mirror of https://github.com/easzlab/kubeasz.git
135 lines
4.0 KiB
YAML
135 lines
4.0 KiB
YAML
# 重置k8s pod网络脚本,使用请仔细阅读 docs/op/change_k8s_network.md
|
||
- hosts:
|
||
- kube-master
|
||
- new-master
|
||
- kube-node
|
||
- new-node
|
||
tasks:
|
||
- name: 获取所有已经创建的POD信息
|
||
command: "{{ bin_dir }}/kubectl get daemonset -n kube-system"
|
||
register: pod_info
|
||
run_once: true
|
||
|
||
- name: 删除原network插件calico部署
|
||
shell: "{{ bin_dir }}/kubectl delete -f /opt/kube/kube-system/calico/ || \
|
||
{{ bin_dir }}/kubectl delete -f /root/local/kube-system/calico/"
|
||
ignore_errors: true
|
||
run_once: true
|
||
when: '"calico" in pod_info.stdout'
|
||
|
||
- name: 删除原network插件cilium部署
|
||
shell: "{{ bin_dir }}/kubectl delete -f /opt/kube/kube-system/cilium/ || \
|
||
{{ bin_dir }}/kubectl delete -f /root/local/kube-system/cilium/"
|
||
ignore_errors: true
|
||
run_once: true
|
||
when: '"cilium" in pod_info.stdout'
|
||
|
||
- name: 删除原network插件flannel部署
|
||
shell: "{{ bin_dir }}/kubectl delete -f /opt/kube/kube-system/flannel/ || \
|
||
{{ bin_dir }}/kubectl delete -f /root/local/kube-system/flannel/"
|
||
ignore_errors: true
|
||
run_once: true
|
||
when: '"flannel" in pod_info.stdout'
|
||
|
||
- name: 删除原network插件kube-router部署
|
||
shell: "{{ bin_dir }}/kubectl delete -f /opt/kube/kube-system/kube-router/ || \
|
||
{{ bin_dir }}/kubectl delete -f /root/local/kube-system/kube-router/"
|
||
ignore_errors: true
|
||
run_once: true
|
||
when: '"kube-router" in pod_info.stdout'
|
||
|
||
- name: 清理kube-router相关
|
||
shell: "{{ bin_dir }}/docker run --privileged --net=host cloudnativelabs/kube-router --cleanup-config"
|
||
ignore_errors: true
|
||
when: '"kube-router" in pod_info.stdout'
|
||
|
||
- name: 停止 kube-node 相关服务
|
||
service: name={{ item }} state=stopped
|
||
with_items:
|
||
- kubelet
|
||
- kube-proxy
|
||
ignore_errors: true
|
||
|
||
- name: 清理calico残留路由
|
||
shell: "for rt in `ip route|grep bird|sed 's/blackhole//'|awk '{print $1}'`;do ip route del $rt;done;"
|
||
when: '"calico" in pod_info.stdout'
|
||
ignore_errors: true
|
||
|
||
- name: 清理 kube-proxy产生的iptables规则
|
||
shell: "{{ bin_dir }}/kube-proxy --cleanup"
|
||
ignore_errors: true
|
||
|
||
- name: 清理目录和文件
|
||
file: name={{ item }} state=absent
|
||
with_items:
|
||
- "/etc/cni/"
|
||
- "/run/flannel/"
|
||
- "/etc/calico/"
|
||
- "/var/run/calico/"
|
||
- "/var/lib/calico/"
|
||
- "/var/log/calico/"
|
||
- "/etc/cilium/"
|
||
- "/var/run/cilium/"
|
||
- "/sys/fs/bpf/tc/"
|
||
- "/var/lib/cni/"
|
||
- "/var/lib/kube-router/"
|
||
- "/opt/kube/kube-system/"
|
||
|
||
- name: 清理网络
|
||
shell: "ip link del tunl0; \
|
||
ip link del flannel.1; \
|
||
ip link del cni0; \
|
||
ip link del mynet0; \
|
||
ip link del kube-bridge; \
|
||
ip link del dummy0; \
|
||
ip link del kube-ipvs0; \
|
||
ip link del cilium_net; \
|
||
ip link del cilium_vxlan; \
|
||
systemctl restart networking; \
|
||
systemctl restart network"
|
||
ignore_errors: true
|
||
|
||
- name: 开启 kube-node 相关服务
|
||
service: name={{ item }} state=started enabled=yes
|
||
with_items:
|
||
- kubelet
|
||
- kube-proxy
|
||
ignore_errors: true
|
||
|
||
- hosts:
|
||
- lb
|
||
tasks:
|
||
- name: 重启lb的keepalived服务
|
||
service: name=keepalived state=restarted
|
||
|
||
- name: 轮询等待apiserver服务恢复
|
||
command: "{{ bin_dir }}/kubectl get node"
|
||
register: result
|
||
until: result.rc == 0
|
||
retries: 5
|
||
delay: 6
|
||
delegate_to: "{{ groups.deploy[0] }}"
|
||
run_once: true
|
||
|
||
- hosts:
|
||
- kube-master
|
||
- new-master
|
||
- kube-node
|
||
- new-node
|
||
# 安装新的网络插件
|
||
roles:
|
||
- { role: calico, when: "CLUSTER_NETWORK == 'calico'" }
|
||
- { role: cilium, when: "CLUSTER_NETWORK == 'cilium'" }
|
||
- { role: flannel, when: "CLUSTER_NETWORK == 'flannel'" }
|
||
- { role: kube-router, when: "CLUSTER_NETWORK == 'kube-router'" }
|
||
|
||
- hosts: deploy
|
||
tasks:
|
||
# 删除所有运行pod,由controller自动重建
|
||
- name: 重启所有pod
|
||
shell: "for NS in $({{ bin_dir }}/kubectl get ns|awk 'NR>1{print $1}'); \
|
||
do {{ bin_dir }}/kubectl delete pod --all -n $NS; done;"
|
||
ignore_errors: true
|
||
run_once: true
|
||
|