mirror of https://github.com/easzlab/kubeasz.git
56 lines
1.9 KiB
YAML
56 lines
1.9 KiB
YAML
- name: 创建calico 相关目录
|
||
file: name={{ item }} state=directory
|
||
with_items:
|
||
- /etc/calico/ssl
|
||
- /root/local/kube-system/calico
|
||
|
||
- name: 复制CA 证书到calico 证书目录
|
||
copy: src={{ ca_dir }}/ca.pem dest=/etc/calico/ssl/ca.pem
|
||
|
||
- name: 创建calico 证书请求
|
||
template: src=calico-csr.json.j2 dest=/etc/calico/ssl/calico-csr.json
|
||
|
||
- name: 创建 calico证书和私钥
|
||
shell: "cd /etc/calico/ssl && {{ bin_dir }}/cfssl gencert \
|
||
-ca={{ ca_dir }}/ca.pem \
|
||
-ca-key={{ ca_dir }}/ca-key.pem \
|
||
-config={{ ca_dir }}/ca-config.json \
|
||
-profile=kubernetes calico-csr.json | {{ bin_dir }}/cfssljson -bare calico"
|
||
|
||
# 因官方calico.yaml文件中使用特定的证书名,所以要重命名
|
||
- name: 重命名相关证书
|
||
shell: "cd /etc/calico/ssl && cp ca.pem etcd-ca && cp calico.pem etcd-cert && cp calico-key.pem etcd-key"
|
||
|
||
- name: 准备 calico DaemonSet yaml文件
|
||
template: src=calico.yaml.j2 dest=/root/local/kube-system/calico/calico.yaml
|
||
|
||
- name: 准备 calico rbac文件
|
||
template: src=calico-rbac.yaml.j2 dest=/root/local/kube-system/calico/calico-rbac.yaml
|
||
|
||
# 只需单节点执行一次,重复执行的报错可以忽略
|
||
- name: 运行 calico网络
|
||
shell: "{{ bin_dir }}/kubectl create -f /root/local/kube-system/calico/ && sleep 15"
|
||
when: NODE_ID is defined and NODE_ID == "node1"
|
||
ignore_errors: true
|
||
|
||
# 删除原有cni配置
|
||
- name: 删除默认cni配置
|
||
file: path=/etc/cni/net.d/10-default.conf state=absent
|
||
|
||
# 删除原有cni插件网卡mynet0
|
||
- name: 删除默认cni插件网卡mynet0
|
||
shell: "ip link del mynet0"
|
||
ignore_errors: true
|
||
|
||
# [可选]cni calico plugins 已经在calico.yaml完成自动安装
|
||
- name: 下载calicoctl 客户端
|
||
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
|
||
with_items:
|
||
#- calico
|
||
#- calico-ipam
|
||
#- loopback
|
||
- calicoctl
|
||
|
||
- name: 准备 calicoctl配置文件
|
||
template: src=calicoctl.cfg.j2 dest=/etc/calico/calicoctl.cfg
|