Additional mounts | `nil` | -| `Persistence.StorageClass` | The PV Provisioner | `nfs-dynamic-class`| +| `Persistence.StorageClass` | The PV Provisioner | `nfs-dynamic-class`| #### Existing PersistentVolumeClaim diff --git a/manifests/jenkins/templates/config.yaml b/manifests/jenkins/templates/config.yaml index 03d69fb..bdcf238 100644 --- a/manifests/jenkins/templates/config.yaml +++ b/manifests/jenkins/templates/config.yaml @@ -67,10 +67,13 @@ data: ${computer.jnlpmac} ${computer.name} false - {{.Values.Agent.Cpu}} - {{.Values.Agent.Memory}} - {{.Values.Agent.Cpu}} - {{.Values.Agent.Memory}} + # Resources configuration is a little hacky. This was to prevent breaking + # changes, and should be cleanned up in the future once everybody had + # enough time to migrate. + {{.Values.Agent.Cpu | default .Values.Agent.resources.requests.cpu}} + {{.Values.Agent.Memory | default .Values.Agent.resources.requests.memory}} + {{.Values.Agent.Cpu | default .Values.Agent.resources.limits.cpu}} + {{.Values.Agent.Memory | default .Values.Agent.resources.limits.memory}} diff --git a/manifests/jenkins/templates/jenkins-master-deployment.yaml b/manifests/jenkins/templates/jenkins-master-deployment.yaml index 798f415..fcda373 100644 --- a/manifests/jenkins/templates/jenkins-master-deployment.yaml +++ b/manifests/jenkins/templates/jenkins-master-deployment.yaml @@ -24,6 +24,9 @@ spec: component: "{{ .Release.Name }}-{{ .Values.Master.Component }}" annotations: checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }} + {{- if .Values.Master.PodAnnotations }} +{{ toYaml .Values.Master.PodAnnotations | indent 8 }} + {{- end }} spec: {{- if .Values.Master.NodeSelector }} nodeSelector: @@ -37,12 +40,14 @@ spec: affinity: {{ toYaml .Values.Master.Affinity | indent 8 }} {{- end }} +{{- if .Values.Master.UsePodSecurityContext }} securityContext: runAsUser: {{ default 0 .Values.Master.RunAsUser }} {{- if and (.Values.Master.RunAsUser) (.Values.Master.FsGroup) }} {{- if not (eq .Values.Master.RunAsUser 0.0) }} fsGroup: {{ .Values.Master.FsGroup }} {{- end }} +{{- end }} {{- end }} serviceAccountName: {{ if .Values.rbac.install }}{{ template "jenkins.fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }} initContainers: @@ -128,19 +133,23 @@ spec: httpGet: path: /login port: http - initialDelaySeconds: {{ .Values.Master.HealthProbesTimeout }} + initialDelaySeconds: {{ .Values.Master.HealthProbesLivenessTimeout }} timeoutSeconds: 5 failureThreshold: {{ .Values.Master.HealthProbeLivenessFailureThreshold }} readinessProbe: httpGet: path: /login port: http - initialDelaySeconds: {{ .Values.Master.HealthProbesTimeout }} + initialDelaySeconds: {{ .Values.Master.HealthProbesReadinessTimeout }} {{- end }} resources: +{{ if or .Values.Master.Cpu .Values.Master.Memory }} requests: cpu: "{{ .Values.Master.Cpu }}" memory: "{{ .Values.Master.Memory }}" +{{ else }} +{{ toYaml .Values.Master.resources | indent 12 }} +{{ end }} volumeMounts: {{- if .Values.Persistence.mounts }} {{ toYaml .Values.Persistence.mounts | indent 12 }} diff --git a/manifests/jenkins/values.yaml b/manifests/jenkins/values.yaml index c2c6c66..9585da5 100644 --- a/manifests/jenkins/values.yaml +++ b/manifests/jenkins/values.yaml @@ -18,8 +18,13 @@ Master: UseSecurity: true AdminUser: admin AdminPassword: admin - Cpu: "200m" - Memory: "512Mi" + resources: + requests: + cpu: "50m" + memory: "256Mi" + limits: + cpu: "2000m" + memory: "2048Mi" # Environment variables that get added to the init container (useful for e.g. http_proxy) # InitContainerEnv: # - name: http_proxy @@ -31,6 +36,10 @@ Master: # JavaOpts: "-Xms512m -Xmx512m" # JenkinsOpts: "" # JenkinsUriPrefix: "/jenkins" + + # Enable pod security context (must be `true` if RunAsUser or FsGroup are set) + # UsePodSecurityContext: true + # Set RunAsUser to 1000 to let Jenkins run as non-root user 'jenkins' which exists in 'jenkins/jenkins' docker image. # When setting RunAsUser to a different value than 0 also set FsGroup to the same value: # RunAsUser: @@ -47,9 +56,10 @@ Master: # NodePort: Date: Thu, 19 Jul 2018 23:39:29 +0800 Subject: [PATCH 2/9] =?UTF-8?q?=E8=B0=83=E6=95=B4=E9=99=84=E5=8A=A0?= =?UTF-8?q?=E7=BB=84=E4=BB=B6dns=E7=9B=AE=E5=BD=95=E7=BB=93=E6=9E=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/cluster-addon/tasks/main.yml | 4 ++-- roles/cluster-addon/templates/{ => dns}/coredns.yaml.j2 | 0 roles/cluster-addon/templates/{ => dns}/kubedns.yaml.j2 | 0 3 files changed, 2 insertions(+), 2 deletions(-) rename roles/cluster-addon/templates/{ => dns}/coredns.yaml.j2 (100%) rename roles/cluster-addon/templates/{ => dns}/kubedns.yaml.j2 (100%) diff --git a/roles/cluster-addon/tasks/main.yml b/roles/cluster-addon/tasks/main.yml index 94d433c..cfee385 100644 --- a/roles/cluster-addon/tasks/main.yml +++ b/roles/cluster-addon/tasks/main.yml @@ -1,12 +1,12 @@ #-------------kube-dns 插件参数初始化 # kubedns.yaml文件中部分参数根据hosts文件设置而定,因此需要用template模块替换参数 - name: 准备 kubedns的部署文件 kubedns.yaml - template: src=kubedns.yaml.j2 dest={{ base_dir }}/manifests/kubedns/kubedns.yaml + template: src=dns/kubedns.yaml.j2 dest={{ base_dir }}/manifests/kubedns/kubedns.yaml when: "hostvars[inventory_hostname]['group_names'].count('deploy') == 1" # coredns.yaml文件中部分参数根据hosts文件设置而定,因此需要用template模块替换参数 - name: 准备 coredns的部署文件 coredns.yaml - template: src=coredns.yaml.j2 dest={{ base_dir }}/manifests/coredns/coredns.yaml + template: src=dns/coredns.yaml.j2 dest={{ base_dir }}/manifests/coredns/coredns.yaml when: "hostvars[inventory_hostname]['group_names'].count('deploy') == 1" - name: 获取所有已经创建的POD信息 diff --git a/roles/cluster-addon/templates/coredns.yaml.j2 b/roles/cluster-addon/templates/dns/coredns.yaml.j2 similarity index 100% rename from roles/cluster-addon/templates/coredns.yaml.j2 rename to roles/cluster-addon/templates/dns/coredns.yaml.j2 diff --git a/roles/cluster-addon/templates/kubedns.yaml.j2 b/roles/cluster-addon/templates/dns/kubedns.yaml.j2 similarity index 100% rename from roles/cluster-addon/templates/kubedns.yaml.j2 rename to roles/cluster-addon/templates/dns/kubedns.yaml.j2 From 2fa3805244be4689386ce5a29a6514d7348b7f1e Mon Sep 17 00:00:00 2001 From: lusyoe Date: Fri, 20 Jul 2018 10:26:27 +0800 Subject: [PATCH 3/9] =?UTF-8?q?nfs=E5=AD=98=E5=82=A8=E9=87=8D=E6=9E=84,?= =?UTF-8?q?=E8=B0=83=E6=95=B4=E7=9B=AE=E5=BD=95=E7=BB=93=E6=9E=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../nfs-dynamic-storageclass.yaml | 6 ------ .../test/test-claim.yaml | 2 +- .../test/test-pod.yaml | 0 .../test/test.yaml | 2 +- roles/cluster-addon/defaults/main.yml | 4 ++++ roles/cluster-addon/tasks/main.yml | 18 ++++++++++++++++++ .../storage/dynamic-storageclass.yaml.j2 | 5 +++++ .../storage/nfs/nfs-client-provisioner.yaml.j2 | 12 +++++------- 8 files changed, 34 insertions(+), 15 deletions(-) delete mode 100644 manifests/nfs-provisioner/nfs-dynamic-storageclass.yaml rename manifests/{nfs-provisioner => storage}/test/test-claim.yaml (80%) rename manifests/{nfs-provisioner => storage}/test/test-pod.yaml (100%) rename manifests/{nfs-provisioner => storage}/test/test.yaml (93%) create mode 100644 roles/cluster-addon/templates/storage/dynamic-storageclass.yaml.j2 rename manifests/nfs-provisioner/nfs-client-provisioner.yaml => roles/cluster-addon/templates/storage/nfs/nfs-client-provisioner.yaml.j2 (91%) diff --git a/manifests/nfs-provisioner/nfs-dynamic-storageclass.yaml b/manifests/nfs-provisioner/nfs-dynamic-storageclass.yaml deleted file mode 100644 index bc505d5..0000000 --- a/manifests/nfs-provisioner/nfs-dynamic-storageclass.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: nfs-dynamic-class -#此处引用nfs-client-provisioner里面的 nfs-prov-1 -provisioner: nfs-prov-1 diff --git a/manifests/nfs-provisioner/test/test-claim.yaml b/manifests/storage/test/test-claim.yaml similarity index 80% rename from manifests/nfs-provisioner/test/test-claim.yaml rename to manifests/storage/test/test-claim.yaml index 1956623..92d6344 100644 --- a/manifests/nfs-provisioner/test/test-claim.yaml +++ b/manifests/storage/test/test-claim.yaml @@ -3,7 +3,7 @@ apiVersion: v1 metadata: name: test-claim spec: - storageClassName: nfs-dynamic-class + storageClassName: alicloud-nas accessModes: - ReadWriteMany resources: diff --git a/manifests/nfs-provisioner/test/test-pod.yaml b/manifests/storage/test/test-pod.yaml similarity index 100% rename from manifests/nfs-provisioner/test/test-pod.yaml rename to manifests/storage/test/test-pod.yaml diff --git a/manifests/nfs-provisioner/test/test.yaml b/manifests/storage/test/test.yaml similarity index 93% rename from manifests/nfs-provisioner/test/test.yaml rename to manifests/storage/test/test.yaml index 04eeeb9..a78ef2e 100644 --- a/manifests/nfs-provisioner/test/test.yaml +++ b/manifests/storage/test/test.yaml @@ -3,7 +3,7 @@ apiVersion: v1 metadata: name: test spec: - storageClassName: nfs-dynamic-class + storageClassName: alicloud-nas accessModes: - ReadWriteMany resources: diff --git a/roles/cluster-addon/defaults/main.yml b/roles/cluster-addon/defaults/main.yml index a8ffe85..6aa34d0 100644 --- a/roles/cluster-addon/defaults/main.yml +++ b/roles/cluster-addon/defaults/main.yml @@ -26,3 +26,7 @@ heapster_offline: "heapster_v1.5.1.tar" # prometheus 自动安装 #prometheus_install: "no" + +# nfs 动态存储自动安装 +nfsclient_install: "no" +storage_install: "no" diff --git a/roles/cluster-addon/tasks/main.yml b/roles/cluster-addon/tasks/main.yml index cfee385..9e909b5 100644 --- a/roles/cluster-addon/tasks/main.yml +++ b/roles/cluster-addon/tasks/main.yml @@ -79,3 +79,21 @@ when: '"heapster" not in pod_info.stdout and heapster_install == "yes"' ignore_errors: true +- block: + - name: 准备部署nfs-client动态存储 + template: + src: storage/nfs/nfs-client-provisioner.yaml.j2 + dest: "{{ base_dir }}/manifests/storage/nfs/nfs-client-provisioner.yaml" + - name: 开始部署nfs-client动态存储 + shell: "{{ bin_dir }}/kubectl apply -f {{ base_dir }}/manifests/storage/nfs/nfs-client-provisioner.yaml" + when: 'nfsclient_install == "yes"' + +- block: + - name: 准备部署动态存储类 + template: + src: storage/dynamic-storageclass.yaml.j2 + dest: "{{ base_dir }}/manifests/storage/dynamic-storageclass.yaml" + - name: 开始部署动态存储类 + shell: "{{ bin_dir }}/kubectl apply -f {{ base_dir }}/manifests/storage/dynamic-storageclass.yaml" + when: 'storage_install == "yes"' + diff --git a/roles/cluster-addon/templates/storage/dynamic-storageclass.yaml.j2 b/roles/cluster-addon/templates/storage/dynamic-storageclass.yaml.j2 new file mode 100644 index 0000000..e7ad14d --- /dev/null +++ b/roles/cluster-addon/templates/storage/dynamic-storageclass.yaml.j2 @@ -0,0 +1,5 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: {{ STORAGE_CLASS_NAME }} +provisioner: prov diff --git a/manifests/nfs-provisioner/nfs-client-provisioner.yaml b/roles/cluster-addon/templates/storage/nfs/nfs-client-provisioner.yaml.j2 similarity index 91% rename from manifests/nfs-provisioner/nfs-client-provisioner.yaml rename to roles/cluster-addon/templates/storage/nfs/nfs-client-provisioner.yaml.j2 index b74bad0..ac8877f 100644 --- a/manifests/nfs-provisioner/nfs-client-provisioner.yaml +++ b/roles/cluster-addon/templates/storage/nfs/nfs-client-provisioner.yaml.j2 @@ -67,15 +67,13 @@ spec: env: - name: PROVISIONER_NAME # 此处供应者名字供storageclass调用 - value: nfs-prov-1 + value: prov - name: NFS_SERVER - value: 10.1.241.230 + value: {{ STORAGE_SERVER }} - name: NFS_PATH - value: /home/share/k8s-pv + value: {{ STORAGE_PATH }} volumes: - name: nfs-client-root nfs: - server: 10.1.241.230 - path: /home/share/k8s-pv - ---- + server: {{ STORAGE_SERVER }} + path: {{ STORAGE_PATH }} From 09794870a32783fe07893a3e3ca3c5cd6a631594 Mon Sep 17 00:00:00 2001 From: lusyoe Date: Fri, 20 Jul 2018 10:28:59 +0800 Subject: [PATCH 4/9] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E5=AD=98=E5=82=A8?= =?UTF-8?q?=E5=8F=98=E9=87=8F=E7=A4=BA=E4=BE=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- example/hosts.allinone.example | 5 +++++ example/hosts.m-masters.example | 5 +++++ example/hosts.s-master.example | 5 +++++ 3 files changed, 15 insertions(+) diff --git a/example/hosts.allinone.example b/example/hosts.allinone.example index b6b45fb..93ab5e7 100644 --- a/example/hosts.allinone.example +++ b/example/hosts.allinone.example @@ -81,3 +81,8 @@ base_dir="/etc/ansible" #私有仓库 harbor服务器 (域名或者IP) #HARBOR_IP="192.168.1.8" #HARBOR_DOMAIN="harbor.yourdomain.com" + +#部署动态存储 +#STORAGE_SERVER="192.168.1.1" +#STORAGE_PATH="/data/nfs" +#STORAGE_CLASS_NAME="nfs-dynamic-class" diff --git a/example/hosts.m-masters.example b/example/hosts.m-masters.example index b4be42e..6828125 100644 --- a/example/hosts.m-masters.example +++ b/example/hosts.m-masters.example @@ -95,3 +95,8 @@ base_dir="/etc/ansible" #私有仓库 harbor服务器 (域名或者IP) #HARBOR_IP="192.168.1.8" #HARBOR_DOMAIN="harbor.yourdomain.com" + +#部署动态存储 +#STORAGE_SERVER="192.168.1.1" +#STORAGE_PATH="/data/nfs" +#STORAGE_CLASS_NAME="nfs-dynamic-class" diff --git a/example/hosts.s-master.example b/example/hosts.s-master.example index 3967d65..cfabd8a 100644 --- a/example/hosts.s-master.example +++ b/example/hosts.s-master.example @@ -82,3 +82,8 @@ base_dir="/etc/ansible" #私有仓库 harbor服务器 (域名或者IP) #HARBOR_IP="192.168.1.8" #HARBOR_DOMAIN="harbor.yourdomain.com" + +#部署动态存储 +#STORAGE_SERVER="192.168.1.1" +#STORAGE_PATH="/data/nfs" +#STORAGE_CLASS_NAME="nfs-dynamic-class" From 5a7d610a297a2868ee2c847cb68490b0d6c29689 Mon Sep 17 00:00:00 2001 From: lusyoe Date: Fri, 20 Jul 2018 10:55:03 +0800 Subject: [PATCH 5/9] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E9=98=BF=E9=87=8C?= =?UTF-8?q?=E4=BA=91NAS=E5=AD=98=E5=82=A8=E6=94=AF=E6=8C=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../storage/alicloud-nas/alicloud-disk.yaml | 99 +++++++++++++++++++ roles/cluster-addon/defaults/main.yml | 3 +- roles/cluster-addon/tasks/main.yml | 11 +++ .../storage/alicloud-nas/alicloud-nas.yaml.j2 | 58 +++++++++++ 4 files changed, 170 insertions(+), 1 deletion(-) create mode 100644 manifests/storage/alicloud-nas/alicloud-disk.yaml create mode 100644 roles/cluster-addon/templates/storage/alicloud-nas/alicloud-nas.yaml.j2 diff --git a/manifests/storage/alicloud-nas/alicloud-disk.yaml b/manifests/storage/alicloud-nas/alicloud-disk.yaml new file mode 100644 index 0000000..42a9b3d --- /dev/null +++ b/manifests/storage/alicloud-nas/alicloud-disk.yaml @@ -0,0 +1,99 @@ +kind: StorageClass +apiVersion: storage.k8s.io/v1beta1 +metadata: + name: alicloud-disk-common +provisioner: alicloud/disk +parameters: + type: cloud +--- +kind: StorageClass +apiVersion: storage.k8s.io/v1beta1 +metadata: + name: alicloud-disk-efficiency +provisioner: alicloud/disk +parameters: + type: cloud_efficiency +--- +kind: StorageClass +apiVersion: storage.k8s.io/v1beta1 +metadata: + name: alicloud-disk-ssd +provisioner: alicloud/disk +parameters: + type: cloud_ssd +--- +kind: StorageClass +apiVersion: storage.k8s.io/v1beta1 +metadata: + name: alicloud-disk-available +provisioner: alicloud/disk +parameters: + type: available +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: alicloud-disk-controller-runner +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: alicloud-disk-controller + namespace: kube-system +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: run-alicloud-disk-controller +subjects: + - kind: ServiceAccount + name: alicloud-disk-controller + namespace: kube-system +roleRef: + kind: ClusterRole + name: alicloud-disk-controller-runner + apiGroup: rbac.authorization.k8s.io +--- +kind: Deployment +apiVersion: extensions/v1beta1 +metadata: + name: alicloud-disk-controller + namespace: kube-system +spec: + replicas: 1 + strategy: + type: Recreate + template: + metadata: + labels: + app: alicloud-disk-controller + spec: + serviceAccount: alicloud-disk-controller + containers: + - name: alicloud-disk-controller + image: registry.cn-hangzhou.aliyuncs.com/acs/alicloud-disk-controller:v1.9.3-ed710ce + volumeMounts: + - name: cloud-config + mountPath: /etc/kubernetes/ + - name: logdir + mountPath: /var/log/alicloud/ + volumes: + - name: cloud-config + hostPath: + path: /etc/kubernetes/ + - name: logdir + hostPath: + path: /var/log/alicloud/ diff --git a/roles/cluster-addon/defaults/main.yml b/roles/cluster-addon/defaults/main.yml index 6aa34d0..e34ab75 100644 --- a/roles/cluster-addon/defaults/main.yml +++ b/roles/cluster-addon/defaults/main.yml @@ -27,6 +27,7 @@ heapster_offline: "heapster_v1.5.1.tar" # prometheus 自动安装 #prometheus_install: "no" -# nfs 动态存储自动安装 +# 动态存储自动安装 nfsclient_install: "no" +alicloudnas_install: "no" storage_install: "no" diff --git a/roles/cluster-addon/tasks/main.yml b/roles/cluster-addon/tasks/main.yml index 9e909b5..022b2d4 100644 --- a/roles/cluster-addon/tasks/main.yml +++ b/roles/cluster-addon/tasks/main.yml @@ -88,6 +88,17 @@ shell: "{{ bin_dir }}/kubectl apply -f {{ base_dir }}/manifests/storage/nfs/nfs-client-provisioner.yaml" when: 'nfsclient_install == "yes"' +- block: + - name: 准备部署alicloud-nas动态存储 + template: + src: storage/alicloud-nas/alicloud-nas.yaml.j2 + dest: "{{ base_dir }}/manifests/storage/alicloud-nas/alicloud-nas.yaml" + - name: 开始部署alicloud-disk存储 + shell: "{{ bin_dir }}/kubectl apply -f {{ base_dir }}/manifests/storage/alicloud-nas/alicloud-disk.yaml" + - name: 开始部署alicloud-nas动态存储 + shell: "{{ bin_dir }}/kubectl apply -f {{ base_dir }}/manifests/storage/alicloud-nas/alicloud-nas.yaml" + when: 'alicloudnas_install == "yes"' + - block: - name: 准备部署动态存储类 template: diff --git a/roles/cluster-addon/templates/storage/alicloud-nas/alicloud-nas.yaml.j2 b/roles/cluster-addon/templates/storage/alicloud-nas/alicloud-nas.yaml.j2 new file mode 100644 index 0000000..5dece7c --- /dev/null +++ b/roles/cluster-addon/templates/storage/alicloud-nas/alicloud-nas.yaml.j2 @@ -0,0 +1,58 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: alicloud-nas +provisioner: alicloud/nas +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: alicloud-nas-controller + namespace: kube-system +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: run-alicloud-nas-controller +subjects: + - kind: ServiceAccount + name: alicloud-nas-controller + namespace: kube-system +roleRef: + kind: ClusterRole + name: alicloud-disk-controller-runner + apiGroup: rbac.authorization.k8s.io +--- +kind: Deployment +apiVersion: apps/v1beta1 +metadata: + name: alicloud-nas-controller + namespace: kube-system +spec: + replicas: 1 + strategy: + type: Recreate + template: + metadata: + labels: + app: alicloud-nas-controller + spec: + serviceAccount: alicloud-nas-controller + containers: + - name: alicloud-nas-controller + image: registry.cn-hangzhou.aliyuncs.com/acs/alicloud-nas-controller:v1.8.4 + volumeMounts: + - mountPath: /persistentvolumes + name: nfs-client-root + env: + - name: PROVISIONER_NAME + value: alicloud/nas + - name: NFS_SERVER + value: {{ STORAGE_SERVER }} + - name: NFS_PATH + value: {{ STORAGE_PATH }} + volumes: + - name: nfs-client-root + nfs: + server: {{ STORAGE_SERVER }} + path: {{ STORAGE_PATH }} From 4750465c8165a6e2e6804ce3f57d060cbec8563b Mon Sep 17 00:00:00 2001 From: lusyoe Date: Wed, 25 Jul 2018 18:25:38 +0800 Subject: [PATCH 6/9] =?UTF-8?q?=E6=B7=BB=E5=8A=A0cluster-storage=20roles?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- 08.cluster-storage.yml | 5 ++++ roles/cluster-addon/defaults/main.yml | 5 ---- roles/cluster-addon/tasks/main.yml | 29 ------------------- roles/cluster-storage/cluster-storage.yml | 8 +++++ roles/cluster-storage/defaults/main.yml | 5 ++++ roles/cluster-storage/tasks/main.yml | 27 +++++++++++++++++ .../alicloud-nas/alicloud-nas.yaml.j2 | 8 ++--- .../templates}/dynamic-storageclass.yaml.j2 | 2 +- .../nfs/nfs-client-provisioner.yaml.j2 | 8 ++--- 9 files changed, 54 insertions(+), 43 deletions(-) create mode 100644 08.cluster-storage.yml create mode 100644 roles/cluster-storage/cluster-storage.yml create mode 100644 roles/cluster-storage/defaults/main.yml create mode 100644 roles/cluster-storage/tasks/main.yml rename roles/{cluster-addon/templates/storage => cluster-storage/templates}/alicloud-nas/alicloud-nas.yaml.j2 (88%) rename roles/{cluster-addon/templates/storage => cluster-storage/templates}/dynamic-storageclass.yaml.j2 (69%) rename roles/{cluster-addon/templates/storage => cluster-storage/templates}/nfs/nfs-client-provisioner.yaml.j2 (92%) diff --git a/08.cluster-storage.yml b/08.cluster-storage.yml new file mode 100644 index 0000000..f88ff12 --- /dev/null +++ b/08.cluster-storage.yml @@ -0,0 +1,5 @@ +- hosts: + - deploy + - kube-node + roles: + - cluster-storage diff --git a/roles/cluster-addon/defaults/main.yml b/roles/cluster-addon/defaults/main.yml index e34ab75..a8ffe85 100644 --- a/roles/cluster-addon/defaults/main.yml +++ b/roles/cluster-addon/defaults/main.yml @@ -26,8 +26,3 @@ heapster_offline: "heapster_v1.5.1.tar" # prometheus 自动安装 #prometheus_install: "no" - -# 动态存储自动安装 -nfsclient_install: "no" -alicloudnas_install: "no" -storage_install: "no" diff --git a/roles/cluster-addon/tasks/main.yml b/roles/cluster-addon/tasks/main.yml index 022b2d4..cfee385 100644 --- a/roles/cluster-addon/tasks/main.yml +++ b/roles/cluster-addon/tasks/main.yml @@ -79,32 +79,3 @@ when: '"heapster" not in pod_info.stdout and heapster_install == "yes"' ignore_errors: true -- block: - - name: 准备部署nfs-client动态存储 - template: - src: storage/nfs/nfs-client-provisioner.yaml.j2 - dest: "{{ base_dir }}/manifests/storage/nfs/nfs-client-provisioner.yaml" - - name: 开始部署nfs-client动态存储 - shell: "{{ bin_dir }}/kubectl apply -f {{ base_dir }}/manifests/storage/nfs/nfs-client-provisioner.yaml" - when: 'nfsclient_install == "yes"' - -- block: - - name: 准备部署alicloud-nas动态存储 - template: - src: storage/alicloud-nas/alicloud-nas.yaml.j2 - dest: "{{ base_dir }}/manifests/storage/alicloud-nas/alicloud-nas.yaml" - - name: 开始部署alicloud-disk存储 - shell: "{{ bin_dir }}/kubectl apply -f {{ base_dir }}/manifests/storage/alicloud-nas/alicloud-disk.yaml" - - name: 开始部署alicloud-nas动态存储 - shell: "{{ bin_dir }}/kubectl apply -f {{ base_dir }}/manifests/storage/alicloud-nas/alicloud-nas.yaml" - when: 'alicloudnas_install == "yes"' - -- block: - - name: 准备部署动态存储类 - template: - src: storage/dynamic-storageclass.yaml.j2 - dest: "{{ base_dir }}/manifests/storage/dynamic-storageclass.yaml" - - name: 开始部署动态存储类 - shell: "{{ bin_dir }}/kubectl apply -f {{ base_dir }}/manifests/storage/dynamic-storageclass.yaml" - when: 'storage_install == "yes"' - diff --git a/roles/cluster-storage/cluster-storage.yml b/roles/cluster-storage/cluster-storage.yml new file mode 100644 index 0000000..e0b6d2b --- /dev/null +++ b/roles/cluster-storage/cluster-storage.yml @@ -0,0 +1,8 @@ +hosts: deploy + roles: + - cluster-storage + vars: + storage_type: nfs + storage_server: 172.16.3.86 + storage_path: /data/nfs + storage_class_name: nfs-dynamic-class diff --git a/roles/cluster-storage/defaults/main.yml b/roles/cluster-storage/defaults/main.yml new file mode 100644 index 0000000..86fbe2d --- /dev/null +++ b/roles/cluster-storage/defaults/main.yml @@ -0,0 +1,5 @@ +# 动态存储类型, 目前支持nfs和alicloud-nas +storage_type: nfs +storage_server: 172.16.3.86 +storage_path: /data/nfs +storage_class_name: nfs-dynamic-class diff --git a/roles/cluster-storage/tasks/main.yml b/roles/cluster-storage/tasks/main.yml new file mode 100644 index 0000000..73d6975 --- /dev/null +++ b/roles/cluster-storage/tasks/main.yml @@ -0,0 +1,27 @@ +- block: + - name: 准备部署nfs-client动态存储 + template: + src: nfs/nfs-client-provisioner.yaml.j2 + dest: "{{ base_dir }}/manifests/storage/nfs/nfs-client-provisioner.yaml" + - name: 开始部署nfs-client动态存储 + shell: "{{ bin_dir }}/kubectl apply -f {{ base_dir }}/manifests/storage/nfs/nfs-client-provisioner.yaml" + when: 'storage_type == "nfs"' + +- block: + - name: 准备部署alicloud-nas动态存储 + template: + src: alicloud-nas/alicloud-nas.yaml.j2 + dest: "{{ base_dir }}/manifests/storage/alicloud-nas/alicloud-nas.yaml" + - name: 开始部署alicloud-disk存储 + shell: "{{ bin_dir }}/kubectl apply -f {{ base_dir }}/manifests/storage/alicloud-nas/alicloud-disk.yaml" + - name: 开始部署alicloud-nas动态存储 + shell: "{{ bin_dir }}/kubectl apply -f {{ base_dir }}/manifests/storage/alicloud-nas/alicloud-nas.yaml" + when: 'storage_type == "alicloud-nas"' + +- block: + - name: 准备部署动态存储类 + template: + src: dynamic-storageclass.yaml.j2 + dest: "{{ base_dir }}/manifests/storage/dynamic-storageclass.yaml" + - name: 开始部署动态存储类 + shell: "{{ bin_dir }}/kubectl apply -f {{ base_dir }}/manifests/storage/dynamic-storageclass.yaml" diff --git a/roles/cluster-addon/templates/storage/alicloud-nas/alicloud-nas.yaml.j2 b/roles/cluster-storage/templates/alicloud-nas/alicloud-nas.yaml.j2 similarity index 88% rename from roles/cluster-addon/templates/storage/alicloud-nas/alicloud-nas.yaml.j2 rename to roles/cluster-storage/templates/alicloud-nas/alicloud-nas.yaml.j2 index 5dece7c..ea2d5e4 100644 --- a/roles/cluster-addon/templates/storage/alicloud-nas/alicloud-nas.yaml.j2 +++ b/roles/cluster-storage/templates/alicloud-nas/alicloud-nas.yaml.j2 @@ -48,11 +48,11 @@ spec: - name: PROVISIONER_NAME value: alicloud/nas - name: NFS_SERVER - value: {{ STORAGE_SERVER }} + value: {{ storage_server }} - name: NFS_PATH - value: {{ STORAGE_PATH }} + value: {{ storage_path }} volumes: - name: nfs-client-root nfs: - server: {{ STORAGE_SERVER }} - path: {{ STORAGE_PATH }} + server: {{ storage_server }} + path: {{ storage_path }} diff --git a/roles/cluster-addon/templates/storage/dynamic-storageclass.yaml.j2 b/roles/cluster-storage/templates/dynamic-storageclass.yaml.j2 similarity index 69% rename from roles/cluster-addon/templates/storage/dynamic-storageclass.yaml.j2 rename to roles/cluster-storage/templates/dynamic-storageclass.yaml.j2 index e7ad14d..a8a21cd 100644 --- a/roles/cluster-addon/templates/storage/dynamic-storageclass.yaml.j2 +++ b/roles/cluster-storage/templates/dynamic-storageclass.yaml.j2 @@ -1,5 +1,5 @@ apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: - name: {{ STORAGE_CLASS_NAME }} + name: {{ storage_class_name }} provisioner: prov diff --git a/roles/cluster-addon/templates/storage/nfs/nfs-client-provisioner.yaml.j2 b/roles/cluster-storage/templates/nfs/nfs-client-provisioner.yaml.j2 similarity index 92% rename from roles/cluster-addon/templates/storage/nfs/nfs-client-provisioner.yaml.j2 rename to roles/cluster-storage/templates/nfs/nfs-client-provisioner.yaml.j2 index ac8877f..cd3351d 100644 --- a/roles/cluster-addon/templates/storage/nfs/nfs-client-provisioner.yaml.j2 +++ b/roles/cluster-storage/templates/nfs/nfs-client-provisioner.yaml.j2 @@ -69,11 +69,11 @@ spec: # 此处供应者名字供storageclass调用 value: prov - name: NFS_SERVER - value: {{ STORAGE_SERVER }} + value: {{ storage_server }} - name: NFS_PATH - value: {{ STORAGE_PATH }} + value: {{ storage_path }} volumes: - name: nfs-client-root nfs: - server: {{ STORAGE_SERVER }} - path: {{ STORAGE_PATH }} + server: {{ storage_server }} + path: {{ storage_path }} From c53b41155af55e8f99f786c360666de3b2d1d472 Mon Sep 17 00:00:00 2001 From: lusyoe Date: Wed, 25 Jul 2018 18:33:37 +0800 Subject: [PATCH 7/9] =?UTF-8?q?=E7=A7=BB=E9=99=A408.cluster-storage.yml?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- 08.cluster-storage.yml | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 08.cluster-storage.yml diff --git a/08.cluster-storage.yml b/08.cluster-storage.yml deleted file mode 100644 index f88ff12..0000000 --- a/08.cluster-storage.yml +++ /dev/null @@ -1,5 +0,0 @@ -- hosts: - - deploy - - kube-node - roles: - - cluster-storage From 3876c904a648f6a3a20ad70cf8a61b033aa8f655 Mon Sep 17 00:00:00 2001 From: lusyoe Date: Wed, 25 Jul 2018 18:41:43 +0800 Subject: [PATCH 8/9] =?UTF-8?q?=E4=BF=AE=E6=94=B9storage=20yml=E8=AF=AD?= =?UTF-8?q?=E6=B3=95=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/cluster-storage/cluster-storage.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/cluster-storage/cluster-storage.yml b/roles/cluster-storage/cluster-storage.yml index e0b6d2b..72378b3 100644 --- a/roles/cluster-storage/cluster-storage.yml +++ b/roles/cluster-storage/cluster-storage.yml @@ -1,4 +1,4 @@ -hosts: deploy +- hosts: deploy roles: - cluster-storage vars: From 88a150e69bbba8462b777c73c4f5f774df1ce18a Mon Sep 17 00:00:00 2001 From: lusyoe Date: Wed, 25 Jul 2018 18:45:46 +0800 Subject: [PATCH 9/9] =?UTF-8?q?=E7=A7=BB=E9=99=A4=E7=A4=BA=E4=BE=8B?= =?UTF-8?q?=E4=B8=AD=E7=9A=84storage=E5=8F=98=E9=87=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- example/hosts.allinone.example | 5 ----- example/hosts.m-masters.example | 5 ----- example/hosts.s-master.example | 5 ----- 3 files changed, 15 deletions(-) diff --git a/example/hosts.allinone.example b/example/hosts.allinone.example index 93ab5e7..b6b45fb 100644 --- a/example/hosts.allinone.example +++ b/example/hosts.allinone.example @@ -81,8 +81,3 @@ base_dir="/etc/ansible" #私有仓库 harbor服务器 (域名或者IP) #HARBOR_IP="192.168.1.8" #HARBOR_DOMAIN="harbor.yourdomain.com" - -#部署动态存储 -#STORAGE_SERVER="192.168.1.1" -#STORAGE_PATH="/data/nfs" -#STORAGE_CLASS_NAME="nfs-dynamic-class" diff --git a/example/hosts.m-masters.example b/example/hosts.m-masters.example index 6828125..b4be42e 100644 --- a/example/hosts.m-masters.example +++ b/example/hosts.m-masters.example @@ -95,8 +95,3 @@ base_dir="/etc/ansible" #私有仓库 harbor服务器 (域名或者IP) #HARBOR_IP="192.168.1.8" #HARBOR_DOMAIN="harbor.yourdomain.com" - -#部署动态存储 -#STORAGE_SERVER="192.168.1.1" -#STORAGE_PATH="/data/nfs" -#STORAGE_CLASS_NAME="nfs-dynamic-class" diff --git a/example/hosts.s-master.example b/example/hosts.s-master.example index cfabd8a..3967d65 100644 --- a/example/hosts.s-master.example +++ b/example/hosts.s-master.example @@ -82,8 +82,3 @@ base_dir="/etc/ansible" #私有仓库 harbor服务器 (域名或者IP) #HARBOR_IP="192.168.1.8" #HARBOR_DOMAIN="harbor.yourdomain.com" - -#部署动态存储 -#STORAGE_SERVER="192.168.1.1" -#STORAGE_PATH="/data/nfs" -#STORAGE_CLASS_NAME="nfs-dynamic-class"