kubeasz/roles/kube-node/tasks/main.yml

99 lines
3.4 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

# 创建kubelet,kube-proxy工作目录和cni配置目录
- name: 创建kube-node 相关目录
file: name={{ item }} state=directory
with_items:
- /var/lib/kubelet
- /var/lib/kube-proxy
- /etc/cni/net.d
- name: 下载 kubelet,kube-proxy 二进制和基础 cni plugins
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
with_items:
- kubelet
- kube-proxy
- bridge
- host-local
- loopback
tags: upgrade_k8s
##----------kubelet 配置部分--------------
# kubelet 启动时向 kube-apiserver 发送 TLS bootstrapping 请求,需要绑定该角色
# 只需单节点执行一次
- name: get clusterrolebinding info
shell: "{{ bin_dir }}/kubectl get clusterrolebinding --all-namespaces"
register: clusterrolebinding_info
run_once: true
- name: kubelet-bootstrap-setting
shell: "{{ bin_dir }}/kubectl create clusterrolebinding kubelet-bootstrap \
--clusterrole=system:node-bootstrapper --user=kubelet-bootstrap"
run_once: True
when: '"kubelet-bootstrap" not in clusterrolebinding_info.stdout'
- name: 安装bootstrap.kubeconfig配置文件
synchronize: src=/etc/kubernetes/bootstrap.kubeconfig dest=/etc/kubernetes/bootstrap.kubeconfig
delegate_to: "{{ groups.deploy[0] }}"
- name: 准备 cni配置文件
template: src=cni-default.conf.j2 dest=/etc/cni/net.d/10-default.conf
- name: 创建kubelet的systemd unit文件
template: src=kubelet.service.j2 dest=/etc/systemd/system/kubelet.service
tags: upgrade_k8s, restart_node
- name: 开机启用kubelet 服务
shell: systemctl enable kubelet
ignore_errors: true
- name: 开启kubelet 服务
shell: systemctl daemon-reload && systemctl restart kubelet
tags: upgrade_k8s, restart_node
##-------kube-proxy部分----------------
- name: 安装kube-proxy.kubeconfig配置文件
synchronize: src=/etc/kubernetes/kube-proxy.kubeconfig dest=/etc/kubernetes/kube-proxy.kubeconfig
delegate_to: "{{ groups.deploy[0] }}"
- name: 创建kube-proxy 服务文件
tags: reload-kube-proxy, upgrade_k8s, restart_node
template: src=kube-proxy.service.j2 dest=/etc/systemd/system/kube-proxy.service
- name: 开机启用kube-proxy 服务
shell: systemctl enable kube-proxy
ignore_errors: true
- name: 开启kube-proxy 服务
shell: systemctl daemon-reload && systemctl restart kube-proxy
tags: reload-kube-proxy, upgrade_k8s, restart_node
# 批准 node 节点首先轮询等待kubelet启动完成
- name: 轮询等待kubelet启动
shell: "systemctl status kubelet.service|grep Active"
register: kubelet_status
until: '"running" in kubelet_status.stdout'
retries: 8
delay: 2
- name: 获取csr 请求信息
shell: "sleep 3 && {{ bin_dir }}/kubectl get csr"
register: csr_info
run_once: true
- name: approve-kubelet-csr
shell: "{{ bin_dir }}/kubectl get csr|grep 'Pending' | awk 'NR>0{print $1}'| \
xargs {{ bin_dir }}/kubectl certificate approve"
when: '"Pending" in csr_info.stdout'
run_once: true
- name: 轮询等待node达到Ready状态
shell: "{{ bin_dir }}/kubectl get node {{ inventory_hostname }}|awk 'NR>1{print $2}'"
register: node_status
until: node_status.stdout == "Ready" or node_status.stdout == "Ready,SchedulingDisabled"
retries: 8
delay: 8
tags: upgrade_k8s, restart_node
- name: 设置node节点role
shell: "{{ bin_dir }}/kubectl label node {{ inventory_hostname }} kubernetes.io/role=node --overwrite"
ignore_errors: true