调整网络插件安装中kubectl在deploy节点执行

gkadmin · Sep 21, 2018 · 51b1003 · 51b1003
1 parent 914b3c6
commit 51b1003
Show file tree

Hide file tree

Showing 3 changed files with 77 additions and 64 deletions.
diff --git a/roles/cilium/tasks/main.yml b/roles/cilium/tasks/main.yml
@@ -1,10 +1,48 @@
-- name: 创建cilium 相关目录
+- block:
+    - name: 在deploy 节点创建cilium 相关目录
+      file: name={{ item }} state=directory
+      with_items:
+      - /etc/cilium/ssl
+      - /opt/kube/kube-system/cilium
+
+    - name: 创建cilium 证书请求
+      template: src=cilium-csr.json.j2 dest=/etc/cilium/ssl/cilium-csr.json
+
+    - name: 创建 cilium证书和私钥
+      shell: "cd /etc/cilium/ssl && {{ bin_dir }}/cfssl gencert \
+            -ca={{ ca_dir }}/ca.pem \
+            -ca-key={{ ca_dir }}/ca-key.pem \
+            -config={{ ca_dir }}/ca-config.json \
+            -profile=kubernetes cilium-csr.json | {{ bin_dir }}/cfssljson -bare cilium"
+
+    - name: get cilium-etcd-secrets info
+      shell: "{{ bin_dir }}/kubectl get secrets -n kube-system"
+      register: secrets_info
+
+    - name: 创建 cilium-etcd-secrets
+      shell: "cd /etc/cilium/ssl && \
+    	{{ bin_dir }}/kubectl create secret generic -n kube-system cilium-etcd-secrets \
+    	--from-file=etcd-ca={{ ca_dir }}/ca.pem \
+    	--from-file=etcd-client-key=cilium-key.pem \
+    	--from-file=etcd-client-crt=cilium.pem"
+      when: '"cilium-etcd-secrets" not in secrets_info.stdout'
+
+    - name: 配置 cilium DaemonSet yaml文件
+      template: src=cilium.yaml.j2 dest=/opt/kube/kube-system/cilium/cilium.yaml
+      tags: reconf  
+
+    - name: 检查是否已下载离线cilium镜像
+      command: "ls {{ base_dir }}/down"
+      register: download_info
+  delegate_to: "{{ groups.deploy[0] }}"
+  run_once: true
+
+- name: node 节点创建cilium 相关目录
   file: name={{ item }} state=directory
   with_items:
   - /etc/cilium/ssl
   - /etc/cni/net.d
   - /var/run/cilium
-  - /opt/kube/kube-system/cilium
   - /opt/kube/images 
 
 - name: Optional-Mount BPF FS
@@ -14,41 +52,6 @@
     path: "/sys/fs/bpf"
     state: "mounted" 
 
-- name: 创建cilium 证书请求
-  template: src=cilium-csr.json.j2 dest=/etc/cilium/ssl/cilium-csr.json
-
-- name: 创建 cilium证书和私钥
-  shell: "cd /etc/cilium/ssl && {{ bin_dir }}/cfssl gencert \
-        -ca={{ ca_dir }}/ca.pem \
-        -ca-key={{ ca_dir }}/ca-key.pem \
-        -config={{ ca_dir }}/ca-config.json \
-        -profile=kubernetes cilium-csr.json | {{ bin_dir }}/cfssljson -bare cilium"
-
-- name: get cilium-etcd-secrets info
-  shell: "{{ bin_dir }}/kubectl get secrets -n kube-system"
-  register: secrets_info
-  run_once: true
-
-- name: 创建 cilium-etcd-secrets
-  shell: "cd /etc/cilium/ssl && \
-	{{ bin_dir }}/kubectl create secret generic -n kube-system cilium-etcd-secrets \
-	--from-file=etcd-ca={{ ca_dir }}/ca.pem \
-	--from-file=etcd-client-key=cilium-key.pem \
-	--from-file=etcd-client-crt=cilium.pem"
-  when: '"cilium-etcd-secrets" not in secrets_info.stdout'
-  ignore_errors: true
-  run_once: true
-
-- name: 配置 cilium DaemonSet yaml文件
-  template: src=cilium.yaml.j2 dest=/opt/kube/kube-system/cilium/cilium.yaml
-  tags: reconf  
-
-- name: 检查是否已下载离线cilium镜像
-  command: "ls {{ base_dir }}/down"
-  register: download_info
-  delegate_to: "{{ groups.deploy[0] }}"
-  run_once: true
-
 # 【可选】推送离线docker 镜像，可以忽略执行错误
 - name: 尝试推送离线docker 镜像（若执行失败，可忽略）
   copy: src={{ base_dir }}/down/{{ item }} dest=/opt/kube/images/{{ item }}
@@ -76,6 +79,7 @@
 # 只需单节点执行一次
 - name: 运行 cilium网络
   shell: "{{ bin_dir }}/kubectl apply -f /opt/kube/kube-system/cilium/ && sleep 5"
+  delegate_to: "{{ groups.deploy[0] }}"
   run_once: true
 
 # 删除原有cni配置
@@ -87,6 +91,6 @@
   shell: "{{ bin_dir }}/kubectl get pod -n kube-system -o wide|grep 'cilium'|grep ' {{ inventory_hostname }} '|awk '{print $3}'"
   register: pod_status
   until: pod_status.stdout == "Running"
+  delegate_to: "{{ groups.deploy[0] }}"
   retries: 15
   delay: 8
-
diff --git a/roles/flannel/tasks/main.yml b/roles/flannel/tasks/main.yml
@@ -1,8 +1,20 @@
+- block:
+    - name: 在deploy 节点创建相关目录
+      file: name=/opt/kube/kube-system/flannel state=directory
+
+    - name: 配置 flannel DaemonSet yaml文件
+      template: src=kube-flannel.yaml.j2 dest=/opt/kube/kube-system/flannel/kube-flannel.yaml
+
+    - name: 检查是否已下载离线flannel镜像
+      command: "ls {{ base_dir }}/down"
+      register: download_info
+  delegate_to: "{{ groups.deploy[0] }}"
+  run_once: true
+
 - name: 创建flannel cni 相关目录
   file: name={{ item }} state=directory
   with_items:
   - /etc/cni/net.d
-  - /opt/kube/kube-system/flannel
   - /opt/kube/images
 
 - name: 下载flannel cni plugins
@@ -14,15 +26,6 @@
   - loopback
   - portmap
 
-- name: 配置 flannel DaemonSet yaml文件
-  template: src=kube-flannel.yaml.j2 dest=/opt/kube/kube-system/flannel/kube-flannel.yaml
-
-- name: 检查是否已下载离线flannel镜像
-  command: "ls {{ base_dir }}/down"
-  register: download_info
-  delegate_to: "{{ groups.deploy[0] }}"
-  run_once: true
-
 # 【可选】推送离线docker 镜像，可以忽略执行错误
 - name: 尝试推送离线docker 镜像（若执行失败，可忽略）
   copy: src={{ base_dir }}/down/{{ item }} dest=/opt/kube/images/{{ item }}
@@ -48,6 +51,7 @@
 # 只需单节点执行一次
 - name: 运行 flannel网络
   shell: "{{ bin_dir }}/kubectl apply -f /opt/kube/kube-system/flannel/ && sleep 5"
+  delegate_to: "{{ groups.deploy[0] }}"
   run_once: true
 
 # 删除原有cni配置
@@ -59,6 +63,7 @@
   shell: "{{ bin_dir }}/kubectl get pod -n kube-system -o wide|grep 'flannel'|grep ' {{ inventory_hostname }} '|awk '{print $3}'"
   register: pod_status
   until: pod_status.stdout == "Running"
+  delegate_to: "{{ groups.deploy[0] }}"
   retries: 15
   delay: 8
 
diff --git a/roles/kube-router/tasks/main.yml b/roles/kube-router/tasks/main.yml
@@ -1,8 +1,25 @@
+- block:
+    - name: 在deploy 节点创建相关目录
+      file: name=/opt/kube/kube-system/kube-router state=directory
+
+    - name: 准备配置 kube-router DaemonSet (without IPVS)
+      template: src=kuberouter.yaml.j2 dest=/opt/kube/kube-system/kube-router/kuberouter.yaml
+      when: 'SERVICE_PROXY != "true"'
+
+    - name: 准备配置 kube-router DaemonSet (with IPVS)
+      template: src=kuberouter-all.yaml.j2 dest=/opt/kube/kube-system/kube-router/kuberouter.yaml
+      when: 'SERVICE_PROXY == "true"'
+
+    - name: 检查是否已下载离线kube-router镜像
+      command: "ls {{ base_dir }}/down"
+      register: download_info
+  delegate_to: "{{ groups.deploy[0] }}"
+  run_once: true
+
 - name: 创建cni 和kube-router 相关目录
   file: name={{ item }} state=directory
   with_items:
   - /etc/cni/net.d
-  - /opt/kube/kube-system/kube-router
   - /opt/kube/images
 
 - name: 下载cni plugins
@@ -13,11 +30,6 @@
   - loopback
   - portmap
 
-# kube-router 不带service proxy
-- name: 准备配置 kube-router DaemonSet (without IPVS)
-  template: src=kuberouter.yaml.j2 dest=/opt/kube/kube-system/kube-router/kuberouter.yaml
-  when: 'SERVICE_PROXY != "true"'
-
 # kube-router 带service proxy (IPVS/LVS)
 - name: 停止 kube-proxy 服务
   service: name=kube-proxy state=stopped enabled=no 
@@ -29,16 +41,6 @@
   when: 'SERVICE_PROXY == "true"'
   ignore_errors: true
 
-- name: 准备配置 kube-router DaemonSet (with IPVS)
-  template: src=kuberouter-all.yaml.j2 dest=/opt/kube/kube-system/kube-router/kuberouter.yaml
-  when: 'SERVICE_PROXY == "true"'
-
-- name: 检查是否已下载离线kube-router镜像
-  command: "ls {{ base_dir }}/down"
-  register: download_info
-  delegate_to: "{{ groups.deploy[0] }}"
-  run_once: true
-
 # 【可选】推送离线docker 镜像，可以忽略执行错误
 - name: 尝试推送离线docker 镜像（若执行失败，可忽略）
   copy: src={{ base_dir }}/down/{{ item }} dest=/opt/kube/images/{{ item }}
@@ -66,6 +68,7 @@
 # 只需单节点执行一次
 - name: 运行 kube-router DaemonSet
   shell: "{{ bin_dir }}/kubectl apply -f /opt/kube/kube-system/kube-router/ && sleep 5"
+  delegate_to: "{{ groups.deploy[0] }}"
   run_once: true
 
 # 删除原有cni配置
@@ -77,6 +80,7 @@
   shell: "{{ bin_dir }}/kubectl get pod -n kube-system -o wide|grep 'kube-router'|grep ' {{ inventory_hostname }} '|awk '{print $3}'"
   register: pod_status
   until: pod_status.stdout == "Running"
+  delegate_to: "{{ groups.deploy[0] }}"
   retries: 15
   delay: 8