Skip to content

Commit

Permalink
增加flannel网络支持
Browse files Browse the repository at this point in the history
  • Loading branch information
@jmgao1983
jmgao1983 committed Jan 2, 2018
1 parent 331bf56 commit 4c1f7bc
Show file tree
Hide file tree
Showing 16 changed files with 132 additions and 54 deletions.
1 change: 0 additions & 1 deletion 01.prepare.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,5 @@

# [可选]多master部署时的负载均衡配置
- hosts: lb
gather_facts: True
roles:
- lb
0 06.kube-master.yml → 05.kube-master.yml
View file
File renamed without changes.
0 07.kube-node.yml → 06.kube-node.yml
View file
File renamed without changes.
0 05.calico.yml → 07.calico.yml
View file
File renamed without changes.
3 changes: 3 additions & 0 deletions 07.flannel.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
- hosts: kube-cluster
roles:
- flannel
17 changes: 13 additions & 4 deletions 90.setup.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
# 在deploy节点生成CA相关证书,以供整个集群使用
# 以及初始化kubedns.yaml配置文件
- hosts: deploy
roles:
- deploy
Expand All @@ -8,6 +9,7 @@
- kube-cluster
- deploy
- etcd
- lb
roles:
- prepare

Expand All @@ -16,28 +18,35 @@
roles:
- lb

# 创建etcd集群
- hosts: etcd
roles:
- etcd

# kubectl 客户端配置
- hosts:
- kube-cluster
- deploy
roles:
- kubectl

# docker服务安装
- hosts: kube-cluster
roles:
- docker

- hosts: kube-cluster
roles:
- calico

# master 节点部署
- hosts: kube-master
roles:
- kube-master

# node 节点部署
- hosts: kube-node
roles:
- kube-node

# 集群网络插件部署
- hosts: kube-cluster
roles:
- { role: calico, when: "CLUSTER_NETWORK == 'calico'" }
- { role: flannel, when: "CLUSTER_NETWORK == 'flannel'" }
6 changes: 4 additions & 2 deletions 99.clean.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
file: name={{ item }} state=absent
with_items:
- "/var/lib/kubelet/"
- "/var/lib/kube-proxy/"
- "/etc/kubernetes/"
- "/etc/systemd/system/kubelet.service"
- "/etc/systemd/system/kube-proxy.service"
Expand All @@ -42,8 +43,8 @@
- new-node
- deploy
tasks:
- name: stop calico-node service
shell: "systemctl stop calico-node docker"
- name: stop docker service
shell: "systemctl stop docker"
ignore_errors: true

# 因为calico-kube-controller使用了host网络,相当于使用了docker -net=host,需要
Expand All @@ -59,6 +60,7 @@
with_items:
- "/etc/cni/"
- "/root/.kube/"
- "/run/flannel/"
- "/etc/calico/"
- "/var/run/calico/"
- "/var/log/calico/"
Expand Down
3 changes: 3 additions & 0 deletions example/hosts.allinone.example
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,9 @@ POD_INFRA_CONTAINER_IMAGE=mirrorgooglecontainers/pause-amd64:3.0
#TLS Bootstrapping 使用的 Token,使用 head -c 16 /dev/urandom | od -An -t x | tr -d ' ' 生成
BOOTSTRAP_TOKEN="d18f94b5fa585c7123f56803d925d2e7"

# 集群网络插件,目前支持calico和flannel
CLUSTER_NETWORK="calico"

# 服务网段 (Service CIDR),部署前路由不可达,部署后集群内使用 IP:Port 可达
SERVICE_CIDR="10.68.0.0/16"

Expand Down
3 changes: 3 additions & 0 deletions example/hosts.m-masters.example
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,9 @@ POD_INFRA_CONTAINER_IMAGE=mirrorgooglecontainers/pause-amd64:3.0
#TLS Bootstrapping 使用的 Token,使用 head -c 16 /dev/urandom | od -An -t x | tr -d ' ' 生成
BOOTSTRAP_TOKEN="c30302226d4b810e08731702d3890f50"

# 集群网络插件,目前支持calico和flannel
CLUSTER_NETWORK="calico"

# 服务网段 (Service CIDR),部署前路由不可达,部署后集群内使用 IP:Port 可达
SERVICE_CIDR="10.68.0.0/16"

Expand Down
3 changes: 3 additions & 0 deletions example/hosts.s-master.example
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,9 @@ POD_INFRA_CONTAINER_IMAGE=mirrorgooglecontainers/pause-amd64:3.0
#TLS Bootstrapping 使用的 Token,使用 head -c 16 /dev/urandom | od -An -t x | tr -d ' ' 生成
BOOTSTRAP_TOKEN="d18f94b5fa585c7123f56803d925d2e7"

# 集群网络插件,目前支持calico和flannel
CLUSTER_NETWORK="calico"

# 服务网段 (Service CIDR),部署前路由不可达,部署后集群内使用 IP:Port 可达
SERVICE_CIDR="10.68.0.0/16"

Expand Down
32 changes: 20 additions & 12 deletions roles/calico/tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
file: name={{ item }} state=directory
with_items:
- /etc/calico/ssl
- /etc/cni/net.d
- /root/local/kube-system/calico

- name: 复制CA 证书到calico 证书目录
copy: src={{ ca_dir }}/ca.pem dest=/etc/calico/ssl/ca.pem
Expand All @@ -17,22 +17,30 @@
-config={{ ca_dir }}/ca-config.json \
-profile=kubernetes calico-csr.json | {{ bin_dir }}/cfssljson -bare calico"

- name: 创建 calico 的 systemd unit 文件
template: src=calico-node.service.j2 dest=/etc/systemd/system/calico-node.service
- name: 准备 calico DaemonSet yaml文件
template: src=calico.yaml.j2 dest=/root/local/kube-system/calico/calico.yaml

- name: 启动calico 服务
shell: systemctl daemon-reload && systemctl enable calico-node && systemctl restart calico-node
- name: 准备 calico rbac文件
template: src=calico-rbac.yaml.j2 dest=/root/local/kube-system/calico/calico-rbac.yaml

- name: 下载calico cni plugins和calicoctl 客户端
# 只需单节点执行一次,重复执行的报错可以忽略
- name: 运行 calico网络
shell: "{{ bin_dir }}/kubectl create -f /root/local/kube-system/calico/ && sleep 15"
when: NODE_ID is defined and NODE_ID == "node1"
ignore_errors: true

# 删除原有cni配置
- name: 删除默认cni配置
file: path=/etc/cni/net.d/10-default.conf state=absent

# [可选]cni calico plugins 已经在calico.yaml完成安装
- name: 下载calicoctl 客户端
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
with_items:
- calico
- calico-ipam
- loopback
#- calico
#- calico-ipam
#- loopback
- calicoctl

- name: 准备 calicoctl配置文件
template: src=calicoctl.cfg.j2 dest=/etc/calico/calicoctl.cfg

- name: 准备 cni配置文件
template: src=cni-calico.conf.j2 dest=/etc/cni/net.d/10-calico.conf
28 changes: 28 additions & 0 deletions roles/flannel/tasks/main.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
- name: 创建flannel cni 相关目录
file: name={{ item }} state=directory
with_items:
- /etc/cni/net.d
- /root/local/kube-system/flannel

- name: 下载flannel cni plugins
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
with_items:
- bridge
- flannel
- host-local
- loopback
- portmap

- name: 准备 flannel DaemonSet yaml文件
template: src=kube-flannel.yaml.j2 dest=/root/local/kube-system/flannel/kube-flannel.yaml

# 只需单节点执行一次,重复执行的报错可以忽略
- name: 运行 flannel网络
shell: "{{ bin_dir }}/kubectl create -f /root/local/kube-system/flannel/ && sleep 15"
when: NODE_ID is defined and NODE_ID == "node1"
ignore_errors: true

# 删除原有cni配置
- name: 删除默认cni配置
file: path=/etc/cni/net.d/10-default.conf state=absent

20 changes: 20 additions & 0 deletions roles/flannel/templates/cni-calico.conf.j2
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
{
"name": "calico-k8s-network",
"cniVersion": "0.1.0",
"type": "calico",
"etcd_endpoints": "{{ ETCD_ENDPOINTS }}",
"etcd_key_file": "/etc/calico/ssl/calico-key.pem",
"etcd_cert_file": "/etc/calico/ssl/calico.pem",
"etcd_ca_cert_file": "/etc/calico/ssl/ca.pem",
"log_level": "info",
"mtu": 1500,
"ipam": {
"type": "calico-ipam"
},
"policy": {
"type": "k8s"
},
"kubernetes": {
"kubeconfig": "/root/.kube/config"
}
}
12 changes: 7 additions & 5 deletions kube-flannel.yml → roles/flannel/templates/kube-flannel.yaml.j2
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: flannel
rules:
Expand All @@ -25,7 +25,7 @@ rules:
- patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: flannel
roleRef:
Expand Down Expand Up @@ -73,7 +73,7 @@ data:
}
net-conf.json: |
{
"Network": "172.30.0.0/16",
"Network": "{{ CLUSTER_CIDR }}",
"Backend": {
"Type": "vxlan"
}
Expand Down Expand Up @@ -104,7 +104,8 @@ spec:
serviceAccountName: flannel
initContainers:
- name: install-cni
image: quay.io/coreos/flannel:v0.9.1-amd64
image: harbor.tf56.lo/k8s/flannel:v0.9.1-amd64
#image: quay.io/coreos/flannel:v0.9.1-amd64
command:
- cp
args:
Expand All @@ -118,7 +119,8 @@ spec:
mountPath: /etc/kube-flannel/
containers:
- name: kube-flannel
image: quay.io/coreos/flannel:v0.9.1-amd64
#image: quay.io/coreos/flannel:v0.9.1-amd64
image: harbor.tf56.lo/k8s/flannel:v0.9.1-amd64
command:
- /opt/bin/flanneld
args:
Expand Down
46 changes: 16 additions & 30 deletions roles/kube-node/tasks/main.yml
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,21 @@
##----------kubelet 配置部分--------------
- name: 下载 kubelet和kube-proxy 二进制
# 创建kubelet,kube-proxy工作目录和cni配置目录
- name: 创建kube-node 相关目录
file: name={{ item }} state=directory
with_items:
- /var/lib/kubelet
- /var/lib/kube-proxy
- /etc/cni/net.d

- name: 下载 kubelet,kube-proxy 二进制和基础 cni plugins
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
with_items:
- kubelet
- kube-proxy

- bridge
- host-local
- loopback

##----------kubelet 配置部分--------------
# kubelet 启动时向 kube-apiserver 发送 TLS bootstrapping 请求,需要绑定该角色
# 只需单节点执行一次,重复执行的报错可以忽略
# 增加15s等待kube-apiserver正常工作
Expand Down Expand Up @@ -36,8 +47,8 @@
- name: 安装bootstrap.kubeconfig配置文件
shell: "mv $HOME/bootstrap.kubeconfig /etc/kubernetes/bootstrap.kubeconfig"

- name: 创建kubelet的工作目录
file: name=/var/lib/kubelet state=directory
- name: 准备 cni配置文件
template: src=cni-default.conf.j2 dest=/etc/cni/net.d/10-default.conf

- name: 创建kubelet的systemd unit文件
template: src=kubelet.service.j2 dest=/etc/systemd/system/kubelet.service
Expand Down Expand Up @@ -87,9 +98,6 @@
- name: 安装kube-proxy.kubeconfig配置文件
shell: "mv $HOME/kube-proxy.kubeconfig /etc/kubernetes/kube-proxy.kubeconfig"

- name: 创建kube-proxy的工作目录
file: name=/var/lib/kube-proxy state=directory

- name: 创建kube-proxy 服务文件
tags: reload-kube-proxy
template: src=kube-proxy.service.j2 dest=/etc/systemd/system/kube-proxy.service
Expand All @@ -98,25 +106,3 @@
tags: reload-kube-proxy
shell: systemctl daemon-reload && systemctl enable kube-proxy && systemctl restart kube-proxy

##-------calico-kube-controllers部分----------------
#
#- name: 创建calico-kube-controllers目录
# tags: calico-controller
# file: name=/root/local/kube-system/calico state=directory

#- name: 准备RBAC 配置文件
# tags: calico-controller
# copy: src=rbac.yaml dest=/root/local/kube-system/calico/rbac.yaml

#- name: 准备calico-kube-controllers.yaml 文件
# tags: calico-controller
# template: src=calico-kube-controllers.yaml.j2 dest=/root/local/kube-system/calico/calico-kube-controllers.yaml

# 只需单节点执行一次,重复执行的报错可以忽略
# 增加15s等待node ready
#- name: 运行calico-kube-controllers
# tags: calico-controller
# shell: "sleep 15 && {{ bin_dir }}/kubectl create -f /root/local/kube-system/calico/rbac.yaml && \
# {{ bin_dir }}/kubectl create -f /root/local/kube-system/calico/calico-kube-controllers.yaml"
# when: NODE_ID is defined and NODE_ID == "node1"
# ignore_errors: true
12 changes: 12 additions & 0 deletions roles/kube-node/templates/cni-default.conf.j2
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
{
"name": "mynet",
"type": "bridge",
"bridge": "mynet0",
"isDefaultGateway": true,
"ipMasq": true,
"hairpinMode": true,
"ipam": {
"type": "host-local",
"subnet": "{{ CLUSTER_CIDR }}"
}
}

0 comments on commit 4c1f7bc

Please sign in to comment.