forked from easzlab/kubeasz
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.yml
139 lines (113 loc) · 4.51 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
- name: 创建kube-node 相关目录
file: name={{ item }} state=directory
with_items:
- /var/lib/kubelet
- /var/lib/kube-proxy
- /etc/cni/net.d
- name: 下载 kubelet,kube-proxy 二进制和基础 cni plugins
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
with_items:
- kubectl
- kubelet
- kube-proxy
- bridge
- host-local
- loopback
tags: upgrade_k8s
# 每个 node 节点运行 haproxy 连接到多个 apiserver
- import_tasks: node_lb.yml
when: "inventory_hostname not in groups['kube-master']"
- name: 替换 kubeconfig 的 apiserver 地址
lineinfile:
dest: /root/.kube/config
regexp: "^ server"
line: " server: {{ KUBE_APISERVER }}"
##----------kubelet 配置部分--------------
- name: 准备kubelet 证书签名请求
template: src=kubelet-csr.json.j2 dest={{ ca_dir }}/kubelet-csr.json
- name: 创建 kubelet 证书与私钥
shell: "cd {{ ca_dir }} && {{ bin_dir }}/cfssl gencert \
-ca={{ ca_dir }}/ca.pem \
-ca-key={{ ca_dir }}/ca-key.pem \
-config={{ ca_dir }}/ca-config.json \
-profile=kubernetes kubelet-csr.json | {{ bin_dir }}/cfssljson -bare kubelet"
# 创建kubelet.kubeconfig
- name: 设置集群参数
shell: "{{ bin_dir }}/kubectl config set-cluster kubernetes \
--certificate-authority={{ ca_dir }}/ca.pem \
--embed-certs=true \
--server={{ KUBE_APISERVER }} \
--kubeconfig=/etc/kubernetes/kubelet.kubeconfig"
- name: 设置客户端认证参数
shell: "{{ bin_dir }}/kubectl config set-credentials system:node:{{ inventory_hostname }} \
--client-certificate={{ ca_dir }}/kubelet.pem \
--embed-certs=true \
--client-key={{ ca_dir }}/kubelet-key.pem \
--kubeconfig=/etc/kubernetes/kubelet.kubeconfig"
- name: 设置上下文参数
shell: "{{ bin_dir }}/kubectl config set-context default \
--cluster=kubernetes \
--user=system:node:{{ inventory_hostname }} \
--kubeconfig=/etc/kubernetes/kubelet.kubeconfig"
- name: 选择默认上下文
shell: "{{ bin_dir }}/kubectl config use-context default \
--kubeconfig=/etc/kubernetes/kubelet.kubeconfig"
- name: 准备 cni配置文件
template: src=cni-default.conf.j2 dest=/etc/cni/net.d/10-default.conf
# 判断 kubernetes 版本
- name: 注册变量 TMP_VER
shell: "{{ base_dir }}/bin/kube-apiserver --version|cut -d' ' -f2|cut -d'v' -f2"
register: TMP_VER
connection: local
tags: upgrade_k8s, restart_node
- name: 获取 kubernetes 主版本号
set_fact:
KUBE_VER: "{{ TMP_VER.stdout.split('.')[0]|int + TMP_VER.stdout.split('.')[1]|int/100 }}"
tags: upgrade_k8s, restart_node
- name: debug info
debug: var="KUBE_VER"
- name: 创建kubelet的配置文件
template: src=kubelet-config.yaml.j2 dest=/var/lib/kubelet/config.yaml
tags: upgrade_k8s, restart_node
- name: 创建kubelet的systemd unit文件
template: src=kubelet.service.j2 dest=/etc/systemd/system/kubelet.service
tags: upgrade_k8s, restart_node
- name: 开机启用kubelet 服务
shell: systemctl enable kubelet
ignore_errors: true
- name: 开启kubelet 服务
shell: systemctl daemon-reload && systemctl restart kubelet
tags: upgrade_k8s, restart_node
##-------kube-proxy部分----------------
- name: 替换 kube-proxy.kubeconfig 的 apiserver 地址
lineinfile:
dest: /etc/kubernetes/kube-proxy.kubeconfig
regexp: "^ server"
line: " server: {{ KUBE_APISERVER }}"
- name: 创建kube-proxy 服务文件
template: src=kube-proxy.service.j2 dest=/etc/systemd/system/kube-proxy.service
tags: reload-kube-proxy, restart_node, upgrade_k8s
- name: 开机启用kube-proxy 服务
shell: systemctl enable kube-proxy
ignore_errors: true
- name: 开启kube-proxy 服务
shell: systemctl daemon-reload && systemctl restart kube-proxy
tags: reload-kube-proxy, upgrade_k8s, restart_node
# 轮询等待kubelet启动完成
- name: 轮询等待kubelet启动
shell: "systemctl status kubelet.service|grep Active"
register: kubelet_status
until: '"running" in kubelet_status.stdout'
retries: 8
delay: 2
tags: reload-kube-proxy, upgrade_k8s, restart_node
- name: 轮询等待node达到Ready状态
shell: "{{ bin_dir }}/kubectl get node {{ inventory_hostname }}|awk 'NR>1{print $2}'"
register: node_status
until: node_status.stdout == "Ready" or node_status.stdout == "Ready,SchedulingDisabled"
retries: 8
delay: 8
tags: upgrade_k8s, restart_node
- name: 设置node节点role
shell: "{{ bin_dir }}/kubectl label node {{ inventory_hostname }} kubernetes.io/role=node --overwrite"
ignore_errors: true