diff --git a/docs/setup/00-planning_and_overall_intro.md b/docs/setup/00-planning_and_overall_intro.md index c218b844c..0aadb7c8c 100644 --- a/docs/setup/00-planning_and_overall_intro.md +++ b/docs/setup/00-planning_and_overall_intro.md @@ -64,9 +64,9 @@ apt-get install git python-pip -y yum install git python-pip -y # pip安装ansible(国内如果安装太慢可以直接用pip阿里云加速) #pip install pip --upgrade -#pip install ansible==2.6.12 -pip install pip --upgrade -i http://mirrors.aliyun.com/pypi/simple/ --trusted-host mirrors.aliyun.com -pip install ansible==2.6.12 -i http://mirrors.aliyun.com/pypi/simple/ --trusted-host mirrors.aliyun.com +#pip install ansible==2.6.12 netaddr==0.7.19 +pip install pip --upgrade -i https://mirrors.aliyun.com/pypi/simple/ +pip install ansible==2.6.12 netaddr==0.7.19 -i https://mirrors.aliyun.com/pypi/simple/ ``` - 3.2 在ansible控制端配置免密码登陆 diff --git a/roles/cluster-addon/defaults/main.yml b/roles/cluster-addon/defaults/main.yml index d955bb650..00338b0bf 100644 --- a/roles/cluster-addon/defaults/main.yml +++ b/roles/cluster-addon/defaults/main.yml @@ -1,6 +1,8 @@ # dns 自动安装,'dns_backend'可选"coredns"和“kubedns” dns_install: "yes" dns_backend: "coredns" +# 设置 dns svc ip (这里选用 SERVICE_CIDR 中第2个IP) +CLUSTER_DNS_SVC_IP: "{{ SERVICE_CIDR | ipaddr('net') | ipaddr(2) | ipaddr('address') }}" kubednsVer: "1.14.13" corednsVer: "1.5.0" kubedns_offline: "kubedns_{{ kubednsVer }}.tar" diff --git a/roles/cluster-addon/tasks/main.yml b/roles/cluster-addon/tasks/main.yml index ceb3e29a4..a25e0543f 100644 --- a/roles/cluster-addon/tasks/main.yml +++ b/roles/cluster-addon/tasks/main.yml @@ -3,14 +3,6 @@ with_items: - /opt/kube/kube-system -# 设置 dns svc ip (这里选用 SERVICE_CIDR 中第2个IP) -- name: 注册变量 DNS_SVC_IP - shell: echo {{ SERVICE_CIDR }}|cut -d/ -f1|awk -F. '{print $1"."$2"."$3"."$4+2}' - register: DNS_SVC_IP - -- name: 设置变量 CLUSTER_DNS_SVC_IP - set_fact: CLUSTER_DNS_SVC_IP={{ DNS_SVC_IP.stdout }} - # DNS文件中部分参数根据hosts文件设置而定,因此需要用template模块替换参数 - name: 准备 DNS的部署文件 template: src={{ item }}.yaml.j2 dest=/opt/kube/kube-system/{{ item }}.yaml diff --git a/roles/kube-master/defaults/main.yml b/roles/kube-master/defaults/main.yml index 880981722..8c555412f 100644 --- a/roles/kube-master/defaults/main.yml +++ b/roles/kube-master/defaults/main.yml @@ -1,7 +1,8 @@ # etcd 集群服务地址列表, 根据etcd组成员自动生成 TMP_ENDPOINTS: "{% for h in groups['etcd'] %}https://{{ h }}:2379,{% endfor %}" -ETCD_ENDPOINTS: "{{ TMP_ENDPOINTS.rstrip(',') }}" - +ETCD_ENDPOINTS: "{{ TMP_ENDPOINTS.rstrip(',') }}" +# 设置 dns svc ip (这里选用 SERVICE_CIDR 中第1个IP) +CLUSTER_KUBERNETES_SVC_IP: "{{ SERVICE_CIDR | ipaddr('net') | ipaddr(1) | ipaddr('address') }}" # k8s 集群 master 节点证书配置,可以添加多个ip和域名(比如增加公网ip和域名) MASTER_CERT_HOSTS: - "10.1.1.1" diff --git a/roles/kube-master/tasks/main.yml b/roles/kube-master/tasks/main.yml index d0d7820d1..4cf452c3e 100644 --- a/roles/kube-master/tasks/main.yml +++ b/roles/kube-master/tasks/main.yml @@ -7,16 +7,6 @@ - kubectl tags: upgrade_k8s -# 设置 kubernetes svc ip (一般是 SERVICE_CIDR 中第一个IP) -- name: 注册变量 KUBERNETES_SVC_IP - shell: echo {{ SERVICE_CIDR }}|cut -d/ -f1|awk -F. '{print $1"."$2"."$3"."$4+1}' - register: KUBERNETES_SVC_IP - tags: change_cert - -- name: 设置变量 CLUSTER_KUBERNETES_SVC_IP - set_fact: CLUSTER_KUBERNETES_SVC_IP={{ KUBERNETES_SVC_IP.stdout }} - tags: change_cert - - name: 创建 kubernetes 证书签名请求 template: src=kubernetes-csr.json.j2 dest={{ ca_dir }}/kubernetes-csr.json tags: change_cert diff --git a/roles/kube-node/defaults/main.yml b/roles/kube-node/defaults/main.yml index 1fd407a91..0be981c3d 100644 --- a/roles/kube-node/defaults/main.yml +++ b/roles/kube-node/defaults/main.yml @@ -1,6 +1,9 @@ # 默认使用kube-proxy的 'iptables' 模式,可选 'ipvs' 模式(experimental) PROXY_MODE: "ipvs" +# 设置 dns svc ip (这里选用 SERVICE_CIDR 中第2个IP) +CLUSTER_DNS_SVC_IP: "{{ SERVICE_CIDR | ipaddr('net') | ipaddr(2) | ipaddr('address') }}" + # 基础容器镜像 SANDBOX_IMAGE: "mirrorgooglecontainers/pause-amd64:3.1" #SANDBOX_IMAGE: "registry.access.redhat.com/rhel7/pod-infrastructure:latest" diff --git a/roles/kube-node/tasks/main.yml b/roles/kube-node/tasks/main.yml index 624dfb843..4705134cd 100644 --- a/roles/kube-node/tasks/main.yml +++ b/roles/kube-node/tasks/main.yml @@ -66,16 +66,6 @@ - name: 准备 cni配置文件 template: src=cni-default.conf.j2 dest=/etc/cni/net.d/10-default.conf -# 设置 dns svc ip (这里选用 SERVICE_CIDR 中第2个IP) -- name: 注册变量 DNS_SVC_IP - shell: echo {{ SERVICE_CIDR }}|cut -d/ -f1|awk -F. '{print $1"."$2"."$3"."$4+2}' - register: DNS_SVC_IP - tags: upgrade_k8s, restart_node - -- name: 设置变量 CLUSTER_DNS_SVC_IP - set_fact: CLUSTER_DNS_SVC_IP={{ DNS_SVC_IP.stdout }} - tags: upgrade_k8s, restart_node - # 判断 kubernetes 版本 - name: 注册变量 TMP_VER shell: "{{ base_dir }}/bin/kube-apiserver --version|cut -d' ' -f2|cut -d'v' -f2" diff --git a/roles/kube-ovn/defaults/main.yml b/roles/kube-ovn/defaults/main.yml index dd8302f08..67c40f7e1 100644 --- a/roles/kube-ovn/defaults/main.yml +++ b/roles/kube-ovn/defaults/main.yml @@ -1,5 +1,10 @@ # 选择 OVN DB and OVN Control Plane 节点,默认为第一个master节点 OVN_DB_NODE: "{{ groups['kube-master'][0] }}" +kube_ovn_default_cidr: "{{ CLUSTER_CIDR }}" +kube_ovn_default_gateway: "{{ CLUSTER_CIDR | ipaddr('net') | ipaddr(1) | ipaddr('address') }}" +kube_ovn_node_switch_cidr: 100.64.0.0/16 +kube_ovn_enable_mirror: false + # 离线镜像tar包 kube_ovn_offline: "kube_ovn_0.6.0.tar" diff --git a/roles/kube-ovn/templates/kube-ovn.yaml.j2 b/roles/kube-ovn/templates/kube-ovn.yaml.j2 index 69b0ad655..a6d4fe45f 100644 --- a/roles/kube-ovn/templates/kube-ovn.yaml.j2 +++ b/roles/kube-ovn/templates/kube-ovn.yaml.j2 @@ -43,9 +43,9 @@ spec: command: - /kube-ovn/start-controller.sh args: - - --default-cidr=10.16.0.0/16 - - --default-gateway=10.16.0.1 - - --node-switch-cidr=100.64.0.0/16 + - --default-cidr={{ kube_ovn_default_cidr }} + - --default-gateway={{ kube_ovn_default_gateway }} + - --node-switch-cidr={{ kube_ovn_node_switch_cidr }} env: - name: POD_NAME valueFrom: @@ -128,7 +128,8 @@ spec: - sh - /kube-ovn/start-cniserver.sh args: - - --enable-mirror=false + - --enable-mirror={{ kube_ovn_enable_mirror|string|lower }} + - --service-cluster-ip-range={{ SERVICE_CIDR }} securityContext: runAsUser: 0 privileged: true