merge from upstream

raoraoxiong · Jul 13, 2018 · 89e23ee · 89e23ee
2 parents db7090a + 1c63fb8
commit 89e23ee
Show file tree

Hide file tree

Showing 17 changed files with 158 additions and 32 deletions.
diff --git a/98.flannel-clean.yml b/98.flannel-clean.yml
@@ -0,0 +1,45 @@
+# 清理集群docker服务、网络相关
+- hosts:
+  - kube-master
+  - new-master
+  - kube-node
+  - new-node
+  tasks:
+  - name: 清理目录和文件
+    file: name={{ item }} state=absent
+    with_items:
+    - "/etc/cni/"
+    - "/run/flannel/"
+    - "/var/lib/cni/"
+
+  - name: 清理 iptables
+    shell: "iptables -F && iptables -X \
+	&& iptables -F -t nat && iptables -X -t nat \
+	&& iptables -F -t raw && iptables -X -t raw \
+	&& iptables -F -t mangle && iptables -X -t mangle"
+
+  - name: 清理网络
+    shell: "ip link del tunl0; \
+	ip link del flannel.1; \
+	ip link del cni0; \
+        ip link del mynet0; \
+	systemctl restart networking; \
+	systemctl restart network; \
+	systemctl restart docker"
+    ignore_errors: true
+# 清理负载均衡相关
+- hosts: lb
+  tasks:
+  - name: stop keepalived service
+    shell: systemctl disable keepalived && systemctl stop keepalived
+    ignore_errors: true
+
+  - name: stop haproxy service
+    shell: systemctl disable haproxy && systemctl stop haproxy
+    ignore_errors: true
+
+  - name: 清理LB 配置文件目录
+    file: name={{ item }} state=absent
+    with_items:
+    - "/etc/haproxy"
+    - "/etc/keepalived"
diff --git a/manifests/nfs-provisioner/nfs-client-provisioner.yaml b/manifests/nfs-provisioner/nfs-client-provisioner.yaml
@@ -69,13 +69,13 @@ spec:
               # 此处供应者名字供storageclass调用
               value: nfs-prov-1
             - name: NFS_SERVER
-              value: 10.1.241.230
+              value: 192.168.1.6
             - name: NFS_PATH
-              value: /home/share/k8s-pv
+              value: /opt/nfs_data
       volumes:
         - name: nfs-client-root
           nfs:
-            server: 10.1.241.230
-            path: /home/share/k8s-pv
+            server: 192.168.1.6
+            path: /opt/nfs_data
 
 ---
diff --git a/manifests/prometheus/prometheus/templates/node-exporter-daemonset.yaml b/manifests/prometheus/prometheus/templates/node-exporter-daemonset.yaml
@@ -66,7 +66,7 @@ spec:
               mountPath: {{ .mountPath }}
               readOnly: {{ .readOnly }}
           {{- end }}
-      hostNetwork: true
+      hostNetwork: false
       hostPID: true
     {{- if .Values.nodeExporter.tolerations }}
       tolerations:

diff --git a/manifests/prometheus/prometheus/values.yaml b/manifests/prometheus/prometheus/values.yaml
@@ -422,10 +422,10 @@ nodeExporter:
     ##
     externalIPs: []
 
-    hostPort: 9100
+    hostPort: 9101
     loadBalancerIP: ""
     loadBalancerSourceRanges: []
-    servicePort: 9100
+    servicePort: 9101
     type: ClusterIP
 
 server:

diff --git a/notes.md b/notes.md
@@ -0,0 +1,2 @@
+# linux系统
+- [systemctl替代service与chkconfig](https://blog.csdn.net/itcomputer12/article/details/41799139)
diff --git a/roles/docker/files/daemon-gpu.json b/roles/docker/files/daemon-gpu.json
@@ -0,0 +1,18 @@
+{
+  "registry-mirrors": ["https://kuamavit.mirror.aliyuncs.com", "https://registry.docker-cn.com", "https://docker.mirrors.ustc.edu.cn"],
+  "insecure-registries":["http://harbor.oceanai.com.cn"],
+  "max-concurrent-downloads": 10,
+  "log-driver": "json-file",
+  "log-level": "warn",
+  "log-opts": {
+    "max-size": "10m",
+    "max-file": "3"
+    },
+  "runtimes": {
+    "nvidia": {                                                                                                                          
+       "path": "/usr/bin/nvidia-container-runtime",
+       "runtimeArgs": []
+       }
+    },
+  "default-runtime": "nvidia"
+}
diff --git a/roles/docker/files/daemon.json b/roles/docker/files/daemon.json
@@ -1,5 +1,6 @@
 {
-  "registry-mirrors": ["https://kuamavit.mirror.aliyuncs.com", "https://registry.docker-cn.com", "https://docker.mirrors.ustc.edu.cn"], 
+  "registry-mirrors": ["https://pan5r115.mirror.aliyuncs.com","https://kuamavit.mirror.aliyuncs.com", "https://registry.docker-cn.com", "https://docker.mirrors.ustc.edu.cn"], 
+  "insecure-registries":["http://harbor.oceanai.com.cn"],
   "max-concurrent-downloads": 10,
   "log-driver": "json-file",
   "log-level": "warn",

diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
@@ -1,22 +1,16 @@
 ## ---------docker daemon配置部分-----------
-- name: 准备docker相关目录
-  file: name={{ item }} state=directory
-  with_items:
-  - "{{ bin_dir }}"
-  - /etc/docker
-
-- name: 下载 docker 二进制文件
-  copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
-  with_items:
-  - docker-containerd
-  - docker-containerd-shim
-  - docker-init
-  - docker-runc
-  - docker
-  - docker-containerd-ctr
-  - dockerd
-  - docker-proxy
-  tags: upgrade_k8s
+#- name: 下载 docker 二进制文件
+#  copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
+#  with_items:
+#  - docker-containerd
+#  - docker-containerd-shim
+#  - docker-init
+#  - docker-runc
+#  - docker
+#  - docker-containerd-ctr
+#  - dockerd
+#  - docker-proxy
+#  tags: upgrade_k8s
 
 - name: docker命令自动补全
   copy: src=docker dest=/etc/bash_completion.d/docker mode=0644

diff --git a/roles/docker/templates/docker.service.j2 b/roles/docker/templates/docker.service.j2
@@ -1,19 +1,38 @@
 [Unit]
 Description=Docker Application Container Engine
-Documentation=http://docs.docker.io
+Documentation=https://docs.docker.com
+After=network-online.target docker.socket firewalld.service
+Wants=network-online.target
+Requires=docker.socket
 
 [Service]
-Environment="PATH={{ bin_dir }}:/bin:/sbin:/usr/bin:/usr/sbin"
-ExecStart={{ bin_dir }}/dockerd 
+Type=notify
+#EnvironmentFile=-/etc/default/docker
+# the default is not to use systemd for cgroups because the delegate issues still
+# exists and systemd currently does not support the cgroup feature set required
+# for containers run by docker
+ExecStart=/usr/bin/dockerd -H fd://
 ExecStartPost=/sbin/iptables -I FORWARD -s 0.0.0.0/0 -j ACCEPT
 ExecReload=/bin/kill -s HUP $MAINPID
-Restart=on-failure
-RestartSec=5
-LimitNOFILE=infinity
+LimitNOFILE=1048576
+# Having non-zero Limit*s causes performance problems due to accounting overhead
+# in the kernel. We recommend using cgroups to do container-local accounting.
 LimitNPROC=infinity
 LimitCORE=infinity
+# Uncomment TasksMax if your systemd version supports it.
+# Only systemd 226 and above support this version.
+TasksMax=infinity
+TimeoutStartSec=0
+# set delegate yes so that systemd does not reset the cgroups of docker containers
 Delegate=yes
+# kill only the docker process, not all processes in the cgroup
 KillMode=process
+# restart the docker process if it exits prematurely
+Restart=on-failure
+RestartSec=5
+StartLimitBurst=3
+StartLimitInterval=60s
+TimeoutSec=300
 
 [Install]
 WantedBy=multi-user.target
diff --git a/roles/etcd/templates/etcd.service.j2 b/roles/etcd/templates/etcd.service.j2
@@ -27,6 +27,7 @@ ExecStart={{ bin_dir }}/etcd \
 Restart=on-failure
 RestartSec=5
 LimitNOFILE=65536
+TimeoutSec=300
 
 [Install]
 WantedBy=multi-user.target
diff --git a/roles/kube-master/templates/kube-apiserver.service.j2 b/roles/kube-master/templates/kube-apiserver.service.j2
@@ -2,6 +2,7 @@
 Description=Kubernetes API Server
 Documentation=https://github.com/GoogleCloudPlatform/kubernetes
 After=network.target
+After=etcd.service
 
 [Service]
 ExecStart={{ bin_dir }}/kube-apiserver \
@@ -47,6 +48,7 @@ Restart=on-failure
 RestartSec=5
 Type=notify
 LimitNOFILE=65536
+TimeoutSec=300
 
 [Install]
 WantedBy=multi-user.target
diff --git a/roles/kube-master/templates/kube-controller-manager.service.j2 b/roles/kube-master/templates/kube-controller-manager.service.j2
@@ -19,6 +19,7 @@ ExecStart={{ bin_dir }}/kube-controller-manager \
   --v=2
 Restart=on-failure
 RestartSec=5
+TimeoutSec=300
 
 [Install]
 WantedBy=multi-user.target
diff --git a/roles/kube-node/templates/kube-proxy.service.j2 b/roles/kube-node/templates/kube-proxy.service.j2
@@ -16,6 +16,7 @@ ExecStart={{ bin_dir }}/kube-proxy \
 Restart=on-failure
 RestartSec=5
 LimitNOFILE=65536
+TimeoutSec=300
 
 [Install]
 WantedBy=multi-user.target
diff --git a/roles/kube-node/templates/kubelet.service.j2 b/roles/kube-node/templates/kubelet.service.j2
@@ -33,6 +33,7 @@ ExecStartPost=/sbin/iptables -A INPUT -s 192.168.0.0/16 -p tcp --dport 4194 -j A
 ExecStartPost=/sbin/iptables -A INPUT -p tcp --dport 4194 -j DROP
 Restart=on-failure
 RestartSec=5
+TimeoutSec=300
 
 [Install]
 WantedBy=multi-user.target
diff --git a/shutdown_all.sh b/shutdown_all.sh
@@ -0,0 +1,20 @@
+echo "***1. shutdown etcd***"
+echo
+ansible all -m shell -a "systemctl stop etcd"
+
+echo "***2. shutdown kube-apiserver***"
+echo
+ansible all -m shell -a "systemctl stop kube-apiserver"
+echo "***3. shutdown kube-controller-manager***"
+echo
+ansible all -m shell -a "systemctl stop kube-controller-manager"
+echo "***4. shutdown kube-scheduler***"
+echo
+ansible all -m shell -a "systemctl stop kube-scheduler"
+echo "***5. shutdown kube-apiserver***"
+echo
+ansible all -m shell -a "systemctl stop kube-proxy"
+echo "***6. shutdown kubelet***"
+echo
+ansible all -m shell -a "systemctl stop kubelet"
+
diff --git a/start_all.sh b/start_all.sh
@@ -0,0 +1,20 @@
+echo "***1. start etcd***"
+echo
+ansible all -m shell -a "systemctl daemon-reload && systemctl restart etcd"
+
+echo "***2. start kube-apiserver***"
+echo
+ansible all -m shell -a "systemctl daemon-reload && systemctl restart kube-apiserver"
+echo "***3. start kube-controller-manager***"
+echo
+ansible all -m shell -a "systemctl daemon-reload && systemctl restart kube-controller-manager"
+echo "***4. start kube-scheduler***"
+echo
+ansible all -m shell -a "systemctl daemon-reload && systemctl restart kube-scheduler"
+echo "***5. start kube-apiserver***"
+echo
+ansible all -m shell -a "systemctl daemon-reload && systemctl restart kube-proxy"
+echo "***6. start kubelet***"
+echo
+ansible all -m shell -a "systemctl daemon-reload && systemctl restart kubelet"
+
diff --git a/test/busybox.sh b/test/busybox.sh
@@ -0,0 +1 @@
+kubectl run test --image=busybox --replicas=3 sleep 30000
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		# linux系统
		- [systemctl替代service与chkconfig](https://blog.csdn.net/itcomputer12/article/details/41799139)
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		kubectl run test --image=busybox --replicas=3 sleep 30000