diff --git a/.gitignore b/.gitignore index 2a32a5ea2..a5b05c9ed 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,6 @@ down/* !down/download.sh bin/* -!bin/VERSION.md hosts *.crt *.pem diff --git a/example/hosts.allinone.example b/example/hosts.allinone.example index c940200b7..90c850e26 100644 --- a/example/hosts.allinone.example +++ b/example/hosts.allinone.example @@ -25,6 +25,9 @@ #集群部署模式:allinone, single-master, multi-master DEPLOY_MODE=allinone +#集群主版本号,目前支持: v1.8, v1.9, v1.10 +K8S_VER="v1.10" + #集群 MASTER IP MASTER_IP="192.168.1.1" KUBE_APISERVER="https://{{ MASTER_IP }}:6443" diff --git a/example/hosts.m-masters.example b/example/hosts.m-masters.example index e8bbfa2a9..1f94f769c 100644 --- a/example/hosts.m-masters.example +++ b/example/hosts.m-masters.example @@ -38,6 +38,9 @@ #集群部署模式:allinone, single-master, multi-master DEPLOY_MODE=multi-master +#集群主版本号,目前支持: v1.8, v1.9, v1.10 +K8S_VER="v1.10" + #集群 MASTER IP即 LB节点VIP地址,为区别与默认apiserver端口,设置VIP监听的服务端口8443 MASTER_IP="192.168.1.10" KUBE_APISERVER="https://{{ MASTER_IP }}:8443" diff --git a/example/hosts.s-master.example b/example/hosts.s-master.example index 0f5a70c63..18b870a4c 100644 --- a/example/hosts.s-master.example +++ b/example/hosts.s-master.example @@ -28,6 +28,9 @@ #集群部署模式:allinone, single-master, multi-master DEPLOY_MODE=single-master +#集群主版本号,目前支持: v1.8, v1.9, v1.10 +K8S_VER="v1.10" + #集群 MASTER IP MASTER_IP="192.168.1.1" KUBE_APISERVER="https://{{ MASTER_IP }}:6443" diff --git a/roles/kube-master/tasks/main.yml b/roles/kube-master/tasks/main.yml index 48c203e79..8595907c1 100644 --- a/roles/kube-master/tasks/main.yml +++ b/roles/kube-master/tasks/main.yml @@ -34,6 +34,12 @@ template: src=kube-apiserver.service.j2 dest=/etc/systemd/system/kube-apiserver.service tags: upgrade_k8s, restart_master +# 为兼容之前的模式,需特别对v1.8版本重新配置kube-apiserver的systemd unit文件 +- name: 创建kube-apiserver v1.8的systemd unit文件 + template: src=kube-apiserver-{{ K8S_VER }}.service.j2 dest=/etc/systemd/system/kube-apiserver.service + tags: upgrade_k8s, restart_master + when: "K8S_VER is defined and K8S_VER == 'v1.8'" + - name: 创建kube-controller-manager的systemd unit文件 template: src=kube-controller-manager.service.j2 dest=/etc/systemd/system/kube-controller-manager.service tags: upgrade_k8s, restart_master diff --git a/roles/kube-master/templates/kube-apiserver-v1.8.service.j2 b/roles/kube-master/templates/kube-apiserver-v1.8.service.j2 new file mode 100644 index 000000000..5b7ec6d4e --- /dev/null +++ b/roles/kube-master/templates/kube-apiserver-v1.8.service.j2 @@ -0,0 +1,44 @@ +[Unit] +Description=Kubernetes API Server +Documentation=https://github.com/GoogleCloudPlatform/kubernetes +After=network.target + +[Service] +ExecStart={{ bin_dir }}/kube-apiserver \ + --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,NodeRestriction \ + --bind-address={{ inventory_hostname }} \ + --insecure-bind-address=127.0.0.1 \ + --authorization-mode=Node,RBAC \ + --kubelet-https=true \ + --kubelet-client-certificate={{ ca_dir }}/kubernetes.pem \ + --kubelet-client-key={{ ca_dir }}/kubernetes-key.pem \ + --anonymous-auth=false \ + --basic-auth-file={{ ca_dir }}/basic-auth.csv \ + --enable-bootstrap-token-auth \ + --token-auth-file={{ ca_dir }}/token.csv \ + --service-cluster-ip-range={{ SERVICE_CIDR }} \ + --service-node-port-range={{ NODE_PORT_RANGE }} \ + --tls-cert-file={{ ca_dir }}/kubernetes.pem \ + --tls-private-key-file={{ ca_dir }}/kubernetes-key.pem \ + --client-ca-file={{ ca_dir }}/ca.pem \ + --service-account-key-file={{ ca_dir }}/ca-key.pem \ + --etcd-cafile={{ ca_dir }}/ca.pem \ + --etcd-certfile={{ ca_dir }}/kubernetes.pem \ + --etcd-keyfile={{ ca_dir }}/kubernetes-key.pem \ + --etcd-servers={{ ETCD_ENDPOINTS }} \ + --enable-swagger-ui=true \ + --apiserver-count=3 \ + --allow-privileged=true \ + --audit-log-maxage=30 \ + --audit-log-maxbackup=3 \ + --audit-log-maxsize=100 \ + --audit-log-path=/var/lib/audit.log \ + --event-ttl=1h \ + --v=2 +Restart=on-failure +RestartSec=5 +Type=notify +LimitNOFILE=65536 + +[Install] +WantedBy=multi-user.target