update k8s version && fix bug

Leif160519 · Jul 18, 2023 · 458c6be · 458c6be
1 parent cab7f0a
commit 458c6be
Show file tree

Hide file tree

Showing 9 changed files with 73 additions and 50 deletions.
diff --git a/README.md b/README.md
@@ -2,13 +2,13 @@
 魔改自阿良老师的项目 https://github.com/lizhenliang/ansible-install-k8s
 - 修改了一些镜像的地址为国内能下载到的源
 - 新增了对Debian系列的支持
-- 升级k8s版本至1.25.9
+- 升级k8s版本至1.25.11
 - 将离线版安装方式改为在线版，摆脱对百度云的依赖
 - 支持k8s安装版本选择功能
 - 新增节点时间同步的定时任务
 - 还有其他，等待你的发现。。。
 
-# Kubernetes v1.25.9 企业级高可用集群自动部署（在线版）
+# Kubernetes v1.25.11 企业级高可用集群自动部署（在线版）
 >### 注：确保所有节点系统时间一致
 >### 操作系统要求：CentOS7.x_x64 && > Ubuntu 18.04 LTS
 
@@ -40,7 +40,7 @@
 
 ```
 # vim group_vars/all.yml
-k8s_version: 1.25.9
+k8s_version: 1.25.11
 ...
 cert_hosts:
   k8s:
@@ -67,11 +67,11 @@ cert_hosts:
 ```
 # kubectl get node
 NAME            STATUS   ROLES    AGE   VERSION
-k8s-master-01   Ready    <none>   54m   v1.25.9
-k8s-master-02   Ready    <none>   54m   v1.25.9
-k8s-node-01     Ready    <none>   54m   v1.25.9
-k8s-node-02     Ready    <none>   54m   v1.25.9
-k8s-node-03     Ready    <none>   54m   v1.25.9
+k8s-master-01   Ready    <none>   54m   v1.25.11
+k8s-master-02   Ready    <none>   54m   v1.25.11
+k8s-node-01     Ready    <none>   54m   v1.25.11
+k8s-node-02     Ready    <none>   54m   v1.25.11
+k8s-node-03     Ready    <none>   54m   v1.25.11
 ```
 
 ## 6、其他

diff --git a/group_vars/all.yml b/group_vars/all.yml
@@ -1,7 +1,7 @@
 # 版本信息
-k8s_version: 1.25.9
+k8s_version: 1.25.11
 
-# 安装目录 
+# 安装目录
 k8s_work_dir: '/opt/kubernetes'
 etcd_work_dir: '/opt/etcd'
 

diff --git a/playbooks/single-master-deploy.yml b/playbooks/single-master-deploy.yml
@@ -1,50 +1,43 @@
 ---
 - name: 0.系统初始化
-  gather_facts: false
-  hosts: 
+  hosts:
     - k8s
     - etcd
   roles:
     - common
-  tags: common 
+  tags: common
 
-- name: 1.自签证书 
-  gather_facts: false
-  hosts: localhost 
+- name: 1.自签证书
+  hosts: localhost
   roles:
     - tls
   tags: tls
 
 - name: 2.部署Docker
-  gather_facts: false
-  hosts: k8s 
+  hosts: k8s
   roles:
-    - docker 
+    - docker
   tags: docker
 
 - name: 3.部署ETCD集群
-  gather_facts: false
   hosts: etcd
   roles:
     - etcd
   tags: etcd
 
 - name: 4.部署K8S Master
-  gather_facts: false
   hosts: master
   roles:
     - master
   tags: master
 
 - name: 5.部署K8S Node
-  gather_facts: false
   hosts: k8s
   roles:
     - node
   tags: node
 
 - name: 6.部署插件
-  gather_facts: false
   hosts: master
   roles:
     - addons

diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
@@ -18,11 +18,16 @@
     mode: 0644
   notify: restart docker service
 
+- stat:
+    path: /usr/bin/cri-dockerd
+  register: cri
+
 - name: 下载cri-docker二进制包
   unarchive:
     src: "{{ cri_docker_url }}"
     dest: /opt
     remote_src: true
+  when: cri.stat.exists == false
 
 - name: 创建cri-docker软链接
   file:
@@ -31,7 +36,8 @@
     force: true
     state: link
     mode: u+x
-
+  when: cri.stat.exists == false
+
 - name: 分发cri-docker service文件
   template:
     dest: /lib/systemd/system/cri-docker.service

diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml
@@ -8,11 +8,16 @@
     - cfg
     - ssl
 
+- stat:
+    path: "/usr/bin/etcd"
+  register: etcd
+
 - name: 下载etcd和etcdctl
   unarchive:
     src: "{{ etcd_url }}"
     dest: /tmp
     remote_src: true
+  when: etcd.stat.exists == false
 
 - name: 安装etcd和etcdctl
   copy:
@@ -22,6 +27,7 @@
   with_items:
     - /tmp/{{ etcd_tag }}/etcd
     - /tmp/{{ etcd_tag }}/etcdctl
+  when: etcd.stat.exists == false
 
 - name: 创建etcd和etcdctl软链接
   file:
@@ -32,16 +38,22 @@
   with_items:
     - etcd
     - etcdctl
-
+  when: etcd.stat.exists == false
+
+- stat:
+    path: /usr/bin/cfssl
+  register: cfssl
+
 - name: 准备cfssl工具
   get_url:
     url: "{{ item.url }}"
     dest: "/usr/bin/{{ item.bin }}"
     mode: u+x
   with_items:
-    - { url: "{{ cfssl_url }}" , bin: "{{ cfssl }}" }
-    - { url: "{{ cfssljson_url }}" , bin: "{{ cfssljson }}" }
-    - { url: "{{ cfssl_certinfo_url }}" , bin: "{{ cfssl-certinfo }}" }
+    - { url: "{{ cfssl_url }}" , bin: "cfssl" }
+    - { url: "{{ cfssljson_url }}" , bin: "cfssljson" }
+    - { url: "{{ cfssl_certinfo_url }}" , bin: "cfssl-certinfo" }
+  when: cfssl.stat.exists == false
 
 - name: 分发证书
   copy:

diff --git a/roles/master/tasks/main.yml b/roles/master/tasks/main.yml
@@ -24,11 +24,11 @@
     - "{{ kube_apiserver_url }}"
     - "{{ kube_controller_manager_url }}"
     - "{{ kube_scheduler_url }}"
-    - "{{ kubectl_version }}"
+    - "{{ kubectl_url }}"
 
 - name: 创建kubectl二进制文件软链接
   file:
-    src: "{{ k8s_word_dir }}/bin/{{ item }}"
+    src: "{{ k8s_work_dir }}/bin/{{ item }}"
     dest: "/usr/bin/{{ item }}"
     mode: u+x
     state: link
@@ -129,18 +129,20 @@
   ignore_errors: yes
   shell: |
       sleep 3
-      kubectl apply -f "{{ k8s_work_dir }}/apiserver-to-kubelet-rbac.yaml"
-      kubectl apply -f "{{ k8s_work_dir }}/kubelet-bootstrap-rbac.yaml"
+      kubectl apply -f "{{ k8s_work_dir }}/yaml/apiserver-to-kubelet-rbac.yaml"
+      kubectl apply -f "{{ k8s_work_dir }}/yaml/kubelet-bootstrap-rbac.yaml"
 
 - name: 自动审批Kubelet证书
   ignore_errors: yes
   shell: |
-     #自动批准首次申请证书的 CSR 请求 
-     kubectl create clusterrolebinding node-client-auto-approve-csr --clusterrole=system:certificates.k8s.io:certificatesigningrequests:nodeclient --user=kubelet-bootstrap 
-     # 自动批准kubelet客户端证书续签 
-     kubectl create clusterrolebinding node-client-auto-renew-crt --clusterrole=system:certificates.k8s.io:certificatesigningrequests:selfnodeclient --group=system:nodes 
-     # 自动批准kubelet服务端证书续签 
+     #自动批准首次申请证书的 CSR 请求
+     kubectl create clusterrolebinding node-client-auto-approve-csr --clusterrole=system:certificates.k8s.io:certificatesigningrequests:nodeclient --user=kubelet-bootstrap
+     # 自动批准kubelet客户端证书续签
+     kubectl create clusterrolebinding node-client-auto-renew-crt --clusterrole=system:certificates.k8s.io:certificatesigningrequests:selfnodeclient --group=system:nodes
+     # 自动批准kubelet服务端证书续签
      kubectl create clusterrolebinding node-server-auto-renew-crt --clusterrole=system:certificates.k8s.io:certificatesigningrequests:selfnodeserver --group=system:nodes
+  failed_when: false
+  ignore_errors: true
 
 - name: 新增命令行自动提示
   lineinfile:
@@ -154,6 +156,8 @@
   shell: |
     kubectl label nodes "{{ node_name }}" node-role.kubernetes.io/master=
     kubectl label nodes "{{ node_name }}" node-role.kubernetes.io/worker=
+  failed_when: false
+  ignore_errors: true
 
 - name: 安装kubetail查看pod日志工具
   get_url:

diff --git a/roles/master/vars/main.yml b/roles/master/vars/main.yml
@@ -1,5 +1,5 @@
 ---
 kube_apiserver_url: https://storage.googleapis.com/kubernetes-release/release/v{{ k8s_version }}/bin/linux/amd64/kube-apiserver
-kube_controller_manager_url: https://storage.googleapis.com/kubernetes-release/release/v{{ k8s_version }}/bin/linux/amd64/kube-controller-manger
+kube_controller_manager_url: https://storage.googleapis.com/kubernetes-release/release/v{{ k8s_version }}/bin/linux/amd64/kube-controller-manager
 kube_scheduler_url: https://storage.googleapis.com/kubernetes-release/release/v{{ k8s_version }}/bin/linux/amd64/kube-scheduler
 kubectl_url: https://storage.googleapis.com/kubernetes-release/release/v{{ k8s_version }}/bin/linux/amd64/kubectl
diff --git a/roles/node/tasks/main.yml b/roles/node/tasks/main.yml
@@ -50,8 +50,8 @@
 
 - name: 创建k8s node二进制文件软链接
   file:
-    dest: "{{ k8s_work_dir }}/bin/{{ item }}"
-    src: "/usr/bin/{{ item }}"
+    src: "{{ k8s_work_dir }}/bin/{{ item }}"
+    dest: "/usr/bin/{{ item }}"
     mode: u+x
     state: link
     force: true
@@ -94,7 +94,7 @@
   notify:
     - restart kubelet
     - restart kube-proxy
-    
+
 - name: 启动k8s node组件
   systemd:
     name: "{{ item }}"
@@ -108,3 +108,6 @@
 - name: 定义节点ROLES属性
   shell: |
     kubectl label nodes "{{ node_name }}" node-role.kubernetes.io/worker=
+  delegate_to: "k8s-master-01"
+  failed_when: false
+  ignore_errors: true
diff --git a/roles/tls/tasks/main.yml b/roles/tls/tasks/main.yml
@@ -1,7 +1,7 @@
 ---
 - name: 获取Ansible工作目录
-  shell: pwd | sed 's#roles/tls##' 
-  register: root_dir 
+  shell: pwd | sed 's#roles/tls##'
+  register: root_dir
 
 - name: 创建工作目录
   file:
@@ -11,15 +11,20 @@
     - etcd
     - k8s
 
+- stat:
+    path: /usr/bin/cfssl
+  register: cfssl
+
 - name: 准备cfssl工具
   get_url:
     url: "{{ item.url }}"
     dest: "/usr/bin/{{ item.bin }}"
     mode: u+x
   with_items:
-    - { url: "{{ cfssl_url }}" , bin: "{{ cfssl }}" }
-    - { url: "{{ cfssljson_url }}" , bin: "{{ cfssljson }}" }
-    - { url: "{{ cfssl_certinfo_url }}" , bin: "{{ cfssl-certinfo }}" }
+    - { url: "{{ cfssl_url }}" , bin: "cfssl" }
+    - { url: "{{ cfssljson_url }}" , bin: "cfssljson" }
+    - { url: "{{ cfssl_certinfo_url }}" , bin: "cfssl-certinfo" }
+  when: cfssl.stat.exists == false
 
 - name: 准备etcd证书请求文件
   template:
@@ -44,10 +49,10 @@
     src: k8s/{{ item }}
     dest: "{{ root_dir.stdout }}/ssl/k8s/{{ item.split('.')[:-1] | join('.') }}"
   with_items:
-    - ca-config.json.j2  
-    - ca-csr.json.j2  
+    - ca-config.json.j2
+    - ca-csr.json.j2
     - server-csr.json.j2
-    - kube-proxy-csr.json.j2  
+    - kube-proxy-csr.json.j2
     - kube-controller-manager-csr.json.j2
     - kube-scheduler-csr.json.j2
     - admin-csr.json.j2
@@ -58,5 +63,5 @@
     dest: "{{ root_dir.stdout }}/ssl/k8s"
     mode: u+x
 
-- name: 生成k8s证书 
+- name: 生成k8s证书
   shell: cd {{ root_dir.stdout }}/ssl/k8s && /bin/bash generate_k8s_cert.sh