mirror of https://github.com/easzlab/kubeasz.git
156 lines
5.0 KiB
YAML
156 lines
5.0 KiB
YAML
# 创建kubelet,kube-proxy工作目录和cni配置目录
|
||
- name: 创建kube-node 相关目录
|
||
file: name={{ item }} state=directory
|
||
with_items:
|
||
- /var/lib/kubelet
|
||
- /var/lib/kube-proxy
|
||
- /etc/cni/net.d
|
||
- /root/.kube
|
||
|
||
- name: 下载 kubelet,kube-proxy 二进制和基础 cni plugins
|
||
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
|
||
with_items:
|
||
- kubectl
|
||
- kubelet
|
||
- kube-proxy
|
||
- bridge
|
||
- host-local
|
||
- loopback
|
||
tags: upgrade_k8s
|
||
|
||
- name: 分发 kubeconfig配置文件
|
||
synchronize: src=/root/.kube/config dest=/root/.kube/config
|
||
delegate_to: "{{ groups.deploy[0] }}"
|
||
|
||
- name: 添加 kubectl 命令自动补全
|
||
lineinfile:
|
||
dest: ~/.bashrc
|
||
state: present
|
||
regexp: 'kubectl completion'
|
||
line: 'source <(kubectl completion bash)'
|
||
|
||
- name: ansible 控制端添加 kubectl 自动补全
|
||
lineinfile:
|
||
dest: ~/.bashrc
|
||
state: present
|
||
regexp: 'kubectl completion'
|
||
line: 'source <(kubectl completion bash)'
|
||
connection: local
|
||
run_once: true
|
||
ignore_errors: true
|
||
|
||
- name: 分发证书相关
|
||
synchronize: src={{ ca_dir }}/{{ item }} dest={{ ca_dir }}/{{ item }}
|
||
with_items:
|
||
- ca.pem
|
||
- ca-key.pem
|
||
- ca.csr
|
||
- ca-config.json
|
||
delegate_to: "{{ groups.deploy[0] }}"
|
||
|
||
##----------kubelet 配置部分--------------
|
||
- name: 准备kubelet 证书签名请求
|
||
template: src=kubelet-csr.json.j2 dest={{ ca_dir }}/kubelet-csr.json
|
||
|
||
- name: 创建 kubelet 证书与私钥
|
||
shell: "cd {{ ca_dir }} && {{ bin_dir }}/cfssl gencert \
|
||
-ca={{ ca_dir }}/ca.pem \
|
||
-ca-key={{ ca_dir }}/ca-key.pem \
|
||
-config={{ ca_dir }}/ca-config.json \
|
||
-profile=kubernetes kubelet-csr.json | {{ bin_dir }}/cfssljson -bare kubelet"
|
||
|
||
# 创建kubelet.kubeconfig
|
||
- name: 设置集群参数
|
||
shell: "{{ bin_dir }}/kubectl config set-cluster kubernetes \
|
||
--certificate-authority={{ ca_dir }}/ca.pem \
|
||
--embed-certs=true \
|
||
--server={{ KUBE_APISERVER }} \
|
||
--kubeconfig=kubelet.kubeconfig"
|
||
|
||
- name: 设置客户端认证参数
|
||
shell: "{{ bin_dir }}/kubectl config set-credentials system:node:{{ inventory_hostname }} \
|
||
--client-certificate={{ ca_dir }}/kubelet.pem \
|
||
--embed-certs=true \
|
||
--client-key={{ ca_dir }}/kubelet-key.pem \
|
||
--kubeconfig=kubelet.kubeconfig"
|
||
|
||
- name: 设置上下文参数
|
||
shell: "{{ bin_dir }}/kubectl config set-context default \
|
||
--cluster=kubernetes \
|
||
--user=system:node:{{ inventory_hostname }} \
|
||
--kubeconfig=kubelet.kubeconfig"
|
||
|
||
- name: 选择默认上下文
|
||
shell: "{{ bin_dir }}/kubectl config use-context default \
|
||
--kubeconfig=kubelet.kubeconfig"
|
||
|
||
- name: 移动 kubelet.kubeconfig
|
||
shell: "mv /root/kubelet.kubeconfig /etc/kubernetes/"
|
||
|
||
- name: 准备 cni配置文件
|
||
template: src=cni-default.conf.j2 dest=/etc/cni/net.d/10-default.conf
|
||
|
||
- name: 创建kubelet的systemd unit文件
|
||
template: src=kubelet.service.j2 dest=/etc/systemd/system/kubelet.service
|
||
tags: upgrade_k8s, restart_node
|
||
|
||
- name: 开机启用kubelet 服务
|
||
shell: systemctl enable kubelet
|
||
ignore_errors: true
|
||
|
||
- name: 开启kubelet 服务
|
||
shell: systemctl daemon-reload && systemctl restart kubelet
|
||
tags: upgrade_k8s, restart_node
|
||
|
||
##-------kube-proxy部分----------------
|
||
- name: 安装kube-proxy.kubeconfig配置文件
|
||
synchronize: src=/etc/kubernetes/kube-proxy.kubeconfig dest=/etc/kubernetes/kube-proxy.kubeconfig
|
||
delegate_to: "{{ groups.deploy[0] }}"
|
||
|
||
- name: 创建kube-proxy 服务文件
|
||
tags: reload-kube-proxy, upgrade_k8s, restart_node
|
||
template: src=kube-proxy.service.j2 dest=/etc/systemd/system/kube-proxy.service
|
||
|
||
- name: 开机启用kube-proxy 服务
|
||
shell: systemctl enable kube-proxy
|
||
ignore_errors: true
|
||
|
||
- name: 开启kube-proxy 服务
|
||
shell: systemctl daemon-reload && systemctl restart kube-proxy
|
||
tags: reload-kube-proxy, upgrade_k8s, restart_node
|
||
|
||
# 批准 node 节点,首先轮询等待kubelet启动完成
|
||
- name: 轮询等待kubelet启动
|
||
shell: "systemctl status kubelet.service|grep Active"
|
||
register: kubelet_status
|
||
until: '"running" in kubelet_status.stdout'
|
||
retries: 8
|
||
delay: 2
|
||
|
||
#- name: 获取csr 请求信息
|
||
# shell: "sleep 3 && {{ bin_dir }}/kubectl get csr"
|
||
# delegate_to: "{{ groups.deploy[0] }}"
|
||
# register: csr_info
|
||
# run_once: true
|
||
|
||
#- name: approve-kubelet-csr
|
||
# shell: "{{ bin_dir }}/kubectl get csr|grep 'Pending' | awk 'NR>0{print $1}'| \
|
||
# xargs {{ bin_dir }}/kubectl certificate approve"
|
||
# when: '"Pending" in csr_info.stdout'
|
||
# delegate_to: "{{ groups.deploy[0] }}"
|
||
# run_once: true
|
||
|
||
- name: 轮询等待node达到Ready状态
|
||
shell: "{{ bin_dir }}/kubectl get node {{ inventory_hostname }}|awk 'NR>1{print $2}'"
|
||
register: node_status
|
||
delegate_to: "{{ groups.deploy[0] }}"
|
||
until: node_status.stdout == "Ready" or node_status.stdout == "Ready,SchedulingDisabled"
|
||
retries: 8
|
||
delay: 8
|
||
tags: upgrade_k8s, restart_node
|
||
|
||
- name: 设置node节点role
|
||
shell: "{{ bin_dir }}/kubectl label node {{ inventory_hostname }} kubernetes.io/role=node --overwrite"
|
||
ignore_errors: true
|
||
delegate_to: "{{ groups.deploy[0] }}"
|