更新kube-proxy使用ipvs模式

docs/06.kube-router.md

@@ -87,7 +87,7 @@ Members:
 ...
 ```
 
-- 6.ipvs虚拟服务器查看 (/etc/ansible/hosts需配置`SERVICE_PROXY="IPVS"`)
+- 6.ipvs虚拟服务器查看 (roles/kube-router/defaults/main.yml 需配置`SERVICE_PROXY="true"`)
 
 ``` bash
 # 首先创建测试应用

roles/kube-node/tasks/main.yml

@@ -59,12 +59,10 @@
 - name: 开机启用kube-proxy 服务
   shell: systemctl enable kube-proxy
   ignore_errors: true
-  when: CLUSTER_NETWORK != 'kube-router' or SERVICE_PROXY != 'IPVS'
 
 - name: 开启kube-proxy 服务
   shell: systemctl daemon-reload && systemctl restart kube-proxy
   tags: reload-kube-proxy, upgrade_k8s, restart_node
-  when: CLUSTER_NETWORK != 'kube-router' or SERVICE_PROXY != 'IPVS'
 
 # 批准 node 节点，首先轮询等待kubelet启动完成
 - name: 轮询等待kubelet启动

roles/kube-node/templates/kube-proxy.service.j2

@@ -12,7 +12,7 @@ ExecStart={{ bin_dir }}/kube-proxy \
   --hostname-override={{ inventory_hostname }} \
   --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig \
   --logtostderr=true \
-  --v=2
+  --proxy-mode={{ PROXY_MODE }}
 Restart=on-failure
 RestartSec=5
 LimitNOFILE=65536

roles/kube-router/defaults/main.yml

@@ -6,8 +6,8 @@ ROUTER_ENABLE: "true"
 # NetworkPolicy 支持开关
 FIREWALL_ENABLE: "true"
 
-# service-proxy 支持开关
-# 在/etc/ansible/hosts文件的变量'SERVICE_PROXY'定义
+# service-proxy 支持开关，如选择 'false' 即使用k8s集群默认的kube-proxy
+SERVICE_PROXY: "false"
 
 # kube-router 镜像版本
 IMAGE: "cloudnativelabs/kube-router"

roles/prepare/tasks/main.yml

@@ -97,8 +97,15 @@
 - name: 设置系统参数
   copy: src=95-k8s-sysctl.conf dest=/etc/sysctl.d/95-k8s-sysctl.conf
 
-- name: 加载br_netfilter模块
-  modprobe: name=br_netfilter state=present
+- name: 加载内核模块
+  modprobe: name={{ item }} state=present
+  with_items:
+    - br_netfilter
+    - ip_vs
+    - ip_vs_rr
+    - ip_vs_wrr
+    - ip_vs_sh
+    - nf_conntrack_ipv4
   ignore_errors: true
 
 - name: 生效系统参数