From e4685e5fa438a2137e9f02f559013b19617367ad Mon Sep 17 00:00:00 2001 From: jmgao Date: Fri, 9 Mar 2018 22:02:55 +0800 Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0=E5=A2=9E=E5=8A=A0master?= =?UTF-8?q?=E8=8A=82=E7=82=B9=E7=9A=84=E6=AD=A5=E9=AA=A4=E5=92=8C=E6=96=87?= =?UTF-8?q?=E6=A1=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- 21.addmaster.yml | 14 ++++++++ 99.clean.yml | 5 +-- docs/guide/op/AddMaster.md | 60 ++++++++++++++++++++++++++++++++ docs/guide/op/AddNode.md | 16 ++++----- roles/kube-master/tasks/main.yml | 10 ++++++ 5 files changed, 95 insertions(+), 10 deletions(-) create mode 100644 21.addmaster.yml create mode 100644 docs/guide/op/AddMaster.md diff --git a/21.addmaster.yml b/21.addmaster.yml new file mode 100644 index 000000000..90f0d6607 --- /dev/null +++ b/21.addmaster.yml @@ -0,0 +1,14 @@ +# 集群节点的公共配置任务 +- hosts: + - kube-master + roles: + - prepare + +# [可选]多master部署时的负载均衡配置 +- hosts: lb + roles: + - lb + +- hosts: kube-master + roles: + - kube-master diff --git a/99.clean.yml b/99.clean.yml index 36c6a9e98..630329dbd 100644 --- a/99.clean.yml +++ b/99.clean.yml @@ -130,6 +130,7 @@ - name: 清理证书目录和文件 file: name={{ item }} state=absent with_items: + - "/etc/kubernetes/" - "{{ ca_dir }}" - - /root/.kube - - /etc/docker + - "/root/.kube/" + - "/etc/docker/" diff --git a/docs/guide/op/AddMaster.md b/docs/guide/op/AddMaster.md new file mode 100644 index 000000000..10f7d9505 --- /dev/null +++ b/docs/guide/op/AddMaster.md @@ -0,0 +1,60 @@ +## 增加 kube-master 节点 + +注意:目前仅支持按照本项目`多主模式`(hosts.m-masters.example)部署的`k8s`集群增加`master`节点 + +新增`kube-master`节点大致流程为: +- 节点预处理 prepare +- 重新配置LB节点的 haproxy服务 +- 安装 master 节点服务 + +### 操作步骤 + +按照本项目说明,首先确保deploy节点能够ssh免密码登陆新增节点,然后在**deploy**节点执行三步: + +- 修改ansible hosts 文件,在 [kube-master] 组添加新增的节点;在[lb] 组添加新增master 节点,举例如下: + +``` bash +[kube-master] +192.168.1.1 NODE_IP="192.168.1.1" +192.168.1.2 NODE_IP="192.168.1.2" +192.168.1.5 NODE_IP="192.168.1.5" # 新增 master节点 + +[lb] +192.168.1.1 LB_IF="ens3" LB_ROLE=backup +192.168.1.4 LB_IF="ens3" LB_ROLE=master +[lb:vars] +master1="192.168.1.1:6443" +master2="192.168.1.2:6443" +master3="192.168.1.5:6443" # 新增 master节点 +``` +- 修改roles/lb/templates/haproxy.cfg.j2 文件,增加新增的master节点,举例如下: + +``` bash +listen kube-master + bind 0.0.0.0:{{ MASTER_PORT }} + mode tcp + option tcplog + balance source + server s1 {{ master1 }} check inter 10000 fall 2 rise 2 weight 1 + server s2 {{ master2 }} check inter 10000 fall 2 rise 2 weight 1 + server s3 {{ master3 }} check inter 10000 fall 2 rise 2 weight 1 +``` + +- 执行安装脚本 + +``` bash +$ cd /etc/ansible && ansible-playbook 20.addmaster.yml +``` + +### 验证 + +``` bash +# 在新节点master 服务状态 +$ systemctl status kube-apiserver +$ systemctl status kube-controller-manager +$ systemctl status kube-scheduler + +# 查看新master的服务日志 +$ journalctl -u kube-apiserver -f + +``` diff --git a/docs/guide/op/AddNode.md b/docs/guide/op/AddNode.md index 58b6c3cd1..1e6632e34 100644 --- a/docs/guide/op/AddNode.md +++ b/docs/guide/op/AddNode.md @@ -1,18 +1,18 @@ ## 增加 kube-node 节点 新增`kube-node`节点大致流程为: -- 1. 节点预处理 prepare -- 2. 安装 kubectl (可选) -- 3. 安装 docker -- 4. 安装 kubelet 和 kube-proxy -- 5. 准备网络插件 calico 或 flannel -- 6. 批准新节点 kubectl certificate approve +- 节点预处理 prepare +- 安装 kubectl (可选) +- 安装 docker +- 安装 kubelet 和 kube-proxy +- 准备网络插件 calico 或 flannel +- 批准新节点 kubectl certificate approve ### 操作步骤 按照本项目说明,首先确保deploy节点能够ssh免密码登陆新增节点,然后在**deploy**节点执行两步: -- 1. 修改ansible hosts 文件,在 [new-node] 组编辑需要新增的节点,例如: +- 修改ansible hosts 文件,在 [new-node] 组编辑需要新增的节点,例如: ``` bash ... @@ -21,7 +21,7 @@ 192.168.1.6 NODE_ID=node6 NODE_IP="192.168.1.6" ... ``` -- 2. 执行安装脚本 +- 执行安装脚本 ``` bash $ cd /etc/ansible && ansible-playbook 20.addnode.yml diff --git a/roles/kube-master/tasks/main.yml b/roles/kube-master/tasks/main.yml index f43741184..129bd072a 100644 --- a/roles/kube-master/tasks/main.yml +++ b/roles/kube-master/tasks/main.yml @@ -8,10 +8,20 @@ - kube-proxy - kubelet +# 注册变量result,根据result结果判断是否已经生成过 kubernetes证书 +# result|failed 说明没有生成过证书,下一步生成证书 +# result|succeeded 说明已经有kubernetes证书,使用原证书,跳过生成证书步骤 +- name: 注册变量result + command: ls /etc/kubernetes/ssl/kubernetes.pem + register: result + ignore_errors: True + - name: 创建 kubernetes 证书签名请求 template: src=kubernetes-csr.json.j2 dest={{ ca_dir }}/kubernetes-csr.json + when: result|failed - name: 创建 kubernetes 证书和私钥 + when: result|failed shell: "cd {{ ca_dir }} && {{ bin_dir }}/cfssl gencert \ -ca={{ ca_dir }}/ca.pem \ -ca-key={{ ca_dir }}/ca-key.pem \