修改apiserver参数兼容安装 v1.8.x

2018-06-10 12:11:33 +08:00 · 2018-06-10 12:11:33 +08:00 · e072b5359a
parent 32e5a3f6b9
commit e072b5359a
6 changed files with 59 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,7 +1,6 @@
 down/*
 !down/download.sh
 bin/*
-!bin/VERSION.md
 hosts
 *.crt
 *.pem
--- a/example/hosts.allinone.example
+++ b/example/hosts.allinone.example
@ -25,6 +25,9 @@
 #集群部署模式：allinone, single-master, multi-master
 DEPLOY_MODE=allinone

+#集群主版本号，目前支持: v1.8, v1.9, v1.10
+K8S_VER="v1.10"
+
 #集群 MASTER IP
 MASTER_IP="192.168.1.1"
 KUBE_APISERVER="https://{{ MASTER_IP }}:6443"
--- a/example/hosts.m-masters.example
+++ b/example/hosts.m-masters.example
@ -38,6 +38,9 @@
 #集群部署模式：allinone, single-master, multi-master
 DEPLOY_MODE=multi-master

+#集群主版本号，目前支持: v1.8, v1.9, v1.10
+K8S_VER="v1.10"
+
 #集群 MASTER IP即 LB节点VIP地址，为区别与默认apiserver端口，设置VIP监听的服务端口8443
 MASTER_IP="192.168.1.10"
 KUBE_APISERVER="https://{{ MASTER_IP }}:8443"
--- a/example/hosts.s-master.example
+++ b/example/hosts.s-master.example
@ -28,6 +28,9 @@
 #集群部署模式：allinone, single-master, multi-master
 DEPLOY_MODE=single-master

+#集群主版本号，目前支持: v1.8, v1.9, v1.10
+K8S_VER="v1.10"
+
 #集群 MASTER IP
 MASTER_IP="192.168.1.1"
 KUBE_APISERVER="https://{{ MASTER_IP }}:6443"
--- a/roles/kube-master/tasks/main.yml
+++ b/roles/kube-master/tasks/main.yml
@ -34,6 +34,12 @@
  template: src=kube-apiserver.service.j2 dest=/etc/systemd/system/kube-apiserver.service
  tags: upgrade_k8s, restart_master

+# 为兼容之前的模式，需特别对v1.8版本重新配置kube-apiserver的systemd unit文件
+- name: 创建kube-apiserver v1.8的systemd unit文件
+  template: src=kube-apiserver-{{ K8S_VER }}.service.j2 dest=/etc/systemd/system/kube-apiserver.service
+  tags: upgrade_k8s, restart_master
+  when: "K8S_VER is defined and K8S_VER == 'v1.8'"
+
 - name: 创建kube-controller-manager的systemd unit文件
  template: src=kube-controller-manager.service.j2 dest=/etc/systemd/system/kube-controller-manager.service
  tags: upgrade_k8s, restart_master
--- a/roles/kube-master/templates/kube-apiserver-v1.8.service.j2
+++ b/roles/kube-master/templates/kube-apiserver-v1.8.service.j2
@ -0,0 +1,44 @@
+[Unit]
+Description=Kubernetes API Server
+Documentation=https://github.com/GoogleCloudPlatform/kubernetes
+After=network.target
+
+[Service]
+ExecStart={{ bin_dir }}/kube-apiserver \
+  --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,NodeRestriction \
+  --bind-address={{ inventory_hostname }} \
+  --insecure-bind-address=127.0.0.1 \
+  --authorization-mode=Node,RBAC \
+  --kubelet-https=true \
+  --kubelet-client-certificate={{ ca_dir }}/kubernetes.pem \
+  --kubelet-client-key={{ ca_dir }}/kubernetes-key.pem \
+  --anonymous-auth=false \
+  --basic-auth-file={{ ca_dir }}/basic-auth.csv \
+  --enable-bootstrap-token-auth \
+  --token-auth-file={{ ca_dir }}/token.csv \
+  --service-cluster-ip-range={{ SERVICE_CIDR }} \
+  --service-node-port-range={{ NODE_PORT_RANGE }} \
+  --tls-cert-file={{ ca_dir }}/kubernetes.pem \
+  --tls-private-key-file={{ ca_dir }}/kubernetes-key.pem \
+  --client-ca-file={{ ca_dir }}/ca.pem \
+  --service-account-key-file={{ ca_dir }}/ca-key.pem \
+  --etcd-cafile={{ ca_dir }}/ca.pem \
+  --etcd-certfile={{ ca_dir }}/kubernetes.pem \
+  --etcd-keyfile={{ ca_dir }}/kubernetes-key.pem \
+  --etcd-servers={{ ETCD_ENDPOINTS }} \
+  --enable-swagger-ui=true \
+  --apiserver-count=3 \
+  --allow-privileged=true \
+  --audit-log-maxage=30 \
+  --audit-log-maxbackup=3 \
+  --audit-log-maxsize=100 \
+  --audit-log-path=/var/lib/audit.log \
+  --event-ttl=1h \
+  --v=2
+Restart=on-failure
+RestartSec=5
+Type=notify
+LimitNOFILE=65536
+
+[Install]
+WantedBy=multi-user.target