├── .gitignore ├── linux ├── roles │ ├── wod.rkt │ │ ├── files │ │ │ ├── install.sh │ │ │ ├── install-CentOS.sh │ │ │ └── install-Ubuntu.sh │ │ └── tasks │ │ │ └── main.yml │ ├── wod.docker │ │ ├── files │ │ │ ├── install.sh │ │ │ ├── install-CentOS.sh │ │ │ └── install-Ubuntu.sh │ │ └── tasks │ │ │ └── main.yml │ ├── wod.k8s-master │ │ ├── templates │ │ │ ├── ssl │ │ │ │ ├── admin.csv │ │ │ │ └── token.csv │ │ │ ├── manifests │ │ │ │ ├── kube-scheduler.yaml │ │ │ │ ├── kube-controller-manager.yaml │ │ │ │ └── kube-apiserver.yaml │ │ │ └── services │ │ │ │ └── kubelet.service │ │ ├── files │ │ │ ├── config │ │ │ │ ├── kubelet.yaml │ │ │ │ └── kubeproxy.yaml │ │ │ └── scripts │ │ │ │ ├── prepare.sh │ │ │ │ └── kubelet.sh │ │ └── tasks │ │ │ └── main.yml │ ├── wod.timezone │ │ └── tasks │ │ │ └── main.yml │ ├── wod.python │ │ ├── tasks │ │ │ └── main.yml │ │ └── files │ │ │ └── bootstrap.sh │ ├── wod.uninstall │ │ ├── tasks │ │ │ └── main.yml │ │ └── files │ │ │ └── uninstall.sh │ ├── wod.sys │ │ ├── files │ │ │ ├── centos.sh │ │ │ └── sys.sh │ │ └── tasks │ │ │ └── main.yml │ ├── wod.insecure-registry │ │ ├── templates │ │ │ └── daemon.json │ │ └── tasks │ │ │ └── main.yml │ ├── wod.k8s-cni │ │ ├── templates │ │ │ ├── kube-proxy-conf.yaml │ │ │ ├── kube-proxy-client-master.yaml │ │ │ ├── kube-proxy-client-worker.yaml │ │ │ ├── kube-proxy-worker.yml │ │ │ ├── kube-proxy-master.yml │ │ │ ├── flannel.yml │ │ │ └── kube-router.yml │ │ ├── files │ │ │ └── cni.sh │ │ └── tasks │ │ │ └── main.yml │ ├── wod.k8s-ssl │ │ ├── templates │ │ │ ├── master-admin.cnf │ │ │ ├── worker-kubelet.cnf │ │ │ ├── worker-kubeproxy.cnf │ │ │ └── master-apiserver.cnf │ │ ├── files │ │ │ ├── ca.pem │ │ │ ├── master-ssl.sh │ │ │ ├── worker-ssl.sh │ │ │ └── ca.key │ │ └── tasks │ │ │ └── main.yml │ ├── wod.k8s-label │ │ ├── files │ │ │ └── label.sh │ │ └── tasks │ │ │ └── main.yml │ ├── wod.k8s-kubectl │ │ ├── tasks │ │ │ └── main.yml │ │ └── files │ │ │ └── kubectl.sh │ ├── wod.k8s-addon │ │ ├── templates │ │ │ ├── rbac-admin.yml │ │ │ ├── dashboard.yml │ │ │ ├── coredns.yml │ │ │ └── heapster.yml │ │ └── tasks │ │ │ └── main.yml │ ├── wod.k8s-worker │ │ ├── templates │ │ │ ├── config │ │ │ │ ├── kubelet.yaml │ │ │ │ └── kubeproxy.yaml │ │ │ └── services │ │ │ │ └── kubelet.service │ │ ├── files │ │ │ └── scripts │ │ │ │ ├── prepare.sh │ │ │ │ └── kubelet.sh │ │ └── tasks │ │ │ └── main.yml │ ├── wod.registry │ │ ├── files │ │ │ ├── cache.sh │ │ │ └── prepare.sh │ │ ├── templates │ │ │ └── k8s-registry.service │ │ └── tasks │ │ │ └── main.yml │ └── wod.etcd │ │ ├── tasks │ │ └── main.yml │ │ ├── templates │ │ └── k8s-etcd.service │ │ └── files │ │ ├── prepare.sh │ │ └── etcd.sh ├── 9.uninstall.yml ├── group_vars │ ├── systech.yml │ └── all.yml └── 1.install.yml ├── ansible.cfg ├── .gitattributes ├── docs ├── imgs │ ├── dashboard.png │ ├── centos-schema.png │ ├── coreos-schema.png │ ├── ubuntu-schema.png │ ├── ubuntu-schema-v1.10.png │ └── CoreOS&K8S.vsdx ├── installs │ ├── data │ │ ├── etcdctl.dockerfile │ │ ├── kubectl.dockerfile │ │ └── readme.md │ ├── ctl_v1.10.0.md │ ├── aci_v1.9.6.md │ ├── aci_v1.10.0.md │ ├── images_v1.11.2.md │ ├── readme_v1.9.6.md │ ├── ctl_v1.9.6.md │ ├── readme_v1.10.0.md │ ├── images_v1.9.6.md │ ├── registry_v1.9.6.md │ ├── images_v1.10.6.md │ ├── images_v1.10.0.md │ └── registry_v1.10.0.md ├── debug.md ├── addons │ ├── rbac-admin.yml │ ├── dashboard.yml │ ├── coredns.yml │ ├── kube-router.yml │ └── heapster.yml ├── image.md └── history │ └── 1.9 │ ├── readme.md │ ├── coreos.md │ ├── ubuntu.md │ └── centos.md ├── .dockerignore ├── hosts └── readme.md /.gitignore: -------------------------------------------------------------------------------- 1 | */*.retry 2 | aliyun* -------------------------------------------------------------------------------- /linux/roles/wod.rkt/files/install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | exit 0 -------------------------------------------------------------------------------- /linux/roles/wod.docker/files/install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | exit 0 -------------------------------------------------------------------------------- /ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | host_key_checking = False 3 | record_host_keys = False -------------------------------------------------------------------------------- /linux/roles/wod.k8s-master/templates/ssl/admin.csv: -------------------------------------------------------------------------------- 1 | {{ K8S_ADMIN_PWD }},admin,admin -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | *.* filter= diff= merge= 2 | *.vsdx filter=lfs diff=lfs merge=lfs -text -------------------------------------------------------------------------------- /linux/roles/wod.k8s-master/templates/ssl/token.csv: -------------------------------------------------------------------------------- 1 | 7176d48e4e66ddb3557a82f2dd316a93,admin,1 -------------------------------------------------------------------------------- /linux/9.uninstall.yml: -------------------------------------------------------------------------------- 1 | - hosts: all 2 | gather_facts: False 3 | roles: 4 | - wod.uninstall -------------------------------------------------------------------------------- /docs/imgs/dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Mengkzhaoyun/ansible/HEAD/docs/imgs/dashboard.png -------------------------------------------------------------------------------- /docs/imgs/centos-schema.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Mengkzhaoyun/ansible/HEAD/docs/imgs/centos-schema.png -------------------------------------------------------------------------------- /docs/imgs/coreos-schema.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Mengkzhaoyun/ansible/HEAD/docs/imgs/coreos-schema.png -------------------------------------------------------------------------------- /docs/imgs/ubuntu-schema.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Mengkzhaoyun/ansible/HEAD/docs/imgs/ubuntu-schema.png -------------------------------------------------------------------------------- /docs/imgs/ubuntu-schema-v1.10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Mengkzhaoyun/ansible/HEAD/docs/imgs/ubuntu-schema-v1.10.png -------------------------------------------------------------------------------- /linux/roles/wod.timezone/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: timedatectl set-timezone Asia/Shanghai 2 | raw: timedatectl set-timezone Asia/Shanghai -------------------------------------------------------------------------------- /linux/roles/wod.python/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Run bootstrap.sh 2 | environment: 3 | HTTP_SERVER: '{{ HTTP_SERVER }}' 4 | script: bootstrap.sh 5 | -------------------------------------------------------------------------------- /linux/roles/wod.uninstall/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Run uninstall.sh 2 | script: uninstall.sh 3 | 4 | - name: reboot 5 | raw: reboot 6 | ignore_errors: true -------------------------------------------------------------------------------- /docs/imgs/CoreOS&K8S.vsdx: -------------------------------------------------------------------------------- 1 | version https://git-lfs.github.com/spec/v1 2 | oid sha256:70dd80df937c957bfc9265ddadf3b7266d061ac8e7ca416edf2ad7d0cfac6392 3 | size 53448 4 | -------------------------------------------------------------------------------- /linux/roles/wod.sys/files/centos.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | systemctl stop firewalld && systemctl disable firewalld 4 | 5 | if grep -q SELINUX=enforcing /etc/selinux/config ; then 6 | setenforce 0; 7 | sed -i 's@SELINUX=enforcing@SELINUX=disabled@' /etc/selinux/config; 8 | fi -------------------------------------------------------------------------------- /docs/installs/data/etcdctl.dockerfile: -------------------------------------------------------------------------------- 1 | FROM registry.ispacesys.cn/cig/data:1.0.0 2 | MAINTAINER Shu Cheng 3 | 4 | ENV HTTP_SERVER=http://k8s.spacecig.com/softs/kubernetes 5 | 6 | RUN mkdir -p /data/input \ 7 | && curl $HTTP_SERVER/etcdctl.tgz > /data/input/etcdctl.tgz -------------------------------------------------------------------------------- /docs/installs/data/kubectl.dockerfile: -------------------------------------------------------------------------------- 1 | FROM registry.ispacesys.cn/cig/data:1.0.0 2 | MAINTAINER Shu Cheng 3 | 4 | ENV HTTP_SERVER=http://k8s.spacecig.com/softs/kubernetes 5 | 6 | RUN mkdir -p /data/input \ 7 | && curl $HTTP_SERVER/kubectl.tgz > /data/input/kubectl.tgz -------------------------------------------------------------------------------- /linux/roles/wod.insecure-registry/templates/daemon.json: -------------------------------------------------------------------------------- 1 | { 2 | "insecure-registries": [ 3 | {% if REGISTRY_REMOTE_HOST is defined %} 4 | "{{ REGISTRY_REMOTE_HOST }}", 5 | "{{ REGISTRY_LOCAL_HOST }}:5000" 6 | {% else %} 7 | "{{ REGISTRY_LOCAL_HOST }}:5000" 8 | {% endif %} 9 | ] 10 | } -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- 1 | # Ignore all development artifacts so that the build is always clean. 2 | .git/ 3 | .tmp/ 4 | .temp/ 5 | .vscode/ 6 | build/ 7 | docs/ 8 | node_modules/ 9 | .babelrc 10 | .git* 11 | docker-compose.debug.yml 12 | docker-compose.yml 13 | dockerfile 14 | gulpfile.babel.js 15 | jsconfig.json 16 | readme.md 17 | ali* -------------------------------------------------------------------------------- /linux/roles/wod.k8s-cni/templates/kube-proxy-conf.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kubeproxy.config.k8s.io/v1alpha1 2 | kind: KubeProxyConfiguration 3 | bindAddress: 0.0.0.0 4 | clientConnection: 5 | kubeconfig: "/etc/kubernetes/config/kubeproxy.yaml" 6 | clusterCIDR: "{{ K8S_POD_NETWORK }}" 7 | hostnameOverride: "{{ HOST_IP }}" 8 | mode: "iptables" -------------------------------------------------------------------------------- /linux/roles/wod.k8s-master/files/config/kubelet.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | clusters: 4 | - name: local 5 | cluster: 6 | server: http://127.0.0.1:8080 7 | contexts: 8 | - name: local 9 | context: 10 | cluster: local 11 | user: "" 12 | current-context: local 13 | kind: Config 14 | preferences: {} 15 | users: [] -------------------------------------------------------------------------------- /linux/roles/wod.rkt/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # install rkt 3 | - name: install rkt 4 | environment: 5 | HTTP_SERVER: '{{ HTTP_SERVER }}' 6 | YUM_RKT: '{{ YUM_RKT }}' 7 | script: "{{ lookup('first_found', findme)}}" 8 | vars: 9 | findme: 10 | - install-{{ ansible_distribution }}.sh 11 | - install.sh -------------------------------------------------------------------------------- /linux/roles/wod.k8s-master/files/config/kubeproxy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | clusters: 4 | - name: local 5 | cluster: 6 | server: http://127.0.0.1:8080 7 | contexts: 8 | - name: local 9 | context: 10 | cluster: local 11 | user: "" 12 | current-context: local 13 | kind: Config 14 | preferences: {} 15 | users: [] -------------------------------------------------------------------------------- /linux/roles/wod.k8s-cni/templates/kube-proxy-client-master.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | clusters: 4 | - name: local 5 | cluster: 6 | server: http://127.0.0.1:8080 7 | contexts: 8 | - name: local 9 | context: 10 | cluster: local 11 | user: "" 12 | current-context: local 13 | kind: Config 14 | preferences: {} 15 | users: [] -------------------------------------------------------------------------------- /linux/roles/wod.k8s-ssl/templates/master-admin.cnf: -------------------------------------------------------------------------------- 1 | [req] 2 | req_extensions = v3_req 3 | distinguished_name = req_distinguished_name 4 | [req_distinguished_name] 5 | [ v3_req ] 6 | basicConstraints = CA:FALSE 7 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment 8 | subjectAltName = @alt_names 9 | [alt_names] 10 | IP.1 = {{ HOST_IP }} -------------------------------------------------------------------------------- /linux/roles/wod.k8s-ssl/templates/worker-kubelet.cnf: -------------------------------------------------------------------------------- 1 | [req] 2 | req_extensions = v3_req 3 | distinguished_name = req_distinguished_name 4 | [req_distinguished_name] 5 | [ v3_req ] 6 | basicConstraints = CA:FALSE 7 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment 8 | subjectAltName = @alt_names 9 | [alt_names] 10 | IP.1 = {{ HOST_IP }} 11 | -------------------------------------------------------------------------------- /linux/roles/wod.docker/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # install docker 3 | - name: install docker 4 | when: 5 | - "HTTP_SERVER is defined" 6 | environment: 7 | HTTP_SERVER: '{{ HTTP_SERVER }}' 8 | script: "{{ lookup('first_found', findme)}}" 9 | vars: 10 | findme: 11 | - install-{{ ansible_distribution }}.sh 12 | - install.sh -------------------------------------------------------------------------------- /linux/roles/wod.k8s-ssl/templates/worker-kubeproxy.cnf: -------------------------------------------------------------------------------- 1 | [req] 2 | req_extensions = v3_req 3 | distinguished_name = req_distinguished_name 4 | [req_distinguished_name] 5 | [ v3_req ] 6 | basicConstraints = CA:FALSE 7 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment 8 | subjectAltName = @alt_names 9 | [alt_names] 10 | IP.1 = {{ HOST_IP }} 11 | -------------------------------------------------------------------------------- /linux/roles/wod.docker/files/install-CentOS.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | HTTP_SERVER="${HTTP_SERVER:-http://k8s.spacecig.com/softs/kubernetes}" 6 | YUM_SERVER="$HTTP_SERVER/centos" 7 | 8 | mkdir -p /etc/kubernetes/downloads 9 | 10 | if ! [ -x "$(command -v docker)" ]; then 11 | curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun 12 | fi 13 | -------------------------------------------------------------------------------- /linux/roles/wod.k8s-label/files/label.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | K8S_HOST="${K8S_HOST:-}" 6 | K8S_ROLE="${K8S_ROLE:-worker}" 7 | 8 | mkdir -p /opt/cni/bin 9 | 10 | if [ $K8S_ROLE == "master" ] ; then 11 | kubectl label node $K8S_HOST node-role.kubernetes.io/master="true" --overwrite 12 | else 13 | kubectl label node $K8S_HOST node-role.kubernetes.io/node="true" --overwrite 14 | fi -------------------------------------------------------------------------------- /linux/roles/wod.k8s-label/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: kubectl label node master/node 2 | environment: 3 | K8S_HOST: '{{ hostvars[item.key]["ansible_default_ipv4"]["address"] }}' 4 | K8S_ROLE: '{{ item.value }}' 5 | script: label.sh 6 | with_dict: '{{ K8S_CLUSTER_ROLE }}' 7 | register: label_node 8 | until: label_node.rc == 0 9 | retries: 30 10 | delay: 5 11 | ignore_errors: true 12 | -------------------------------------------------------------------------------- /docs/debug.md: -------------------------------------------------------------------------------- 1 | # debug 2 | ```powershell 3 | ## aliyun 4 | # docker remove 5 | docker rm ansible -f 6 | 7 | # docker run 8 | docker run ` 9 | --name ansible ` 10 | -h ansible ` 11 | -v $PWD/linux/aliyun.ini:/etc/ansible/hosts ` 12 | -v $PWD/linux/group_vars/aliyun.yml:/etc/ansible/linux/group_vars/aliyun.yml ` 13 | -d hub.c.163.com/mengkzhaoyun/cloud/ansible-kubernetes 14 | 15 | # docker exec 16 | docker exec -it ansible bash 17 | ``` -------------------------------------------------------------------------------- /linux/roles/wod.sys/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # install sys 3 | - name: sys.sh 4 | environment: 5 | REGISTRY_LOCAL_HOST: '{{ REGISTRY_LOCAL_HOST }}' 6 | REGISTRY_LOCAL_IP: '{{ REGISTRY_LOCAL_IP }}' 7 | AUTHORIZED_KEYS: '{% for ssh_key in SSH_INSTALL_KEYS %}{{ SSH_KEYS[ssh_key] }}{% if loop.last %}{% else %},{% endif %}{% endfor %}' 8 | script: sys.sh 9 | 10 | - name: centos.sh 11 | when: "ansible_distribution == 'CentOS'" 12 | script: centos.sh -------------------------------------------------------------------------------- /linux/group_vars/systech.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # system options 3 | SSH_INSTALL_KEYS: 4 | - ansible 5 | - admin 6 | 7 | # registry options 8 | REGISTRY_LOCAL_HOSTNAME: systech14 9 | REGISTRY_LOCAL_IP: "{{ hostvars['systech14']['ansible_default_ipv4']['address'] }}" 10 | 11 | # etcd options 12 | ETCD_CLUSTER_ROLE: 13 | systech14: etcd 14 | 15 | # k8s option 16 | K8S_CLUSTER_ROLE: 17 | systech14: master 18 | 19 | K8S_MASTER_IP: "{{ hostvars['systech14']['ansible_default_ipv4']['address'] }}" -------------------------------------------------------------------------------- /docs/addons/rbac-admin.yml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1beta1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: k8s-admin 5 | labels: 6 | kubernetes.io/cluster-service: "true" 7 | addonmanager.kubernetes.io/mode: Reconcile 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: ClusterRole 11 | name: cluster-admin 12 | subjects: 13 | - apiGroup: rbac.authorization.k8s.io 14 | kind: User 15 | name: admin 16 | -------------------------------------------------------------------------------- /linux/roles/wod.k8s-kubectl/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Run kubectl.sh 2 | environment: 3 | HTTP_SERVER: '{{ HTTP_SERVER }}' 4 | TOOLS_KUBECTL: '{{ TOOLS_KUBECTL }}' 5 | REGISTRY_REMOTE: '{{ REGISTRY_REMOTE }}' 6 | REGISTRY_REMOTE_SPLIT: '{{ REGISTRY_REMOTE_SPLIT }}' 7 | REGISTRY_KUBECTL_REPO: '{{ K8S_IMAGES["KUBECTL"]["NAME"] }}' 8 | REGISTRY_KUBECTL_VERSION: '{{ K8S_IMAGES["KUBECTL"]["VERSION"] }}' 9 | script: kubectl.sh 10 | when: K8S_CLUSTER_ROLE[inventory_hostname] == "master" -------------------------------------------------------------------------------- /linux/roles/wod.k8s-addon/templates/rbac-admin.yml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: k8s-admin 5 | labels: 6 | kubernetes.io/cluster-service: "true" 7 | addonmanager.kubernetes.io/mode: Reconcile 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: ClusterRole 11 | name: cluster-admin 12 | subjects: 13 | - apiGroup: rbac.authorization.k8s.io 14 | kind: User 15 | name: admin 16 | -------------------------------------------------------------------------------- /docs/installs/data/readme.md: -------------------------------------------------------------------------------- 1 | # build 2 | ```powershell 3 | # etcdctl 4 | cd C:\Go\src\github.com\mengkzhaoyun\ansible\docs\installs\data ;` 5 | docker build -f etcdctl.dockerfile -t hub.c.163.com/mengkzhaoyun/k8s:etcdctl-latest . ;` 6 | docker push hub.c.163.com/mengkzhaoyun/k8s:etcdctl-latest 7 | 8 | # kubectl 9 | cd C:\Go\src\github.com\mengkzhaoyun\ansible\docs\installs\data ;` 10 | docker build -f kubectl.dockerfile -t hub.c.163.com/mengkzhaoyun/k8s:kubectl-latest . ;` 11 | docker push hub.c.163.com/mengkzhaoyun/k8s:kubectl-latest 12 | ``` -------------------------------------------------------------------------------- /linux/roles/wod.k8s-worker/templates/config/kubelet.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Config 4 | clusters: 5 | - name: local 6 | cluster: 7 | server: https://{{ K8S_MASTER_IP }}:{{ K8S_PORT }} 8 | certificate-authority: /etc/kubernetes/ssl/ca.pem 9 | users: 10 | - name: kubelet 11 | user: 12 | client-certificate: /etc/kubernetes/ssl/kubelet.pem 13 | client-key: /etc/kubernetes/ssl/kubelet.key 14 | contexts: 15 | - context: 16 | cluster: local 17 | user: kubelet 18 | name: kubelet-context 19 | current-context: kubelet-context -------------------------------------------------------------------------------- /linux/roles/wod.k8s-ssl/templates/master-apiserver.cnf: -------------------------------------------------------------------------------- 1 | [req] 2 | req_extensions = v3_req 3 | distinguished_name = req_distinguished_name 4 | [req_distinguished_name] 5 | [ v3_req ] 6 | basicConstraints = CA:FALSE 7 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment 8 | subjectAltName = @alt_names 9 | [alt_names] 10 | DNS.1 = kubernetes 11 | DNS.2 = kubernetes.default 12 | DNS.3 = kubernetes.default.svc 13 | DNS.4 = kubernetes.default.svc.cluster.local 14 | DNS.5 = {{ K8S_MASTER_DOMAIN }} 15 | IP.1 = {{ K8S_SERVICE_IP }} 16 | IP.2 = {{ K8S_MASTER_IP }} -------------------------------------------------------------------------------- /linux/roles/wod.k8s-cni/files/cni.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | HTTP_SERVER="${HTTP_SERVER:-http://k8s.spacecig.com/softs/kubernetes}" 6 | K8S_CNI_BIN="${K8S_CNI_BIN:-cni-plugins-amd64-v0.7.0}" 7 | 8 | mkdir -p /opt/cni/bin 9 | 10 | if [[ -e /opt/cni/bin/host-local ]]; then 11 | echo 'cni bin is already exist!' 12 | else 13 | curl $HTTP_SERVER/$K8S_CNI_BIN.tgz > /opt/cni/bin/$K8S_CNI_BIN.tgz 14 | cd /opt/cni/bin && tar -xzf /opt/cni/bin/$K8S_CNI_BIN.tgz 15 | rm -rf /opt/cni/bin/$K8S_CNI_BIN.tgz 16 | echo 'cni bin download completed!' 17 | fi -------------------------------------------------------------------------------- /linux/roles/wod.k8s-worker/templates/config/kubeproxy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Config 4 | clusters: 5 | - name: local 6 | cluster: 7 | server: https://{{ K8S_MASTER_IP }}:{{ K8S_PORT }} 8 | certificate-authority: /etc/kubernetes/ssl/ca.pem 9 | users: 10 | - name: kubeproxy 11 | user: 12 | client-certificate: /etc/kubernetes/ssl/kubeproxy.pem 13 | client-key: /etc/kubernetes/ssl/kubeproxy.key 14 | contexts: 15 | - context: 16 | cluster: local 17 | user: kubeproxy 18 | name: kubeproxy-context 19 | current-context: kubeproxy-context -------------------------------------------------------------------------------- /linux/roles/wod.k8s-cni/templates/kube-proxy-client-worker.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Config 4 | clusters: 5 | - name: local 6 | cluster: 7 | server: https://{{ K8S_MASTER_IP }}:{{ K8S_PORT }} 8 | certificate-authority: /etc/kubernetes/ssl/ca.pem 9 | users: 10 | - name: kubeproxy 11 | user: 12 | client-certificate: /etc/kubernetes/ssl/kubeproxy.pem 13 | client-key: /etc/kubernetes/ssl/kubeproxy.key 14 | contexts: 15 | - context: 16 | cluster: local 17 | user: kubeproxy 18 | name: kubeproxy-context 19 | current-context: kubeproxy-context -------------------------------------------------------------------------------- /linux/roles/wod.insecure-registry/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: mkdir -p /etc/docker 3 | raw: mkdir -p /etc/docker 4 | 5 | - name: check need /etc/docker/daemon.json 6 | raw: stat /etc/docker/daemon.json 7 | register: need_docker_daemon 8 | ignore_errors: True 9 | 10 | - name: template /etc/docker/daemon.json 11 | template: src=daemon.json dest=/etc/docker/daemon.json mode=0644 12 | when: need_docker_daemon | failed 13 | 14 | - name: start docker.service 15 | raw: systemctl daemon-reload && systemctl enable docker && systemctl restart docker 16 | when: need_docker_daemon | failed -------------------------------------------------------------------------------- /linux/roles/wod.rkt/files/install-CentOS.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | HTTP_SERVER="${HTTP_SERVER:-http://k8s.spacecig.com/softs/kubernetes}" 6 | YUM_SERVER="$HTTP_SERVER/centos" 7 | YUM_RKT="${YUM_RKT:-rkt-1.29.0-1.x86_64.rpm}" 8 | 9 | mkdir -p /etc/kubernetes/downloads 10 | 11 | if ! [ -x "$(command -v rkt)" ]; then 12 | if ! [[ -e /etc/kubernetes/downloads/$YUM_RKT ]]; then 13 | curl $YUM_SERVER/$YUM_RKT.tgz > /etc/kubernetes/downloads/$YUM_RKT.tgz 14 | cd /etc/kubernetes/downloads && tar -xzf /etc/kubernetes/downloads/$YUM_RKT.tgz 15 | rm -rf /etc/kubernetes/downloads/$YUM_RKT.tgz 16 | fi 17 | rpm -Uvh /etc/kubernetes/downloads/$YUM_RKT 18 | fi -------------------------------------------------------------------------------- /linux/roles/wod.rkt/files/install-Ubuntu.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | HTTP_SERVER="${HTTP_SERVER:-http://k8s.spacecig.com/softs/kubernetes}" 6 | DEB_SERVER="$HTTP_SERVER/ubuntu" 7 | DEB_RKT="${DEB_RKT:-rkt_1.29.0-1_amd64}" 8 | 9 | mkdir -p /etc/kubernetes/downloads 10 | 11 | if ! [ -x "$(command -v rkt)" ]; then 12 | if ! [[ -e /etc/kubernetes/downloads/$DEB_RKT.deb ]]; then 13 | curl $DEB_SERVER/$DEB_RKT.tgz > /etc/kubernetes/downloads/$DEB_RKT.tgz 14 | cd /etc/kubernetes/downloads && tar -xzf /etc/kubernetes/downloads/$DEB_RKT.tgz 15 | rm -rf /etc/kubernetes/downloads/$DEB_RKT.tgz 16 | fi 17 | dpkg -i /etc/kubernetes/downloads/$DEB_RKT.deb 18 | fi -------------------------------------------------------------------------------- /hosts: -------------------------------------------------------------------------------- 1 | [systech] 2 | systech14 ansible_ssh_host=172.16.11.244 ansible_ssh_port=22 ansible_ssh_user=root ansible_python_interpreter=/opt/bin/python 3 | systech15 ansible_ssh_host=172.16.11.245 ansible_ssh_port=22 ansible_ssh_user=root ansible_python_interpreter=/opt/bin/python 4 | systech16 ansible_ssh_host=172.16.11.246 ansible_ssh_port=22 ansible_ssh_user=root ansible_python_interpreter=/opt/bin/python 5 | ; systech17 ansible_ssh_host=172.16.11.247 ansible_ssh_port=22 ansible_ssh_user=root ansible_python_interpreter=/opt/bin/python 6 | ; systech18 ansible_ssh_host=172.16.11.248 ansible_ssh_port=22 ansible_ssh_user=root ansible_python_interpreter=/opt/bin/python 7 | ; systech19 ansible_ssh_host=172.16.11.249 ansible_ssh_port=22 ansible_ssh_user=root ansible_python_interpreter=/opt/bin/python -------------------------------------------------------------------------------- /linux/roles/wod.uninstall/files/uninstall.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | systemctl daemon-reload 4 | 5 | SERVICE=k8s-kubelet 6 | 7 | if [ "`systemctl is-active $SERVICE`" == "active" ] ; then 8 | systemctl stop $SERVICE 9 | fi 10 | rm -rf /etc/systemd/system/$SERVICE.service 11 | 12 | SERVICE=k8s-etcd 13 | 14 | if [ "`systemctl is-active $SERVICE`" == "active" ] ; then 15 | systemctl stop $SERVICE 16 | fi 17 | rm -rf /etc/systemd/system/$SERVICE.service 18 | 19 | SERVICE=k8s-registry 20 | 21 | if [ "`systemctl is-active $SERVICE`" == "active" ] ; then 22 | systemctl stop $SERVICE 23 | fi 24 | rm -rf /etc/systemd/system/$SERVICE.service 25 | 26 | docker rm $(docker ps -a | awk '{print $1}') -f 27 | 28 | rkt gc --grace-period=0 29 | 30 | rkt image gc --grace-period=0 31 | 32 | rm -rf /etc/kubernetes /etc/cni/net.d /opt/cni/bin -------------------------------------------------------------------------------- /linux/roles/wod.registry/files/cache.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | REGISTRY_LOCAL="${REGISTRY_LOCAL:-}" 6 | REGISTRY_LOCAL_SPLIT="${REGISTRY_LOCAL_SPLIT:-}" 7 | REGISTRY_REMOTE="${REGISTRY_REMOTE:-}" 8 | REGISTRY_REMOTE_SPLIT="${REGISTRY_REMOTE_SPLIT:-}" 9 | ITEM_REPO="${ITEM_REPO:-}" 10 | ITEM_VERSION="${ITEM_VERSION:-}" 11 | 12 | mkdir -p /etc/kubernetes/downloads 13 | mkdir -p /etc/kubernetes/data 14 | 15 | if ! [[ -e /etc/kubernetes/data/registry/docker/registry/v2/repositories/k8s/$ITEM_REPO/_manifests/tags/$ITEM_VERSION ]]; then 16 | docker pull $REGISTRY_REMOTE$ITEM_REPO$REGISTRY_REMOTE_SPLIT$ITEM_VERSION 17 | docker tag $REGISTRY_REMOTE$ITEM_REPO$REGISTRY_REMOTE_SPLIT$ITEM_VERSION $REGISTRY_LOCAL$ITEM_REPO$REGISTRY_LOCAL_SPLIT$ITEM_VERSION 18 | docker push $REGISTRY_LOCAL$ITEM_REPO$REGISTRY_LOCAL_SPLIT$ITEM_VERSION 19 | fi -------------------------------------------------------------------------------- /docs/installs/ctl_v1.10.0.md: -------------------------------------------------------------------------------- 1 | # ct v0.4.2 2 | 2017.09.23 3 | github : https://github.com/coreos/container-linux-config-transpiler 4 | 5 | download : 6 | https://github.com/coreos/container-linux-config-transpiler/releases/download/v0.4.2/ct-v0.4.2-x86_64-unknown-linux-gnu 7 | https://github.com/coreos/container-linux-config-transpiler/releases/download/v0.4.2/ct-v0.4.2-x86_64-unknown-linux-gnu.asc 8 | 9 | # kubectl 10 | 11 | 2018.03.27 v1.10.0 12 | readme : https://kubernetes.io/docs/tasks/tools/install-kubectl/ 13 | version : https://storage.googleapis.com/kubernetes-release/release/stable.txt 14 | download : https://storage.googleapis.com/kubernetes-release/release/v1.10.0/bin/linux/amd64/kubectl 15 | 16 | # etcdctl 17 | 18 | 2018.03.27 v3.3.2 19 | readme : https://github.com/coreos/etcd/releases 20 | download : https://github.com/coreos/etcd/releases/download/v3.3.2/etcd-v3.3.2-linux-amd64.tar.gz -------------------------------------------------------------------------------- /linux/roles/wod.k8s-master/templates/manifests/kube-scheduler.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: kube-scheduler 5 | namespace: kube-system 6 | spec: 7 | hostNetwork: true 8 | containers: 9 | - name: kube-scheduler 10 | image: {{ REGISTRY_LOCAL }}{{ K8S_IMAGES['KUBELET']['NAME'] }}:{{ K8S_IMAGES['KUBELET']['VERSION'] }} 11 | command: 12 | - /hyperkube 13 | - scheduler 14 | - --master=http://127.0.0.1:8080 15 | - --leader-elect=true 16 | resources: 17 | requests: 18 | cpu: 100m 19 | livenessProbe: 20 | httpGet: 21 | host: 127.0.0.1 22 | path: /healthz 23 | port: 10251 24 | initialDelaySeconds: 15 25 | timeoutSeconds: 15 26 | volumeMounts: 27 | - mountPath: /etc/localtime 28 | name: etc-localtime 29 | readOnly: true 30 | volumes: 31 | - hostPath: 32 | path: /etc/localtime 33 | name: etc-localtime -------------------------------------------------------------------------------- /linux/roles/wod.registry/templates/k8s-registry.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=registry (Docker Hub) 3 | Documentation=https://github.com/coreos/registry 4 | 5 | [Service] 6 | Restart=always 7 | RestartSec=10 8 | # TimeoutSec=infinity 9 | 10 | Environment=PATH=/opt/bin/:/usr/bin/:/usr/sbin:/sbin:$PATH 11 | 12 | ExecStartPre=/usr/bin/mkdir --parents /etc/kubernetes/data/registry 13 | ExecStartPre=/usr/bin/mkdir --parents /etc/kubernetes/downloads 14 | ExecStartPre=-/usr/bin/rkt rm --uuid-file=/etc/kubernetes/data/registry-pod.uuid 15 | 16 | ExecStart=/usr/bin/rkt run \ 17 | --insecure-options=image \ 18 | --uuid-file-save=/etc/kubernetes/data/registry-pod.uuid \ 19 | --volume volume-var-lib-registry,kind=host,source=/etc/kubernetes/data/registry \ 20 | --mount volume=volume-var-lib-registry,target=/var/lib/registry \ 21 | --inherit-env \ 22 | --stage1-from-dir=stage1-fly.aci \ 23 | /etc/kubernetes/downloads/{{ RKT_ACI_REGISTRY }}.aci \ 24 | --name=k8s-registry 25 | 26 | ExecStop=-/usr/bin/rkt stop --uuid-file=/etc/kubernetes/data/registry-pod.uuid 27 | 28 | [Install] 29 | WantedBy=multi-user.target 30 | -------------------------------------------------------------------------------- /linux/roles/wod.k8s-ssl/files/ca.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIC+TCCAeGgAwIBAgIJAIAeCX6GvtTKMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNV 3 | BAMMB2t1YmUtY2EwIBcNMTYxMTIxMDY0NTE2WhgPMjExNjEwMjgwNjQ1MTZaMBIx 4 | EDAOBgNVBAMMB2t1YmUtY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB 5 | AQDYKb/WXpim1VZCsfwcR9h4sTBE3c8IlNEkg4XrPIH3TDKElX7bGPtRN2VWL69R 6 | IB2eeQMTqNgy6YnZGRjJ0UoTAjz2YE/Qt8Ndlr2IDTpBwexa5NN5zzgX44RdwYTF 7 | 7qI94nkXNYPXaBH5ZnrEzQfnvtrMAx6xoz/IsFeLsu3kc8JmMx6sxUJfGKX+h6VU 8 | lj3ExE/JOHM9i/22ftXurfyV0n5vKFtRWSyAnVnwaQHy8Eqm0tpDiiHedmQb71lv 9 | G9K8DorAb7ueIf1WYEXNDECvBj3ckEVNEQSrBrfLcZP/doJ+inW//AW8Ueb4jqSC 10 | 6UUVjUpMGNDNd8y4bVXhuzKTAgMBAAGjUDBOMB0GA1UdDgQWBBT6oNiPcmCWpnLA 11 | IaBtGlDA1Frs8DAfBgNVHSMEGDAWgBT6oNiPcmCWpnLAIaBtGlDA1Frs8DAMBgNV 12 | HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB06mKad4WEa95nFjTJ1WGyyZxz 13 | Wp/5mI/EtdFClm1nvxSARVprp1j2Tu6gQT2q4RRVue9DyAjZNfN9NwjNErb7hzpt 14 | eyENMJBL1e92/H90AWq4jBExCXQ62EwAGyxnFftdA50X3k7oyqnUt1atNi5ab98E 15 | cjc104gntHsPr1MoEoaRorF/wtgpHejyn9qVIqf6rLAo/kCDOTbLpIfxphJAAXob 16 | wJlcJCHcOfO8WE8EwspQMVul5lQXmAfu8zSQKWrtV4ar2CHCw8FEd2a6CBdzyPgC 17 | W/FCf/V3Mv0OJTZ+M/Sdw/YFfuzJS/S03dctYt+Pz1T9bo2J0dzmy0fd0Hn0 18 | -----END CERTIFICATE----- 19 | -------------------------------------------------------------------------------- /linux/1.install.yml: -------------------------------------------------------------------------------- 1 | - hosts: all 2 | gather_facts: False 3 | roles: 4 | - wod.python 5 | 6 | - hosts: all 7 | roles: 8 | - role: wod.timezone 9 | - role: wod.docker 10 | - role: wod.rkt 11 | - role: wod.sys 12 | - role: wod.insecure-registry 13 | - role: wod.registry 14 | when: "inventory_hostname == REGISTRY_LOCAL_HOSTNAME" 15 | - role: wod.etcd 16 | when: "ETCD_CLUSTER_ROLE[inventory_hostname] is defined" 17 | - role: wod.k8s-ssl 18 | - role: wod.k8s-master 19 | when: "K8S_CLUSTER_ROLE[inventory_hostname] is defined and K8S_CLUSTER_ROLE[inventory_hostname] == 'master'" 20 | - role: wod.k8s-kubectl 21 | when: "K8S_CLUSTER_ROLE[inventory_hostname] is defined and K8S_CLUSTER_ROLE[inventory_hostname] == 'master'" 22 | - role: wod.k8s-worker 23 | when: "K8S_CLUSTER_ROLE[inventory_hostname] is not defined or K8S_CLUSTER_ROLE[inventory_hostname] != 'master'" 24 | - role: wod.k8s-label 25 | when: "K8S_CLUSTER_ROLE[inventory_hostname] is defined and K8S_CLUSTER_ROLE[inventory_hostname] == 'master'" 26 | - role: wod.k8s-cni 27 | - role: wod.k8s-addon 28 | when: "K8S_CLUSTER_ROLE[inventory_hostname] is defined and K8S_CLUSTER_ROLE[inventory_hostname] == 'master'" -------------------------------------------------------------------------------- /linux/roles/wod.k8s-cni/templates/kube-proxy-worker.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Pod 4 | metadata: 5 | name: kube-proxy 6 | namespace: kube-system 7 | spec: 8 | hostNetwork: true 9 | containers: 10 | - name: kube-proxy 11 | image: {{ REGISTRY_LOCAL }}{{ K8S_IMAGES['KUBE-PROXY']['NAME'] }}:{{ K8S_IMAGES['KUBE-PROXY']['VERSION'] }} 12 | command: 13 | - kube-proxy 14 | - --config=/etc/kubernetes/config/kubeproxy-conf.yaml 15 | securityContext: 16 | privileged: true 17 | volumeMounts: 18 | - mountPath: /etc/ssl/certs 19 | name: "etc-ssl-certs" 20 | - mountPath: /etc/kubernetes/ssl 21 | name: "etc-kube-ssl" 22 | readOnly: true 23 | - mountPath: /etc/kubernetes/config 24 | name: "etc-kubernetes-config" 25 | readOnly: true 26 | - mountPath: /lib/modules 27 | name: "lib-modules" 28 | volumes: 29 | - name: "etc-ssl-certs" 30 | hostPath: 31 | path: "/usr/share/ca-certificates" 32 | - name: "etc-kube-ssl" 33 | hostPath: 34 | path: "/etc/kubernetes/ssl" 35 | - name: "etc-kubernetes-config" 36 | hostPath: 37 | path: "/etc/kubernetes/config" 38 | - name: "lib-modules" 39 | hostPath: 40 | path: "/lib/modules" -------------------------------------------------------------------------------- /linux/roles/wod.python/files/bootstrap.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | HTTP_SERVER="${HTTP_SERVER:-http://k8s.spacecig.com/softs/kubernetes}" 6 | PYPY_VERSION=5.1.0 7 | ActivePython="ActivePython-2.7.14.2717-linux-x86_64-glibc-2.12-404899" 8 | ENV_OPT="$PATH:/opt/bin" 9 | 10 | mkdir -p /opt/bin 11 | 12 | if [[ -e /opt/bin/python ]]; then 13 | exit 0 14 | fi 15 | 16 | if [[ -e /usr/bin/python ]]; then 17 | ln -s /usr/bin/python /opt/bin/python 18 | exit 0 19 | fi 20 | 21 | if ! (grep -q /opt/bin /etc/environment) ; then 22 | echo "PATH=${ENV_OPT}" >> /etc/environment 23 | source /etc/environment; 24 | fi 25 | 26 | if [[ -e /opt/$ActivePython.tar.gz ]]; then 27 | echo '$ActivePython.tar.gz exist!' 28 | else 29 | curl $HTTP_SERVER/$ActivePython.tar.gz > /opt/$ActivePython.tar.gz 30 | fi 31 | cd /opt 32 | tar -xzvf $ActivePython.tar.gz 33 | cd /opt/${ActivePython} && ./install.sh -I /opt/python/ 34 | cd /opt 35 | rm -rf /opt/$ActivePython.tar.gz /opt/$ActivePython 36 | ln -sf /opt/python/bin/easy_install /opt/bin/easy_install 37 | ln -sf /opt/python/bin/pip /opt/bin/pip 38 | ln -sf /opt/python/bin/python /opt/bin/python 39 | ln -sf /opt/python/bin/python /opt/bin/python2 40 | ln -sf /opt/python/bin/virtualenv /opt/bin/virtualenv -------------------------------------------------------------------------------- /docs/image.md: -------------------------------------------------------------------------------- 1 | # run docker container 2 | ```powershell 3 | # 下载源代码 4 | mkdir -p c:/go/src/github.com/mengkzhaoyun 5 | cd c:/go/src/github.com/mengkzhaoyun 6 | git clone git@github.com:Mengkzhaoyun/ansible.git 7 | 8 | # 进入源代码目录 9 | cd c:/go/src/github.com/mengkzhaoyun/ansible 10 | 11 | # 运行ansible容器 12 | docker run ` 13 | --name ansible ` 14 | -h ansible ` 15 | -v $PWD/hosts:/etc/ansible/hosts ` 16 | -v $PWD/linux/group_vars/systech.yml:/etc/ansible/linux/group_vars/systech.yml ` 17 | -d hub.c.163.com/mengkzhaoyun/cloud/ansible-kubernetes 18 | 19 | # 进入ansible容器 20 | docker exec -it ansible bash 21 | 22 | # 安装k8s集群 23 | ap 1.install.yml 24 | 25 | # 卸载k8s集群 26 | ap 9.uninstall.yml 27 | ``` 28 | 29 | # build own image 30 | ```powershell 31 | # 进入源代码目录 32 | cd c:/go/src/github.com/mengkzhaoyun/ansible 33 | 34 | # 构建镜像 35 | docker build ` 36 | -f ./build/dockerfile ` 37 | -t hub.c.163.com/mengkzhaoyun/cloud/ansible-kubernetes:v1.10.6 . 38 | 39 | # 推送镜像 40 | docker push hub.c.163.com/mengkzhaoyun/cloud/ansible-kubernetes:v1.10.6 41 | 42 | # 更新latest 43 | docker tag ` 44 | hub.c.163.com/mengkzhaoyun/cloud/ansible-kubernetes:v1.10.6 ` 45 | hub.c.163.com/mengkzhaoyun/cloud/ansible-kubernetes:latest ;` 46 | docker push ` 47 | hub.c.163.com/mengkzhaoyun/cloud/ansible-kubernetes:latest 48 | ``` -------------------------------------------------------------------------------- /docs/installs/aci_v1.9.6.md: -------------------------------------------------------------------------------- 1 | rkt image export hub.c.163.com/mengkzhaoyun/public:registry-2.6.2 registry-2.6.2.aci 2 | 3 | rkt image export hub.c.163.com/mengkzhaoyun/k8s:etcd-v3.3.2 etcd-v3.3.2.aci 4 | 5 | rkt image export hub.c.163.com/mengkzhaoyun/k8s:flannel-v0.10.0 flannel-v0.10.0.aci 6 | 7 | # hyperkube 8 | ``` shell 9 | cd /etc/kubernetes/downloads && \ 10 | rkt fetch docker://hub.c.163.com/mengkzhaoyun/k8s:hyperkube-v1.9.6 --insecure-options=image && \ 11 | rkt image export hub.c.163.com/mengkzhaoyun/k8s:hyperkube-v1.9.6 hyperkube-v1.9.6.aci 12 | ``` 13 | 14 | # flannel 15 | ``` shell 16 | cd /etc/kubernetes/downloads && \ 17 | rkt fetch docker://hub.c.163.com/mengkzhaoyun/k8s:flannel-v0.10.0 --insecure-options=image && \ 18 | rkt image export hub.c.163.com/mengkzhaoyun/k8s:flannel-v0.10.0 flannel-v0.10.0.aci 19 | ``` 20 | 21 | # etcd 22 | ``` shell 23 | cd /etc/kubernetes/downloads && \ 24 | rkt fetch docker://hub.c.163.com/mengkzhaoyun/k8s:etcd-v3.3.2 --insecure-options=image && \ 25 | rkt image export hub.c.163.com/mengkzhaoyun/k8s:etcd-v3.3.2 etcd-v3.3.2.aci 26 | ``` 27 | 28 | # registry 29 | ``` shell 30 | cd /etc/kubernetes/downloads && \ 31 | rkt fetch docker://hub.c.163.com/mengkzhaoyun/k8s:registry-2.6.2 --insecure-options=image && \ 32 | rkt image export hub.c.163.com/mengkzhaoyun/k8s:registry-2.6.2 registry-2.6.2.aci 33 | ``` -------------------------------------------------------------------------------- /docs/installs/aci_v1.10.0.md: -------------------------------------------------------------------------------- 1 | rkt image export hub.c.163.com/mengkzhaoyun/public:registry-2.6.2 registry-2.6.2.aci 2 | 3 | rkt image export hub.c.163.com/mengkzhaoyun/k8s:etcd-v3.3.2 etcd-v3.3.2.aci 4 | 5 | rkt image export hub.c.163.com/mengkzhaoyun/k8s:flannel-v0.10.0 flannel-v0.10.0.aci 6 | 7 | # hyperkube 8 | ``` shell 9 | cd /etc/kubernetes/downloads && \ 10 | rkt fetch docker://hub.c.163.com/mengkzhaoyun/k8s:hyperkube-v1.10.0 --insecure-options=image && \ 11 | rkt image export hub.c.163.com/mengkzhaoyun/k8s:hyperkube-v1.10.0 hyperkube-v1.10.0.aci 12 | ``` 13 | 14 | # flannel 15 | ``` shell 16 | cd /etc/kubernetes/downloads && \ 17 | rkt fetch docker://hub.c.163.com/mengkzhaoyun/k8s:flannel-v0.10.0 --insecure-options=image && \ 18 | rkt image export hub.c.163.com/mengkzhaoyun/k8s:flannel-v0.10.0 flannel-v0.10.0.aci 19 | ``` 20 | 21 | # etcd 22 | ``` shell 23 | cd /etc/kubernetes/downloads && \ 24 | rkt fetch docker://hub.c.163.com/mengkzhaoyun/k8s:etcd-v3.3.2 --insecure-options=image && \ 25 | rkt image export hub.c.163.com/mengkzhaoyun/k8s:etcd-v3.3.2 etcd-v3.3.2.aci 26 | ``` 27 | 28 | # registry 29 | ``` shell 30 | cd /etc/kubernetes/downloads && \ 31 | rkt fetch docker://hub.c.163.com/mengkzhaoyun/k8s:registry-2.6.2 --insecure-options=image && \ 32 | rkt image export hub.c.163.com/mengkzhaoyun/k8s:registry-2.6.2 registry-2.6.2.aci 33 | ``` -------------------------------------------------------------------------------- /linux/roles/wod.k8s-master/files/scripts/prepare.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | HTTP_SERVER="${HTTP_SERVER:-http://k8s.spacecig.com/softs/kubernetes}" 6 | RKT_ACI_KUBELET="${RKT_ACI_KUBELET:-hyperkube-v1.10.6}" 7 | REGISTRY_LOCAL="${REGISTRY_LOCAL:-}" 8 | REGISTRY_LOCAL_SPLIT="${REGISTRY_LOCAL_SPLIT:-}" 9 | REGISTRY_KUBELET_REPO="${REGISTRY_KUBELET_REPO:-}" 10 | REGISTRY_KUBELET_VERSION="${REGISTRY_KUBELET_VERSION:-}" 11 | 12 | mkdir -p /etc/kubernetes/downloads 13 | mkdir -p /etc/kubernetes/data 14 | 15 | if [[ -e /etc/kubernetes/downloads/$RKT_ACI_KUBELET.aci ]]; then 16 | echo 'kubelet aci is already exist!' 17 | else 18 | if [[ -n "${REGISTRY_LOCAL:-}" ]]; then 19 | rkt --insecure-options=http,image fetch docker://$REGISTRY_LOCAL$REGISTRY_KUBELET_REPO$REGISTRY_LOCAL_SPLIT$REGISTRY_KUBELET_VERSION 20 | REGISTRY_LOCAL_RKT=$(echo $REGISTRY_LOCAL | sed 's/:/_/g') 21 | rkt image export $REGISTRY_LOCAL_RKT$REGISTRY_KUBELET_REPO$REGISTRY_LOCAL_SPLIT$REGISTRY_KUBELET_VERSION /etc/kubernetes/downloads/$REGISTRY_KUBELET_REPO-$REGISTRY_KUBELET_VERSION.aci 22 | else 23 | curl $HTTP_SERVER/$RKT_ACI_KUBELET.tgz > /etc/kubernetes/downloads/$RKT_ACI_KUBELET.tgz 24 | cd /etc/kubernetes/downloads && tar -xzf /etc/kubernetes/downloads/$RKT_ACI_KUBELET.tgz 25 | rm -rf /etc/kubernetes/downloads/$RKT_ACI_KUBELET.tgz 26 | echo 'kubelet aci download completed!' 27 | fi 28 | fi -------------------------------------------------------------------------------- /linux/roles/wod.k8s-ssl/files/master-ssl.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | cd /etc/kubernetes/ssl 5 | 6 | if [[ -e /etc/kubernetes/ssl/apiserver.key ]]; then 7 | echo 'apiserver.key is ready!' 8 | else 9 | openssl genrsa -out apiserver.key 2048 10 | echo 'apiserver.key is ready!' 11 | fi 12 | 13 | if [[ -e /etc/kubernetes/ssl/apiserver.pem ]]; then 14 | echo 'apiserver.pem is ready!' 15 | else 16 | openssl req -new -key apiserver.key -out apiserver.csr -subj "/CN=admin/C=CN/ST=BeiJing/L=Beijing/O=system:masters/OU=System" -config master-apiserver.cnf 17 | openssl x509 -req -in apiserver.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out apiserver.pem -days 3650 -extensions v3_req -extfile master-apiserver.cnf 18 | echo 'apiserver.pem is ready!' 19 | fi 20 | 21 | if [[ -e /etc/kubernetes/ssl/admin.key ]]; then 22 | echo 'admin.key is ready!' 23 | else 24 | openssl genrsa -out admin.key 2048 25 | echo 'admin.key is ready!' 26 | fi 27 | 28 | if [[ -e /etc/kubernetes/ssl/admin.pem ]]; then 29 | echo 'admin.pem is ready!' 30 | else 31 | openssl req -new -key admin.key -out admin.csr -subj "/CN=admin/C=CN/ST=BeiJing/L=Beijing/O=system:masters/OU=System" -config master-admin.cnf 32 | openssl x509 -req -in admin.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out admin.pem -days 3650 -extensions v3_req -extfile master-admin.cnf 33 | echo 'admin.pem is ready!' 34 | fi -------------------------------------------------------------------------------- /linux/roles/wod.k8s-worker/files/scripts/prepare.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | HTTP_SERVER="${HTTP_SERVER:-http://k8s.spacecig.com/softs/kubernetes}" 6 | RKT_ACI_KUBELET="${RKT_ACI_KUBELET:-hyperkube-v1.10.6}" 7 | REGISTRY_LOCAL="${REGISTRY_LOCAL:-}" 8 | REGISTRY_LOCAL_SPLIT="${REGISTRY_LOCAL_SPLIT:-}" 9 | REGISTRY_KUBELET_REPO="${REGISTRY_KUBELET_REPO:-}" 10 | REGISTRY_KUBELET_VERSION="${REGISTRY_KUBELET_VERSION:-}" 11 | 12 | mkdir -p /etc/kubernetes/downloads 13 | mkdir -p /etc/kubernetes/data 14 | 15 | if [[ -e /etc/kubernetes/downloads/$RKT_ACI_KUBELET.aci ]]; then 16 | echo 'kubelet aci is already exist!' 17 | else 18 | if [[ -n "${REGISTRY_LOCAL:-}" ]]; then 19 | rkt --insecure-options=http,image fetch docker://$REGISTRY_LOCAL$REGISTRY_KUBELET_REPO$REGISTRY_LOCAL_SPLIT$REGISTRY_KUBELET_VERSION 20 | REGISTRY_LOCAL_RKT=$(echo $REGISTRY_LOCAL | sed 's/:/_/g') 21 | rkt image export $REGISTRY_LOCAL_RKT$REGISTRY_KUBELET_REPO$REGISTRY_LOCAL_SPLIT$REGISTRY_KUBELET_VERSION /etc/kubernetes/downloads/$REGISTRY_KUBELET_REPO-$REGISTRY_KUBELET_VERSION.aci 22 | else 23 | curl $HTTP_SERVER/$RKT_ACI_KUBELET.tgz > /etc/kubernetes/downloads/$RKT_ACI_KUBELET.tgz 24 | cd /etc/kubernetes/downloads && tar -xzf /etc/kubernetes/downloads/$RKT_ACI_KUBELET.tgz 25 | rm -rf /etc/kubernetes/downloads/$RKT_ACI_KUBELET.tgz 26 | echo 'kubelet aci download completed!' 27 | fi 28 | fi -------------------------------------------------------------------------------- /linux/roles/wod.k8s-ssl/files/worker-ssl.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | cd /etc/kubernetes/ssl 5 | 6 | if [[ -e /etc/kubernetes/ssl/kubeproxy.key ]]; then 7 | echo 'kubeproxy.key is ready!' 8 | else 9 | openssl genrsa -out kubeproxy.key 2048 10 | echo 'kubeproxy.key is ready!' 11 | fi 12 | 13 | if [[ -e /etc/kubernetes/ssl/kubeproxy.pem ]]; then 14 | echo 'kubeproxy.pem is ready!' 15 | else 16 | openssl req -new -key kubeproxy.key -out kubeproxy.csr -subj "/CN=admin/C=CN/ST=BeiJing/L=Beijing/O=system:masters/OU=System" -config worker-kubeproxy.cnf 17 | openssl x509 -req -in kubeproxy.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out kubeproxy.pem -days 3650 -extensions v3_req -extfile worker-kubeproxy.cnf 18 | echo 'kubeproxy.pem is ready!' 19 | fi 20 | 21 | if [[ -e /etc/kubernetes/ssl/kubelet.key ]]; then 22 | echo 'kubelet.key is ready!' 23 | else 24 | openssl genrsa -out kubelet.key 2048 25 | echo 'kubelet.key is ready!' 26 | fi 27 | 28 | if [[ -e /etc/kubernetes/ssl/kubelet.pem ]]; then 29 | echo 'kubelet.pem is ready!' 30 | else 31 | openssl req -new -key kubelet.key -out kubelet.csr -subj "/CN=admin/C=CN/ST=BeiJing/L=Beijing/O=system:masters/OU=System" -config worker-kubelet.cnf 32 | openssl x509 -req -in kubelet.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out kubelet.pem -days 3650 -extensions v3_req -extfile worker-kubelet.cnf 33 | echo 'kubelet.pem is ready!' 34 | fi -------------------------------------------------------------------------------- /linux/roles/wod.etcd/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Run prepare.sh 2 | environment: 3 | HTTP_SERVER: '{{ HTTP_SERVER }}' 4 | RKT_ACI_ETCD: '{{ RKT_ACI_ETCD }}' 5 | TOOLS_ETCDCTL: '{{ TOOLS_ETCDCTL }}' 6 | REGISTRY_LOCAL: '{{ REGISTRY_LOCAL }}' 7 | REGISTRY_LOCAL_SPLIT: ":" 8 | REGISTRY_ETCD_REPO: '{{ K8S_IMAGES["ETCD"]["NAME"] }}' 9 | REGISTRY_ETCD_VERSION: '{{ K8S_IMAGES["ETCD"]["VERSION"] }}' 10 | REGISTRY_ETCDCTL_REPO: '{{ K8S_IMAGES["ETCDCTL"]["NAME"] }}' 11 | REGISTRY_ETCDCTL_VERSION: '{{ K8S_IMAGES["ETCDCTL"]["VERSION"] }}' 12 | script: prepare.sh 13 | 14 | - name: check need /etc/kubernetes/scripts/etcd.sh 15 | raw: stat /etc/kubernetes/scripts/etcd.sh 16 | register: need_scripts_etcd 17 | ignore_errors: True 18 | 19 | - name: copy /etc/kubernetes/scripts/etcd.sh 20 | copy: src=etcd.sh dest=/etc/kubernetes/scripts/etcd.sh mode=0755 21 | when: need_scripts_etcd | failed 22 | 23 | - name: check need k8s-etcd.service 24 | raw: stat /etc/systemd/system/k8s-etcd.service 25 | register: need_services_etcd 26 | ignore_errors: True 27 | 28 | - name: template k8s-etcd.service 29 | template: src=k8s-etcd.service dest=/etc/systemd/system/k8s-etcd.service mode=0644 30 | when: need_services_etcd | failed 31 | 32 | - name: start k8s-etcd.service 33 | raw: systemctl daemon-reload && systemctl enable k8s-etcd.service && systemctl start k8s-etcd.service 34 | when: need_services_etcd | failed -------------------------------------------------------------------------------- /linux/roles/wod.k8s-kubectl/files/kubectl.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | HTTP_SERVER="${HTTP_SERVER:-http://k8s.spacecig.com/softs/kubernetes}" 6 | TOOLS_KUBECTL="${TOOLS_KUBECTL:-kubectl-v1.9.0}" 7 | REGISTRY_REMOTE="${REGISTRY_REMOTE:-}" 8 | REGISTRY_REMOTE_SPLIT="${REGISTRY_REMOTE_SPLIT:-}" 9 | REGISTRY_KUBECTL_REPO="${REGISTRY_KUBECTL_REPO:-}" 10 | REGISTRY_KUBECTL_VERSION="${REGISTRY_KUBECTL_VERSION:-}" 11 | 12 | mkdir -p /etc/kubernetes/downloads 13 | mkdir -p /opt/bin 14 | 15 | if ! [ -x "$(command -v kubectl)" ]; then 16 | if ! [[ -e /etc/kubernetes/downloads/$TOOLS_KUBECTL ]]; then 17 | if [[ -n "${REGISTRY_REMOTE:-}" ]]; then 18 | docker run -v /etc/kubernetes/downloads:/data/output --rm $REGISTRY_REMOTE$REGISTRY_KUBECTL_REPO$REGISTRY_REMOTE_SPLIT$REGISTRY_KUBECTL_VERSION 19 | else 20 | curl $HTTP_SERVER/$TOOLS_KUBECTL.tgz > /etc/kubernetes/downloads/$TOOLS_KUBECTL.tgz 21 | fi 22 | cd /etc/kubernetes/downloads && tar -xzf /etc/kubernetes/downloads/$TOOLS_KUBECTL.tgz 23 | rm -rf /etc/kubernetes/downloads/$TOOLS_KUBECTL.tgz 24 | fi 25 | chmod 0744 /etc/kubernetes/downloads/$TOOLS_KUBECTL 26 | rm -rf /opt/bin/kubectl 27 | ln -s /etc/kubernetes/downloads/$TOOLS_KUBECTL /opt/bin/kubectl 28 | /opt/bin/kubectl config set-cluster kubernetes --server=http://127.0.0.1:8080 29 | /opt/bin/kubectl config set-context kubernetes --cluster=kubernetes 30 | /opt/bin/kubectl config use-context kubernetes 31 | fi -------------------------------------------------------------------------------- /linux/roles/wod.k8s-cni/templates/kube-proxy-master.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Pod 4 | metadata: 5 | name: kube-proxy 6 | namespace: kube-system 7 | spec: 8 | hostNetwork: true 9 | tolerations: 10 | - key: node-role.kubernetes.io/master 11 | operator: "Equal" 12 | value: "true" 13 | effect: NoSchedule 14 | - key: "CriticalAddonsOnly" 15 | operator: "Exists" 16 | containers: 17 | - name: kube-proxy 18 | image: {{ REGISTRY_LOCAL }}{{ K8S_IMAGES['KUBE-PROXY']['NAME'] }}:{{ K8S_IMAGES['KUBE-PROXY']['VERSION'] }} 19 | command: 20 | - kube-proxy 21 | - --config=/etc/kubernetes/config/kubeproxy-conf.yaml 22 | securityContext: 23 | privileged: true 24 | volumeMounts: 25 | - mountPath: /etc/ssl/certs 26 | name: "etc-ssl-certs" 27 | - mountPath: /etc/kubernetes/ssl 28 | name: "etc-kube-ssl" 29 | readOnly: true 30 | - mountPath: /etc/kubernetes/config 31 | name: "etc-kubernetes-config" 32 | readOnly: true 33 | - mountPath: /lib/modules 34 | name: "lib-modules" 35 | volumes: 36 | - name: "etc-ssl-certs" 37 | hostPath: 38 | path: "/usr/share/ca-certificates" 39 | - name: "etc-kube-ssl" 40 | hostPath: 41 | path: "/etc/kubernetes/ssl" 42 | - name: "etc-kubernetes-config" 43 | hostPath: 44 | path: "/etc/kubernetes/config" 45 | - name: "lib-modules" 46 | hostPath: 47 | path: "/lib/modules" -------------------------------------------------------------------------------- /linux/roles/wod.sys/files/sys.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | function require_ev_all() { 6 | for rev in $@ ; do 7 | if [[ -z "${!rev}" ]]; then 8 | echo ${rev} is not set 9 | exit 1 10 | fi 11 | done 12 | } 13 | 14 | require_ev_all REGISTRY_LOCAL_IP 15 | 16 | REGISTRY_LOCAL_HOST="${REGISTRY_LOCAL_HOST:-reg.local}" 17 | REGISTRY_LOCAL_IP="${REGISTRY_LOCAL_IP}" 18 | AUTHORIZED_KEYS="${AUTHORIZED_KEYS}" 19 | ENV_OPT="$PATH:/opt/bin" 20 | 21 | if ! (grep -q ${REGISTRY_LOCAL_HOST} /etc/hosts) ; then 22 | echo "" >> /etc/hosts; 23 | echo "${REGISTRY_LOCAL_IP} ${REGISTRY_LOCAL_HOST}" >> /etc/hosts; 24 | else 25 | sed -i "/${REGISTRY_LOCAL_HOST}/c\\${REGISTRY_LOCAL_IP} ${REGISTRY_LOCAL_HOST}" /etc/hosts 26 | fi 27 | 28 | if ! (grep -q /opt/bin /etc/environment) ; then 29 | sed -i "/PATH=/c\PATH=${ENV_OPT}" /etc/environment 30 | source /etc/environment; 31 | fi 32 | 33 | if ! [[ -e /usr/bin/mkdir ]]; then 34 | /bin/mkdir -p /usr/bin 35 | ln -s /bin/mkdir /usr/bin/mkdir 36 | fi 37 | 38 | if ! [[ -e /root/.ssh/authorized_keys ]]; then 39 | mkdir -p /root/.ssh/ 40 | touch /root/.ssh/authorized_keys create file 41 | fi 42 | 43 | IFS="," 44 | KEYS=(${AUTHORIZED_KEYS}) 45 | for key in ${KEYS[@]}; do 46 | IFS=" " 47 | keyarr=(${key}) 48 | if ! (grep -q ${keyarr[2]} /root/.ssh/authorized_keys) ; then 49 | echo " " >> /root/.ssh/authorized_keys; 50 | echo "${key}" >> /root/.ssh/authorized_keys; 51 | fi 52 | done 53 | 54 | mkdir -p /etc/kubernetes/scripts /etc/kubernetes/manifests /usr/share/ca-certificates -------------------------------------------------------------------------------- /linux/roles/wod.docker/files/install-Ubuntu.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | HTTP_SERVER="${HTTP_SERVER:-http://k8s.spacecig.com/softs/kubernetes}" 6 | DEB_SERVER="$HTTP_SERVER/ubuntu" 7 | DEB_LIBLTDL7="${DEB_LIBLTDL7:-libltdl7_2.4.6-0.1_amd64}" 8 | DEB_DOCKER="${DEB_DOCKER:-docker-engine_1.13.1-0~ubuntu-xenial_amd64}" 9 | DEB_IPTABLE="${DEB_IPTABLE:-iptables_1.6.0-2ubuntu3_amd64}" 10 | 11 | mkdir -p /etc/kubernetes/downloads 12 | 13 | if ! [ -x "$(command -v docker)" ]; then 14 | if ! [[ -e /etc/kubernetes/downloads/$DEB_LIBLTDL7.deb ]]; then 15 | curl $DEB_SERVER/$DEB_LIBLTDL7.tgz > /etc/kubernetes/downloads/$DEB_LIBLTDL7.tgz 16 | cd /etc/kubernetes/downloads && tar -xzf /etc/kubernetes/downloads/$DEB_LIBLTDL7.tgz 17 | rm -rf /etc/kubernetes/downloads/$DEB_LIBLTDL7.tgz 18 | fi 19 | if ! [[ -e /etc/kubernetes/downloads/$DEB_DOCKER.deb ]]; then 20 | curl $DEB_SERVER/$DEB_DOCKER.tgz > /etc/kubernetes/downloads/$DEB_DOCKER.tgz 21 | cd /etc/kubernetes/downloads && tar -xzf /etc/kubernetes/downloads/$DEB_DOCKER.tgz 22 | rm -rf /etc/kubernetes/downloads/$DEB_DOCKER.tgz 23 | fi 24 | dpkg -i /etc/kubernetes/downloads/$DEB_LIBLTDL7.deb 25 | dpkg -i /etc/kubernetes/downloads/$DEB_DOCKER.deb 26 | fi 27 | 28 | if ! [ -x "$(command -v iptables)" ]; then 29 | if ! [[ -e /etc/kubernetes/downloads/$DEB_IPTABLE.deb ]]; then 30 | curl $DEB_SERVER/$DEB_IPTABLE.tgz > /etc/kubernetes/downloads/$DEB_IPTABLE.tgz 31 | cd /etc/kubernetes/downloads && tar -xzf /etc/kubernetes/downloads/$DEB_IPTABLE.tgz 32 | rm -rf /etc/kubernetes/downloads/$DEB_IPTABLE.tgz 33 | fi 34 | dpkg -i /etc/kubernetes/downloads/$DEB_IPTABLE.deb 35 | fi -------------------------------------------------------------------------------- /linux/roles/wod.k8s-master/templates/manifests/kube-controller-manager.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: kube-controller-manager 5 | namespace: kube-system 6 | spec: 7 | hostNetwork: true 8 | containers: 9 | - name: kube-controller-manager 10 | image: {{ REGISTRY_LOCAL }}{{ K8S_IMAGES['KUBELET']['NAME'] }}:{{ K8S_IMAGES['KUBELET']['VERSION'] }} 11 | command: 12 | - /hyperkube 13 | - controller-manager 14 | - --master=http://127.0.0.1:8080 15 | - --allocate-node-cidrs=true 16 | - --service-cluster-ip-range={{ K8S_SERVICE_IP_RANGE }} 17 | - --cluster-cidr={{ K8S_POD_NETWORK }} 18 | - --cluster-name=kubernetes 19 | - --leader-elect=true 20 | - --service-account-private-key-file=/etc/kubernetes/ssl/apiserver.key 21 | - --root-ca-file=/etc/kubernetes/ssl/ca.pem 22 | resources: 23 | requests: 24 | cpu: 200m 25 | livenessProbe: 26 | httpGet: 27 | host: 127.0.0.1 28 | path: /healthz 29 | port: 10252 30 | initialDelaySeconds: 15 31 | timeoutSeconds: 15 32 | volumeMounts: 33 | - mountPath: /etc/kubernetes/ssl 34 | name: ssl-certs-kubernetes 35 | readOnly: true 36 | - mountPath: /etc/ssl/certs 37 | name: ssl-certs-host 38 | readOnly: true 39 | - mountPath: /etc/localtime 40 | name: etc-localtime 41 | readOnly: true 42 | volumes: 43 | - hostPath: 44 | path: /etc/kubernetes/ssl 45 | name: ssl-certs-kubernetes 46 | - hostPath: 47 | path: /usr/share/ca-certificates 48 | name: ssl-certs-host 49 | - hostPath: 50 | path: /etc/localtime 51 | name: etc-localtime -------------------------------------------------------------------------------- /linux/roles/wod.etcd/templates/k8s-etcd.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=etcd (System Application Container) 3 | Documentation=https://github.com/coreos/etcd 4 | Wants=network.target 5 | 6 | [Service] 7 | Type=notify 8 | RestartSec=10s 9 | LimitNOFILE=40000 10 | 11 | Environment=PATH=/bin:/opt/bin:/usr/bin:/usr/sbin:/sbin:$PATH 12 | 13 | ExecStartPre=/usr/bin/mkdir --parents /etc/kubernetes/downloads 14 | ExecStartPre=/usr/bin/mkdir --parents /etc/kubernetes/data 15 | ExecStartPre=/usr/bin/mkdir --parents /usr/share/ca-certificates 16 | ExecStartPre=-/usr/bin/rkt rm --uuid-file=/etc/kubernetes/data/etcd-pod.uuid 17 | 18 | Environment="ETCD_IMAGE=/etc/kubernetes/downloads/{{ RKT_ACI_ETCD }}.aci" 19 | Environment="ETCD_USER=root" 20 | Environment="ETCD_DATA_DIR=/etc/kubernetes/data/etcd" 21 | Environment="RKT_GLOBAL_ARGS=--insecure-options=image" 22 | Environment="RKT_RUN_ARGS=--uuid-file-save=/etc/kubernetes/data/etcd-pod.uuid" 23 | Environment="ETCD_IMAGE_ARGS=--name=k8s-etcd" 24 | 25 | ExecStart=/etc/kubernetes/scripts/etcd.sh \ 26 | --name={{ inventory_hostname }} \ 27 | --initial-cluster-token=spacesystech.com \ 28 | --initial-cluster={% for host, role in ETCD_CLUSTER_ROLE.iteritems() %}{{ host }}=http://{{ hostvars[host]['ansible_default_ipv4']['address'] }}:2380{% if loop.last %}{% else %},{% endif %}{% endfor %} \ 29 | --initial-cluster-state=new \ 30 | --advertise-client-urls=http://{{ HOST_IP }}:2379 \ 31 | --initial-advertise-peer-urls=http://{{ HOST_IP }}:2380 \ 32 | --listen-client-urls=http://{{ HOST_IP }}:2379,http://127.0.0.1:2379 \ 33 | --listen-peer-urls=http://{{ HOST_IP }}:2380 34 | 35 | ExecStop=-/usr/bin/rkt stop --uuid-file=/etc/kubernetes/data/etcd-pod.uuid 36 | 37 | [Install] 38 | WantedBy=multi-user.target -------------------------------------------------------------------------------- /docs/installs/images_v1.11.2.md: -------------------------------------------------------------------------------- 1 | # images 2 | 3 | ```powershell 4 | # hyperkube 5 | docker pull gcr.io/google-containers/hyperkube:v1.11.2 ;` 6 | docker tag gcr.io/google-containers/hyperkube:v1.11.2 registry.cn-qingdao.aliyuncs.com/wod/hyperkube:v1.11.2 ;` 7 | docker push registry.cn-qingdao.aliyuncs.com/wod/hyperkube:v1.11.2 8 | 9 | # kube-apiserver 10 | docker pull gcr.io/google-containers/kube-apiserver:v1.11.2 ;` 11 | docker tag gcr.io/google-containers/kube-apiserver:v1.11.2 registry.cn-qingdao.aliyuncs.com/wod/kube-apiserver:v1.11.2 ;` 12 | docker push registry.cn-qingdao.aliyuncs.com/wod/kube-apiserver:v1.11.2 13 | 14 | # kube-controller-manager 15 | docker pull gcr.io/google-containers/kube-controller-manager:v1.11.2 ;` 16 | docker tag gcr.io/google-containers/kube-controller-manager:v1.11.2 registry.cn-qingdao.aliyuncs.com/wod/kube-controller-manager:v1.11.2 ;` 17 | docker push registry.cn-qingdao.aliyuncs.com/wod/kube-controller-manager:v1.11.2 18 | 19 | # kube-scheduler 20 | docker pull gcr.io/google-containers/kube-scheduler:v1.11.2 ;` 21 | docker tag gcr.io/google-containers/kube-scheduler:v1.11.2 registry.cn-qingdao.aliyuncs.com/wod/kube-scheduler:v1.11.2 ;` 22 | docker push registry.cn-qingdao.aliyuncs.com/wod/kube-scheduler:v1.11.2 23 | 24 | # kube-proxy 25 | docker pull gcr.io/google-containers/kube-proxy:v1.11.2 ;` 26 | docker tag gcr.io/google-containers/kube-proxy:v1.11.2 registry.cn-qingdao.aliyuncs.com/wod/kube-proxy:v1.11.2 ;` 27 | docker push registry.cn-qingdao.aliyuncs.com/wod/kube-proxy:v1.11.2 28 | 29 | docker pull registry.cn-qingdao.aliyuncs.com/wod/kube-proxy:v1.11.2 ;` 30 | docker tag registry.cn-qingdao.aliyuncs.com/wod/kube-proxy:v1.11.2 hub.c.163.com/mengkzhaoyun/k8s:kube-proxy-v1.11.2 ;` 31 | docker push hub.c.163.com/mengkzhaoyun/k8s:kube-proxy-v1.11.2 32 | ``` -------------------------------------------------------------------------------- /linux/roles/wod.k8s-ssl/files/ca.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpAIBAAKCAQEA2Cm/1l6YptVWQrH8HEfYeLEwRN3PCJTRJIOF6zyB90wyhJV+ 3 | 2xj7UTdlVi+vUSAdnnkDE6jYMumJ2RkYydFKEwI89mBP0LfDXZa9iA06QcHsWuTT 4 | ec84F+OEXcGExe6iPeJ5FzWD12gR+WZ6xM0H577azAMesaM/yLBXi7Lt5HPCZjMe 5 | rMVCXxil/oelVJY9xMRPyThzPYv9tn7V7q38ldJ+byhbUVksgJ1Z8GkB8vBKptLa 6 | Q4oh3nZkG+9ZbxvSvA6KwG+7niH9VmBFzQxArwY93JBFTREEqwa3y3GT/3aCfop1 7 | v/wFvFHm+I6kgulFFY1KTBjQzXfMuG1V4bsykwIDAQABAoIBAFnfgdMvIWi76lFw 8 | jtFzTZ1gjiET17BJr2rvBA756U9YbuiQ/1041cS+s3NSACJKqAXrakwSN1Fzp8yL 9 | krLWQWYF2DLXeFffD2sp8UNPvJj6d7qSyRor/bZw8efJPdrNjMcOEiqEJXy52D9J 10 | TGHmnRLNV0rbQTe6GBrotn1ut1nzw4+FZUI8DbsOTqgjoQSsf+ORZcqFAYyXGZ3j 11 | BQyWHUOALlWAbSshEW9T+5Vv+jmY4VhmA/wCMp5NzDuFF80Mn0gs/i8J8YYzkXW6 12 | ex6uCCTl5WKITONfoX3ky1+k0Yj6qqMY8bK46RYAr2dTmYTHJEIKoOCtvl8NWa1v 13 | 6mEfuwECgYEA7gDgqdX4x79s8zWws94Fc225RDwy9taEFBY5u5L/TrxAGSf9Y089 14 | jMHFrqxEWGYx3RJfCtsZNr/QPjYJRYRSkDJmcASOHLhfWHsVA6SJ4PhmeeEhcsrM 15 | 3FYFOJbpQEyq62QYhvPww5sOynFK8oMs/2cjygs80WZF2qAi0HX5M4kCgYEA6IIZ 16 | luQDzFUl0dc/yFjTMLWVjhHONDuBnaqGA9A6YwyOK1mrUcr0uP76vffSI18qtUWd 17 | LtgSrciCkqTyX4JrpKdOJswKM92+0FzpFu3ymdxfoaEcTOmSISPKir0GIt0410/t 18 | Jw79BFt+46GK8MFYX3NYfLCP8XQDQ3f06forQjsCgYEAlaDznZKqL1pHsrfEebBR 19 | mPoYia+XEtxWeRJoBWcrH2L2oVok0XSV65I/J8uhxDmri6LrIbYRKfx5fUMXnR7N 20 | kV4+TJpwhdncB5KJ6ZpeHJPOST2ie7rIBJYH/kXSKtyIcCijyuQ+L5uiNt/3EHQr 21 | q/453+IkwDkeHY6jlI82tpECgYA7cT9/jy3VaJNxsXkyDFt54YKpvq2cNvZtS7JV 22 | eT/kIMqcFKGzGJM2VKHgPWJw/pyZmYGU/1LPMSsIuLjqaBqDDu7xBks5dWCaPpas 23 | 8QqMAYZFeT4V/8UHSfI3RBo0gaBNk7aKvM889PNc2Oj/oj6osIGX5z/1t/Y5oopv 24 | 4zB6DwKBgQDbz97Rxd6eVKaU03OpPbiAQe84ewwwcJf2a7PII1319aqYCxX6Eqc4 25 | rs8oKVT9ZqvtfDq3HW0ETRHf/u83yi4BdBmBglBjnfYqJh9ywFxW3UJUBMkI6+Ud 26 | sd9x97+8/Qk/J7UZObdTkeI62HQxJmN7IROW9t7gHXyo4/r7zcSX7A== 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /linux/roles/wod.registry/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # install registry 3 | - name: Run prepare.sh 4 | environment: 5 | HTTP_SERVER: '{{ HTTP_SERVER }}' 6 | RKT_ACI_REGISTRY: '{{ RKT_ACI_REGISTRY }}' 7 | RKT_ACI_REGISTRY_DATA: '{{ RKT_ACI_REGISTRY_DATA }}' 8 | REGISTRY_REMOTE: '{{ REGISTRY_REMOTE }}' 9 | REGISTRY_REMOTE_SPLIT: '{{ REGISTRY_REMOTE_SPLIT }}' 10 | REGISTRY_REGISTRY_REPO: '{{ K8S_IMAGES["REGISTRY"]["NAME"] }}' 11 | REGISTRY_REGISTRY_VERSION: '{{ K8S_IMAGES["REGISTRY"]["VERSION"] }}' 12 | script: prepare.sh 13 | 14 | - name: check need prepare.sh 15 | raw: stat /etc/kubernetes/scripts/prepare.sh 16 | register: need_scripts_prepare 17 | ignore_errors: True 18 | 19 | - name: copy prepare.sh 20 | copy: src=prepare.sh dest=/etc/kubernetes/scripts/prepare.sh mode=0755 21 | when: need_scripts_prepare | failed 22 | 23 | - name: check need k8s-registry.service 24 | raw: stat /etc/systemd/system/k8s-registry.service 25 | register: need_services_registry 26 | ignore_errors: True 27 | when: REGISTRY_LOCAL_HOSTNAME == inventory_hostname 28 | 29 | - name: template k8s-registry.service 30 | template: src=k8s-registry.service dest=/etc/systemd/system/k8s-registry.service mode=0644 31 | when: need_services_registry | failed 32 | 33 | - name: start k8s-registry.service 34 | raw: systemctl daemon-reload && systemctl enable k8s-registry.service && systemctl start k8s-registry.service 35 | when: need_services_registry | failed 36 | 37 | - name: Run cache.sh 38 | environment: 39 | REGISTRY_LOCAL: '{{ REGISTRY_LOCAL }}' 40 | REGISTRY_LOCAL_SPLIT: ':' 41 | REGISTRY_REMOTE: '{{ REGISTRY_REMOTE }}' 42 | REGISTRY_REMOTE_SPLIT: '{{ REGISTRY_REMOTE_SPLIT }}' 43 | ITEM_REPO: '{{ item.value.NAME }}' 44 | ITEM_VERSION: '{{ item.value.VERSION }}' 45 | script: cache.sh 46 | with_dict: '{{ K8S_IMAGES }}' -------------------------------------------------------------------------------- /linux/roles/wod.k8s-worker/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Run prepare.sh 2 | environment: 3 | HTTP_SERVER: '{{ HTTP_SERVER }}' 4 | RKT_ACI_KUBELET: '{{ RKT_ACI_KUBELET }}' 5 | REGISTRY_LOCAL: '{{ REGISTRY_LOCAL }}' 6 | REGISTRY_LOCAL_SPLIT: ":" 7 | REGISTRY_KUBELET_REPO: '{{ K8S_IMAGES["KUBELET"]["NAME"] }}' 8 | REGISTRY_KUBELET_VERSION: '{{ K8S_IMAGES["KUBELET"]["VERSION"] }}' 9 | script: scripts/prepare.sh 10 | 11 | - name: check need config/kubelet.yaml 12 | raw: mkdir -p /etc/kubernetes/config && stat /etc/kubernetes/config/kubelet.yaml 13 | register: need_config_kubelet 14 | ignore_errors: True 15 | 16 | - name: copy config/kubelet.yaml 17 | template: src=config/kubelet.yaml dest=/etc/kubernetes/config/kubelet.yaml 18 | when: need_config_kubelet | failed 19 | 20 | - name: check need config/kubeproxy.yaml 21 | raw: stat /etc/kubernetes/config/kubeproxy.yaml 22 | register: need_config_kubeproxy 23 | ignore_errors: True 24 | 25 | - name: copy config/kubeproxy.yaml 26 | template: src=config/kubeproxy.yaml dest=/etc/kubernetes/config/kubeproxy.yaml 27 | when: need_config_kubeproxy | failed 28 | 29 | - name: check need scripts/kubelet.sh 30 | raw: stat /etc/kubernetes/scripts/kubelet.sh 31 | register: need_scripts_kubelet 32 | ignore_errors: True 33 | 34 | - name: copy scripts/kubelet.sh 35 | copy: src=scripts/kubelet.sh dest=/etc/kubernetes/scripts/kubelet.sh mode=0755 36 | when: need_scripts_kubelet | failed 37 | 38 | - name: check need services/k8s-kubelet.service 39 | raw: stat /etc/systemd/system/k8s-kubelet.service 40 | register: need_services_kubelet 41 | ignore_errors: True 42 | 43 | - name: template services/k8s-kubelet.service 44 | template: src=services/kubelet.service dest=/etc/systemd/system/k8s-kubelet.service 45 | when: need_services_kubelet | failed 46 | 47 | - name: start services k8s-kubelet.service 48 | raw: systemctl daemon-reload && systemctl enable k8s-kubelet.service && systemctl start k8s-kubelet.service 49 | when: need_services_kubelet | failed -------------------------------------------------------------------------------- /linux/roles/wod.k8s-worker/templates/services/kubelet.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=kubelet 3 | Documentation=https://kubernetes.io 4 | Requires=docker.service 5 | After=docker.service 6 | [Service] 7 | Environment=PATH=/bin:/opt/bin:/usr/bin:/usr/sbin:/sbin:$PATH 8 | 9 | ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/data 10 | ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/manifests 11 | ExecStartPre=/usr/bin/mkdir -p /var/log/containers 12 | ExecStartPre=/usr/bin/mkdir -p /etc/cni/net.d 13 | ExecStartPre=-/usr/bin/rkt rm --uuid-file=/etc/kubernetes/data/kubelet-pod.uuid 14 | 15 | Environment=KUBELET_IMAGE=/etc/kubernetes/downloads/{{ RKT_ACI_KUBELET }}.aci 16 | Environment="RKT_GLOBAL_ARGS=--insecure-options=image" 17 | Environment="KUBELET_IMAGE_ARGS=--name=k8s-kubelet --exec=/kubelet" 18 | Environment="RKT_OPTS=--uuid-file-save=/etc/kubernetes/data/kubelet-pod.uuid \ 19 | --volume var-log,kind=host,source=/var/log \ 20 | --mount volume=var-log,target=/var/log \ 21 | --volume dns,kind=host,source=/etc/resolv.conf \ 22 | --mount volume=dns,target=/etc/resolv.conf" 23 | 24 | ExecStart=/etc/kubernetes/scripts/kubelet.sh \ 25 | --kubeconfig=/etc/kubernetes/config/kubelet.yaml \ 26 | --register-node=true \ 27 | --anonymous-auth=false \ 28 | --client-ca-file=/etc/kubernetes/ssl/ca.pem \ 29 | --authentication-token-webhook=true \ 30 | --allow-privileged=true \ 31 | --pod-manifest-path=/etc/kubernetes/manifests \ 32 | --hostname-override={{ HOST_IP }} \ 33 | --cluster-dns={{ K8S_DNS_SERVICE_IP }} \ 34 | --cluster-domain=cluster.local \ 35 | --hairpin-mode promiscuous-bridge \ 36 | --network-plugin=cni \ 37 | --cni-conf-dir=/etc/cni/net.d \ 38 | --cni-bin-dir=/opt/cni/bin \ 39 | --fail-swap-on=false \ 40 | --feature-gates=MountPropagation=true \ 41 | --pod-infra-container-image={{ REGISTRY_LOCAL }}{{ K8S_IMAGES['PAUSE']['NAME'] }}:{{ K8S_IMAGES['PAUSE']['VERSION'] }} 42 | 43 | ExecStop=-/usr/bin/rkt stop --uuid-file=/etc/kubernetes/data/kubelet-pod.uuid 44 | 45 | Restart=always 46 | RestartSec=10 47 | [Install] 48 | WantedBy=multi-user.target -------------------------------------------------------------------------------- /linux/roles/wod.registry/files/prepare.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | HTTP_SERVER="${HTTP_SERVER:-http://k8s.spacecig.com/softs/kubernetes}" 6 | RKT_ACI_REGISTRY="${RKT_ACI_REGISTRY:-registry-2.6.2}" 7 | RKT_ACI_REGISTRY_DATA="${RKT_ACI_REGISTRY_DATA:-registry-data-v1.9.0}" 8 | REGISTRY_REMOTE="${REGISTRY_REMOTE:-}" 9 | REGISTRY_REMOTE_SPLIT="${REGISTRY_REMOTE_SPLIT:-}" 10 | REGISTRY_REGISTRY_REPO="${REGISTRY_REGISTRY_REPO:-}" 11 | REGISTRY_REGISTRY_VERSION="${REGISTRY_REGISTRY_VERSION:-}" 12 | 13 | mkdir -p /etc/kubernetes/downloads 14 | mkdir -p /etc/kubernetes/data 15 | 16 | if [[ -e /etc/kubernetes/downloads/$RKT_ACI_REGISTRY.aci ]]; then 17 | echo 'registry aci is already exist!' 18 | else 19 | if [[ -n "${REGISTRY_REMOTE:-}" ]]; then 20 | rkt --insecure-options=image fetch docker://$REGISTRY_REMOTE$REGISTRY_REGISTRY_REPO$REGISTRY_REMOTE_SPLIT$REGISTRY_REGISTRY_VERSION 21 | rkt image export $REGISTRY_REMOTE$REGISTRY_REGISTRY_REPO$REGISTRY_REMOTE_SPLIT$REGISTRY_REGISTRY_VERSION /etc/kubernetes/downloads/$REGISTRY_REGISTRY_REPO-$REGISTRY_REGISTRY_VERSION.aci 22 | else 23 | curl $HTTP_SERVER/$RKT_ACI_REGISTRY.tgz > /etc/kubernetes/downloads/$RKT_ACI_REGISTRY.tgz 24 | cd /etc/kubernetes/downloads && tar -xzf /etc/kubernetes/downloads/$RKT_ACI_REGISTRY.tgz 25 | rm -rf /etc/kubernetes/downloads/$RKT_ACI_REGISTRY.tgz 26 | echo 'registry aci download completed!' 27 | fi 28 | fi 29 | 30 | if [[ -e /etc/kubernetes/data/registry/docker ]]; then 31 | echo 'registry data ready!' 32 | else 33 | if [[ -n "${REGISTRY_REMOTE:-}" ]]; then 34 | echo 'registry data from remote!' 35 | else 36 | curl $HTTP_SERVER/$RKT_ACI_REGISTRY_DATA.tgz >/etc/kubernetes/downloads/$RKT_ACI_REGISTRY_DATA.tgz 37 | cd /etc/kubernetes/downloads && tar -xzf /etc/kubernetes/downloads/$RKT_ACI_REGISTRY_DATA.tgz 38 | rm -rf /etc/kubernetes/downloads/$RKT_ACI_REGISTRY_DATA.tgz 39 | mkdir -p /etc/kubernetes/data/registry 40 | mv -n /etc/kubernetes/downloads/data/docker /etc/kubernetes/data/registry 41 | rm -rf /etc/kubernetes/downloads/data 42 | fi 43 | fi 44 | -------------------------------------------------------------------------------- /docs/installs/readme_v1.9.6.md: -------------------------------------------------------------------------------- 1 | # How to Create Install Datas 2 | 3 | ## 1.9.6 4 | BAIDU DISK
5 | Link:https://pan.baidu.com/s/1zoUMQ6u-FevXld4hFLNvow
6 | Pass:aoqx 7 | 8 | ## Get Images 9 | 10 | [images.md](./docs/installs/images_v1.9.6.md) 11 | ```bash 12 | # registry 13 | docker pull registry:2.6.2 14 | 15 | # etcd 16 | docker pull quay.io/coreos/etcd:v3.3.2 17 | 18 | # pause 19 | docker pull k8s.gcr.io/pause:3.1 20 | 21 | # hyperkube 22 | docker pull k8s.gcr.io/hyperkube:v1.9.6 23 | 24 | # flannel 25 | docker pull quay.io/coreos/flannel:v0.10.0 26 | 27 | # kube-router 28 | docker pull cloudnativelabs/kube-router:v0.1.0 29 | 30 | # busybox 31 | docker pull k8s.gcr.io/busybox:1.27.2 32 | 33 | # coredns 34 | docker pull coredns/coredns:1.1.0 35 | 36 | # dashboard 37 | docker pull k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.3 38 | 39 | # heapster 40 | docker pull k8s.gcr.io/heapster-amd64:v1.5.2 41 | 42 | # addon-resizer 43 | docker pull k8s.gcr.io/addon-resizer:1.8.1 44 | 45 | # heapster-influxdb-amd64 46 | docker pull k8s.gcr.io/heapster-influxdb-amd64:v1.3.3 47 | 48 | # heapster-grafana-amd64 49 | docker pull k8s.gcr.io/heapster-grafana-amd64:v4.4.3 50 | ``` 51 | 52 | ## Get ACI Image 53 | 54 | [aci.md](./docs/installs/aci_v1.9.6.md) 55 | 56 | ```bash 57 | rkt image export hub.c.163.com/mengkzhaoyun/public:registry-2.6.2 registry-2.6.2.aci 58 | 59 | rkt image export hub.c.163.com/mengkzhaoyun/k8s:etcd-v3.3.2 etcd-v3.3.2.aci 60 | 61 | rkt image export hub.c.163.com/mengkzhaoyun/k8s:flannel-v0.10.0 flannel-v0.10.0.aci 62 | 63 | rkt image export hub.c.163.com/mengkzhaoyun/k8s:hyperkube-v1.9.6 hyperkube-v1.9.6.aci 64 | ``` 65 | 66 | ## Get CTL 67 | 68 | [ctl.md](./docs/installs/ctl_v1.9.6.md) 69 | 70 | ```bash 71 | # ct 72 | https://github.com/coreos/container-linux-config-transpiler/releases/download/v0.4.2/ct-v0.4.2-x86_64-unknown-linux-gnu 73 | 74 | # kubectl 75 | https://storage.googleapis.com/kubernetes-release/release/v1.9.6/bin/linux/amd64/kubectl 76 | 77 | # etcdctl 78 | https://github.com/coreos/etcd/releases/download/v3.3.2/etcd-v3.3.2-linux-amd64.tar.gz 79 | ``` 80 | 81 | ## Get Registry Data 82 | 83 | [registry.md](./docs/installs/registry_v1.9.6.md) -------------------------------------------------------------------------------- /docs/installs/ctl_v1.9.6.md: -------------------------------------------------------------------------------- 1 | # ct v0.4.2 2 | 2017.09.23 3 | github : https://github.com/coreos/container-linux-config-transpiler 4 | 5 | download : 6 | https://github.com/coreos/container-linux-config-transpiler/releases/download/v0.4.2/ct-v0.4.2-x86_64-unknown-linux-gnu 7 | https://github.com/coreos/container-linux-config-transpiler/releases/download/v0.4.2/ct-v0.4.2-x86_64-unknown-linux-gnu.asc 8 | 9 | # kubectl 10 | 11 | 2018.03.22 v1.9.6 12 | readme : https://kubernetes.io/docs/tasks/tools/install-kubectl/ 13 | version : https://storage.googleapis.com/kubernetes-release/release/stable.txt 14 | download : https://storage.googleapis.com/kubernetes-release/release/v1.9.6/bin/linux/amd64/kubectl 15 | 16 | 2018.03.17 v1.9.4 17 | readme : https://kubernetes.io/docs/tasks/tools/install-kubectl/ 18 | version : https://storage.googleapis.com/kubernetes-release/release/stable.txt 19 | download : https://storage.googleapis.com/kubernetes-release/release/v1.9.4/bin/linux/amd64/kubectl 20 | 21 | 2018.02.24 v1.9.3 22 | readme : https://kubernetes.io/docs/tasks/tools/install-kubectl/ 23 | version : https://storage.googleapis.com/kubernetes-release/release/stable.txt 24 | download : https://storage.googleapis.com/kubernetes-release/release/v1.9.3/bin/linux/amd64/kubectl 25 | 26 | 2018.01.01 v1.9.0 27 | readme : https://kubernetes.io/docs/tasks/tools/install-kubectl/ 28 | version : https://storage.googleapis.com/kubernetes-release/release/stable.txt 29 | download : https://storage.googleapis.com/kubernetes-release/release/v1.9.0/bin/linux/amd64/kubectl 30 | 31 | 2017.09.23 v1.7.0 32 | readme : https://kubernetes.io/docs/tasks/tools/install-kubectl/ 33 | version : https://storage.googleapis.com/kubernetes-release/release/stable.txt 34 | download : https://storage.googleapis.com/kubernetes-release/release/v1.7.0/bin/linux/amd64/kubectl 35 | 36 | # etcdctl 37 | 38 | 2018.03.17 v3.3.2 39 | readme : https://github.com/coreos/etcd/releases 40 | download : https://github.com/coreos/etcd/releases/download/v3.3.2/etcd-v3.3.2-linux-amd64.tar.gz 41 | 42 | 2018.02.24 v3.3.1 43 | readme : https://github.com/coreos/etcd/releases 44 | download : https://github.com/coreos/etcd/releases/download/v3.3.1/etcd-v3.3.1-linux-amd64.tar.gz -------------------------------------------------------------------------------- /linux/roles/wod.k8s-addon/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: mkdir -p /etc/kubernetes/addons/kube-system 2 | raw: mkdir -p /etc/kubernetes/addons/kube-system 3 | 4 | - name: check need rbac-admin.yml 5 | raw: stat /etc/kubernetes/addons/kube-system/rbac-admin.yml 6 | register: need_addons_rbac_admin 7 | ignore_errors: True 8 | 9 | - name: template rbac-admin.yml 10 | template: src=rbac-admin.yml dest=/etc/kubernetes/addons/kube-system/rbac-admin.yml 11 | when: 12 | - need_addons_rbac_admin | failed 13 | 14 | - name: kubectl create -f rbac-admin.yml 15 | raw: kubectl create -f /etc/kubernetes/addons/kube-system/rbac-admin.yml 16 | when: 17 | - need_addons_rbac_admin | failed 18 | 19 | - name: check need coredns.yml 20 | raw: stat /etc/kubernetes/addons/kube-system/coredns.yml 21 | register: need_addons_dns 22 | ignore_errors: True 23 | 24 | - name: template coredns.yml 25 | template: src=coredns.yml dest=/etc/kubernetes/addons/kube-system/coredns.yml 26 | when: 27 | - need_addons_dns | failed 28 | 29 | - name: kubectl create -f coredns.yml 30 | raw: kubectl create -f /etc/kubernetes/addons/kube-system/coredns.yml 31 | when: 32 | - need_addons_dns | failed 33 | 34 | - name: check need dashboard.yml 35 | raw: stat /etc/kubernetes/addons/kube-system/dashboard.yml 36 | register: need_addons_dashboard 37 | ignore_errors: True 38 | 39 | - name: template dashboard.yml 40 | template: src=dashboard.yml dest=/etc/kubernetes/addons/kube-system/dashboard.yml 41 | when: 42 | - need_addons_dashboard | failed 43 | 44 | - name: kubectl create -f dashboard.yml 45 | raw: kubectl create -f /etc/kubernetes/addons/kube-system/dashboard.yml 46 | when: 47 | - need_addons_dashboard | failed 48 | 49 | - name: check need heapster.yml 50 | raw: stat /etc/kubernetes/addons/kube-system/heapster.yml 51 | register: need_addons_heapster 52 | ignore_errors: True 53 | 54 | - name: template heapster.yml 55 | template: src=heapster.yml dest=/etc/kubernetes/addons/kube-system/heapster.yml 56 | when: 57 | - need_addons_heapster | failed 58 | 59 | - name: kubectl create -f heapster.yml 60 | raw: kubectl create -f /etc/kubernetes/addons/kube-system/heapster.yml 61 | when: 62 | - need_addons_heapster | failed -------------------------------------------------------------------------------- /docs/installs/readme_v1.10.0.md: -------------------------------------------------------------------------------- 1 | # How to Create Install Datas 2 | 3 | ## 1.10.0 4 | BAIDU DISK
5 | Link:https://pan.baidu.com/s/1J77VDcOoUiIWM8qZRYghvA
6 | Pass:7je9 7 | 8 | ## Get Images 9 | 10 | [images.md](./docs/installs/images_v1.10.0.md) 11 | ```bash 12 | # registry 13 | docker pull registry:2.6.2 14 | 15 | # etcd 16 | docker pull quay.io/coreos/etcd:v3.3.2 17 | 18 | # pause 19 | docker pull k8s.gcr.io/pause:3.1 20 | 21 | # hyperkube 22 | docker pull k8s.gcr.io/hyperkube:v1.10.0 23 | 24 | # flannel 25 | docker pull quay.io/coreos/flannel:v0.10.0 26 | 27 | # kube-router 28 | docker pull cloudnativelabs/kube-router:v0.1.0 29 | 30 | # busybox 31 | docker pull k8s.gcr.io/busybox:1.27.2 32 | 33 | # coredns 34 | docker pull coredns/coredns:1.1.1 35 | 36 | # dashboard 37 | docker pull k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.3 38 | 39 | # heapster 40 | docker pull k8s.gcr.io/heapster-amd64:v1.5.2 41 | 42 | # addon-resizer 43 | docker pull k8s.gcr.io/addon-resizer:1.8.1 44 | 45 | # heapster-influxdb-amd64 46 | docker pull k8s.gcr.io/heapster-influxdb-amd64:v1.3.3 47 | 48 | # heapster-grafana-amd64 49 | docker pull k8s.gcr.io/heapster-grafana-amd64:v4.4.3 50 | ``` 51 | 52 | ## Get ACI Image 53 | 54 | [aci.md](./docs/installs/aci_v1.10.0.md) 55 | 56 | ```bash 57 | rkt image export hub.c.163.com/mengkzhaoyun/public:registry-2.6.2 registry-2.6.2.aci 58 | 59 | rkt image export hub.c.163.com/mengkzhaoyun/k8s:etcd-v3.3.2 etcd-v3.3.2.aci 60 | 61 | rkt image export hub.c.163.com/mengkzhaoyun/k8s:flannel-v0.10.0 flannel-v0.10.0.aci 62 | 63 | rkt image export hub.c.163.com/mengkzhaoyun/k8s:hyperkube-v1.10.0 hyperkube-v1.10.0.aci 64 | ``` 65 | 66 | ## Get CTL 67 | 68 | [ctl.md](./docs/installs/ctl_v1.10.0.md) 69 | 70 | ```bash 71 | # ct 72 | https://github.com/coreos/container-linux-config-transpiler/releases/download/v0.4.2/ct-v0.4.2-x86_64-unknown-linux-gnu 73 | 74 | # kubectl 75 | kubectl-v1.10.0.tgz 76 | https://storage.googleapis.com/kubernetes-release/release/v1.10.0/bin/linux/amd64/kubectl 77 | 78 | # etcdctl 79 | etcd-v3.3.2-linux-amd64.tgz 80 | https://github.com/coreos/etcd/releases/download/v3.3.2/etcd-v3.3.2-linux-amd64.tar.gz 81 | ``` 82 | 83 | ## Get Registry Data 84 | 85 | [registry.md](./docs/installs/registry_v1.10.0.md) -------------------------------------------------------------------------------- /linux/roles/wod.etcd/files/prepare.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | HTTP_SERVER="${HTTP_SERVER:-http://k8s.spacecig.com/softs/kubernetes}" 6 | RKT_ACI_ETCD="${RKT_ACI_ETCD:-etcd-v3.2.0}" 7 | TOOLS_ETCDCTL="${TOOLS_ETCDCTL:-etcdctl-v3.2.10-linux-amd64}" 8 | REGISTRY_LOCAL="${REGISTRY_LOCAL:-}" 9 | REGISTRY_LOCAL_SPLIT="${REGISTRY_LOCAL_SPLIT:-}" 10 | REGISTRY_ETCD_REPO="${REGISTRY_ETCD_REPO:-}" 11 | REGISTRY_ETCD_VERSION="${REGISTRY_ETCD_VERSION:-}" 12 | REGISTRY_ETCDCTL_REPO="${REGISTRY_ETCDCTL_REPO:-}" 13 | REGISTRY_ETCDCTL_VERSION="${REGISTRY_ETCDCTL_VERSION:-}" 14 | 15 | mkdir -p /etc/kubernetes/downloads 16 | mkdir -p /etc/kubernetes/data 17 | 18 | if [[ -e /etc/kubernetes/downloads/$RKT_ACI_ETCD.aci ]]; then 19 | echo 'etcd aci is already exist!' 20 | else 21 | if [[ -n "${REGISTRY_LOCAL:-}" ]]; then 22 | rkt --insecure-options=http,image fetch docker://$REGISTRY_LOCAL$REGISTRY_ETCD_REPO$REGISTRY_LOCAL_SPLIT$REGISTRY_ETCD_VERSION 23 | REGISTRY_LOCAL_RKT=$(echo $REGISTRY_LOCAL | sed 's/:/_/g') 24 | rkt image export $REGISTRY_LOCAL_RKT$REGISTRY_ETCD_REPO$REGISTRY_LOCAL_SPLIT$REGISTRY_ETCD_VERSION /etc/kubernetes/downloads/$REGISTRY_ETCD_REPO-$REGISTRY_ETCD_VERSION.aci 25 | else 26 | curl $HTTP_SERVER/$RKT_ACI_ETCD.tgz > /etc/kubernetes/downloads/$RKT_ACI_ETCD.tgz 27 | cd /etc/kubernetes/downloads && tar -xzf /etc/kubernetes/downloads/$RKT_ACI_ETCD.tgz 28 | rm -rf /etc/kubernetes/downloads/$RKT_ACI_ETCD.tgz 29 | echo 'registry aci download completed!' 30 | fi 31 | fi 32 | 33 | if ! [ -x "$(command -v etcdctl)" ]; then 34 | if ! [[ -e /etc/kubernetes/downloads/$TOOLS_ETCDCTL ]]; then 35 | if [[ -n "${REGISTRY_LOCAL:-}" ]]; then 36 | docker run -v /etc/kubernetes/downloads:/data/output --rm $REGISTRY_LOCAL$REGISTRY_ETCDCTL_REPO$REGISTRY_LOCAL_SPLIT$REGISTRY_ETCDCTL_VERSION 37 | else 38 | curl $HTTP_SERVER/$TOOLS_ETCDCTL.tgz > /etc/kubernetes/downloads/$TOOLS_ETCDCTL.tgz 39 | fi 40 | cd /etc/kubernetes/downloads && tar -xzf /etc/kubernetes/downloads/$TOOLS_ETCDCTL.tgz 41 | rm -rf /etc/kubernetes/downloads/$TOOLS_ETCDCTL.tgz 42 | fi 43 | chmod 0744 /etc/kubernetes/downloads/$TOOLS_ETCDCTL 44 | rm -rf /usr/bin/etcdctl 45 | ln -s /etc/kubernetes/downloads/$TOOLS_ETCDCTL /usr/bin/etcdctl 46 | fi -------------------------------------------------------------------------------- /linux/roles/wod.k8s-master/templates/services/kubelet.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=kubelet 3 | Documentation=https://kubernetes.io 4 | After=docker.service 5 | [Service] 6 | Environment="PATH=/opt/bin/:/usr/bin/:/usr/sbin:$PATH" 7 | Environment="KUBELET_IMAGE=/etc/kubernetes/downloads/{{ RKT_ACI_KUBELET }}.aci" 8 | Environment="RKT_GLOBAL_ARGS=--insecure-options=image" 9 | Environment="KUBELET_IMAGE_ARGS=--name=k8s-kubelet --exec=/kubelet" 10 | Environment="RKT_RUN_ARGS=--volume modprobe,kind=host,source=/sbin/modprobe \ 11 | --mount volume=modprobe,target=/usr/sbin/modprobe \ 12 | --volume lib-modules,kind=host,source=/lib/modules \ 13 | --mount volume=lib-modules,target=/lib/modules \ 14 | --uuid-file-save=/etc/kubernetes/data/kubelet-pod.uuid \ 15 | --volume var-log,kind=host,source=/var/log \ 16 | --mount volume=var-log,target=/var/log \ 17 | --volume dns,kind=host,source=/etc/resolv.conf \ 18 | --mount volume=dns,target=/etc/resolv.conf" 19 | 20 | ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/data 21 | ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/manifests 22 | ExecStartPre=/usr/bin/mkdir -p /var/log/containers 23 | ExecStartPre=/usr/bin/mkdir -p /etc/cni/net.d 24 | ExecStartPre=-/usr/bin/rkt rm --uuid-file=/etc/kubernetes/data/kubelet-pod.uuid 25 | 26 | ExecStart=/etc/kubernetes/scripts/kubelet.sh \ 27 | --kubeconfig=/etc/kubernetes/config/kubelet.yaml \ 28 | --register-node=true \ 29 | --anonymous-auth=false \ 30 | --client-ca-file=/etc/kubernetes/ssl/ca.pem \ 31 | --authentication-token-webhook=true \ 32 | --allow-privileged=true \ 33 | --pod-manifest-path=/etc/kubernetes/manifests \ 34 | --hostname-override={{ HOST_IP }} \ 35 | --cluster-dns={{ K8S_DNS_SERVICE_IP }} \ 36 | --cluster-domain=cluster.local \ 37 | --hairpin-mode promiscuous-bridge \ 38 | --network-plugin=cni \ 39 | --cni-conf-dir=/etc/cni/net.d \ 40 | --cni-bin-dir=/opt/cni/bin \ 41 | --fail-swap-on=false \ 42 | --feature-gates=MountPropagation=true \ 43 | --pod-infra-container-image={{ REGISTRY_LOCAL }}{{ K8S_IMAGES['PAUSE']['NAME'] }}:{{ K8S_IMAGES['PAUSE']['VERSION'] }} 44 | 45 | ExecStop=-/usr/bin/rkt stop --uuid-file=/etc/kubernetes/data/kubelet-pod.uuid 46 | 47 | Restart=always 48 | RestartSec=10 49 | [Install] 50 | WantedBy=multi-user.target -------------------------------------------------------------------------------- /linux/roles/wod.k8s-master/templates/manifests/kube-apiserver.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: kube-apiserver 5 | namespace: kube-system 6 | spec: 7 | hostNetwork: true 8 | containers: 9 | - name: kube-apiserver 10 | image: {{ REGISTRY_LOCAL }}{{ K8S_IMAGES['KUBELET']['NAME'] }}:{{ K8S_IMAGES['KUBELET']['VERSION'] }} 11 | command: 12 | - /hyperkube 13 | - apiserver 14 | - --bind-address=0.0.0.0 15 | - --etcd-servers={% for host, role in ETCD_CLUSTER_ROLE.iteritems() %}http://{{ hostvars[host]['ansible_default_ipv4']['address'] }}:2379{% if loop.last %}{% else %},{% endif %}{% endfor %} 16 | 17 | - --allow-privileged=true 18 | - --service-cluster-ip-range={{ K8S_SERVICE_IP_RANGE }} 19 | - --service-node-port-range={{ K8S_SERVICE_PORT_RANGE }} 20 | - --secure-port={{ K8S_PORT }} 21 | - --advertise-address={{ K8S_ADVERTISE_IP }} 22 | - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota 23 | - --authorization-mode=RBAC 24 | - --tls-cert-file=/etc/kubernetes/ssl/apiserver.pem 25 | - --tls-private-key-file=/etc/kubernetes/ssl/apiserver.key 26 | - --client-ca-file=/etc/kubernetes/ssl/ca.pem 27 | - --service-account-key-file=/etc/kubernetes/ssl/apiserver.key 28 | - --basic-auth-file=/etc/kubernetes/ssl/admin.csv 29 | - --anonymous-auth=false 30 | - --kubelet-client-certificate=/etc/kubernetes/ssl/apiserver.pem 31 | - --kubelet-client-key=/etc/kubernetes/ssl/apiserver.key 32 | - --runtime-config=extensions/v1beta1=true,extensions/v1beta1/networkpolicies=true,rbac.authorization.k8s.io/v1beta1=true 33 | - --token-auth-file=/etc/kubernetes/ssl/token.csv 34 | ports: 35 | - containerPort: {{ K8S_PORT }} 36 | hostPort: {{ K8S_PORT }} 37 | name: https 38 | - containerPort: 8080 39 | hostPort: 8080 40 | name: local 41 | volumeMounts: 42 | - mountPath: /etc/kubernetes/ssl 43 | name: ssl-certs-kubernetes 44 | readOnly: true 45 | - mountPath: /etc/ssl/certs 46 | name: ssl-certs-host 47 | readOnly: true 48 | - mountPath: /etc/localtime 49 | name: etc-localtime 50 | readOnly: true 51 | volumes: 52 | - hostPath: 53 | path: /etc/kubernetes/ssl 54 | name: ssl-certs-kubernetes 55 | - hostPath: 56 | path: /usr/share/ca-certificates 57 | name: ssl-certs-host 58 | - hostPath: 59 | path: /etc/localtime 60 | name: etc-localtime -------------------------------------------------------------------------------- /linux/group_vars/all.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # host define 3 | HOST_IP: "{{ ansible_default_ipv4['address'] }}" 4 | 5 | # /root/.ssh 6 | SSH_KEYS: 7 | ansible: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDCJNFRbNc0SsHa/+mWB71z7SLPH9rQpwEqGbRo7q466a97h3bejNav9wc9AKmepHPfRw7DJfSmWO3lGBya0QkXMYXVvtfcWPvZZDlar5JK/ZsC8HGOpwVLdd1uUfyPu2qM0sjRNA/Ty8PDMkS5dSyZAJNlxUAILRpepkYoT8jhrw== ansible@space.docker" 8 | admin: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCrQGlgFB4TGjJCNk3mJEjgId2Td054T642kLzZ57ztotWzgZsxXlVYb8U9LG0UsQ22luRd04hIU4mplhHh6vKuVtRq34I7ZXJVDj0d9A22xuzpc4Poe7oBDtiBUL3eO+SPkjlN/EGeTyHk4eAxAVvDe59RJ2g89h5oyZFgTaWpAQ== admin@space.docker" 9 | 10 | # registry 11 | REGISTRY_LOCAL_HOST: reg.local 12 | REGISTRY_LOCAL: "{{ REGISTRY_LOCAL_HOST }}:5000/k8s/" 13 | REGISTRY_REMOTE: "hub.c.163.com/mengkzhaoyun/k8s:" 14 | # REGISTRY_REMOTE_HOST: "172.16.11.23:5000" 15 | REGISTRY_REMOTE_SPLIT: "-" 16 | 17 | K8S_IMAGES: 18 | KUBELET: 19 | NAME: hyperkube 20 | VERSION: "v1.11.2" 21 | KUBELET: 22 | NAME: kube-proxy 23 | VERSION: "v1.11.2" 24 | PAUSE: 25 | NAME: pause 26 | VERSION: "3.1" 27 | REGISTRY: 28 | NAME: registry 29 | VERSION: "2.6.2" 30 | ETCD: 31 | NAME: etcd 32 | VERSION: "v3.3.9" 33 | FLANNEL: 34 | NAME: flannel 35 | VERSION: "v0.10.0" 36 | KUBE-ROUTER: 37 | NAME: kube-router 38 | VERSION: "v0.2.0-beta.9" 39 | BUSYBOX: 40 | NAME: busybox 41 | VERSION: "1.27.2" 42 | COREDNS: 43 | NAME: coredns 44 | VERSION: "1.2.0" 45 | DASHBOARD: 46 | NAME: kubernetes-dashboard-amd64 47 | VERSION: "v1.8.3" 48 | HEAPSTER: 49 | NAME: heapster-amd64 50 | VERSION: "v1.5.4" 51 | ADDON-RESIZER: 52 | NAME: addon-resizer 53 | VERSION: "1.8.3" 54 | KUBECTL: 55 | NAME: kubectl 56 | VERSION: "latest" 57 | ETCDCTL: 58 | NAME: etcdctl 59 | VERSION: "latest" 60 | 61 | # rkt images 62 | RKT_ACI_REGISTRY: "registry-{{ K8S_IMAGES['REGISTRY']['VERSION'] }}" 63 | RKT_ACI_ETCD: "etcd-{{ K8S_IMAGES['ETCD']['VERSION'] }}" 64 | RKT_ACI_FLANNEL: "flannel-{{ K8S_IMAGES['FLANNEL']['VERSION'] }}" 65 | RKT_ACI_KUBELET: "{{ K8S_IMAGES['KUBELET']['NAME'] }}-{{ K8S_IMAGES['KUBELET']['VERSION'] }}" 66 | 67 | # ctl tools 68 | RKT_ACI_REGISTRY_DATA: "registry-data-{{ K8S_IMAGES['KUBELET']['VERSION'] }}" 69 | TOOLS_KUBECTL: kubectl 70 | TOOLS_ETCDCTL: etcdctl 71 | 72 | # k8s adv option. 73 | K8S_NETWORK_PLUGIN: flannel 74 | K8S_CNI_BIN: cni-plugins-amd64-v0.7.0 75 | K8S_POD_NETWORK: 10.2.0.0/16 76 | K8S_SERVICE_IP_RANGE: 10.3.0.0/16 77 | K8S_SERVICE_PORT_RANGE: 10000-32767 78 | K8S_SERVICE_IP: 10.3.0.1 79 | K8S_DNS_SERVICE_IP: 10.3.0.10 80 | K8S_ADVERTISE_IP: "{{ ansible_default_ipv4['address'] }}" 81 | K8S_PORT: 6443 82 | K8S_ADMIN_PWD: abc2018 83 | K8S_MASTER_DOMAIN: xx.ispacesys.cn 84 | 85 | # ubuntu 86 | DEB_LIBLTDL7: libltdl7_2.4.6-0.1_amd64 87 | DEB_IPTABLE: iptables_1.6.0-2ubuntu3_amd64 88 | DEB_DOCKER: docker-engine_1.13.1-0~ubuntu-xenial_amd64 89 | DEB_RKT: rkt_1.29.0-1_amd64 90 | 91 | # centos 92 | YUM_RKT: rkt-1.29.0-1.x86_64.rpm 93 | 94 | # other 95 | HTTP_SERVER: http://k8s.spacecig.com/softs/kubernetes -------------------------------------------------------------------------------- /linux/roles/wod.etcd/files/etcd.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Wrapper for launching etcd via rkt. 3 | # 4 | # Make sure to set ETCD_IMAGE_TAG to an image tag published here: 5 | # https://quay.io/repository/coreos/etcd?tab=tags Alternatively, 6 | # override ETCD_IMAGE to a custom image. 7 | 8 | set -e 9 | 10 | function require_ev_all() { 11 | for rev in $@ ; do 12 | if [[ -z "${!rev}" ]]; then 13 | echo ${rev} is not set 14 | exit 1 15 | fi 16 | done 17 | } 18 | 19 | function require_ev_one() { 20 | for rev in $@ ; do 21 | if [[ ! -z "${!rev}" ]]; then 22 | return 23 | fi 24 | done 25 | echo One of $@ must be set 26 | exit 1 27 | } 28 | 29 | require_ev_one ETCD_IMAGE ETCD_IMAGE_TAG 30 | require_ev_all ETCD_USER ETCD_DATA_DIR 31 | 32 | ETCD_IMAGE_URL="${ETCD_IMAGE_URL:-quay.io/coreos/etcd}" 33 | ETCD_IMAGE="${ETCD_IMAGE:-${ETCD_IMAGE_URL}:${ETCD_IMAGE_TAG}}" 34 | 35 | if [[ "${ETCD_IMAGE%%/*}" == "quay.io" ]]; then 36 | RKT_RUN_ARGS="${RKT_RUN_ARGS} --trust-keys-from-https" 37 | fi 38 | 39 | if [[ ! -e "${ETCD_DATA_DIR}" ]]; then 40 | mkdir --parents "${ETCD_DATA_DIR}" 41 | chown "${ETCD_USER}" "${ETCD_DATA_DIR}" 42 | fi 43 | 44 | # Do not pass ETCD_DATA_DIR through to the container. The default path, 45 | # /var/lib/etcd is always used inside the container. 46 | etcd_data_dir="${ETCD_DATA_DIR}" 47 | ETCD_DATA_DIR="/var/lib/etcd" 48 | 49 | ETCD_SSL_DIR="${ETCD_SSL_DIR:-/etc/ssl/certs}" 50 | 51 | SYSTEMD_SYSTEM_DIR_SRC="${SYSTEMD_SYSTEM_DIR_SRC:-/run/systemd/system}" 52 | if [[ -d "${SYSTEMD_SYSTEM_DIR_SRC}" ]]; then 53 | RKT_RUN_ARGS="${RKT_RUN_ARGS} \ 54 | --mount volume=coreos-systemd-dir,target=/run/systemd/system \ 55 | --volume coreos-systemd-dir,kind=host,source=${SYSTEMD_SYSTEM_DIR_SRC},readOnly=true \ 56 | " 57 | fi 58 | 59 | if [[ -S "${NOTIFY_SOCKET}" ]]; then 60 | RKT_RUN_ARGS="${RKT_RUN_ARGS} \ 61 | --mount volume=coreos-notify,target=/run/systemd/notify \ 62 | --volume coreos-notify,kind=host,source=${NOTIFY_SOCKET} \ 63 | --set-env=NOTIFY_SOCKET=/run/systemd/notify \ 64 | " 65 | fi 66 | 67 | RKT="${RKT:-/usr/bin/rkt}" 68 | RKT_STAGE1_ARG="${RKT_STAGE1_ARG:---stage1-from-dir=stage1-fly.aci}" 69 | set -x 70 | exec ${RKT} ${RKT_GLOBAL_ARGS} \ 71 | run ${RKT_RUN_ARGS} \ 72 | --volume data-dir,kind=host,source="${etcd_data_dir}",readOnly=false \ 73 | --volume coreos-etc-ssl-certs,kind=host,source="${ETCD_SSL_DIR}",readOnly=true \ 74 | --volume coreos-usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \ 75 | --volume coreos-etc-hosts,kind=host,source=/etc/hosts,readOnly=true \ 76 | --volume coreos-etc-resolv,kind=host,source=/etc/resolv.conf,readOnly=true \ 77 | --mount volume=data-dir,target=/var/lib/etcd \ 78 | --mount volume=coreos-etc-ssl-certs,target=/etc/ssl/certs \ 79 | --mount volume=coreos-usr-share-certs,target=/usr/share/ca-certificates \ 80 | --mount volume=coreos-etc-hosts,target=/etc/hosts \ 81 | --mount volume=coreos-etc-resolv,target=/etc/resolv.conf \ 82 | --inherit-env \ 83 | ${RKT_STAGE1_ARG} \ 84 | ${ETCD_IMAGE} \ 85 | ${ETCD_IMAGE_ARGS} \ 86 | --user=$(id -u "${ETCD_USER}") \ 87 | -- "$@" -------------------------------------------------------------------------------- /docs/installs/images_v1.9.6.md: -------------------------------------------------------------------------------- 1 | # registry 2 | docker pull registry:2.6.2 ;` 3 | docker tag registry:2.6.2 hub.c.163.com/mengkzhaoyun/k8s:registry-2.6.2 ;` 4 | docker push hub.c.163.com/mengkzhaoyun/k8s:registry-2.6.2 5 | 6 | # etcd 7 | docker pull quay.io/coreos/etcd:v3.3.2 ;` 8 | docker tag quay.io/coreos/etcd:v3.3.2 hub.c.163.com/mengkzhaoyun/k8s:etcd-v3.3.2 ;` 9 | docker push hub.c.163.com/mengkzhaoyun/k8s:etcd-v3.3.2 10 | 11 | # pause 12 | docker pull k8s.gcr.io/pause:3.1 ;` 13 | docker tag k8s.gcr.io/pause:3.1 hub.c.163.com/mengkzhaoyun/k8s:pause-3.1 ;` 14 | docker push hub.c.163.com/mengkzhaoyun/k8s:pause-3.1 15 | 16 | # hyperkube 17 | docker pull k8s.gcr.io/hyperkube:v1.9.6 ;` 18 | docker tag k8s.gcr.io/hyperkube:v1.9.6 hub.c.163.com/mengkzhaoyun/k8s:hyperkube-v1.9.6 ;` 19 | docker push hub.c.163.com/mengkzhaoyun/k8s:hyperkube-v1.9.6 20 | 21 | # flannel 22 | docker pull quay.io/coreos/flannel:v0.10.0 ;` 23 | docker tag quay.io/coreos/flannel:v0.10.0 hub.c.163.com/mengkzhaoyun/k8s:flannel-v0.10.0 ;` 24 | docker push hub.c.163.com/mengkzhaoyun/k8s:flannel-v0.10.0 25 | 26 | # kube-router 27 | docker pull cloudnativelabs/kube-router:v0.1.0 ;` 28 | docker tag cloudnativelabs/kube-router:v0.1.0 hub.c.163.com/mengkzhaoyun/k8s:kube-router-v0.1.0 ;` 29 | docker push hub.c.163.com/mengkzhaoyun/k8s:kube-router-v0.1.0 30 | 31 | # busybox 32 | docker pull k8s.gcr.io/busybox:1.27.2 ;` 33 | docker tag k8s.gcr.io/busybox:1.27.2 hub.c.163.com/mengkzhaoyun/k8s:busybox-1.27.2 ;` 34 | docker push hub.c.163.com/mengkzhaoyun/k8s:busybox-1.27.2 35 | 36 | # coredns 37 | docker pull coredns/coredns:1.1.0 ;` 38 | docker tag coredns/coredns:1.1.0 hub.c.163.com/mengkzhaoyun/k8s:coredns-1.1.0 ;` 39 | docker push hub.c.163.com/mengkzhaoyun/k8s:coredns-1.1.0 40 | 41 | # dashboard 42 | docker pull k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.3 ;` 43 | docker tag k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.3 hub.c.163.com/mengkzhaoyun/k8s:kubernetes-dashboard-amd64-v1.8.3 ;` 44 | docker push hub.c.163.com/mengkzhaoyun/k8s:kubernetes-dashboard-amd64-v1.8.3 45 | 46 | # heapster-amd64 47 | docker pull k8s.gcr.io/heapster-amd64:v1.5.2 ;` 48 | docker tag k8s.gcr.io/heapster-amd64:v1.5.2 hub.c.163.com/mengkzhaoyun/k8s:heapster-amd64-v1.5.2 ;` 49 | docker push hub.c.163.com/mengkzhaoyun/k8s:heapster-amd64-v1.5.2 50 | 51 | # addon-resizer 52 | docker pull k8s.gcr.io/addon-resizer:1.8.1 ;` 53 | docker tag k8s.gcr.io/addon-resizer:1.8.1 hub.c.163.com/mengkzhaoyun/k8s:addon-resizer-1.8.1 ;` 54 | docker push hub.c.163.com/mengkzhaoyun/k8s:addon-resizer-1.8.1 55 | 56 | # heapster-influxdb-amd64 57 | docker pull k8s.gcr.io/heapster-influxdb-amd64:v1.3.3 ;` 58 | docker tag k8s.gcr.io/heapster-influxdb-amd64:v1.3.3 hub.c.163.com/mengkzhaoyun/k8s:heapster-influxdb-amd64-v1.3.3 ;` 59 | docker push hub.c.163.com/mengkzhaoyun/k8s:heapster-influxdb-amd64-v1.3.3 60 | 61 | # heapster-grafana-amd64 62 | docker pull k8s.gcr.io/heapster-grafana-amd64:v4.4.3 ;` 63 | docker tag k8s.gcr.io/heapster-grafana-amd64:v4.4.3 hub.c.163.com/mengkzhaoyun/k8s:heapster-grafana-amd64-v4.4.3 ;` 64 | docker push hub.c.163.com/mengkzhaoyun/k8s:heapster-grafana-amd64-v4.4.3 -------------------------------------------------------------------------------- /docs/installs/registry_v1.9.6.md: -------------------------------------------------------------------------------- 1 | # run registry 2 | docker run -d -p 5000:5000 -v /data:/var/lib/registry --name registry hub.c.163.com/mengkzhaoyun/public:registry-2.6.2 3 | 4 | # hyperkube-v1.9.6 5 | docker pull hub.c.163.com/mengkzhaoyun/k8s:hyperkube-v1.9.6 &&\ 6 | docker tag hub.c.163.com/mengkzhaoyun/k8s:hyperkube-v1.9.6 localhost:5000/k8s/hyperkube:v1.9.6 &&\ 7 | docker push localhost:5000/k8s/hyperkube:v1.9.6 8 | 9 | # pause:3.1 10 | docker pull hub.c.163.com/mengkzhaoyun/k8s:pause-3.1 &&\ 11 | docker tag hub.c.163.com/mengkzhaoyun/k8s:pause-3.1 localhost:5000/k8s/pause:3.1 &&\ 12 | docker push localhost:5000/k8s/pause:3.1 13 | 14 | # kube-router:v0.1.0 15 | docker pull hub.c.163.com/mengkzhaoyun/k8s:kube-router-v0.1.0 &&\ 16 | docker tag hub.c.163.com/mengkzhaoyun/k8s:kube-router-v0.1.0 localhost:5000/k8s/kube-router:v0.1.0 &&\ 17 | docker push localhost:5000/k8s/kube-router:v0.1.0 18 | 19 | # flannel:v0.10.0 20 | docker pull hub.c.163.com/mengkzhaoyun/k8s:flannel-v0.10.0 &&\ 21 | docker tag hub.c.163.com/mengkzhaoyun/k8s:flannel-v0.10.0 localhost:5000/k8s/flannel:v0.10.0 &&\ 22 | docker push localhost:5000/k8s/flannel:v0.10.0 23 | 24 | # busybox:1.27.2 25 | docker pull hub.c.163.com/mengkzhaoyun/k8s:busybox-1.27.2 &&\ 26 | docker tag hub.c.163.com/mengkzhaoyun/k8s:busybox-1.27.2 localhost:5000/k8s/busybox:1.27.2 &&\ 27 | docker push localhost:5000/k8s/busybox:1.27.2 28 | 29 | # coredns:1.1.0 30 | docker pull hub.c.163.com/mengkzhaoyun/k8s:coredns-1.1.0 &&\ 31 | docker tag hub.c.163.com/mengkzhaoyun/k8s:coredns-1.1.0 localhost:5000/k8s/coredns:1.1.0 &&\ 32 | docker push localhost:5000/k8s/coredns:1.1.0 33 | 34 | # kubernetes-dashboard-amd64:v1.8.3 35 | docker pull hub.c.163.com/mengkzhaoyun/k8s:kubernetes-dashboard-amd64-v1.8.3 &&\ 36 | docker tag hub.c.163.com/mengkzhaoyun/k8s:kubernetes-dashboard-amd64-v1.8.3 localhost:5000/k8s/kubernetes-dashboard-amd64:v1.8.3 &&\ 37 | docker push localhost:5000/k8s/kubernetes-dashboard-amd64:v1.8.3 38 | 39 | # heapster-amd64:v1.5.2 40 | docker pull hub.c.163.com/mengkzhaoyun/k8s:heapster-amd64-v1.5.2 &&\ 41 | docker tag hub.c.163.com/mengkzhaoyun/k8s:heapster-amd64-v1.5.2 localhost:5000/k8s/heapster-amd64:v1.5.2 &&\ 42 | docker push localhost:5000/k8s/heapster-amd64:v1.5.2 43 | 44 | # addon-resizer:1.8.1 45 | docker pull hub.c.163.com/mengkzhaoyun/k8s:addon-resizer-1.8.1 &&\ 46 | docker tag hub.c.163.com/mengkzhaoyun/k8s:addon-resizer-1.8.1 localhost:5000/k8s/addon-resizer:1.8.1 &&\ 47 | docker push localhost:5000/k8s/addon-resizer:1.8.1 48 | 49 | # heapster-influxdb-amd64:v1.3.3 50 | docker pull hub.c.163.com/mengkzhaoyun/k8s:heapster-influxdb-amd64-v1.3.3 &&\ 51 | docker tag hub.c.163.com/mengkzhaoyun/k8s:heapster-influxdb-amd64-v1.3.3 localhost:5000/k8s/heapster-influxdb-amd64:v1.3.3 &&\ 52 | docker push localhost:5000/k8s/heapster-influxdb-amd64:v1.3.3 53 | 54 | # heapster-grafana-amd64:v4.4.3 55 | docker pull hub.c.163.com/mengkzhaoyun/k8s:heapster-grafana-amd64-v4.4.3 &&\ 56 | docker tag hub.c.163.com/mengkzhaoyun/k8s:heapster-grafana-amd64-v4.4.3 localhost:5000/k8s/heapster-grafana-amd64:v4.4.3 &&\ 57 | docker push localhost:5000/k8s/heapster-grafana-amd64:v4.4.3 -------------------------------------------------------------------------------- /readme.md: -------------------------------------------------------------------------------- 1 | # One Command Auto Deploy kubernetes cluster 2 | 3 | ## What the scripts do ? 4 | 5 | - One Command Deploy a kubernetes cluster
6 | - One Command Add a node to cluster
7 | 8 | Schema 9 | 10 | ### Support OS 11 | 12 | - CentOS 7.4 (Core)
13 | - Ubuntu 16.04 LTS
14 | - CoreOS Latest
15 | 16 | ### Install Version 17 | 18 | - cotainer engine: docker 1.13.1
19 | - etcd: v3.3.9
20 | - kubernetes: v1.10.6
21 | - kubernetes-network: flannel:v0.10.0
22 | - kubernetes-addons: coredns:1.2.0 , dashboard:v1.8.3 , heapster:v1.5.4 23 | 24 | ## Start it ? 25 | 26 | ### 1.Setup Hosts 27 | make sure you had setup ansible ssh key to each node
28 | /root/.ssh/authorized_keys 29 | ``` 30 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDCJNFRbNc0SsHa/+mWB71z7SLPH9rQpwEqGbRo7q466a97h3bejNav9wc9AKmepHPfRw7DJfSmWO3lGBya0QkXMYXVvtfcWPvZZDlar5JK/ZsC8HGOpwVLdd1uUfyPu2qM0sjRNA/Ty8PDMkS5dSyZAJNlxUAILRpepkYoT8jhrw== ansible@space.docker 31 | ``` 32 | 33 | define the cluster in hosts
34 | - systech14 35 | - systech15 36 | - systech16 37 |
38 | 39 | [./hosts](./hosts) 40 | ```ini 41 | [systech] 42 | systech14 ansible_ssh_host=172.16.11.244 ansible_ssh_port=22 ansible_ssh_user=root 43 | systech15 ansible_ssh_host=172.16.11.245 ansible_ssh_port=22 ansible_ssh_user=root 44 | systech16 ansible_ssh_host=172.16.11.246 ansible_ssh_port=22 ansible_ssh_user=root 45 | ; systech17 ansible_ssh_host=172.16.11.247 ansible_ssh_port=22 ansible_ssh_user=root 46 | ; systech18 ansible_ssh_host=172.16.11.248 ansible_ssh_port=22 ansible_ssh_user=root 47 | ; systech19 ansible_ssh_host=172.16.11.249 ansible_ssh_port=22 ansible_ssh_user=root 48 | ``` 49 | 50 | ### 2.Define Master 51 | define the master in vals
52 | systech14 is the master
53 | [./linux/group_vars/systech.yml](./linux/group_vars/systech.yml) 54 | ```yml 55 | # system options 56 | SSH_INSTALL_KEYS: 57 | - ansible 58 | - admin 59 | 60 | # registry options 61 | REGISTRY_LOCAL_HOSTNAME: systech14 62 | REGISTRY_LOCAL_IP: "{{ hostvars['systech14']['ansible_default_ipv4']['address'] }}" 63 | 64 | # etcd options 65 | ETCD_CLUSTER_ROLE: 66 | systech14: etcd 67 | 68 | # k8s option 69 | K8S_CLUSTER_ROLE: 70 | systech14: master 71 | 72 | K8S_MASTER_IP: "{{ hostvars['systech14']['ansible_default_ipv4']['address'] }}" 73 | ``` 74 | 75 | ### 3.Install 76 | docker run
77 | ```powershell 78 | # docker run 79 | docker run ` 80 | --name ansible ` 81 | -h ansible ` 82 | -v $PWD/hosts:/etc/ansible/hosts ` 83 | -v $PWD/linux/group_vars/systech.yml:/etc/ansible/linux/group_vars/systech.yml ` 84 | -d hub.c.163.com/mengkzhaoyun/cloud/ansible-kubernetes 85 | 86 | # docker exec 87 | docker exec -it ansible bash 88 | 89 | # install kubernetes cluster 90 | ap 1.install.yml 91 | 92 | # uninstall kubernetes cluster 93 | ap 9.uninstall.yml 94 | ``` 95 | 96 | ### 4.Open Browser 97 | https://172.16.11.244:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#
98 | admin
99 | abc2018 100 | -------------------------------------------------------------------------------- /docs/installs/images_v1.10.6.md: -------------------------------------------------------------------------------- 1 | # images 2 | 3 | ```powershell 4 | # registry 5 | docker pull registry:2.6.2 ;` 6 | docker tag registry:2.6.2 hub.c.163.com/mengkzhaoyun/k8s:registry-2.6.2 ;` 7 | docker push hub.c.163.com/mengkzhaoyun/k8s:registry-2.6.2 8 | 9 | # etcd 10 | docker pull quay.io/coreos/etcd:v3.3.9 ;` 11 | docker tag quay.io/coreos/etcd:v3.3.9 hub.c.163.com/mengkzhaoyun/k8s:etcd-v3.3.9 ;` 12 | docker push hub.c.163.com/mengkzhaoyun/k8s:etcd-v3.3.9 13 | 14 | # pause 15 | docker pull k8s.gcr.io/pause:3.1 ;` 16 | docker tag k8s.gcr.io/pause:3.1 hub.c.163.com/mengkzhaoyun/k8s:pause-3.1 ;` 17 | docker push hub.c.163.com/mengkzhaoyun/k8s:pause-3.1 18 | 19 | # hyperkube 20 | docker pull k8s.gcr.io/hyperkube:v1.10.6 ;` 21 | docker tag k8s.gcr.io/hyperkube:v1.10.6 hub.c.163.com/mengkzhaoyun/k8s:hyperkube-v1.10.6 ;` 22 | docker push hub.c.163.com/mengkzhaoyun/k8s:hyperkube-v1.10.6 23 | 24 | # flannel 25 | docker pull quay.io/coreos/flannel:v0.10.0 ;` 26 | docker tag quay.io/coreos/flannel:v0.10.0 hub.c.163.com/mengkzhaoyun/k8s:flannel-v0.10.0 ;` 27 | docker push hub.c.163.com/mengkzhaoyun/k8s:flannel-v0.10.0 28 | 29 | # kube-router 30 | docker pull cloudnativelabs/kube-router:v0.2.0-beta.9 ;` 31 | docker tag cloudnativelabs/kube-router:v0.2.0-beta.9 hub.c.163.com/mengkzhaoyun/k8s:kube-router-v0.2.0-beta.9 ;` 32 | docker push hub.c.163.com/mengkzhaoyun/k8s:kube-router-v0.2.0-beta.9 33 | 34 | # busybox 35 | docker pull k8s.gcr.io/busybox:1.27.2 ;` 36 | docker tag k8s.gcr.io/busybox:1.27.2 hub.c.163.com/mengkzhaoyun/k8s:busybox-1.27.2 ;` 37 | docker push hub.c.163.com/mengkzhaoyun/k8s:busybox-1.27.2 38 | 39 | # coredns 40 | docker pull coredns/coredns:1.2.0 ;` 41 | docker tag coredns/coredns:1.2.0 hub.c.163.com/mengkzhaoyun/k8s:coredns-1.2.0 ;` 42 | docker push hub.c.163.com/mengkzhaoyun/k8s:coredns-1.2.0 43 | 44 | # dashboard 45 | docker pull k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.3 ;` 46 | docker tag k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.3 hub.c.163.com/mengkzhaoyun/k8s:kubernetes-dashboard-amd64-v1.8.3 ;` 47 | docker push hub.c.163.com/mengkzhaoyun/k8s:kubernetes-dashboard-amd64-v1.8.3 48 | 49 | # heapster-amd64 50 | docker pull k8s.gcr.io/heapster-amd64:v1.5.4 ;` 51 | docker tag k8s.gcr.io/heapster-amd64:v1.5.4 hub.c.163.com/mengkzhaoyun/k8s:heapster-amd64-v1.5.4 ;` 52 | docker push hub.c.163.com/mengkzhaoyun/k8s:heapster-amd64-v1.5.4 53 | 54 | # addon-resizer 55 | docker pull k8s.gcr.io/addon-resizer:1.8.3 ;` 56 | docker tag k8s.gcr.io/addon-resizer:1.8.3 hub.c.163.com/mengkzhaoyun/k8s:addon-resizer-1.8.3 ;` 57 | docker push hub.c.163.com/mengkzhaoyun/k8s:addon-resizer-1.8.3 58 | 59 | # heapster-influxdb-amd64 60 | docker pull k8s.gcr.io/heapster-influxdb-amd64:v1.5.2 ;` 61 | docker tag k8s.gcr.io/heapster-influxdb-amd64:v1.5.2 hub.c.163.com/mengkzhaoyun/k8s:heapster-influxdb-amd64-v1.5.2 ;` 62 | docker push hub.c.163.com/mengkzhaoyun/k8s:heapster-influxdb-amd64-v1.5.2 63 | 64 | # heapster-grafana-amd64 65 | docker pull k8s.gcr.io/heapster-grafana-amd64:v5.0.4 ;` 66 | docker tag k8s.gcr.io/heapster-grafana-amd64:v5.0.4 hub.c.163.com/mengkzhaoyun/k8s:heapster-grafana-amd64-v5.0.4 ;` 67 | docker push hub.c.163.com/mengkzhaoyun/k8s:heapster-grafana-amd64-v5.0.4 68 | ``` -------------------------------------------------------------------------------- /docs/addons/dashboard.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | labels: 6 | k8s-app: kubernetes-dashboard 7 | # Allows editing resource and makes sure it is created first. 8 | addonmanager.kubernetes.io/mode: EnsureExists 9 | name: kubernetes-dashboard-settings 10 | namespace: kube-system 11 | --- 12 | apiVersion: v1 13 | kind: Secret 14 | metadata: 15 | labels: 16 | k8s-app: kubernetes-dashboard 17 | # Allows editing resource and makes sure it is created first. 18 | addonmanager.kubernetes.io/mode: EnsureExists 19 | name: kubernetes-dashboard-certs 20 | namespace: kube-system 21 | type: Opaque 22 | --- 23 | apiVersion: v1 24 | kind: ServiceAccount 25 | metadata: 26 | name: dashboard 27 | namespace: kube-system 28 | --- 29 | kind: ClusterRoleBinding 30 | apiVersion: rbac.authorization.k8s.io/v1 31 | metadata: 32 | name: dashboard-extended 33 | roleRef: 34 | kind: ClusterRole 35 | name: cluster-admin 36 | apiGroup: rbac.authorization.k8s.io 37 | subjects: 38 | - kind: ServiceAccount 39 | name: dashboard 40 | namespace: kube-system 41 | --- 42 | apiVersion: v1 43 | kind: Service 44 | metadata: 45 | name: kubernetes-dashboard 46 | namespace: kube-system 47 | labels: 48 | k8s-app: kubernetes-dashboard 49 | kubernetes.io/cluster-service: "true" 50 | addonmanager.kubernetes.io/mode: Reconcile 51 | spec: 52 | selector: 53 | k8s-app: kubernetes-dashboard 54 | ports: 55 | - port: 443 56 | targetPort: 8443 57 | --- 58 | apiVersion: apps/v1beta2 59 | kind: Deployment 60 | metadata: 61 | name: kubernetes-dashboard 62 | namespace: kube-system 63 | labels: 64 | k8s-app: kubernetes-dashboard 65 | kubernetes.io/cluster-service: "true" 66 | addonmanager.kubernetes.io/mode: Reconcile 67 | spec: 68 | selector: 69 | matchLabels: 70 | k8s-app: kubernetes-dashboard 71 | template: 72 | metadata: 73 | labels: 74 | k8s-app: kubernetes-dashboard 75 | annotations: 76 | scheduler.alpha.kubernetes.io/critical-pod: '' 77 | spec: 78 | containers: 79 | - name: kubernetes-dashboard 80 | image: reg.local:5000/k8s/kubernetes-dashboard-amd64:v1.8.3 81 | resources: 82 | limits: 83 | cpu: 100m 84 | memory: 300Mi 85 | requests: 86 | cpu: 50m 87 | memory: 100Mi 88 | ports: 89 | - containerPort: 8443 90 | protocol: TCP 91 | args: 92 | - --auto-generate-certificates 93 | volumeMounts: 94 | - name: kubernetes-dashboard-certs 95 | mountPath: /certs 96 | - name: tmp-volume 97 | mountPath: /tmp 98 | livenessProbe: 99 | httpGet: 100 | scheme: HTTPS 101 | path: / 102 | port: 8443 103 | initialDelaySeconds: 30 104 | timeoutSeconds: 30 105 | volumes: 106 | - name: kubernetes-dashboard-certs 107 | secret: 108 | secretName: kubernetes-dashboard-certs 109 | - name: tmp-volume 110 | emptyDir: {} 111 | serviceAccountName: dashboard 112 | tolerations: 113 | - key: "CriticalAddonsOnly" 114 | operator: "Exists" 115 | -------------------------------------------------------------------------------- /linux/roles/wod.k8s-ssl/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: mkdir /etc/kubernetes/ssl 2 | raw: mkdir -p /etc/kubernetes/ssl 3 | 4 | - name: check need ca.pem 5 | raw: stat /etc/kubernetes/ssl/ca.pem 6 | register: need_ssl_ca_pem 7 | ignore_errors: True 8 | 9 | - name: copy ca.pem 10 | copy: src=ca.pem dest=/etc/kubernetes/ssl/ca.pem mode=0644 11 | when: need_ssl_ca_pem | failed 12 | 13 | - name: check need ca.key 14 | raw: stat /etc/kubernetes/ssl/ca.key 15 | register: need_ssl_ca_key 16 | ignore_errors: True 17 | 18 | - name: copy ca.key 19 | copy: src=ca.key dest=/etc/kubernetes/ssl/ca.key mode=0644 20 | when: need_ssl_ca_key | failed 21 | 22 | # master 23 | - name: check need master-ssl.sh 24 | raw: stat /etc/kubernetes/ssl/master-ssl.sh 25 | register: need_ssl_master_sh 26 | when: 27 | - K8S_CLUSTER_ROLE[inventory_hostname] is defined and K8S_CLUSTER_ROLE[inventory_hostname] == "master" 28 | ignore_errors: True 29 | 30 | - name: copy master-ssl.sh 31 | copy: src=master-ssl.sh dest=/etc/kubernetes/ssl/master-ssl.sh mode=0755 32 | when: 33 | - K8S_CLUSTER_ROLE[inventory_hostname] is defined and K8S_CLUSTER_ROLE[inventory_hostname] == "master" 34 | - need_ssl_master_sh | failed 35 | 36 | - name: template master-apiserver.cnf 37 | template: src=master-apiserver.cnf dest=/etc/kubernetes/ssl/master-apiserver.cnf 38 | when: 39 | - K8S_CLUSTER_ROLE[inventory_hostname] is defined and K8S_CLUSTER_ROLE[inventory_hostname] == "master" 40 | - need_ssl_master_sh | failed 41 | 42 | - name: template master-admin.cnf 43 | template: src=master-admin.cnf dest=/etc/kubernetes/ssl/master-admin.cnf 44 | when: 45 | - K8S_CLUSTER_ROLE[inventory_hostname] is defined and K8S_CLUSTER_ROLE[inventory_hostname] == "master" 46 | - need_ssl_master_sh | failed 47 | 48 | - name: Run master-ssl.sh 49 | script: master-ssl.sh 50 | when: 51 | - K8S_CLUSTER_ROLE[inventory_hostname] is defined and K8S_CLUSTER_ROLE[inventory_hostname] == "master" 52 | - need_ssl_master_sh | failed 53 | 54 | # worker 55 | - name: check need worker-ssl.sh 56 | raw: stat /etc/kubernetes/ssl/worker-ssl.sh 57 | register: need_ssl_worker_sh 58 | when: 59 | - K8S_CLUSTER_ROLE[inventory_hostname] is not defined or K8S_CLUSTER_ROLE[inventory_hostname] != "master" 60 | ignore_errors: True 61 | 62 | - name: copy worker-ssl.sh 63 | copy: src=worker-ssl.sh dest=/etc/kubernetes/ssl/worker-ssl.sh mode=0755 64 | when: 65 | - K8S_CLUSTER_ROLE[inventory_hostname] is not defined or K8S_CLUSTER_ROLE[inventory_hostname] != "master" 66 | - need_ssl_worker_sh | failed 67 | 68 | - name: template worker-kubelet.cnf 69 | template: src=worker-kubelet.cnf dest=/etc/kubernetes/ssl/worker-kubelet.cnf 70 | when: 71 | - K8S_CLUSTER_ROLE[inventory_hostname] is not defined or K8S_CLUSTER_ROLE[inventory_hostname] != "master" 72 | - need_ssl_worker_sh | failed 73 | 74 | - name: template worker-kubeproxy.cnf 75 | template: src=worker-kubeproxy.cnf dest=/etc/kubernetes/ssl/worker-kubeproxy.cnf 76 | when: 77 | - K8S_CLUSTER_ROLE[inventory_hostname] is not defined or K8S_CLUSTER_ROLE[inventory_hostname] != "master" 78 | - need_ssl_worker_sh | failed 79 | 80 | - name: Run worker-ssl.sh 81 | script: worker-ssl.sh 82 | when: 83 | - K8S_CLUSTER_ROLE[inventory_hostname] is not defined or K8S_CLUSTER_ROLE[inventory_hostname] != "master" 84 | - need_ssl_worker_sh | failed -------------------------------------------------------------------------------- /docs/installs/images_v1.10.0.md: -------------------------------------------------------------------------------- 1 | # images 2 | 3 | ```powershell 4 | # registry 5 | docker pull registry:2.6.2 ;` 6 | docker tag registry:2.6.2 hub.c.163.com/mengkzhaoyun/k8s:registry-2.6.2 ;` 7 | docker push hub.c.163.com/mengkzhaoyun/k8s:registry-2.6.2 8 | 9 | # etcd 10 | docker pull quay.io/coreos/etcd:v3.3.2 ;` 11 | docker tag quay.io/coreos/etcd:v3.3.2 hub.c.163.com/mengkzhaoyun/k8s:etcd-v3.3.2 ;` 12 | docker push hub.c.163.com/mengkzhaoyun/k8s:etcd-v3.3.2 13 | 14 | 15 | # pause 16 | docker pull k8s.gcr.io/pause:3.1 ;` 17 | docker tag k8s.gcr.io/pause:3.1 hub.c.163.com/mengkzhaoyun/k8s:pause-3.1 ;` 18 | docker push hub.c.163.com/mengkzhaoyun/k8s:pause-3.1 19 | 20 | # hyperkube 21 | docker pull k8s.gcr.io/hyperkube:v1.10.0 ;` 22 | docker tag k8s.gcr.io/hyperkube:v1.10.0 hub.c.163.com/mengkzhaoyun/k8s:hyperkube-v1.10.0 ;` 23 | docker push hub.c.163.com/mengkzhaoyun/k8s:hyperkube-v1.10.0 24 | 25 | # flannel 26 | docker pull quay.io/coreos/flannel:v0.10.0 ;` 27 | docker tag quay.io/coreos/flannel:v0.10.0 hub.c.163.com/mengkzhaoyun/k8s:flannel-v0.10.0 ;` 28 | docker push hub.c.163.com/mengkzhaoyun/k8s:flannel-v0.10.0 29 | 30 | # kube-router 31 | docker pull cloudnativelabs/kube-router:v0.1.0 ;` 32 | docker tag cloudnativelabs/kube-router:v0.1.0 hub.c.163.com/mengkzhaoyun/k8s:kube-router-v0.1.0 ;` 33 | docker push hub.c.163.com/mengkzhaoyun/k8s:kube-router-v0.1.0 34 | 35 | # kube-proxy 36 | docker pull k8s.gcr.io/kube-proxy:v1.10.0 ;` 37 | docker tag k8s.gcr.io/kube-proxy:v1.10.0 hub.c.163.com/mengkzhaoyun/k8s:kube-proxy-v1.10.0 ;` 38 | docker push hub.c.163.com/mengkzhaoyun/k8s:kube-proxy-v1.10.0 39 | 40 | # busybox 41 | docker pull k8s.gcr.io/busybox:1.27.2 ;` 42 | docker tag k8s.gcr.io/busybox:1.27.2 hub.c.163.com/mengkzhaoyun/k8s:busybox-1.27.2 ;` 43 | docker push hub.c.163.com/mengkzhaoyun/k8s:busybox-1.27.2 44 | 45 | # coredns 46 | docker pull coredns/coredns:1.1.1 ;` 47 | docker tag coredns/coredns:1.1.1 hub.c.163.com/mengkzhaoyun/k8s:coredns-1.1.1 ;` 48 | docker push hub.c.163.com/mengkzhaoyun/k8s:coredns-1.1.1 49 | 50 | # dashboard 51 | docker pull k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.3 ;` 52 | docker tag k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.3 hub.c.163.com/mengkzhaoyun/k8s:kubernetes-dashboard-amd64-v1.8.3 ;` 53 | docker push hub.c.163.com/mengkzhaoyun/k8s:kubernetes-dashboard-amd64-v1.8.3 54 | 55 | # heapster-amd64 56 | docker pull k8s.gcr.io/heapster-amd64:v1.5.2 ;` 57 | docker tag k8s.gcr.io/heapster-amd64:v1.5.2 hub.c.163.com/mengkzhaoyun/k8s:heapster-amd64-v1.5.2 ;` 58 | docker push hub.c.163.com/mengkzhaoyun/k8s:heapster-amd64-v1.5.2 59 | 60 | # addon-resizer 61 | docker pull k8s.gcr.io/addon-resizer:1.8.1 ;` 62 | docker tag k8s.gcr.io/addon-resizer:1.8.1 hub.c.163.com/mengkzhaoyun/k8s:addon-resizer-1.8.1 ;` 63 | docker push hub.c.163.com/mengkzhaoyun/k8s:addon-resizer-1.8.1 64 | 65 | # heapster-influxdb-amd64 66 | docker pull k8s.gcr.io/heapster-influxdb-amd64:v1.3.3 ;` 67 | docker tag k8s.gcr.io/heapster-influxdb-amd64:v1.3.3 hub.c.163.com/mengkzhaoyun/k8s:heapster-influxdb-amd64-v1.3.3 ;` 68 | docker push hub.c.163.com/mengkzhaoyun/k8s:heapster-influxdb-amd64-v1.3.3 69 | 70 | # heapster-grafana-amd64 71 | docker pull k8s.gcr.io/heapster-grafana-amd64:v4.4.3 ;` 72 | docker tag k8s.gcr.io/heapster-grafana-amd64:v4.4.3 hub.c.163.com/mengkzhaoyun/k8s:heapster-grafana-amd64-v4.4.3 ;` 73 | docker push hub.c.163.com/mengkzhaoyun/k8s:heapster-grafana-amd64-v4.4.3 74 | ``` -------------------------------------------------------------------------------- /docs/history/1.9/readme.md: -------------------------------------------------------------------------------- 1 | # Offline Auto Deploy 2 | 3 | ## CentOS 4 | 5 | os: CentOS Linux release 7.4.1708 (Core)
6 | cotianer: docker 1.13.1 , rkt 1.29.0
7 | etcd: 3.3.2
8 | kubernetes: 1.9.4
9 | kubernetes-network: kube-router:v0.1.0-rc2
10 | kubernetes-addons: coredns:1.1.0 , dashboard:v1.8.3 , heapster:v1.5.0 11 | 12 | [Offline Auto Deploy Kubernetes 1.9.4 in CentOS](./centos.md) 13 | 14 | Schema 15 | 16 | Online Vedio
17 | https://www.bilibili.com/video/av20919490/
18 | https://youtu.be/_vhBCMwQsu8 19 | 20 | ## Ubuntu 21 | 22 | [Offline Auto Deploy Kubernetes 1.9.3 in Ubuntu](./ubuntu.md) 23 | 24 | Schema 25 | 26 | Online Vedio
27 | https://www.bilibili.com/video/av20150387/
28 | https://www.youtube.com/watch?v=144Ng2D5jxQ 29 | 30 | ## CoreOS 31 | 32 | [Offline Auto Deploy Kubernetes 1.9.0 in CoreOS](./coreos.md) 33 | 34 | Schema 35 | 36 | Online Vedio
37 | https://www.bilibili.com/video/av18457856/
38 | https://www.youtube.com/watch?v=84XvO2UAx9U 39 | 40 | # How to Create Install Datas 41 | 42 | ## 1.9.6 43 | BAIDU DISK
44 | Link:https://pan.baidu.com/s/1y-JLhtr-jOFQd1-TZYNgug
45 | Pass:qw95 46 | 47 | ## Get Images 48 | 49 | [images.md](../../installs/images_v1.9.6.md) 50 | ```bash 51 | # registry 52 | docker pull registry:2.6.2 53 | 54 | # etcd 55 | docker pull quay.io/coreos/etcd:v3.3.2 56 | 57 | # pause 58 | docker pull k8s.gcr.io/pause:3.1 59 | 60 | # hyperkube 61 | docker pull k8s.gcr.io/hyperkube:v1.9.6 62 | 63 | # flannel 64 | docker pull quay.io/coreos/flannel:v0.10.0 65 | 66 | # kube-router 67 | docker pull cloudnativelabs/kube-router:v0.1.0 68 | 69 | # busybox 70 | docker pull k8s.gcr.io/busybox:1.27.2 71 | 72 | # coredns 73 | docker pull coredns/coredns:1.1.0 74 | 75 | # dashboard 76 | docker pull k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.3 77 | 78 | # heapster 79 | docker pull k8s.gcr.io/heapster-amd64:v1.5.2 80 | 81 | # addon-resizer 82 | docker pull k8s.gcr.io/addon-resizer:1.8.1 83 | 84 | # heapster-influxdb-amd64 85 | docker pull k8s.gcr.io/heapster-influxdb-amd64:v1.3.3 86 | 87 | # heapster-grafana-amd64 88 | docker pull k8s.gcr.io/heapster-grafana-amd64:v4.4.3 89 | ``` 90 | 91 | ## Get ACI Image 92 | 93 | [aci.md](../../installs/aci_v1.9.6.md) 94 | 95 | ```bash 96 | rkt image export hub.c.163.com/mengkzhaoyun/public:registry-2.6.2 registry-2.6.2.aci 97 | 98 | rkt image export hub.c.163.com/mengkzhaoyun/k8s:etcd-v3.3.2 etcd-v3.3.2.aci 99 | 100 | rkt image export hub.c.163.com/mengkzhaoyun/k8s:flannel-v0.10.0 flannel-v0.10.0.aci 101 | 102 | rkt image export hub.c.163.com/mengkzhaoyun/k8s:hyperkube-v1.9.6 hyperkube-v1.9.6.aci 103 | ``` 104 | 105 | ## Get CTL 106 | 107 | [ctl.md](../../installs/ctl_v1.9.6.md) 108 | 109 | ```bash 110 | # ct 111 | https://github.com/coreos/container-linux-config-transpiler/releases/download/v0.4.2/ct-v0.4.2-x86_64-unknown-linux-gnu 112 | 113 | # kubectl 114 | https://storage.googleapis.com/kubernetes-release/release/v1.9.6/bin/linux/amd64/kubectl 115 | 116 | # etcdctl 117 | https://github.com/coreos/etcd/releases/download/v3.3.2/etcd-v3.3.2-linux-amd64.tar.gz 118 | ``` 119 | 120 | ## Get Registry Data 121 | 122 | [registry.md](../../installs/registry_v1.9.6.md) -------------------------------------------------------------------------------- /docs/installs/registry_v1.10.0.md: -------------------------------------------------------------------------------- 1 | # Get Registry Data 2 | 3 | registry-data-v1.10.0.tgz 4 | 5 | ```bash 6 | # run registry 7 | docker run -d -p 5000:5000 -v /data:/var/lib/registry --name registry hub.c.163.com/mengkzhaoyun/public:registry-2.6.2 8 | 9 | # hyperkube-v1.10.0 10 | docker pull hub.c.163.com/mengkzhaoyun/k8s:hyperkube-v1.10.0 &&\ 11 | docker tag hub.c.163.com/mengkzhaoyun/k8s:hyperkube-v1.10.0 localhost:5000/k8s/hyperkube:v1.10.0 &&\ 12 | docker push localhost:5000/k8s/hyperkube:v1.10.0 13 | 14 | # pause:3.1 15 | docker pull hub.c.163.com/mengkzhaoyun/k8s:pause-3.1 &&\ 16 | docker tag hub.c.163.com/mengkzhaoyun/k8s:pause-3.1 localhost:5000/k8s/pause:3.1 &&\ 17 | docker push localhost:5000/k8s/pause:3.1 18 | 19 | # kube-router:v0.1.0 20 | docker pull hub.c.163.com/mengkzhaoyun/k8s:kube-router-v0.1.0 &&\ 21 | docker tag hub.c.163.com/mengkzhaoyun/k8s:kube-router-v0.1.0 localhost:5000/k8s/kube-router:v0.1.0 &&\ 22 | docker push localhost:5000/k8s/kube-router:v0.1.0 23 | 24 | # kube-proxy:v1.10.0 25 | docker pull hub.c.163.com/mengkzhaoyun/k8s:kube-proxy-v1.10.0 &&\ 26 | docker tag hub.c.163.com/mengkzhaoyun/k8s:kube-proxy-v1.10.0 localhost:5000/k8s/kube-proxy:v1.10.0 &&\ 27 | docker push localhost:5000/k8s/kube-proxy:v1.10.0 28 | 29 | # flannel:v0.10.0 30 | docker pull hub.c.163.com/mengkzhaoyun/k8s:flannel-v0.10.0 &&\ 31 | docker tag hub.c.163.com/mengkzhaoyun/k8s:flannel-v0.10.0 localhost:5000/k8s/flannel:v0.10.0 &&\ 32 | docker push localhost:5000/k8s/flannel:v0.10.0 33 | 34 | # busybox:1.27.2 35 | docker pull hub.c.163.com/mengkzhaoyun/k8s:busybox-1.27.2 &&\ 36 | docker tag hub.c.163.com/mengkzhaoyun/k8s:busybox-1.27.2 localhost:5000/k8s/busybox:1.27.2 &&\ 37 | docker push localhost:5000/k8s/busybox:1.27.2 38 | 39 | # coredns:1.1.1 40 | docker pull hub.c.163.com/mengkzhaoyun/k8s:coredns-1.1.1 &&\ 41 | docker tag hub.c.163.com/mengkzhaoyun/k8s:coredns-1.1.1 localhost:5000/k8s/coredns:1.1.1 &&\ 42 | docker push localhost:5000/k8s/coredns:1.1.1 43 | 44 | # kubernetes-dashboard-amd64:v1.8.3 45 | docker pull hub.c.163.com/mengkzhaoyun/k8s:kubernetes-dashboard-amd64-v1.8.3 &&\ 46 | docker tag hub.c.163.com/mengkzhaoyun/k8s:kubernetes-dashboard-amd64-v1.8.3 localhost:5000/k8s/kubernetes-dashboard-amd64:v1.8.3 &&\ 47 | docker push localhost:5000/k8s/kubernetes-dashboard-amd64:v1.8.3 48 | 49 | # heapster-amd64:v1.5.2 50 | docker pull hub.c.163.com/mengkzhaoyun/k8s:heapster-amd64-v1.5.2 &&\ 51 | docker tag hub.c.163.com/mengkzhaoyun/k8s:heapster-amd64-v1.5.2 localhost:5000/k8s/heapster-amd64:v1.5.2 &&\ 52 | docker push localhost:5000/k8s/heapster-amd64:v1.5.2 53 | 54 | # addon-resizer:1.8.1 55 | docker pull hub.c.163.com/mengkzhaoyun/k8s:addon-resizer-1.8.1 &&\ 56 | docker tag hub.c.163.com/mengkzhaoyun/k8s:addon-resizer-1.8.1 localhost:5000/k8s/addon-resizer:1.8.1 &&\ 57 | docker push localhost:5000/k8s/addon-resizer:1.8.1 58 | 59 | # heapster-influxdb-amd64:v1.3.3 60 | docker pull hub.c.163.com/mengkzhaoyun/k8s:heapster-influxdb-amd64-v1.3.3 &&\ 61 | docker tag hub.c.163.com/mengkzhaoyun/k8s:heapster-influxdb-amd64-v1.3.3 localhost:5000/k8s/heapster-influxdb-amd64:v1.3.3 &&\ 62 | docker push localhost:5000/k8s/heapster-influxdb-amd64:v1.3.3 63 | 64 | # heapster-grafana-amd64:v4.4.3 65 | docker pull hub.c.163.com/mengkzhaoyun/k8s:heapster-grafana-amd64-v4.4.3 &&\ 66 | docker tag hub.c.163.com/mengkzhaoyun/k8s:heapster-grafana-amd64-v4.4.3 localhost:5000/k8s/heapster-grafana-amd64:v4.4.3 &&\ 67 | docker push localhost:5000/k8s/heapster-grafana-amd64:v4.4.3 68 | ``` -------------------------------------------------------------------------------- /docs/history/1.9/coreos.md: -------------------------------------------------------------------------------- 1 | # Deploy 2 | 3 | Schema 4 | 5 | Online Vedio
6 | https://www.bilibili.com/video/av18457856/
7 | https://www.youtube.com/watch?v=84XvO2UAx9U 8 | 9 | 10 | # Prepare 11 | 12 | ## 1). Config 13 | Modify Machine Name&IP
14 | ./hosts 15 | 16 | Modify k8s Cluster Config
17 | ./coreos/group_vars/systech 18 | 19 | ## 2). HTTP_SERVER 20 | http://172.16.11.235/k8s
21 | Check the server contians these files: 22 | ```bash 23 | # ansible deps 24 | pypy-5.1.0-linux64.tar.bz2 25 | 26 | # k8s deps 27 | etcd-v3.2.11.tgz 28 | flannel-v0.10.0.tgz 29 | hyperkube-v1.9.0.tgz 30 | kubectl-v1.9.0.tgz 31 | registry-2.6.2.tgz 32 | registry-data-v1.9.0.tgz 33 | ``` 34 | 35 | BAIDU DISK
36 | Link:https://pan.baidu.com/s/1ofySEUgwNEB_id6krF2hUA
37 | Pass:ci85 38 | 39 | 40 | # Install 41 | 42 | ## 1).run ansible from docker 43 | ```cmd 44 | docker run ` 45 | --name ansible ` 46 | -h ansible ` 47 | -v c:/git/mengkzhaoyun/ansible:/etc/ansible ` 48 | -d hub.c.163.com/mengkzhaoyun/public:ansible-2.3.0-centos7 /bin/sh -c "while true; do echo hello world; sleep 1; done" 49 | ``` 50 | 51 | ## 2).enter in ansible cotainer 52 | ```bash 53 | # enter contianer run ansible scripts 54 | docker exec -it ansible bash 55 | 56 | # exec commands to install k8s 57 | cd coreos 58 | ap a.bootstrap.yml 59 | ap b.install.yml 60 | ap c.test.yml 61 | ``` 62 | 63 | ## 3).check 64 | ```bash 65 | # check rkt 66 | rkt list 67 | UUID APP IMAGE NAME STATE CREATED STARTED NETWORKS 68 | 327b3c3a flannel hub.c.163.com/mengkzhaoyun/k8s:flannel-v0.10.0 running 10 minutes ago 10 minutes ago 69 | 34dffd22 registry hub.c.163.com/mengkzhaoyun/public:registry-2.6.2 running 11 minutes ago 11 minutes ago default:ip4=172.16.28.2 70 | 43ff3c33 k8s hub.c.163.com/mengkzhaoyun/k8s:hyperkube-v1.9.0 running 8 minutes ago 8 minutes ago 71 | 8550c4d1 flannelopts hub.c.163.com/mengkzhaoyun/k8s:flannel-v0.10.0 exited 10 minutes ago 10 minutes ago 72 | ed48d2c4 etcd coreos.com/etcd:v3.2.11 running 11 minutes ago 11 minutes ago 73 | 74 | 75 | # check docker 76 | docker ps 77 | 78 | # check kube-system 79 | kubectl get pods -n=kube-system 80 | 81 | NAME READY STATUS RESTARTS AGE 82 | kube-apiserver-172.16.11.248 1/1 Running 0 6m 83 | kube-controller-manager-172.16.11.248 1/1 Running 0 6m 84 | kube-proxy-172.16.11.247 1/1 Running 0 24s 85 | kube-proxy-172.16.11.248 1/1 Running 0 6m 86 | kube-proxy-172.16.11.249 1/1 Running 0 7m 87 | kube-scheduler-172.16.11.248 1/1 Running 0 6m 88 | 89 | ``` 90 | 91 | ## 4).addons 92 | Copy Addons To The Master Server 93 | ```bash 94 | # coredns 95 | kubectl create -f /etc/kubernetes/addons/coredns.yml 96 | 97 | # dashboard 98 | kubectl create -f /etc/kubernetes/addons/dashboard.yml 99 | 100 | # heapster 101 | kubectl create -f /etc/kubernetes/addons/heapster.yml 102 | 103 | # rbac-admin 104 | kubectl create -f /etc/kubernetes/addons/rbac-admin.yml 105 | ``` 106 | 107 | # Brower 108 | Schema 109 | https://172.16.11.248:6443/ui
110 | admin
111 | abc2018 -------------------------------------------------------------------------------- /linux/roles/wod.k8s-addon/templates/dashboard.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: kubernetes-dashboard 6 | namespace: kube-system 7 | --- 8 | apiVersion: rbac.authorization.k8s.io/v1 9 | kind: ClusterRoleBinding 10 | metadata: 11 | name: kubernetes-dashboard 12 | labels: 13 | k8s-app: kubernetes-dashboard 14 | roleRef: 15 | apiGroup: rbac.authorization.k8s.io 16 | kind: ClusterRole 17 | name: cluster-admin 18 | subjects: 19 | - kind: ServiceAccount 20 | name: kubernetes-dashboard 21 | namespace: kube-system 22 | --- 23 | apiVersion: v1 24 | kind: Service 25 | metadata: 26 | name: kubernetes-dashboard 27 | namespace: kube-system 28 | labels: 29 | k8s-app: kubernetes-dashboard 30 | kubernetes.io/cluster-service: "true" 31 | addonmanager.kubernetes.io/mode: Reconcile 32 | spec: 33 | selector: 34 | k8s-app: kubernetes-dashboard 35 | ports: 36 | - port: 443 37 | targetPort: 8443 38 | --- 39 | apiVersion: v1 40 | kind: ConfigMap 41 | metadata: 42 | labels: 43 | k8s-app: kubernetes-dashboard 44 | # Allows editing resource and makes sure it is created first. 45 | addonmanager.kubernetes.io/mode: EnsureExists 46 | name: kubernetes-dashboard-settings 47 | namespace: kube-system 48 | --- 49 | apiVersion: v1 50 | kind: Secret 51 | metadata: 52 | labels: 53 | k8s-app: kubernetes-dashboard 54 | # Allows editing resource and makes sure it is created first. 55 | addonmanager.kubernetes.io/mode: EnsureExists 56 | name: kubernetes-dashboard-certs 57 | namespace: kube-system 58 | type: Opaque 59 | --- 60 | apiVersion: apps/v1beta2 61 | kind: Deployment 62 | metadata: 63 | name: kubernetes-dashboard 64 | namespace: kube-system 65 | labels: 66 | k8s-app: kubernetes-dashboard 67 | kubernetes.io/cluster-service: "true" 68 | addonmanager.kubernetes.io/mode: Reconcile 69 | spec: 70 | selector: 71 | matchLabels: 72 | k8s-app: kubernetes-dashboard 73 | template: 74 | metadata: 75 | labels: 76 | k8s-app: kubernetes-dashboard 77 | annotations: 78 | scheduler.alpha.kubernetes.io/critical-pod: '' 79 | spec: 80 | priorityClassName: system-cluster-critical 81 | containers: 82 | - name: kubernetes-dashboard 83 | image: {{ REGISTRY_LOCAL }}{{ K8S_IMAGES["DASHBOARD"]["NAME"] }}:{{ K8S_IMAGES["DASHBOARD"]["VERSION"] }} 84 | resources: 85 | limits: 86 | cpu: 100m 87 | memory: 300Mi 88 | requests: 89 | cpu: 50m 90 | memory: 100Mi 91 | ports: 92 | - containerPort: 8443 93 | protocol: TCP 94 | args: 95 | - --auto-generate-certificates 96 | volumeMounts: 97 | - name: kubernetes-dashboard-certs 98 | mountPath: /certs 99 | - name: tmp-volume 100 | mountPath: /tmp 101 | - mountPath: /etc/localtime 102 | name: etc-localtime 103 | readOnly: true 104 | livenessProbe: 105 | httpGet: 106 | scheme: HTTPS 107 | path: / 108 | port: 8443 109 | initialDelaySeconds: 30 110 | timeoutSeconds: 30 111 | volumes: 112 | - name: kubernetes-dashboard-certs 113 | emptyDir: {} 114 | - name: tmp-volume 115 | emptyDir: {} 116 | - name: etc-localtime 117 | hostPath: 118 | path: /etc/localtime 119 | serviceAccountName: kubernetes-dashboard 120 | tolerations: 121 | - key: "CriticalAddonsOnly" 122 | operator: "Exists" -------------------------------------------------------------------------------- /linux/roles/wod.k8s-master/files/scripts/kubelet.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Wrapper for launching kubelet via rkt-fly. 3 | # 4 | # Make sure to set KUBELET_IMAGE_TAG to an image tag published here: 5 | # https://quay.io/repository/coreos/hyperkube?tab=tags Alternatively, 6 | # override KUBELET_IMAGE to a custom image. 7 | 8 | set -e 9 | 10 | function require_ev_all() { 11 | for rev in $@ ; do 12 | if [[ -z "${!rev}" ]]; then 13 | echo "${rev}" is not set 14 | exit 1 15 | fi 16 | done 17 | } 18 | 19 | function require_ev_one() { 20 | for rev in $@ ; do 21 | if [[ ! -z "${!rev}" ]]; then 22 | return 23 | fi 24 | done 25 | echo One of $@ must be set 26 | exit 1 27 | } 28 | 29 | if [[ -n "${KUBELET_VERSION}" ]]; then 30 | echo KUBELET_VERSION environment variable is deprecated, please use KUBELET_IMAGE_TAG instead 31 | fi 32 | 33 | if [[ -n "${KUBELET_ACI}" ]]; then 34 | echo KUBELET_ACI environment variable is deprecated, please use the KUBELET_IMAGE_URL instead 35 | fi 36 | 37 | if [[ -n "${RKT_OPTS}" ]]; then 38 | echo RKT_OPTS environment variable is deprecated, please use the RKT_RUN_ARGS instead 39 | fi 40 | 41 | KUBELET_IMAGE_TAG="${KUBELET_IMAGE_TAG:-${KUBELET_VERSION}}" 42 | 43 | require_ev_one KUBELET_IMAGE KUBELET_IMAGE_TAG 44 | 45 | KUBELET_IMAGE_URL="${KUBELET_IMAGE_URL:-${KUBELET_ACI:-quay.io/coreos/hyperkube}}" 46 | KUBELET_IMAGE="${KUBELET_IMAGE:-${KUBELET_IMAGE_URL}:${KUBELET_IMAGE_TAG}}" 47 | 48 | RKT_RUN_ARGS="${RKT_RUN_ARGS} ${RKT_OPTS}" 49 | 50 | if [[ "${KUBELET_IMAGE%%/*}" == "quay.io" ]]; then 51 | RKT_RUN_ARGS="${RKT_RUN_ARGS} --trust-keys-from-https" 52 | fi 53 | 54 | /usr/bin/mkdir --parents /etc/kubernetes 55 | /usr/bin/mkdir --parents /var/lib/docker 56 | /usr/bin/mkdir --parents /var/lib/kubelet 57 | /usr/bin/mkdir --parents /run/kubelet 58 | 59 | RKT="${RKT:-/usr/bin/rkt}" 60 | RKT_STAGE1_ARG="${RKT_STAGE1_ARG:---stage1-from-dir=stage1-fly.aci}" 61 | KUBELET_IMAGE_ARGS=${KUBELET_IMAGE_ARGS:---exec=/kubelet} 62 | set -x 63 | exec ${RKT} ${RKT_GLOBAL_ARGS} \ 64 | run ${RKT_RUN_ARGS} \ 65 | --volume coreos-etc-kubernetes,kind=host,source=/etc/kubernetes,readOnly=false \ 66 | --volume coreos-etc-ssl-certs,kind=host,source=/etc/ssl/certs,readOnly=true \ 67 | --volume coreos-usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \ 68 | --volume coreos-var-lib-docker,kind=host,source=/var/lib/docker,readOnly=false \ 69 | --volume coreos-var-lib-kubelet,kind=host,source=/var/lib/kubelet,readOnly=false,recursive=true \ 70 | --volume coreos-var-log,kind=host,source=/var/log,readOnly=false \ 71 | --volume coreos-os-release,kind=host,source=/etc/os-release,readOnly=true \ 72 | --volume coreos-run,kind=host,source=/run,readOnly=false \ 73 | --volume coreos-lib-modules,kind=host,source=/lib/modules,readOnly=true \ 74 | --volume coreos-etc-cni-net,kind=host,source=/etc/cni/net.d,readOnly=true \ 75 | --volume coreos-etc-localtime,kind=host,source=/etc/localtime,readOnly=true \ 76 | --mount volume=coreos-etc-kubernetes,target=/etc/kubernetes \ 77 | --mount volume=coreos-etc-ssl-certs,target=/etc/ssl/certs \ 78 | --mount volume=coreos-usr-share-certs,target=/usr/share/ca-certificates \ 79 | --mount volume=coreos-var-lib-docker,target=/var/lib/docker \ 80 | --mount volume=coreos-var-lib-kubelet,target=/var/lib/kubelet \ 81 | --mount volume=coreos-var-log,target=/var/log \ 82 | --mount volume=coreos-os-release,target=/etc/os-release \ 83 | --mount volume=coreos-run,target=/run \ 84 | --mount volume=coreos-lib-modules,target=/lib/modules \ 85 | --mount volume=coreos-etc-cni-net,target=/etc/cni/net.d \ 86 | --mount volume=coreos-etc-localtime,target=/etc/localtime \ 87 | --hosts-entry host \ 88 | ${RKT_STAGE1_ARG} \ 89 | ${KUBELET_IMAGE} \ 90 | ${KUBELET_IMAGE_ARGS} \ 91 | -- "$@" -------------------------------------------------------------------------------- /linux/roles/wod.k8s-worker/files/scripts/kubelet.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Wrapper for launching kubelet via rkt-fly. 3 | # 4 | # Make sure to set KUBELET_IMAGE_TAG to an image tag published here: 5 | # https://quay.io/repository/coreos/hyperkube?tab=tags Alternatively, 6 | # override KUBELET_IMAGE to a custom image. 7 | 8 | set -e 9 | 10 | function require_ev_all() { 11 | for rev in $@ ; do 12 | if [[ -z "${!rev}" ]]; then 13 | echo "${rev}" is not set 14 | exit 1 15 | fi 16 | done 17 | } 18 | 19 | function require_ev_one() { 20 | for rev in $@ ; do 21 | if [[ ! -z "${!rev}" ]]; then 22 | return 23 | fi 24 | done 25 | echo One of $@ must be set 26 | exit 1 27 | } 28 | 29 | if [[ -n "${KUBELET_VERSION}" ]]; then 30 | echo KUBELET_VERSION environment variable is deprecated, please use KUBELET_IMAGE_TAG instead 31 | fi 32 | 33 | if [[ -n "${KUBELET_ACI}" ]]; then 34 | echo KUBELET_ACI environment variable is deprecated, please use the KUBELET_IMAGE_URL instead 35 | fi 36 | 37 | if [[ -n "${RKT_OPTS}" ]]; then 38 | echo RKT_OPTS environment variable is deprecated, please use the RKT_RUN_ARGS instead 39 | fi 40 | 41 | KUBELET_IMAGE_TAG="${KUBELET_IMAGE_TAG:-${KUBELET_VERSION}}" 42 | 43 | require_ev_one KUBELET_IMAGE KUBELET_IMAGE_TAG 44 | 45 | KUBELET_IMAGE_URL="${KUBELET_IMAGE_URL:-${KUBELET_ACI:-quay.io/coreos/hyperkube}}" 46 | KUBELET_IMAGE="${KUBELET_IMAGE:-${KUBELET_IMAGE_URL}:${KUBELET_IMAGE_TAG}}" 47 | 48 | RKT_RUN_ARGS="${RKT_RUN_ARGS} ${RKT_OPTS}" 49 | 50 | if [[ "${KUBELET_IMAGE%%/*}" == "quay.io" ]]; then 51 | RKT_RUN_ARGS="${RKT_RUN_ARGS} --trust-keys-from-https" 52 | fi 53 | 54 | /usr/bin/mkdir --parents /etc/kubernetes 55 | /usr/bin/mkdir --parents /var/lib/docker 56 | /usr/bin/mkdir --parents /var/lib/kubelet 57 | /usr/bin/mkdir --parents /run/kubelet 58 | 59 | RKT="${RKT:-/usr/bin/rkt}" 60 | RKT_STAGE1_ARG="${RKT_STAGE1_ARG:---stage1-from-dir=stage1-fly.aci}" 61 | KUBELET_IMAGE_ARGS=${KUBELET_IMAGE_ARGS:---exec=/kubelet} 62 | set -x 63 | exec ${RKT} ${RKT_GLOBAL_ARGS} \ 64 | run ${RKT_RUN_ARGS} \ 65 | --volume coreos-etc-kubernetes,kind=host,source=/etc/kubernetes,readOnly=false \ 66 | --volume coreos-etc-ssl-certs,kind=host,source=/etc/ssl/certs,readOnly=true \ 67 | --volume coreos-usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \ 68 | --volume coreos-var-lib-docker,kind=host,source=/var/lib/docker,readOnly=false \ 69 | --volume coreos-var-lib-kubelet,kind=host,source=/var/lib/kubelet,readOnly=false,recursive=true \ 70 | --volume coreos-var-log,kind=host,source=/var/log,readOnly=false \ 71 | --volume coreos-os-release,kind=host,source=/etc/os-release,readOnly=true \ 72 | --volume coreos-run,kind=host,source=/run,readOnly=false \ 73 | --volume coreos-lib-modules,kind=host,source=/lib/modules,readOnly=true \ 74 | --volume coreos-etc-cni-net,kind=host,source=/etc/cni/net.d,readOnly=true \ 75 | --volume coreos-etc-localtime,kind=host,source=/etc/localtime,readOnly=true \ 76 | --mount volume=coreos-etc-kubernetes,target=/etc/kubernetes \ 77 | --mount volume=coreos-etc-ssl-certs,target=/etc/ssl/certs \ 78 | --mount volume=coreos-usr-share-certs,target=/usr/share/ca-certificates \ 79 | --mount volume=coreos-var-lib-docker,target=/var/lib/docker \ 80 | --mount volume=coreos-var-lib-kubelet,target=/var/lib/kubelet \ 81 | --mount volume=coreos-var-log,target=/var/log \ 82 | --mount volume=coreos-os-release,target=/etc/os-release \ 83 | --mount volume=coreos-run,target=/run \ 84 | --mount volume=coreos-lib-modules,target=/lib/modules \ 85 | --mount volume=coreos-etc-cni-net,target=/etc/cni/net.d \ 86 | --mount volume=coreos-etc-localtime,target=/etc/localtime \ 87 | --hosts-entry host \ 88 | ${RKT_STAGE1_ARG} \ 89 | ${KUBELET_IMAGE} \ 90 | ${KUBELET_IMAGE_ARGS} \ 91 | -- "$@" -------------------------------------------------------------------------------- /linux/roles/wod.k8s-master/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Run prepare.sh 2 | environment: 3 | HTTP_SERVER: '{{ HTTP_SERVER }}' 4 | RKT_ACI_KUBELET: '{{ RKT_ACI_KUBELET }}' 5 | REGISTRY_LOCAL: '{{ REGISTRY_LOCAL }}' 6 | REGISTRY_LOCAL_SPLIT: ":" 7 | REGISTRY_KUBELET_REPO: '{{ K8S_IMAGES["KUBELET"]["NAME"] }}' 8 | REGISTRY_KUBELET_VERSION: '{{ K8S_IMAGES["KUBELET"]["VERSION"] }}' 9 | script: scripts/prepare.sh 10 | 11 | - name: mkdir -p /etc/kubernetes/config 12 | raw: mkdir -p /etc/kubernetes/config 13 | 14 | - name: check need config/kubelet.yaml 15 | raw: stat /etc/kubernetes/config/kubelet.yaml 16 | register: need_config_kubelet 17 | ignore_errors: True 18 | 19 | - name: copy config/kubelet.yaml 20 | copy: src=config/kubelet.yaml dest=/etc/kubernetes/config/kubelet.yaml 21 | when: need_config_kubelet | failed 22 | 23 | - name: check need config/kubeproxy.yaml 24 | raw: stat /etc/kubernetes/config/kubeproxy.yaml 25 | register: need_config_kubeproxy 26 | ignore_errors: True 27 | 28 | - name: copy config/kubeproxy.yaml 29 | copy: src=config/kubeproxy.yaml dest=/etc/kubernetes/config/kubeproxy.yaml 30 | when: need_config_kubeproxy | failed 31 | 32 | - name: check need scripts/kubelet.sh 33 | raw: stat /etc/kubernetes/scripts/kubelet.sh 34 | register: need_scripts_kubelet 35 | ignore_errors: True 36 | 37 | - name: copy scripts/kubelet.sh 38 | copy: src=scripts/kubelet.sh dest=/etc/kubernetes/scripts/kubelet.sh mode=0755 39 | when: need_scripts_kubelet | failed 40 | 41 | - name: check need ssl/admin.csv 42 | raw: stat /etc/kubernetes/ssl/admin.csv 43 | register: need_ssl_admin 44 | ignore_errors: True 45 | 46 | - name: template ssl/admin.csv 47 | template: src=ssl/admin.csv dest=/etc/kubernetes/ssl/admin.csv 48 | when: need_ssl_admin | failed 49 | 50 | - name: check need ssl/token.csv 51 | raw: stat /etc/kubernetes/ssl/token.csv 52 | register: need_ssl_token 53 | ignore_errors: True 54 | 55 | - name: template ssl/token.csv 56 | template: src=ssl/token.csv dest=/etc/kubernetes/ssl/token.csv 57 | when: need_ssl_token | failed 58 | 59 | - name: check need manifests/kube-apiserver.yaml 60 | raw: stat /etc/kubernetes/manifests/kube-apiserver.yaml 61 | register: need_manifests_apiserver 62 | ignore_errors: True 63 | 64 | - name: template manifests/kube-apiserver.yaml 65 | template: src=manifests/kube-apiserver.yaml dest=/etc/kubernetes/manifests/kube-apiserver.yaml 66 | when: need_manifests_apiserver | failed 67 | 68 | - name: check need manifests/kube-controller-manager.yaml 69 | raw: stat /etc/kubernetes/manifests/kube-controller-manager.yaml 70 | register: need_manifests_controller 71 | ignore_errors: True 72 | 73 | - name: template manifests/kube-controller-manager.yaml 74 | template: src=manifests/kube-controller-manager.yaml dest=/etc/kubernetes/manifests/kube-controller-manager.yaml 75 | when: need_manifests_controller | failed 76 | 77 | - name: check need manifests/kube-scheduler.yaml 78 | raw: stat /etc/kubernetes/manifests/kube-scheduler.yaml 79 | register: need_manifests_scheduler 80 | ignore_errors: True 81 | 82 | - name: template manifests/kube-scheduler.yaml 83 | template: src=manifests/kube-scheduler.yaml dest=/etc/kubernetes/manifests/kube-scheduler.yaml 84 | when: need_manifests_scheduler | failed 85 | 86 | - name: check need services/k8s-kubelet.service 87 | raw: stat /etc/systemd/system/k8s-kubelet.service 88 | register: need_services_kubelet 89 | ignore_errors: True 90 | 91 | - name: template services/k8s-kubelet.service 92 | template: src=services/kubelet.service dest=/etc/systemd/system/k8s-kubelet.service 93 | when: need_services_kubelet | failed 94 | 95 | - name: start services k8s-kubelet.service 96 | raw: systemctl daemon-reload && systemctl enable k8s-kubelet.service && systemctl start k8s-kubelet.service 97 | when: need_services_kubelet | failed -------------------------------------------------------------------------------- /linux/roles/wod.k8s-cni/templates/flannel.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ClusterRole 3 | apiVersion: rbac.authorization.k8s.io/v1beta1 4 | metadata: 5 | name: flannel 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - pods 11 | verbs: 12 | - get 13 | - apiGroups: 14 | - "" 15 | resources: 16 | - nodes 17 | verbs: 18 | - list 19 | - watch 20 | - apiGroups: 21 | - "" 22 | resources: 23 | - nodes/status 24 | verbs: 25 | - patch 26 | --- 27 | kind: ClusterRoleBinding 28 | apiVersion: rbac.authorization.k8s.io/v1beta1 29 | metadata: 30 | name: flannel 31 | roleRef: 32 | apiGroup: rbac.authorization.k8s.io 33 | kind: ClusterRole 34 | name: flannel 35 | subjects: 36 | - kind: ServiceAccount 37 | name: flannel 38 | namespace: kube-system 39 | --- 40 | apiVersion: v1 41 | kind: ServiceAccount 42 | metadata: 43 | name: flannel 44 | namespace: kube-system 45 | --- 46 | kind: ConfigMap 47 | apiVersion: v1 48 | metadata: 49 | name: kube-flannel-cfg 50 | namespace: kube-system 51 | labels: 52 | tier: node 53 | app: flannel 54 | data: 55 | cni-conf.json: | 56 | { 57 | "name": "cbr0", 58 | "plugins": [ 59 | { 60 | "type": "flannel", 61 | "delegate": { 62 | "hairpinMode": true, 63 | "isDefaultGateway": true 64 | } 65 | }, 66 | { 67 | "type": "portmap", 68 | "capabilities": { 69 | "portMappings": true 70 | } 71 | } 72 | ] 73 | } 74 | net-conf.json: | 75 | { 76 | "Network": "{{ K8S_POD_NETWORK }}", 77 | "Backend": { 78 | "Type": "vxlan" 79 | } 80 | } 81 | --- 82 | apiVersion: extensions/v1beta1 83 | kind: DaemonSet 84 | metadata: 85 | name: kube-flannel-ds 86 | namespace: kube-system 87 | labels: 88 | tier: node 89 | app: flannel 90 | spec: 91 | template: 92 | metadata: 93 | labels: 94 | tier: node 95 | app: flannel 96 | spec: 97 | hostNetwork: true 98 | nodeSelector: 99 | beta.kubernetes.io/arch: amd64 100 | tolerations: 101 | - key: node-role.kubernetes.io/master 102 | operator: Exists 103 | effect: NoSchedule 104 | serviceAccountName: flannel 105 | initContainers: 106 | - name: install-cni 107 | image: {{ REGISTRY_LOCAL }}flannel:v0.10.0 108 | command: 109 | - cp 110 | args: 111 | - -f 112 | - /etc/kube-flannel/cni-conf.json 113 | - /etc/cni/net.d/10-flannel.conflist 114 | volumeMounts: 115 | - name: cni 116 | mountPath: /etc/cni/net.d 117 | - name: flannel-cfg 118 | mountPath: /etc/kube-flannel/ 119 | containers: 120 | - name: kube-flannel 121 | image: {{ REGISTRY_LOCAL }}flannel:v0.10.0 122 | command: 123 | - /opt/bin/flanneld 124 | args: 125 | - --ip-masq 126 | - --kube-subnet-mgr 127 | resources: 128 | requests: 129 | cpu: "100m" 130 | memory: "50Mi" 131 | limits: 132 | cpu: "100m" 133 | memory: "50Mi" 134 | securityContext: 135 | privileged: true 136 | env: 137 | - name: POD_NAME 138 | valueFrom: 139 | fieldRef: 140 | fieldPath: metadata.name 141 | - name: POD_NAMESPACE 142 | valueFrom: 143 | fieldRef: 144 | fieldPath: metadata.namespace 145 | volumeMounts: 146 | - name: run 147 | mountPath: /run 148 | - name: flannel-cfg 149 | mountPath: /etc/kube-flannel/ 150 | volumes: 151 | - name: run 152 | hostPath: 153 | path: /run 154 | - name: cni 155 | hostPath: 156 | path: /etc/cni/net.d 157 | - name: flannel-cfg 158 | configMap: 159 | name: kube-flannel-cfg -------------------------------------------------------------------------------- /linux/roles/wod.k8s-cni/templates/kube-router.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: kube-router-cfg 6 | namespace: kube-system 7 | labels: 8 | tier: node 9 | app: kube-router 10 | data: 11 | cni-conf.json: | 12 | { 13 | "cniVersion":"0.3.0", 14 | "name":"mynet", 15 | "plugins":[ 16 | { 17 | "name":"kubernetes", 18 | "type":"bridge", 19 | "bridge":"kube-bridge", 20 | "isDefaultGateway":true, 21 | "ipam":{ 22 | "type":"host-local" 23 | } 24 | }, 25 | { 26 | "type":"portmap", 27 | "capabilities":{ 28 | "snat":true, 29 | "portMappings":true 30 | } 31 | } 32 | ] 33 | } 34 | --- 35 | apiVersion: extensions/v1beta1 36 | kind: DaemonSet 37 | metadata: 38 | labels: 39 | app: kube-router 40 | tier: node 41 | name: kube-router 42 | namespace: kube-system 43 | spec: 44 | template: 45 | metadata: 46 | labels: 47 | app: kube-router 48 | tier: node 49 | annotations: 50 | scheduler.alpha.kubernetes.io/critical-pod: '' 51 | spec: 52 | containers: 53 | - name: kube-router 54 | image: {{ REGISTRY_LOCAL }}{{ K8S_IMAGES["KUBE-ROUTER"]["NAME"] }}:{{ K8S_IMAGES["KUBE-ROUTER"]["VERSION"] }} 55 | args: 56 | - --run-router=true 57 | - --run-firewall=true 58 | - --run-service-proxy=true 59 | - --kubeconfig=/etc/kubernetes/config/kubeproxy.yaml 60 | - --advertise-cluster-ip=true 61 | env: 62 | - name: NODE_NAME 63 | valueFrom: 64 | fieldRef: 65 | fieldPath: spec.nodeName 66 | - name: KUBE_ROUTER_CNI_CONF_FILE 67 | value: /etc/cni/net.d/10-kuberouter.conflist 68 | livenessProbe: 69 | httpGet: 70 | path: /healthz 71 | port: 20244 72 | initialDelaySeconds: 10 73 | periodSeconds: 3 74 | resources: 75 | requests: 76 | cpu: 250m 77 | memory: 250Mi 78 | securityContext: 79 | privileged: true 80 | volumeMounts: 81 | - name: lib-modules 82 | mountPath: /lib/modules 83 | readOnly: true 84 | - name: cni-conf-dir 85 | mountPath: /etc/cni/net.d 86 | - name: kubeconf 87 | mountPath: /etc/kubernetes/config/kubeproxy.yaml 88 | readOnly: true 89 | - name: kubessl 90 | mountPath: /etc/kubernetes/ssl 91 | readOnly: true 92 | initContainers: 93 | - name: install-cni 94 | image: {{ REGISTRY_LOCAL }}{{ K8S_IMAGES["BUSYBOX"]["NAME"] }}:{{ K8S_IMAGES["BUSYBOX"]["VERSION"] }} 95 | command: 96 | - /bin/sh 97 | - -c 98 | - set -e -x; 99 | if [ ! -f /etc/cni/net.d/10-kuberouter.conflist ]; then 100 | TMP=/etc/cni/net.d/.tmp-kuberouter-cfg; 101 | cp /etc/kube-router/cni-conf.json ${TMP}; 102 | mv ${TMP} /etc/cni/net.d/10-kuberouter.conflist; 103 | fi 104 | volumeMounts: 105 | - name: cni-conf-dir 106 | mountPath: /etc/cni/net.d 107 | - name: kube-router-cfg 108 | mountPath: /etc/kube-router 109 | hostNetwork: true 110 | hostIPC: true 111 | hostPID: true 112 | tolerations: 113 | - key: CriticalAddonsOnly 114 | operator: Exists 115 | - effect: NoSchedule 116 | key: node-role.kubernetes.io/master 117 | operator: Exists 118 | volumes: 119 | - name: lib-modules 120 | hostPath: 121 | path: /lib/modules 122 | - name: cni-conf-dir 123 | hostPath: 124 | path: /etc/cni/net.d 125 | - name: kube-router-cfg 126 | configMap: 127 | name: kube-router-cfg 128 | - name: kubeconf 129 | hostPath: 130 | path: /etc/kubernetes/config/kubeproxy.yaml 131 | - name: kubessl 132 | hostPath: 133 | path: /etc/kubernetes/ssl -------------------------------------------------------------------------------- /docs/addons/coredns.yml: -------------------------------------------------------------------------------- 1 | # Warning: This is a file generated from the base underscore template file: coredns.yaml.base 2 | 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: coredns 7 | namespace: kube-system 8 | labels: 9 | kubernetes.io/cluster-service: "true" 10 | addonmanager.kubernetes.io/mode: Reconcile 11 | --- 12 | apiVersion: rbac.authorization.k8s.io/v1 13 | kind: ClusterRole 14 | metadata: 15 | labels: 16 | kubernetes.io/bootstrapping: rbac-defaults 17 | addonmanager.kubernetes.io/mode: Reconcile 18 | name: system:coredns 19 | rules: 20 | - apiGroups: 21 | - "" 22 | resources: 23 | - endpoints 24 | - services 25 | - pods 26 | - namespaces 27 | verbs: 28 | - list 29 | - watch 30 | --- 31 | apiVersion: rbac.authorization.k8s.io/v1 32 | kind: ClusterRoleBinding 33 | metadata: 34 | annotations: 35 | rbac.authorization.kubernetes.io/autoupdate: "true" 36 | labels: 37 | kubernetes.io/bootstrapping: rbac-defaults 38 | addonmanager.kubernetes.io/mode: EnsureExists 39 | name: system:coredns 40 | roleRef: 41 | apiGroup: rbac.authorization.k8s.io 42 | kind: ClusterRole 43 | name: system:coredns 44 | subjects: 45 | - kind: ServiceAccount 46 | name: coredns 47 | namespace: kube-system 48 | --- 49 | apiVersion: v1 50 | kind: ConfigMap 51 | metadata: 52 | name: coredns 53 | namespace: kube-system 54 | labels: 55 | addonmanager.kubernetes.io/mode: EnsureExists 56 | data: 57 | Corefile: | 58 | .:53 { 59 | errors 60 | log 61 | health 62 | kubernetes cluster.local 10.3.0.0/24 { 63 | pods insecure 64 | } 65 | prometheus 66 | proxy . /etc/resolv.conf 67 | cache 30 68 | } 69 | --- 70 | apiVersion: extensions/v1beta1 71 | kind: Deployment 72 | metadata: 73 | name: coredns 74 | namespace: kube-system 75 | labels: 76 | k8s-app: coredns 77 | kubernetes.io/cluster-service: "true" 78 | addonmanager.kubernetes.io/mode: Reconcile 79 | kubernetes.io/name: "CoreDNS" 80 | spec: 81 | replicas: 1 82 | selector: 83 | matchLabels: 84 | k8s-app: coredns 85 | template: 86 | metadata: 87 | labels: 88 | k8s-app: coredns 89 | spec: 90 | serviceAccountName: coredns 91 | tolerations: 92 | - key: node-role.kubernetes.io/master 93 | effect: NoSchedule 94 | - key: "CriticalAddonsOnly" 95 | operator: "Exists" 96 | containers: 97 | - name: coredns 98 | image: reg.local:5000/k8s/coredns:1.0.1 99 | imagePullPolicy: IfNotPresent 100 | resources: 101 | limits: 102 | memory: 170Mi 103 | requests: 104 | cpu: 100m 105 | memory: 70Mi 106 | args: [ "-conf", "/etc/coredns/Corefile" ] 107 | volumeMounts: 108 | - name: config-volume 109 | mountPath: /etc/coredns 110 | ports: 111 | - containerPort: 53 112 | name: dns 113 | protocol: UDP 114 | - containerPort: 53 115 | name: dns-tcp 116 | protocol: TCP 117 | - containerPort: 9153 118 | name: metrics 119 | protocol: TCP 120 | livenessProbe: 121 | httpGet: 122 | path: /health 123 | port: 8080 124 | scheme: HTTP 125 | initialDelaySeconds: 60 126 | timeoutSeconds: 5 127 | successThreshold: 1 128 | failureThreshold: 5 129 | dnsPolicy: Default 130 | volumes: 131 | - name: config-volume 132 | configMap: 133 | name: coredns 134 | items: 135 | - key: Corefile 136 | path: Corefile 137 | --- 138 | apiVersion: v1 139 | kind: Service 140 | metadata: 141 | name: coredns 142 | namespace: kube-system 143 | labels: 144 | k8s-app: coredns 145 | kubernetes.io/cluster-service: "true" 146 | addonmanager.kubernetes.io/mode: Reconcile 147 | kubernetes.io/name: "CoreDNS" 148 | spec: 149 | selector: 150 | k8s-app: coredns 151 | clusterIP: 10.3.0.10 152 | ports: 153 | - name: dns 154 | port: 53 155 | protocol: UDP 156 | - name: dns-tcp 157 | port: 53 158 | protocol: TCP 159 | - name: metrics 160 | port: 9153 161 | protocol: TCP 162 | -------------------------------------------------------------------------------- /linux/roles/wod.k8s-cni/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Run cni.sh 2 | environment: 3 | HTTP_SERVER: '{{ HTTP_SERVER }}' 4 | K8S_CNI_BIN: '{{ K8S_CNI_BIN }}' 5 | script: cni.sh 6 | 7 | - name: mkdir -p /etc/kubernetes/addons/kube-system 8 | raw: mkdir -p /etc/kubernetes/addons/kube-system 9 | when: 10 | - K8S_CLUSTER_ROLE[inventory_hostname] is defined and K8S_CLUSTER_ROLE[inventory_hostname] == "master" 11 | 12 | - name: check need kube-router.yml 13 | raw: stat /etc/kubernetes/addons/kube-system/kube-router.yml 14 | register: need_addons_kube_router 15 | ignore_errors: True 16 | when: 17 | - K8S_CLUSTER_ROLE[inventory_hostname] is defined and K8S_CLUSTER_ROLE[inventory_hostname] == "master" 18 | - K8S_NETWORK_PLUGIN == "kube-router" 19 | 20 | - name: template kube-router.yml 21 | template: src=kube-router.yml dest=/etc/kubernetes/addons/kube-system/kube-router.yml 22 | when: 23 | - K8S_CLUSTER_ROLE[inventory_hostname] is defined and K8S_CLUSTER_ROLE[inventory_hostname] == "master" 24 | - K8S_NETWORK_PLUGIN == "kube-router" 25 | - need_addons_kube_router | failed 26 | 27 | - name: kubectl create -f kube-router.yml 28 | raw: kubectl create -f /etc/kubernetes/addons/kube-system/kube-router.yml 29 | when: 30 | - K8S_CLUSTER_ROLE[inventory_hostname] is defined and K8S_CLUSTER_ROLE[inventory_hostname] == "master" 31 | - K8S_NETWORK_PLUGIN == "kube-router" 32 | - need_addons_kube_router | failed 33 | register: create_result_kube_router 34 | until: create_result_kube_router.rc == 0 35 | retries: 5 36 | delay: 2 37 | ignore_errors: true 38 | 39 | - name: check need kube-proxy.yaml 40 | when: K8S_NETWORK_PLUGIN == "flannel" 41 | raw: stat /etc/kubernetes/manifests/kube-proxy.yaml 42 | register: need_manifests_kube_proxy 43 | ignore_errors: True 44 | 45 | - name: template kube-proxy.yml to master 46 | when: 47 | - K8S_CLUSTER_ROLE[inventory_hostname] is defined and K8S_CLUSTER_ROLE[inventory_hostname] == "master" 48 | - K8S_NETWORK_PLUGIN == "flannel" 49 | - need_manifests_kube_proxy | failed 50 | template: src=kube-proxy-master.yml dest=/etc/kubernetes/manifests/kube-proxy.yaml 51 | 52 | - name: template kube-proxy.yml to node 53 | when: 54 | - K8S_CLUSTER_ROLE[inventory_hostname] is not defined or K8S_CLUSTER_ROLE[inventory_hostname] != "master" 55 | - K8S_NETWORK_PLUGIN == "flannel" 56 | - need_manifests_kube_proxy | failed 57 | template: src=kube-proxy-worker.yml dest=/etc/kubernetes/manifests/kube-proxy.yaml 58 | 59 | - name: template kube-proxy-conf.yml 60 | when: 61 | - K8S_NETWORK_PLUGIN == "flannel" 62 | - need_manifests_kube_proxy | failed 63 | template: src=kube-proxy-conf.yml dest=/etc/kubernetes/config/kube-proxy-conf.yml 64 | 65 | - name: template kube-proxy-client.yml to master 66 | when: 67 | - K8S_CLUSTER_ROLE[inventory_hostname] is defined and K8S_CLUSTER_ROLE[inventory_hostname] == "master" 68 | - K8S_NETWORK_PLUGIN == "flannel" 69 | - need_manifests_kube_proxy | failed 70 | template: src=kube-proxy-client-master.yml dest=/etc/kubernetes/config/kube-proxy.yaml 71 | 72 | - name: template kube-proxy.yml to node 73 | when: 74 | - K8S_CLUSTER_ROLE[inventory_hostname] is not defined or K8S_CLUSTER_ROLE[inventory_hostname] != "master" 75 | - K8S_NETWORK_PLUGIN == "flannel" 76 | - need_manifests_kube_proxy | failed 77 | template: src=kube-proxy-client-worker.yml dest=/etc/kubernetes/config/kube-proxy.yaml 78 | 79 | - name: check need flannel.yml 80 | raw: stat /etc/kubernetes/addons/kube-system/flannel.yml 81 | register: need_addons_flannel 82 | ignore_errors: True 83 | when: 84 | - K8S_CLUSTER_ROLE[inventory_hostname] is defined and K8S_CLUSTER_ROLE[inventory_hostname] == "master" 85 | - K8S_NETWORK_PLUGIN == "flannel" 86 | 87 | - name: template flannel.yml 88 | template: src=flannel.yml dest=/etc/kubernetes/addons/kube-system/flannel.yml 89 | when: 90 | - K8S_CLUSTER_ROLE[inventory_hostname] is defined and K8S_CLUSTER_ROLE[inventory_hostname] == "master" 91 | - K8S_NETWORK_PLUGIN == "flannel" 92 | - need_addons_flannel | failed 93 | 94 | - name: kubectl create -f flannel.yml 95 | raw: kubectl create -f /etc/kubernetes/addons/kube-system/flannel.yml 96 | when: 97 | - K8S_CLUSTER_ROLE[inventory_hostname] is defined and K8S_CLUSTER_ROLE[inventory_hostname] == "master" 98 | - K8S_NETWORK_PLUGIN == "flannel" 99 | - need_addons_flannel | failed 100 | register: create_result_flannel 101 | until: create_result_flannel.rc == 0 102 | retries: 5 103 | delay: 2 104 | ignore_errors: true -------------------------------------------------------------------------------- /linux/roles/wod.k8s-addon/templates/coredns.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: coredns 6 | namespace: kube-system 7 | labels: 8 | kubernetes.io/cluster-service: "true" 9 | addonmanager.kubernetes.io/mode: Reconcile 10 | --- 11 | apiVersion: rbac.authorization.k8s.io/v1 12 | kind: ClusterRole 13 | metadata: 14 | labels: 15 | kubernetes.io/bootstrapping: rbac-defaults 16 | addonmanager.kubernetes.io/mode: Reconcile 17 | name: system:coredns 18 | rules: 19 | - apiGroups: 20 | - "" 21 | resources: 22 | - endpoints 23 | - services 24 | - pods 25 | - namespaces 26 | verbs: 27 | - list 28 | - watch 29 | --- 30 | apiVersion: rbac.authorization.k8s.io/v1 31 | kind: ClusterRoleBinding 32 | metadata: 33 | annotations: 34 | rbac.authorization.kubernetes.io/autoupdate: "true" 35 | labels: 36 | kubernetes.io/bootstrapping: rbac-defaults 37 | addonmanager.kubernetes.io/mode: EnsureExists 38 | name: system:coredns 39 | roleRef: 40 | apiGroup: rbac.authorization.k8s.io 41 | kind: ClusterRole 42 | name: system:coredns 43 | subjects: 44 | - kind: ServiceAccount 45 | name: coredns 46 | namespace: kube-system 47 | --- 48 | apiVersion: v1 49 | kind: ConfigMap 50 | metadata: 51 | name: coredns 52 | namespace: kube-system 53 | labels: 54 | addonmanager.kubernetes.io/mode: EnsureExists 55 | data: 56 | Corefile: | 57 | .:53 { 58 | errors 59 | log 60 | health 61 | kubernetes cluster.local {{ K8S_SERVICE_IP_RANGE }} { 62 | pods insecure 63 | } 64 | prometheus 65 | proxy . /etc/resolv.conf 66 | cache 30 67 | } 68 | --- 69 | apiVersion: extensions/v1beta1 70 | kind: Deployment 71 | metadata: 72 | name: coredns 73 | namespace: kube-system 74 | labels: 75 | k8s-app: coredns 76 | kubernetes.io/cluster-service: "true" 77 | addonmanager.kubernetes.io/mode: Reconcile 78 | kubernetes.io/name: "CoreDNS" 79 | spec: 80 | replicas: 1 81 | selector: 82 | matchLabels: 83 | k8s-app: coredns 84 | template: 85 | metadata: 86 | labels: 87 | k8s-app: coredns 88 | spec: 89 | serviceAccountName: coredns 90 | tolerations: 91 | - key: node-role.kubernetes.io/master 92 | effect: NoSchedule 93 | - key: "CriticalAddonsOnly" 94 | operator: "Exists" 95 | containers: 96 | - name: coredns 97 | image: {{ REGISTRY_LOCAL }}{{ K8S_IMAGES["COREDNS"]["NAME"] }}:{{ K8S_IMAGES["COREDNS"]["VERSION"] }} 98 | imagePullPolicy: IfNotPresent 99 | resources: 100 | limits: 101 | memory: 170Mi 102 | requests: 103 | cpu: 100m 104 | memory: 70Mi 105 | args: [ "-conf", "/etc/coredns/Corefile" ] 106 | volumeMounts: 107 | - name: config-volume 108 | mountPath: /etc/coredns 109 | - mountPath: /etc/localtime 110 | name: etc-localtime 111 | readOnly: true 112 | ports: 113 | - containerPort: 53 114 | name: dns 115 | protocol: UDP 116 | - containerPort: 53 117 | name: dns-tcp 118 | protocol: TCP 119 | - containerPort: 9153 120 | name: metrics 121 | protocol: TCP 122 | livenessProbe: 123 | httpGet: 124 | path: /health 125 | port: 8080 126 | scheme: HTTP 127 | initialDelaySeconds: 60 128 | timeoutSeconds: 5 129 | successThreshold: 1 130 | failureThreshold: 5 131 | dnsPolicy: Default 132 | volumes: 133 | - name: config-volume 134 | configMap: 135 | name: coredns 136 | items: 137 | - key: Corefile 138 | path: Corefile 139 | - name: etc-localtime 140 | hostPath: 141 | path: /etc/localtime 142 | --- 143 | apiVersion: v1 144 | kind: Service 145 | metadata: 146 | name: coredns 147 | namespace: kube-system 148 | labels: 149 | k8s-app: coredns 150 | kubernetes.io/cluster-service: "true" 151 | addonmanager.kubernetes.io/mode: Reconcile 152 | kubernetes.io/name: "CoreDNS" 153 | spec: 154 | selector: 155 | k8s-app: coredns 156 | clusterIP: {{ K8S_DNS_SERVICE_IP }} 157 | ports: 158 | - name: dns 159 | port: 53 160 | protocol: UDP 161 | - name: dns-tcp 162 | port: 53 163 | protocol: TCP 164 | - name: metrics 165 | port: 9153 166 | protocol: TCP 167 | -------------------------------------------------------------------------------- /docs/addons/kube-router.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: kube-router-cfg 6 | namespace: kube-system 7 | labels: 8 | tier: node 9 | app: kube-router 10 | data: 11 | cni-conf.json: | 12 | { 13 | "cniVersion":"0.3.0", 14 | "name":"mynet", 15 | "plugins":[ 16 | { 17 | "name":"kubernetes", 18 | "type":"bridge", 19 | "bridge":"kube-bridge", 20 | "isDefaultGateway":true, 21 | "ipam":{ 22 | "type":"host-local" 23 | } 24 | }, 25 | { 26 | "type":"portmap", 27 | "capabilities":{ 28 | "snat":true, 29 | "portMappings":true 30 | } 31 | } 32 | ] 33 | } 34 | --- 35 | apiVersion: extensions/v1beta1 36 | kind: DaemonSet 37 | metadata: 38 | labels: 39 | app: kube-router 40 | tier: node 41 | name: kube-router 42 | namespace: kube-system 43 | spec: 44 | template: 45 | metadata: 46 | labels: 47 | app: kube-router 48 | tier: node 49 | annotations: 50 | scheduler.alpha.kubernetes.io/critical-pod: '' 51 | spec: 52 | serviceAccountName: kube-router 53 | serviceAccount: kube-router 54 | containers: 55 | - name: kube-router 56 | image: hub.c.163.com/mengkzhaoyun/k8s:kube-router-v0.2.0-beta.9 57 | args: 58 | - --run-router=true 59 | - --run-firewall=true 60 | - --run-service-proxy=true 61 | - --kubeconfig=/etc/kubernetes/config/kubeproxy.yaml 62 | - --advertise-cluster-ip=true 63 | env: 64 | - name: NODE_NAME 65 | valueFrom: 66 | fieldRef: 67 | fieldPath: spec.nodeName 68 | - name: KUBE_ROUTER_CNI_CONF_FILE 69 | value: /etc/cni/net.d/10-kuberouter.conflist 70 | livenessProbe: 71 | httpGet: 72 | path: /healthz 73 | port: 20244 74 | initialDelaySeconds: 10 75 | periodSeconds: 3 76 | resources: 77 | requests: 78 | cpu: 250m 79 | memory: 250Mi 80 | securityContext: 81 | privileged: true 82 | volumeMounts: 83 | - name: lib-modules 84 | mountPath: /lib/modules 85 | readOnly: true 86 | - name: cni-conf-dir 87 | mountPath: /etc/cni/net.d 88 | - name: kubeconf 89 | mountPath: /etc/kubernetes/config/kubeproxy.yaml 90 | readOnly: true 91 | - name: kubessl 92 | mountPath: /etc/kubernetes/ssl 93 | readOnly: true 94 | initContainers: 95 | - name: install-cni 96 | image: reg.local:5000/k8s/busybox:1.27.2 97 | command: 98 | - /bin/sh 99 | - -c 100 | - set -e -x; 101 | if [ ! -f /etc/cni/net.d/10-kuberouter.conflist ]; then 102 | TMP=/etc/cni/net.d/.tmp-kuberouter-cfg; 103 | cp /etc/kube-router/cni-conf.json ${TMP}; 104 | mv ${TMP} /etc/cni/net.d/10-kuberouter.conflist; 105 | fi 106 | volumeMounts: 107 | - name: cni-conf-dir 108 | mountPath: /etc/cni/net.d 109 | - name: kube-router-cfg 110 | mountPath: /etc/kube-router 111 | hostNetwork: true 112 | hostIPC: true 113 | hostPID: true 114 | tolerations: 115 | - key: CriticalAddonsOnly 116 | operator: Exists 117 | - effect: NoSchedule 118 | key: node-role.kubernetes.io/master 119 | operator: Exists 120 | volumes: 121 | - name: lib-modules 122 | hostPath: 123 | path: /lib/modules 124 | - name: cni-conf-dir 125 | hostPath: 126 | path: /etc/cni/net.d 127 | - name: kube-router-cfg 128 | configMap: 129 | name: kube-router-cfg 130 | - name: kubeconf 131 | hostPath: 132 | path: /etc/kubernetes/config/kubeproxy.yaml 133 | - name: kubessl 134 | hostPath: 135 | path: /etc/kubernetes/ssl 136 | --- 137 | apiVersion: v1 138 | kind: ServiceAccount 139 | metadata: 140 | name: kube-router 141 | namespace: kube-system 142 | --- 143 | kind: ClusterRole 144 | apiVersion: rbac.authorization.k8s.io/v1beta1 145 | metadata: 146 | name: kube-router 147 | namespace: kube-system 148 | rules: 149 | - apiGroups: 150 | - "" 151 | resources: 152 | - namespaces 153 | - pods 154 | - services 155 | - nodes 156 | - endpoints 157 | verbs: 158 | - list 159 | - get 160 | - watch 161 | - apiGroups: 162 | - "networking.k8s.io" 163 | resources: 164 | - networkpolicies 165 | verbs: 166 | - list 167 | - get 168 | - watch 169 | - apiGroups: 170 | - extensions 171 | resources: 172 | - networkpolicies 173 | verbs: 174 | - get 175 | - list 176 | - watch 177 | --- 178 | kind: ClusterRoleBinding 179 | apiVersion: rbac.authorization.k8s.io/v1beta1 180 | metadata: 181 | name: kube-router 182 | roleRef: 183 | apiGroup: rbac.authorization.k8s.io 184 | kind: ClusterRole 185 | name: kube-router 186 | subjects: 187 | - kind: ServiceAccount 188 | name: kube-router 189 | namespace: kube-system -------------------------------------------------------------------------------- /docs/history/1.9/ubuntu.md: -------------------------------------------------------------------------------- 1 | # Deploy 2 | 3 | Schema 4 | 5 | Online Vedio
6 | https://www.bilibili.com/video/av20150387/
7 | https://www.youtube.com/watch?v=144Ng2D5jxQ 8 | 9 | 10 | # Prepare 11 | 12 | ## 1). Config 13 | Modify Machine Name&IP
14 | ./hosts 15 | 16 | Modify k8s Cluster Config
17 | ./linux/group_vars/systech 18 | 19 | ## 2). HTTP_SERVER 20 | http://172.16.11.235/k8s
21 | Check the server contians these files: 22 | ```bash 23 | # ansible deps 24 | pypy-5.1.0-linux64.tar.bz2 25 | 26 | # ubuntu deps 27 | libltdl7_2.4.6-0.1_amd64.tgz 28 | iptables_1.6.0-2ubuntu3_amd64.tgz 29 | docker-engine_1.13.1-0~ubuntu-xenial_amd64.tgz 30 | rkt_1.29.0-1_amd64.tgz 31 | 32 | # k8s deps 33 | etcd-v3.3.1.tgz 34 | etcdctl-v3.3.1-linux-amd64.tgz 35 | flannel-v0.10.0.tgz 36 | hyperkube-v1.9.3.tgz 37 | kubectl-v1.9.3.tgz 38 | registry-2.6.2.tgz 39 | registry-data-v1.9.3.tgz 40 | ``` 41 | 42 | BAIDU DISK
43 | Link:https://pan.baidu.com/s/1ofySEUgwNEB_id6krF2hUA
44 | Pass:ci85 45 | 46 | 47 | ## 3). SSH 48 | Store Ansible SSH Key on each Ubuntu Server 49 | 50 | # Install 51 | 52 | ## 1).run ansible from docker 53 | ```powershell 54 | docker run ` 55 | --name ansible ` 56 | -h ansible ` 57 | -v c:/go/src/github.com/mengkzhaoyun/ansible:/etc/ansible ` 58 | -d hub.c.163.com/mengkzhaoyun/public:ansible-2.3.0-centos7 /bin/sh -c "while true; do echo hello world; sleep 1; done" 59 | ``` 60 | 61 | ## 2).enter in ansible cotainer , install etcd .. 62 | ```bash 63 | # enter contianer run ansible scripts 64 | docker exec -it ansible bash 65 | 66 | # check ssh link 67 | ssh 172.16.11.247 68 | ssh 172.16.11.248 69 | ssh 172.16.11.249 70 | 71 | # exec commands to install k8s 72 | cd linux 73 | ap 0.bootstrap.yml 74 | ap 1.install.yml 75 | ``` 76 | 77 | ## 3).check rkt & etcd 78 | ```bash 79 | # ssh 172.16.11.248 80 | ssh 172.16.11.248 81 | 82 | # check rkt 83 | rkt list 84 | UUID APP IMAGE NAME STATE CREATED STARTED NETWORKS 85 | 56703a2f etcd hub.c.163.com/mengkzhaoyun/k8s:etcd-v3.3.1 running 2 minutes ago 2 minutes ago 86 | 5686972d flannelopts hub.c.163.com/mengkzhaoyun/k8s:flannel-v0.10.0 exited 1 minute ago 1 minute ago 87 | 7abe579f flannel hub.c.163.com/mengkzhaoyun/k8s:flannel-v0.10.0 running 1 minute ago 1 minute ago 88 | c31fd758 registry hub.c.163.com/mengkzhaoyun/public:registry-2.6.2 running 5 seconds ago 5 seconds ago 89 | 90 | # check docker 91 | docker ps 92 | 93 | # check etcd 94 | etcdctl cluster-health 95 | member 5386a54d596452b is healthy: got healthy result from http://172.16.11.248:2379 96 | member 258ce1afc19b0389 is healthy: got healthy result from http://172.16.11.247:2379 97 | member eaa1d1b829ee4d39 is healthy: got healthy result from http://172.16.11.249:2379 98 | cluster is healthy 99 | 100 | # ssh exit 101 | exit 102 | ``` 103 | 104 | ## 4).install kubernetes 105 | ```bash 106 | # run in ansible.docker 107 | ap 2.kubernetes.yml 108 | 109 | # ssh 172.16.11.248 110 | ssh 172.16.11.248 111 | 112 | # wait k8s pod started 113 | rkt list 114 | UUID APP IMAGE NAME STATE CREATED STARTED NETWORKS 115 | 56703a2f etcd hub.c.163.com/mengkzhaoyun/k8s:etcd-v3.3.1 running 8 minutes ago 8 minutes ago 116 | 5686972d flannelopts hub.c.163.com/mengkzhaoyun/k8s:flannel-v0.10.0 exited 8 minutes ago 8 minutes ago 117 | 6e15243e k8s hub.c.163.com/mengkzhaoyun/k8s:hyperkube-v1.9.3 running 21 seconds ago 21 seconds ago 118 | 7abe579f flannel hub.c.163.com/mengkzhaoyun/k8s:flannel-v0.10.0 running 8 minutes ago 8 minutes ago 119 | c31fd758 registry hub.c.163.com/mengkzhaoyun/public:registry-2.6.2 running 6 minutes ago 6 minutes ago 120 | 121 | # check in master node 122 | kubectl get pod -n=kube-system 123 | 124 | NAME READY STATUS RESTARTS AGE 125 | kube-apiserver-172.16.11.248 1/1 Running 0 6m 126 | kube-controller-manager-172.16.11.248 1/1 Running 0 6m 127 | kube-proxy-172.16.11.247 1/1 Running 0 24s 128 | kube-proxy-172.16.11.248 1/1 Running 0 6m 129 | kube-proxy-172.16.11.249 1/1 Running 0 7m 130 | kube-scheduler-172.16.11.248 1/1 Running 0 6m 131 | 132 | # ssh exit 133 | exit 134 | ``` 135 | 136 | ## 5).install kubernetes Addon 137 | ```bash 138 | # run in ansible.docker 139 | ap 3.kubernetes-addon.yml 140 | 141 | # ssh 172.16.11.248 142 | ssh 172.16.11.248 143 | 144 | # check in master node 145 | kubectl get pods -n=kube-system 146 | NAME READY STATUS RESTARTS AGE 147 | coredns-544d965f4d-nrfcz 1/1 Running 0 1m 148 | heapster-66b44cdb95-zh8nf 4/4 Running 0 56s 149 | kube-apiserver-172.16.11.248 1/1 Running 0 2m 150 | kube-controller-manager-172.16.11.248 1/1 Running 0 2m 151 | kube-proxy-172.16.11.247 1/1 Running 0 2m 152 | kube-proxy-172.16.11.248 1/1 Running 0 2m 153 | kube-proxy-172.16.11.249 1/1 Running 0 2m 154 | kube-scheduler-172.16.11.248 1/1 Running 0 2m 155 | kubernetes-dashboard-688f76f6bd-ncwgx 1/1 Running 0 59s 156 | monitoring-influxdb-grafana-7f585c6959-2vv77 2/2 Running 0 53s 157 | ``` 158 | 159 | # Brower 160 | Schema 161 | https://172.16.11.248:6443/ui
162 | admin
163 | abc2018 164 | -------------------------------------------------------------------------------- /linux/roles/wod.k8s-addon/templates/heapster.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: heapster 6 | namespace: kube-system 7 | labels: 8 | kubernetes.io/cluster-service: "true" 9 | addonmanager.kubernetes.io/mode: Reconcile 10 | --- 11 | apiVersion: rbac.authorization.k8s.io/v1 12 | kind: ClusterRoleBinding 13 | metadata: 14 | name: heapster 15 | roleRef: 16 | apiGroup: rbac.authorization.k8s.io 17 | kind: ClusterRole 18 | name: system:heapster 19 | subjects: 20 | - kind: ServiceAccount 21 | name: heapster 22 | namespace: kube-system 23 | --- 24 | kind: Service 25 | apiVersion: v1 26 | metadata: 27 | name: heapster 28 | namespace: kube-system 29 | labels: 30 | kubernetes.io/cluster-service: "true" 31 | addonmanager.kubernetes.io/mode: Reconcile 32 | kubernetes.io/name: "Heapster" 33 | spec: 34 | ports: 35 | - port: 80 36 | targetPort: 8082 37 | selector: 38 | k8s-app: heapster 39 | --- 40 | apiVersion: v1 41 | kind: ConfigMap 42 | metadata: 43 | name: heapster-config 44 | namespace: kube-system 45 | labels: 46 | kubernetes.io/cluster-service: "true" 47 | addonmanager.kubernetes.io/mode: EnsureExists 48 | data: 49 | NannyConfiguration: |- 50 | apiVersion: nannyconfig/v1alpha1 51 | kind: NannyConfiguration 52 | --- 53 | apiVersion: v1 54 | kind: ConfigMap 55 | metadata: 56 | name: eventer-config 57 | namespace: kube-system 58 | labels: 59 | kubernetes.io/cluster-service: "true" 60 | addonmanager.kubernetes.io/mode: EnsureExists 61 | data: 62 | NannyConfiguration: |- 63 | apiVersion: nannyconfig/v1alpha1 64 | kind: NannyConfiguration 65 | --- 66 | apiVersion: extensions/v1beta1 67 | kind: Deployment 68 | metadata: 69 | name: heapster 70 | namespace: kube-system 71 | labels: 72 | k8s-app: heapster 73 | kubernetes.io/cluster-service: "true" 74 | addonmanager.kubernetes.io/mode: Reconcile 75 | version: v1.5.0 76 | spec: 77 | replicas: 1 78 | selector: 79 | matchLabels: 80 | k8s-app: heapster 81 | version: v1.5.0 82 | template: 83 | metadata: 84 | labels: 85 | k8s-app: heapster 86 | version: v1.5.0 87 | annotations: 88 | scheduler.alpha.kubernetes.io/critical-pod: '' 89 | spec: 90 | containers: 91 | - image: {{ REGISTRY_LOCAL }}{{ K8S_IMAGES["HEAPSTER"]["NAME"] }}:{{ K8S_IMAGES["HEAPSTER"]["VERSION"] }} 92 | name: heapster 93 | livenessProbe: 94 | httpGet: 95 | path: /healthz 96 | port: 8082 97 | scheme: HTTP 98 | initialDelaySeconds: 180 99 | timeoutSeconds: 5 100 | command: 101 | - /heapster 102 | - --source=kubernetes.summary_api:'' 103 | - --sink=influxdb:http://monitoring-influxdb:8086 104 | - image: {{ REGISTRY_LOCAL }}{{ K8S_IMAGES["HEAPSTER"]["NAME"] }}:{{ K8S_IMAGES["HEAPSTER"]["VERSION"] }} 105 | name: eventer 106 | command: 107 | - /eventer 108 | - --source=kubernetes:'' 109 | - --sink=influxdb:http://monitoring-influxdb:8086 110 | - image: {{ REGISTRY_LOCAL }}{{ K8S_IMAGES["ADDON-RESIZER"]["NAME"] }}:{{ K8S_IMAGES["ADDON-RESIZER"]["VERSION"] }} 111 | name: heapster-nanny 112 | resources: 113 | limits: 114 | cpu: 50m 115 | memory: 90Mi 116 | requests: 117 | cpu: 50m 118 | memory: 90Mi 119 | env: 120 | - name: MY_POD_NAME 121 | valueFrom: 122 | fieldRef: 123 | fieldPath: metadata.name 124 | - name: MY_POD_NAMESPACE 125 | valueFrom: 126 | fieldRef: 127 | fieldPath: metadata.namespace 128 | volumeMounts: 129 | - name: heapster-config-volume 130 | mountPath: /etc/config 131 | command: 132 | - /pod_nanny 133 | - --config-dir=/etc/config 134 | - --cpu=80m 135 | - --extra-cpu=4m 136 | - --memory=140Mi 137 | - --extra-memory=4Mi 138 | - --threshold=5 139 | - --deployment=heapster-v1.5.0 140 | - --container=heapster 141 | - --poll-period=300000 142 | - --estimator=exponential 143 | - image: {{ REGISTRY_LOCAL }}{{ K8S_IMAGES["ADDON-RESIZER"]["NAME"] }}:{{ K8S_IMAGES["ADDON-RESIZER"]["VERSION"] }} 144 | name: eventer-nanny 145 | resources: 146 | limits: 147 | cpu: 50m 148 | memory: 90Mi 149 | requests: 150 | cpu: 50m 151 | memory: 90Mi 152 | env: 153 | - name: MY_POD_NAME 154 | valueFrom: 155 | fieldRef: 156 | fieldPath: metadata.name 157 | - name: MY_POD_NAMESPACE 158 | valueFrom: 159 | fieldRef: 160 | fieldPath: metadata.namespace 161 | volumeMounts: 162 | - name: eventer-config-volume 163 | mountPath: /etc/config 164 | command: 165 | - /pod_nanny 166 | - --config-dir=/etc/config 167 | - --cpu=100m 168 | - --extra-cpu=0m 169 | - --memory=190Mi 170 | - --extra-memory=500Ki 171 | - --threshold=5 172 | - --deployment=heapster-v1.5.0 173 | - --container=eventer 174 | - --poll-period=300000 175 | - --estimator=exponential 176 | volumes: 177 | - name: heapster-config-volume 178 | configMap: 179 | name: heapster-config 180 | - name: eventer-config-volume 181 | configMap: 182 | name: eventer-config 183 | serviceAccountName: heapster 184 | tolerations: 185 | - key: "CriticalAddonsOnly" 186 | operator: "Exists" -------------------------------------------------------------------------------- /docs/history/1.9/centos.md: -------------------------------------------------------------------------------- 1 | # Offline Auto Deploy Kubernetes 1.9.4 in CentOS 2 | 3 | os: CentOS Linux release 7.4.1708 (Core)
4 | cotianer: docker 1.13.1 , rkt 1.29.0
5 | etcd: 3.3.2
6 | kubernetes: 1.9.4
7 | kubernetes-network: kube-router:v0.1.0-rc2
8 | kubernetes-addons: coredns:1.1.0 , dashboard:v1.8.3 , heapster:v1.5.0 9 | 10 | Schema 11 | 12 | Online Vedio
13 | https://www.bilibili.com/video/av20919490/
14 | https://youtu.be/_vhBCMwQsu8 15 | 16 | 17 | # Prepare 18 | 19 | CentOS-7-x86_64-Minimal-1708.iso 20 | 21 | ## 1). 22 | 23 | Modify Machine Name&IP
24 | ./linux/centos 25 | 26 | Modify k8s Cluster Config
27 | ./linux/group_vars/systech 28 | 29 | ## 2). HTTP_SERVER 30 | 31 | http://172.16.11.235/centos
32 | 33 | Check the server contians these files: 34 | 35 | ```bash 36 | # centos docker deps 37 | repodata/922ff602a55376780bc44e186d88fee0e0d45007f515483b171fa6be63dca872-filelists.sqlite.bz2 38 | repodata/9881e0d4922fd8b3991fef570b185cf72006451666456c6b0bfea840e46ce114-other.sqlite.bz2 39 | repodata/ab9d1d915cfa35cfbffd4cdfe2af991854514969d5baf484566396a2a5f1f52e-primary.sqlite.bz2 40 | repodata/c07ddf21b7bf8274641bde5e897d09e6f4ba7441e605d9b341536761356f1094-filelists.xml.gz 41 | repodata/d9a8eb6020167c5df4f75e9ae6c95c5a8738e89ac8e73de938a167e966f3d4af-other.xml.gz 42 | repodata/eaf07fe0b3c248c50ea0f20b8dcea24e60f2aeab0d0e182bf4176319c5347866-primary.xml.gz 43 | repodata/repomd.xml 44 | audit-libs-python-2.7.6-3.el7.x86_64.rpm 45 | checkpolicy-2.5-4.el7.x86_64.rpm 46 | container-selinux-2.42-1.gitad8f0f7.el7.noarch.rpm 47 | container-storage-setup-0.8.0-3.git1d27ecf.el7.noarch.rpm 48 | docker-1.13.1-53.git774336d.el7.centos.x86_64.rpm 49 | docker-client-1.13.1-53.git774336d.el7.centos.x86_64.rpm 50 | docker-common-1.13.1-53.git774336d.el7.centos.x86_64.rpm 51 | libcgroup-0.41-13.el7.x86_64.rpm 52 | libseccomp-2.3.1-3.el7.x86_64.rpm 53 | libsemanage-python-2.5-8.el7.x86_64.rpm 54 | oci-register-machine-0-6.git2b44233.el7.x86_64.rpm 55 | oci-systemd-hook-0.1.15-2.gitc04483d.el7.x86_64.rpm 56 | oci-umount-2.3.3-3.gite3c9055.el7.x86_64.rpm 57 | policycoreutils-python-2.5-17.1.el7.x86_64.rpm 58 | python-IPy-0.75-6.el7.noarch.rpm 59 | setools-libs-3.3.8-1.1.el7.x86_64.rpm 60 | skopeo-containers-0.1.28-1.git0270e56.el7.x86_64.rpm 61 | yajl-2.0.4-4.el7.x86_64.rpm 62 | ``` 63 | 64 | 65 | http://172.16.11.235/k8s
66 | 67 | Check the server contians these files: 68 | 69 | ```bash 70 | # centos deps 71 | rkt-1.29.0-1.x86_64.rpm.tgz 72 | 73 | # k8s require 74 | etcd-v3.3.2.tgz 75 | etcdctl-v3.3.2-linux-amd64.tgz 76 | hyperkube-v1.9.4.tgz 77 | kubectl-v1.9.4.tgz 78 | registry-2.6.2.tgz 79 | registry-data-v1.9.4.tgz 80 | ``` 81 | 82 | BAIDU DISK
83 | Link:https://pan.baidu.com/s/1UqGj5QD4zXFwoBsrCmf3XQ
84 | Pass:za7b 85 | 86 | ## 3). SSH 87 | Store Ansible SSH Key on each CentOS Server 88 | 89 | # Install 90 | 91 | ## 1).run ansible from docker 92 | ```cmd 93 | docker run ` 94 | --name ansible ` 95 | -h ansible ` 96 | -v c:/git/mengkzhaoyun/ansible:/etc/ansible ` 97 | -d hub.c.163.com/mengkzhaoyun/public:ansible-2.3.0-centos7 /bin/sh -c "while true; do echo hello world; sleep 1; done" 98 | ``` 99 | 100 | ## 2).enter in ansible cotainer , install etcd .. 101 | ```bash 102 | # enter contianer run ansible scripts 103 | docker exec -it ansible bash 104 | 105 | # check ssh link 106 | ssh 172.16.11.247 107 | ssh 172.16.11.248 108 | ssh 172.16.11.249 109 | 110 | # exec commands to install k8s 111 | cd linux 112 | ap 1.install-centos.yml -i centos 113 | ``` 114 | 115 | ## 3).check rkt & etcd 116 | ```bash 117 | # ssh 172.16.11.248 118 | ssh 172.16.11.248 119 | 120 | # check rkt 121 | rkt list 122 | UUID APP IMAGE NAME STATE CREATED STARTED NETWORKS 123 | 56703a2f etcd hub.c.163.com/mengkzhaoyun/k8s:etcd-v3.3.2 running 2 minutes ago 2 minutes ago 124 | c31fd758 registry hub.c.163.com/mengkzhaoyun/k8s:registry-2.6.2 running 5 seconds ago 5 seconds ago 125 | 126 | # check docker 127 | docker ps 128 | 129 | # check etcd 130 | etcdctl cluster-health 131 | 132 | member 5386a54d596452b is healthy: got healthy result from http://172.16.11.248:2379 133 | member 258ce1afc19b0389 is healthy: got healthy result from http://172.16.11.247:2379 134 | member eaa1d1b829ee4d39 is healthy: got healthy result from http://172.16.11.249:2379 135 | cluster is healthy 136 | 137 | # ssh exit 138 | exit 139 | ``` 140 | 141 | ## 4).install kubernetes 142 | ```bash 143 | # run in ansible.docker 144 | ap 2.kubernetes.yml -i centos 145 | 146 | # ssh 172.16.11.248 147 | ssh 172.16.11.248 148 | 149 | # wait k8s pod started 150 | rkt list 151 | 152 | UUID APP IMAGE NAME STATE CREATED STARTED NETWORKS 153 | 56703a2f etcd hub.c.163.com/mengkzhaoyun/k8s:etcd-v3.3.2 running 8 minutes ago 8 minutes ago 154 | 6e15243e k8s hub.c.163.com/mengkzhaoyun/k8s:hyperkube-v1.9.4 running 21 seconds ago 21 seconds ago 155 | c31fd758 registry hub.c.163.com/mengkzhaoyun/k8s:registry-2.6.2 running 6 minutes ago 6 minutes ago 156 | 157 | # check in master node 158 | kubectl get pod -n=kube-system 159 | 160 | NAME READY STATUS RESTARTS AGE 161 | kube-apiserver-172.16.11.248 1/1 Running 0 6m 162 | kube-controller-manager-172.16.11.248 1/1 Running 0 6m 163 | kube-scheduler-172.16.11.248 1/1 Running 0 6m 164 | 165 | # ssh exit 166 | exit 167 | ``` 168 | 169 | ## 5).install kubernetes cni 170 | ```bash 171 | # run in ansible.docker 172 | ap 3.kubernetes-cni.yml -i centos 173 | 174 | # ssh 172.16.11.248 175 | ssh 172.16.11.248 176 | 177 | # check in master node 178 | kubectl get pods -n=kube-system 179 | 180 | NAME READY STATUS RESTARTS AGE 181 | kube-apiserver-172.16.11.248 1/1 Running 0 2m 182 | kube-controller-manager-172.16.11.248 1/1 Running 0 2m 183 | kube-router-fmpht 1/1 Running 0 2m 184 | kube-router-kgfh7 1/1 Running 0 2m 185 | kube-router-tfhph 1/1 Running 0 2m 186 | kube-scheduler-172.16.11.248 1/1 Running 0 2m 187 | ``` 188 | 189 | ## 6).install kubernetes Addon 190 | ```bash 191 | # run in ansible.docker 192 | ap 4.kubernetes-addon.yml -i centos 193 | 194 | # ssh 172.16.11.248 195 | ssh 172.16.11.248 196 | 197 | # check in master node 198 | kubectl get pods -n=kube-system 199 | 200 | NAME READY STATUS RESTARTS AGE 201 | coredns-544d965f4d-nrfcz 1/1 Running 0 1m 202 | heapster-66b44cdb95-zh8nf 4/4 Running 0 56s 203 | kube-apiserver-172.16.11.248 1/1 Running 0 2m 204 | kube-controller-manager-172.16.11.248 1/1 Running 0 2m 205 | kube-router-fmpht 1/1 Running 0 2m 206 | kube-router-kgfh7 1/1 Running 0 2m 207 | kube-router-tfhph 1/1 Running 0 2m 208 | kube-scheduler-172.16.11.248 1/1 Running 0 2m 209 | kubernetes-dashboard-688f76f6bd-ncwgx 1/1 Running 0 59s 210 | monitoring-influxdb-grafana-7f585c6959-2vv77 2/2 Running 0 53s 211 | ``` 212 | 213 | # Brower 214 | Schema 215 | https://172.16.11.248:6443/ui
216 | admin
217 | abc2018 -------------------------------------------------------------------------------- /docs/addons/heapster.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: monitoring-grafana 6 | namespace: kube-system 7 | labels: 8 | kubernetes.io/cluster-service: "true" 9 | addonmanager.kubernetes.io/mode: Reconcile 10 | kubernetes.io/name: "Grafana" 11 | spec: 12 | # On production clusters, consider setting up auth for grafana, and 13 | # exposing Grafana either using a LoadBalancer or a public IP. 14 | # type: LoadBalancer 15 | ports: 16 | - port: 80 17 | protocol: TCP 18 | targetPort: ui 19 | selector: 20 | k8s-app: influxGrafana 21 | --- 22 | apiVersion: v1 23 | kind: Service 24 | metadata: 25 | name: monitoring-influxdb 26 | namespace: kube-system 27 | labels: 28 | kubernetes.io/cluster-service: "true" 29 | addonmanager.kubernetes.io/mode: Reconcile 30 | kubernetes.io/name: "InfluxDB" 31 | spec: 32 | ports: 33 | - name: http 34 | port: 8083 35 | targetPort: 8083 36 | - name: api 37 | port: 8086 38 | targetPort: 8086 39 | selector: 40 | k8s-app: influxGrafana 41 | --- 42 | kind: Deployment 43 | apiVersion: extensions/v1beta1 44 | metadata: 45 | name: monitoring-influxdb-grafana-v4 46 | namespace: kube-system 47 | labels: 48 | k8s-app: influxGrafana 49 | version: v4 50 | kubernetes.io/cluster-service: "true" 51 | addonmanager.kubernetes.io/mode: Reconcile 52 | spec: 53 | replicas: 1 54 | selector: 55 | matchLabels: 56 | k8s-app: influxGrafana 57 | version: v4 58 | template: 59 | metadata: 60 | labels: 61 | k8s-app: influxGrafana 62 | version: v4 63 | annotations: 64 | scheduler.alpha.kubernetes.io/critical-pod: '' 65 | spec: 66 | tolerations: 67 | - key: node-role.kubernetes.io/master 68 | effect: NoSchedule 69 | - key: "CriticalAddonsOnly" 70 | operator: "Exists" 71 | containers: 72 | - name: influxdb 73 | image: reg.local:5000/k8s/heapster-influxdb-amd64:v1.3.3 74 | resources: 75 | limits: 76 | cpu: 100m 77 | memory: 500Mi 78 | requests: 79 | cpu: 100m 80 | memory: 500Mi 81 | ports: 82 | - name: http 83 | containerPort: 8083 84 | - name: api 85 | containerPort: 8086 86 | volumeMounts: 87 | - name: influxdb-persistent-storage 88 | mountPath: /data 89 | - name: grafana 90 | image: reg.local:5000/k8s/heapster-grafana-amd64:v4.4.3 91 | env: 92 | resources: 93 | # keep request = limit to keep this container in guaranteed class 94 | limits: 95 | cpu: 100m 96 | memory: 100Mi 97 | requests: 98 | cpu: 100m 99 | memory: 100Mi 100 | env: 101 | # This variable is required to setup templates in Grafana. 102 | - name: INFLUXDB_SERVICE_URL 103 | value: http://monitoring-influxdb:8086 104 | # The following env variables are required to make Grafana accessible via 105 | # the kubernetes api-server proxy. On production clusters, we recommend 106 | # removing these env variables, setup auth for grafana, and expose the grafana 107 | # service using a LoadBalancer or a public IP. 108 | - name: GF_AUTH_BASIC_ENABLED 109 | value: "false" 110 | - name: GF_AUTH_ANONYMOUS_ENABLED 111 | value: "true" 112 | - name: GF_AUTH_ANONYMOUS_ORG_ROLE 113 | value: Admin 114 | - name: GF_SERVER_ROOT_URL 115 | value: /api/v1/proxy/namespaces/kube-system/services/monitoring-grafana/ 116 | ports: 117 | - name: ui 118 | containerPort: 3000 119 | volumeMounts: 120 | - name: grafana-persistent-storage 121 | mountPath: /var 122 | volumes: 123 | - name: influxdb-persistent-storage 124 | emptyDir: {} 125 | - name: grafana-persistent-storage 126 | emptyDir: {} 127 | --- 128 | apiVersion: rbac.authorization.k8s.io/v1 129 | kind: ClusterRoleBinding 130 | metadata: 131 | name: heapster-binding 132 | labels: 133 | kubernetes.io/cluster-service: "true" 134 | addonmanager.kubernetes.io/mode: Reconcile 135 | roleRef: 136 | apiGroup: rbac.authorization.k8s.io 137 | kind: ClusterRole 138 | name: system:heapster 139 | subjects: 140 | - kind: ServiceAccount 141 | name: heapster 142 | namespace: kube-system 143 | --- 144 | # Heapster's pod_nanny monitors the heapster deployment & its pod(s), and scales 145 | # the resources of the deployment if necessary. 146 | apiVersion: rbac.authorization.k8s.io/v1 147 | kind: Role 148 | metadata: 149 | name: system:pod-nanny 150 | namespace: kube-system 151 | labels: 152 | kubernetes.io/cluster-service: "true" 153 | addonmanager.kubernetes.io/mode: Reconcile 154 | rules: 155 | - apiGroups: 156 | - "" 157 | resources: 158 | - pods 159 | verbs: 160 | - get 161 | - apiGroups: 162 | - "extensions" 163 | resources: 164 | - deployments 165 | verbs: 166 | - get 167 | - update 168 | --- 169 | apiVersion: rbac.authorization.k8s.io/v1 170 | kind: RoleBinding 171 | metadata: 172 | name: heapster-binding 173 | namespace: kube-system 174 | labels: 175 | kubernetes.io/cluster-service: "true" 176 | addonmanager.kubernetes.io/mode: Reconcile 177 | roleRef: 178 | apiGroup: rbac.authorization.k8s.io 179 | kind: Role 180 | name: system:pod-nanny 181 | subjects: 182 | - kind: ServiceAccount 183 | name: heapster 184 | namespace: kube-system 185 | --- 186 | kind: Service 187 | apiVersion: v1 188 | metadata: 189 | name: heapster 190 | namespace: kube-system 191 | labels: 192 | kubernetes.io/cluster-service: "true" 193 | addonmanager.kubernetes.io/mode: Reconcile 194 | kubernetes.io/name: "Heapster" 195 | spec: 196 | ports: 197 | - port: 80 198 | targetPort: 8082 199 | selector: 200 | k8s-app: heapster 201 | --- 202 | apiVersion: v1 203 | kind: ServiceAccount 204 | metadata: 205 | name: heapster 206 | namespace: kube-system 207 | labels: 208 | kubernetes.io/cluster-service: "true" 209 | addonmanager.kubernetes.io/mode: Reconcile 210 | --- 211 | apiVersion: v1 212 | kind: ConfigMap 213 | metadata: 214 | name: heapster-config 215 | namespace: kube-system 216 | labels: 217 | kubernetes.io/cluster-service: "true" 218 | addonmanager.kubernetes.io/mode: EnsureExists 219 | data: 220 | NannyConfiguration: |- 221 | apiVersion: nannyconfig/v1alpha1 222 | kind: NannyConfiguration 223 | --- 224 | apiVersion: v1 225 | kind: ConfigMap 226 | metadata: 227 | name: eventer-config 228 | namespace: kube-system 229 | labels: 230 | kubernetes.io/cluster-service: "true" 231 | addonmanager.kubernetes.io/mode: EnsureExists 232 | data: 233 | NannyConfiguration: |- 234 | apiVersion: nannyconfig/v1alpha1 235 | kind: NannyConfiguration 236 | --- 237 | apiVersion: extensions/v1beta1 238 | kind: Deployment 239 | metadata: 240 | name: heapster-v1.5.0 241 | namespace: kube-system 242 | labels: 243 | k8s-app: heapster 244 | kubernetes.io/cluster-service: "true" 245 | addonmanager.kubernetes.io/mode: Reconcile 246 | version: v1.5.0 247 | spec: 248 | replicas: 1 249 | selector: 250 | matchLabels: 251 | k8s-app: heapster 252 | version: v1.5.0 253 | template: 254 | metadata: 255 | labels: 256 | k8s-app: heapster 257 | version: v1.5.0 258 | annotations: 259 | scheduler.alpha.kubernetes.io/critical-pod: '' 260 | spec: 261 | containers: 262 | - image: reg.local:5000/k8s/heapster-amd64:v1.5.0 263 | name: heapster 264 | livenessProbe: 265 | httpGet: 266 | path: /healthz 267 | port: 8082 268 | scheme: HTTP 269 | initialDelaySeconds: 180 270 | timeoutSeconds: 5 271 | command: 272 | - /heapster 273 | - --source=kubernetes.summary_api:'' 274 | - --sink=influxdb:http://monitoring-influxdb:8086 275 | - image: reg.local:5000/k8s/heapster-amd64:v1.5.0 276 | name: eventer 277 | command: 278 | - /eventer 279 | - --source=kubernetes:'' 280 | - --sink=influxdb:http://monitoring-influxdb:8086 281 | - image: reg.local:5000/k8s/addon-resizer:1.8.1 282 | name: heapster-nanny 283 | resources: 284 | limits: 285 | cpu: 50m 286 | memory: 90Mi 287 | requests: 288 | cpu: 50m 289 | memory: 90Mi 290 | env: 291 | - name: MY_POD_NAME 292 | valueFrom: 293 | fieldRef: 294 | fieldPath: metadata.name 295 | - name: MY_POD_NAMESPACE 296 | valueFrom: 297 | fieldRef: 298 | fieldPath: metadata.namespace 299 | volumeMounts: 300 | - name: heapster-config-volume 301 | mountPath: /etc/config 302 | command: 303 | - /pod_nanny 304 | - --config-dir=/etc/config 305 | - --cpu=80m 306 | - --extra-cpu=0.5m 307 | - --memory=140Mi 308 | - --extra-memory=4Mi 309 | - --threshold=5 310 | - --deployment=heapster-v1.5.0 311 | - --container=heapster 312 | - --poll-period=300000 313 | - --estimator=exponential 314 | - image: reg.local:5000/k8s/addon-resizer:1.8.1 315 | name: eventer-nanny 316 | resources: 317 | limits: 318 | cpu: 50m 319 | memory: 90Mi 320 | requests: 321 | cpu: 50m 322 | memory: 90Mi 323 | env: 324 | - name: MY_POD_NAME 325 | valueFrom: 326 | fieldRef: 327 | fieldPath: metadata.name 328 | - name: MY_POD_NAMESPACE 329 | valueFrom: 330 | fieldRef: 331 | fieldPath: metadata.namespace 332 | volumeMounts: 333 | - name: eventer-config-volume 334 | mountPath: /etc/config 335 | command: 336 | - /pod_nanny 337 | - --config-dir=/etc/config 338 | - --cpu=100m 339 | - --extra-cpu=0m 340 | - --memory=190Mi 341 | - --extra-memory=500Ki 342 | - --threshold=5 343 | - --deployment=heapster-v1.5.0 344 | - --container=eventer 345 | - --poll-period=300000 346 | - --estimator=exponential 347 | volumes: 348 | - name: heapster-config-volume 349 | configMap: 350 | name: heapster-config 351 | - name: eventer-config-volume 352 | configMap: 353 | name: eventer-config 354 | serviceAccountName: heapster 355 | tolerations: 356 | - key: "CriticalAddonsOnly" 357 | operator: "Exists" 358 | --------------------------------------------------------------------------------