Skip to content

Commit

Permalink
Merge pull request #16 from paradeum-team/jyliu
Browse files Browse the repository at this point in the history 
feat: 升级k8s到1.22.16
  • Loading branch information
@ss75710541
ss75710541 authored Nov 24, 2022
2 parents 045037f + fa9ab91 commit 31fad70
Show file tree
Hide file tree
Showing 9 changed files with 50 additions and 71 deletions.
1 change: 1 addition & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,6 @@

ansible-k8s version|os|k8s version
-----|-----|-----
v0.3.0|Rock Linux 8|1.22.16
v0.2.0|CentOS 8|1.22.2
v0.1.0|CentOS 7|1.21.4
6 changes: 3 additions & 3 deletions ansible.hosts.ha.publicnetwork.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,15 +31,15 @@ api_server_domain="api-server.{{node_domain}}"
api_server_port="6443"

# k8s 版本
k8s_version=1.21.4
k8s_version=1.22.16
# 定义外部镜像仓库
registry_domain=docker.io
registry_repo="{{registry_domain}}"
kubeadm_registry_repo="registry.cn-hangzhou.aliyuncs.com"
coredns_image_repo="{{registry_repo}}/coredns"
coredns_image_tag="1.8.0"
coredns_image_tag="1.8.4"
flannel_image_repo="quay.io"
flannel_image_tag="v0.15.1"
flannel_image_tag="v0.20.1"

# subnet
service_subnet=10.96.0.0/12
Expand Down
6 changes: 3 additions & 3 deletions ansible.hosts.ha.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,15 +31,15 @@ api_server_domain="api-server.{{node_domain}}"
api_server_port="6443"

# k8s 版本
k8s_version=1.21.4
k8s_version=1.22.16
# 定义外部镜像仓库
registry_domain=docker.io
registry_repo="{{registry_domain}}"
kubeadm_registry_repo="registry.cn-hangzhou.aliyuncs.com"
coredns_image_repo="{{registry_repo}}/coredns"
coredns_image_tag="1.8.0"
coredns_image_tag="1.8.4"
flannel_image_repo="quay.io"
flannel_image_tag="v0.15.1"
flannel_image_tag="v0.20.1"

# subnet
service_subnet=10.96.0.0/12
Expand Down
6 changes: 3 additions & 3 deletions ansible.hosts.ha.vip.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,15 +24,15 @@ public_network_node = False
flannel_enable=True

# k8s 版本
k8s_version=1.22.2
k8s_version=1.22.16
# 定义外部镜像仓库
registry_domain=docker.io
registry_repo="{{registry_domain}}"
kubeadm_registry_repo="registry.cn-hangzhou.aliyuncs.com"
coredns_image_repo="{{registry_repo}}/coredns"
coredns_image_tag="1.8.6"
coredns_image_tag="1.8.4"
flannel_image_repo="quay.io"
flannel_image_tag="v0.15.1"
flannel_image_tag="v0.20.1"

# subnet
service_subnet=10.96.0.0/12
Expand Down
6 changes: 3 additions & 3 deletions ansible.hosts.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,15 +32,15 @@ api_server_domain="api-server.{{node_domain}}"
api_server_port="6443"

# k8s 版本
k8s_version=1.22.2
k8s_version=1.22.16
# 定义外部镜像仓库
registry_domain=registry.hisun.netwarps.com
registry_repo="{{registry_domain}}"
kubeadm_registry_repo="{{registry_domain}}"
coredns_image_repo="docker.io/coredns"
coredns_image_tag="1.8.0"
coredns_image_tag="1.8.4"
flannel_image_repo="quay.io"
flannel_image_tag="v0.15.1"
flannel_image_tag="v0.20.1"

# subnet
service_subnet=10.96.0.0/12
Expand Down
2 changes: 1 addition & 1 deletion docs/部署keepalived+haproxy高可用k8s1.22.2.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ registry_domain=registry.hisun.netwarps.com
registry_repo="{{registry_domain}}"
kubeadm_registry_repo="registry.hisun.netwarps.com"
coredns_image_repo="{{registry_repo}}/coredns"
coredns_image_tag="1.8.6"
coredns_image_tag="1.8.4"
flannel_image_repo="{{registry_repo}}"
flannel_image_tag="v0.14.0"
Expand Down
79 changes: 23 additions & 56 deletions roles/k8s-masters/templates/kube-flannel.yml.j2
View file
Original file line number Diff line number Diff line change
@@ -1,60 +1,16 @@
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
kind: Namespace
apiVersion: v1
metadata:
name: psp.flannel.unprivileged
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default
seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
spec:
privileged: false
volumes:
- configMap
- secret
- emptyDir
- hostPath
allowedHostPaths:
- pathPrefix: "/etc/cni/net.d"
- pathPrefix: "/etc/kube-flannel"
- pathPrefix: "/run/flannel"
readOnlyRootFilesystem: false
# Users and groups
runAsUser:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
fsGroup:
rule: RunAsAny
# Privilege Escalation
allowPrivilegeEscalation: false
defaultAllowPrivilegeEscalation: false
# Capabilities
allowedCapabilities: ['NET_ADMIN', 'NET_RAW']
defaultAddCapabilities: []
requiredDropCapabilities: []
# Host namespaces
hostPID: false
hostIPC: false
hostNetwork: true
hostPorts:
- min: 0
max: 65535
# SELinux
seLinux:
# SELinux is unused in CaaSP
rule: 'RunAsAny'
name: kube-flannel
labels:
pod-security.kubernetes.io/enforce: privileged
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: flannel
rules:
- apiGroups: ['extensions']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames: ['psp.flannel.unprivileged']
- apiGroups:
- ""
resources:
Expand Down Expand Up @@ -86,19 +42,19 @@ roleRef:
subjects:
- kind: ServiceAccount
name: flannel
namespace: kube-system
namespace: kube-flannel
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: flannel
namespace: kube-system
namespace: kube-flannel
---
kind: ConfigMap
apiVersion: v1
metadata:
name: kube-flannel-cfg
namespace: kube-system
namespace: kube-flannel
labels:
tier: node
app: flannel
Expand Down Expand Up @@ -135,7 +91,7 @@ apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kube-flannel-ds
namespace: kube-system
namespace: kube-flannel
labels:
tier: node
app: flannel
Expand Down Expand Up @@ -166,7 +122,8 @@ spec:
serviceAccountName: flannel
initContainers:
- name: install-cni-plugin
image: {{flannel_image_repo}}/rancher/mirrored-flannelcni-flannel-cni-plugin:v1.0.0
#image: flannelcni/flannel-cni-plugin:v1.1.0 for ppc64le and mips64le (dockerhub limitations may apply)
image: {{flannel_image_repo}}/rancher/mirrored-flannelcni-flannel-cni-plugin:v1.1.0
command:
- cp
args:
Expand All @@ -177,7 +134,8 @@ spec:
- name: cni-plugin
mountPath: /opt/cni/bin
- name: install-cni
image: {{flannel_image_repo}}/coreos/flannel:{{flannel_image_tag}}
#image: flannelcni/flannel:v0.20.1 for ppc64le and mips64le (dockerhub limitations may apply)
image: {{flannel_image_repo}}/rancher/mirrored-flannelcni-flannel:{{flannel_image_tag}}
command:
- cp
args:
Expand All @@ -191,7 +149,8 @@ spec:
mountPath: /etc/kube-flannel/
containers:
- name: kube-flannel
image: {{flannel_image_repo}}/coreos/flannel:{{flannel_image_tag}}
#image: flannelcni/flannel:v0.20.1 for ppc64le and mips64le (dockerhub limitations may apply)
image: {{flannel_image_repo}}/rancher/mirrored-flannelcni-flannel:{{flannel_image_tag}}
command:
- /opt/bin/flanneld
args:
Expand Down Expand Up @@ -228,11 +187,15 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: EVENT_QUEUE_DEPTH
value: "5000"
volumeMounts:
- name: run
mountPath: /run/flannel
- name: flannel-cfg
mountPath: /etc/kube-flannel/
- name: xtables-lock
mountPath: /run/xtables.lock
volumes:
- name: run
hostPath:
Expand All @@ -246,3 +209,7 @@ spec:
- name: flannel-cfg
configMap:
name: kube-flannel-cfg
- name: xtables-lock
hostPath:
path: /run/xtables.lock
type: FileOrCreate
11 changes: 9 additions & 2 deletions roles/k8s-masters/templates/kubeadm-init.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,13 +22,18 @@ nodeRegistration:
---
apiServer:
timeoutForControlPlane: 4m0s
extraArgs:
authorization-mode: Node,RBAC
enable-admission-plugins: NodeRestriction,PodNodeSelector,PodTolerationRestriction
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
{% if api_server_domain is defined %}
controlPlaneEndpoint: {{api_server_domain}}:{{api_server_port}}
{% endif %}
controllerManager: {}
controllerManager:
extraArgs:
bind-address: 0.0.0.0
dns:
type: CoreDNS
{% if coredns_image_repo is defined %}
Expand All @@ -51,7 +56,9 @@ networking:
dnsDomain: cluster.local
serviceSubnet: {{service_subnet}}
podSubnet: {{pod_subnet}}
scheduler: {}
scheduler:
extraArgs:
bind-address: 0.0.0.0
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
Expand Down
4 changes: 4 additions & 0 deletions roles/k8s-masters/templates/kubelet.j2
View file
Original file line number Diff line number Diff line change
@@ -1 +1,5 @@
{% if advertise_address is defined %}
KUBELET_EXTRA_ARGS="--node-ip {{ advertise_address }}"
{% else %}
KUBELET_EXTRA_ARGS=""
{% endif %}

0 comments on commit 31fad70

Please sign in to comment.