easzlab
/
kubeasz
mirror of https://github.com/easzlab/kubeasz.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
kubeasz/roles/calico/tasks/main.yml

118 lines
4.1 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

- block:
- name: 在deploy 节点创建相关目录
file: name={{ item }} state=directory
with_items:
- /etc/calico/ssl
- /opt/kube/kube-system/calico
- name: 创建calico 证书请求
template: src=calico-csr.json.j2 dest=/etc/calico/ssl/calico-csr.json
- name: 创建 calico证书和私钥
shell: "cd /etc/calico/ssl && {{ bin_dir }}/cfssl gencert \
-ca={{ ca_dir }}/ca.pem \
-ca-key={{ ca_dir }}/ca-key.pem \
-config={{ ca_dir }}/ca-config.json \
-profile=kubernetes calico-csr.json | {{ bin_dir }}/cfssljson -bare calico"
- name: get calico-etcd-secrets info
shell: "{{ bin_dir }}/kubectl get secrets -n kube-system"
register: secrets_info
- name: 创建 calico-etcd-secrets
shell: "cd /etc/calico/ssl && \
{{ bin_dir }}/kubectl create secret generic -n kube-system calico-etcd-secrets \
--from-file=etcd-ca={{ ca_dir }}/ca.pem \
--from-file=etcd-key=calico-key.pem \
--from-file=etcd-cert=calico.pem"
when: '"calico-etcd-secrets" not in secrets_info.stdout'
- name: 配置 calico DaemonSet yaml文件
template: src=calico-{{ calico_ver_main }}.yaml.j2 dest=/opt/kube/kube-system/calico/calico.yaml
delegate_to: "{{ groups.deploy[0] }}"
run_once: true
- name: node 节点创建calico 相关目录
file: name={{ item }} state=directory
with_items:
- /etc/calico/ssl
- /etc/cni/net.d
- /opt/kube/images
# 【可选】推送离线docker 镜像,可以忽略执行错误
- block:
- name: 检查是否已下载离线calico镜像
command: "ls {{ base_dir }}/down"
register: download_info
connection: local
run_once: true
- name: 尝试推送离线docker 镜像(若执行失败,可忽略)
copy: src={{ base_dir }}/down/{{ item }} dest=/opt/kube/images/{{ item }}
when: 'item in download_info.stdout'
with_items:
- "pause_3.1.tar"
- "{{ calico_offline }}"
ignore_errors: true
- name: 获取calico离线镜像推送情况
command: "ls /opt/kube/images"
register: image_info
# 如果目录下有离线镜像就把它导入到node节点上
- name: 导入 calico的离线镜像若执行失败可忽略
shell: "{{ bin_dir }}/docker load -i /opt/kube/images/{{ item }}"
with_items:
- "pause_3.1.tar"
- "{{ calico_offline }}"
ignore_errors: true
when: "item in image_info.stdout and CONTAINER_RUNTIME == 'docker'"
- name: 导入 calico的离线镜像若执行失败可忽略
shell: "{{ bin_dir }}/ctr -n=k8s.io images import /opt/kube/images/{{ item }}"
with_items:
- "pause_3.1.tar"
- "{{ calico_offline }}"
ignore_errors: true
when: "item in image_info.stdout and CONTAINER_RUNTIME == 'containerd'"
# 只需单节点执行一次
- name: 运行 calico网络
shell: "{{ bin_dir }}/kubectl apply -f /opt/kube/kube-system/calico/ && sleep 5"
delegate_to: "{{ groups.deploy[0] }}"
run_once: true
# 删除原有cni配置
- name: 删除默认cni配置
file: path=/etc/cni/net.d/10-default.conf state=absent
# [可选]cni calico plugins 已经在calico.yaml完成自动安装
- name: 下载calicoctl 客户端
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
with_items:
#- calico
#- calico-ipam
#- loopback
- calicoctl
- name: 分发 calico 证书
synchronize: src=/etc/calico/ssl/{{ item }} dest=/etc/calico/ssl/{{ item }}
with_items:
- calico.pem
- calico-key.pem
delegate_to: "{{ groups.deploy[0] }}"
- name: 准备 calicoctl配置文件
template: src=calicoctl.cfg.j2 dest=/etc/calico/calicoctl.cfg
# 等待网络插件部署成功,视下载镜像速度而定
- name: 轮询等待calico-node 运行,视下载镜像速度而定
shell: "{{ bin_dir }}/kubectl get pod -n kube-system -o wide|grep 'calico-node'|grep ' {{ inventory_hostname }} '|awk '{print $3}'"
register: pod_status
until: pod_status.stdout == "Running"
delegate_to: "{{ groups.deploy[0] }}"
retries: 15
delay: 15
ignore_errors: true
Reference in New Issue View Git Blame Copy Permalink