15308555518/ kubekey
1
0
Fork 0
mirror of https://github.com/kubesphere/kubekey.git synced 2025-12-25 17:12:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: change builtin/core architectures (#2718) 

Signed-off-by: redscholar <blacktiledhouse@gmail.com>
This commit is contained in:
liujian 2025-08-22 21:59:40 +08:00 committed by GitHub
parent a8e533e608
commit 3885b443ac
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
211 changed files with 4420 additions and 3085 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
api/project/v1/base.go
View File

@ -28,8 +28,7 @@ type Base struct {
RemoteUser string `yaml:"remote_user,omitempty"`
// variables
Vars []yaml.Node `yaml:"-"`
VarsFromMarshal yaml.Node `yaml:"vars,omitempty"`
Vars Vars `yaml:"vars,omitempty"`
// module default params
//ModuleDefaults []map[string]map[string]any `yaml:"module_defaults,omitempty"`
@ -55,3 +54,16 @@ type Base struct {
BecomeFlags string `yaml:"become_flags,omitempty"`
BecomeExe string `yaml:"become_exe,omitempty"`
}
// Vars is a custom type to hold a list of YAML nodes representing variables.
// This allows for flexible unmarshalling of various YAML structures into Vars.
type Vars struct {
Nodes []yaml.Node
}
// UnmarshalYAML implements the yaml.Unmarshaler interface for Vars.
// It appends the unmarshalled YAML node to the Vars.Nodes slice.
func (v *Vars) UnmarshalYAML(node *yaml.Node) error {
v.Nodes = append(v.Nodes, *node)
return nil
}

4
api/project/v1/taggable.go
View File

@ -72,10 +72,6 @@ func (t Taggable) IsEnabled(onlyTags []string, skipTags []string) bool {
// JoinTag the child block should inherit tag for parent block
func JoinTag(child, parent Taggable) Taggable {
for _, tag := range parent.Tags {
if tag == AlwaysTag { // skip inherit "always" tag
continue
}
if !slices.Contains(child.Tags, tag) {
child.Tags = append(child.Tags, tag)
}

132
builtin/core/defaults/config/v1.23.yaml
View File

@ -1,70 +1,80 @@
apiVersion: kubekey.kubesphere.io/v1
kind: Config
spec:
# zone for kk. how to download files
# kkzone: cn
# work_dir is the directory where the artifact is extracted.
# work_dir: /var/lib/kubekey/
# the version of kubernetes to be installed.
# should be greater than or equal to kube_version_min_required.
kube_version: {{ .kube_version }}
# helm binary
helm_version: v3.8.2
# etcd binary
etcd_version: v3.5.4
# ========== image registry ==========
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
# keepalived_version: 2.0.20
# ========== image registry: harbor ==========
# harbor image tag
# harbor_version: v2.6.3
# docker-compose binary
# dockercompose_version: v2.12.2
# ========== image registry: docker-registry ==========
# docker-registry image tag
# docker_registry_version: 2.8.3
# ========== cri ==========
# crictl binary
crictl_version: v1.23.0
# ========== cri: docker ==========
# docker binary
docker_version: 20.10.18
# cridockerd. Required when kube_version is greater than 1.24
# cridockerd_version: v0.3.10
# ========== cri: containerd ==========
# containerd binary
# containerd_version: v1.6.8
# runc binary
# runc_version: v1.1.4
# ========== cni ==========
# cni_plugins binary
# cni_plugins_version: v1.1.1
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.24.5
# ========== cni: cilium ==========
# cilium helm
# cilium_version: 1.12.6
# ========== cni: kubeovn ==========
# kubeovn helm
# kubeovn_version: 1.10.0
# ========== cni: hybridnet ==========
# hybridnet helm
# hybridnet_version: 0.6.8
# ========== storageclass ==========
# ========== storageclass: nfs ==========
# nfs provisioner helm version
# nfs_provisioner_version: 4.0.18
kubernetes:
controller_manager:
extra_args:
cluster-signing-duration: 87600h
download:
# if set as "cn", so that online downloads will try to use available domestic sources whenever possible.
zone: ""
kubernetes:
kube_version: {{ .kube_version }}
# helm binary
helm_version: v3.8.2
etcd:
# etcd binary
etcd_version: v3.5.4
image_registry:
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
keepalived_version: 2.0.20
# ========== image registry: harbor ==========
# harbor image tag
harbor_version: v2.6.3
# docker-compose binary
dockercompose_version: v2.12.2
# ========== image registry: docker-registry ==========
# docker-registry image tag
docker_registry_version: 2.8.3
cri:
sandbox_image:
tag: "3.6"
# support: containerd,docker
container_manager: docker
sandbox_image:
tag: "3.6"
# ========== cri ==========
# crictl binary
crictl_version: v1.23.0
# ========== cri: docker ==========
# docker binary
docker_version: 20.10.18
# cridockerd. Required when kube_version is greater than 1.24
cridockerd_version: v0.3.10
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.6.8
# runc binary
runc_version: v1.1.4
cni:
multus:
image:
tag: v3.9.3
# ========== cni ==========
# cni_plugins binary (optional)
# cni_plugins_version: v1.1.1
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.24.5
# ========== cni: cilium ==========
# cilium helm
cilium_version: 1.12.6
# ========== cni: kubeovn ==========
# kubeovn helm
kubeovn_version: 1.10.0
# ========== cni: hybridnet ==========
# hybridnet helm
hybridnet_version: 0.6.8
storage_class:
# ========== storageclass ==========
# ========== storageclass: local ==========
local:
provisioner_image:
tag: 3.3.0
linux_utils_image:
tag: 3.3.0
# ========== storageclass: nfs ==========
# nfs provisioner helm version
nfs_provisioner_version: 4.0.2
dns:
dns_image:
tag: v1.8.6
dns_cache_image:
tag: 1.21.1
# image_manifests:
# - docker.io/calico/apiserver:v3.24.5
# - docker.io/calico/cni:v3.24.5

133
builtin/core/defaults/config/v1.24.yaml
View File

@ -1,70 +1,81 @@
apiVersion: kubekey.kubesphere.io/v1
kind: Config
spec:
# zone for kk. how to download files
# kkzone: cn
# work_dir is the directory where the artifact is extracted.
# work_dir: /var/lib/kubekey/
# the version of kubernetes to be installed.
# should be greater than or equal to kube_version_min_required.
kube_version: {{ .kube_version }}
# helm binary
helm_version: v3.10.3
# etcd binary
etcd_version: v3.5.6
# ========== image registry ==========
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
# keepalived_version: v2.0.20
# ========== image registry: harbor ==========
# harbor image tag
# harbor_version: v2.7.1
# docker-compose binary
# dockercompose_version: v2.14.0
# ========== image registry: docker-registry ==========
# docker-registry image tag
# docker_registry_version: 2.8.3
# ========== cri ==========
# crictl binary
crictl_version: v1.24.0
# ========== cri: docker ==========
# docker binary
# docker_version: 20.10.24
# cridockerd. Required when kube_version is greater than 1.24
# cridockerd_version: v0.3.1
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.6.16
# runc binary
runc_version: v1.1.4
# ========== cni ==========
# cni_plugins binary
# cni_plugins_version: v1.1.1
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.25.1
# ========== cni: cilium ==========
# cilium helm
# cilium_version: 1.13.5
# ========== cni: kubeovn ==========
# kubeovn helm
# kubeovn_version: 1.10.0
# ========== cni: hybridnet ==========
# hybridnet helm
# hybridnet_version: 0.6.8
# ========== storageclass ==========
# ========== storageclass: nfs ==========
# nfs provisioner helm version
# nfs_provisioner_version: 4.0.18
kubernetes:
controller_manager:
extra_args:
cluster-signing-duration: 87600h
download:
# if set as "cn", so that online downloads will try to use available domestic sources whenever possible.
zone: ""
kubernetes:
kube_version: {{ .kube_version }}
# helm binary
helm_version: v3.10.3
etcd:
# etcd binary
etcd_version: v3.5.6
image_registry:
# ========== image registry ==========
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
keepalived_version: v2.0.20
# ========== image registry: harbor ==========
# harbor image tag
harbor_version: v2.7.1
# docker-compose binary
dockercompose_version: v2.14.0
# ========== image registry: docker-registry ==========
# docker-registry image tag
docker_registry_version: 2.8.3
cri:
sandbox_image:
tag: "3.6"
# support: containerd,docker
container_manager: containerd
sandbox_image:
tag: "3.6"
# ========== cri ==========
# crictl binary
crictl_version: v1.24.0
# ========== cri: docker ==========
# docker binary
docker_version: 20.10.24
# cridockerd. Required when kube_version is greater than 1.24
cridockerd_version: v0.3.1
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.6.16
# runc binary
runc_version: v1.1.4
cni:
multus:
image:
tag: v3.10.1
# ========== cni ==========
# cni_plugins binary (optional)
# cni_plugins_version: v1.1.1
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.25.1
# ========== cni: cilium ==========
# cilium helm
cilium_version: 1.13.5
# ========== cni: kubeovn ==========
# kubeovn helm
kubeovn_version: 1.10.0
# ========== cni: hybridnet ==========
# hybridnet helm
hybridnet_version: 0.6.8
storage_class:
# ========== storageclass ==========
# ========== storageclass: local ==========
local:
provisioner_image:
tag: 3.4.0
linux_utils_image:
tag: 3.4.0
# ========== storageclass: nfs ==========
# nfs provisioner helm version
nfs_provisioner_version: 4.0.2
dns:
dns_image:
tag: v1.8.6
dns_cache_image:
tag: 1.22.20
# image_manifests:
# - docker.io/calico/apiserver:v3.25.1
# - docker.io/calico/cni:v3.25.1

133
builtin/core/defaults/config/v1.25.yaml
View File

@ -1,70 +1,81 @@
apiVersion: kubekey.kubesphere.io/v1
kind: Config
spec:
# zone for kk. how to download files
# kkzone: cn
# work_dir is the directory where the artifact is extracted.
# work_dir: /var/lib/kubekey/
# the version of kubernetes to be installed.
# should be greater than or equal to kube_version_min_required.
kube_version: {{ .kube_version }}
# helm binary
helm_version: v3.10.3
# etcd binary
etcd_version: v3.5.7
# ========== image registry ==========
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
# keepalived_version: 2.0.20
# ========== image registry: harbor ==========
# harbor image tag
# harbor_version: v2.8.1
# docker-compose binary
# dockercompose_version: v2.15.1
# ========== image registry: docker-registry ==========
# docker-registry image tag
# docker_registry_version: 2.8.3
# ========== cri ==========
# crictl binary
crictl_version: v1.25.0
# ========== cri: docker ==========
# docker binary
# docker_version: 20.10.24
# cridockerd. Required when kube_version is greater than 1.24
# cridockerd_version: v0.3.1
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.6.19
# runc binary
runc_version: v1.1.4
# ========== cni ==========
# cni_plugins binary
# cni_plugins_version: v1.1.1
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.25.1
# ========== cni: cilium ==========
# cilium helm
# cilium_version: 1.13.5
# ========== cni: kubeovn ==========
# kubeovn helm
# kubeovn_version: 1.10.0
# ========== cni: hybridnet ==========
# hybridnet helm
# hybridnet_version: 0.6.8
# ========== storageclass ==========
# ========== storageclass: nfs ==========
# nfs provisioner helm version
# nfs_provisioner_version: 4.0.18
kubernetes:
controller_manager:
extra_args:
cluster-signing-duration: 87600h
download:
# if set as "cn", so that online downloads will try to use available domestic sources whenever possible.
zone: ""
kubernetes:
kube_version: {{ .kube_version }}
# helm binary
helm_version: v3.10.3
etcd:
# etcd binary
etcd_version: v3.5.7
image_registry:
# ========== image registry ==========
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
keepalived_version: 2.0.20
# ========== image registry: harbor ==========
# harbor image tag
harbor_version: v2.8.1
# docker-compose binary
dockercompose_version: v2.15.1
# ========== image registry: docker-registry ==========
# docker-registry image tag
docker_registry_version: 2.8.3
cri:
sandbox_image:
tag: "3.6"
# support: containerd,docker
container_manager: containerd
sandbox_image:
tag: "3.6"
# ========== cri ==========
# crictl binary
crictl_version: v1.25.0
# ========== cri: docker ==========
# docker binary
docker_version: 20.10.24
# cridockerd. Required when kube_version is greater than 1.24
cridockerd_version: v0.3.1
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.6.19
# runc binary
runc_version: v1.1.4
cni:
multus:
image:
tag: v3.11.3
# ========== cni ==========
# cni_plugins binary (optional)
# cni_plugins_version: v1.1.1
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.25.1
# ========== cni: cilium ==========
# cilium helm
cilium_version: 1.13.5
# ========== cni: kubeovn ==========
# kubeovn helm
kubeovn_version: 1.10.0
# ========== cni: hybridnet ==========
# hybridnet helm
hybridnet_version: 0.6.8
storage_class:
# ========== storageclass ==========
# ========== storageclass: local ==========
local:
provisioner_image:
tag: 3.5.0
linux_utils_image:
tag: 3.5.0
# ========== storageclass: nfs ==========
# nfs provisioner helm version
nfs_provisioner_version: 4.0.8
dns:
dns_image:
tag: v1.9.3
dns_cache_image:
tag: 1.22.20
# image_manifests:
# - docker.io/calico/apiserver:v3.25.1
# - docker.io/calico/cni:v3.25.1

133
builtin/core/defaults/config/v1.26.yaml
View File

@ -1,70 +1,81 @@
apiVersion: kubekey.kubesphere.io/v1
kind: Config
spec:
# zone for kk. how to download files
# kkzone: cn
# work_dir is the directory where the artifact is extracted.
# work_dir: /var/lib/kubekey/
# the version of kubernetes to be installed.
# should be greater than or equal to kube_version_min_required.
kube_version: {{ .kube_version }}
# helm binary
helm_version: v3.11.2
# etcd binary
etcd_version: v3.5.8
# ========== image registry ==========
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
# keepalived_version: 2.0.20
# ========== image registry: harbor ==========
# harbor image tag
# harbor_version: v2.9.1
# docker-compose binary
# dockercompose_version: v2.16.0
# ========== image registry: docker-registry ==========
# docker-registry image tag
# docker_registry_version: 2.8.3
# ========== cri ==========
# crictl binary
crictl_version: v1.26.0
# ========== cri: docker ==========
# docker binary
# docker_version: 23.0.6
# cridockerd. Required when kube_version is greater than 1.24
# cridockerd_version: v0.3.1
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.6.21
# runc binary
runc_version: v1.1.5
# ========== cni ==========
# cni_plugins binary
# cni_plugins_version: v1.2.0
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.26.1
# ========== cni: cilium ==========
# cilium helm
# cilium_version: 1.13.5
# ========== cni: kubeovn ==========
# kubeovn helm
# kubeovn_version: 1.10.0
# ========== cni: hybridnet ==========
# hybridnet helm
# hybridnet_version: 0.6.8
# ========== storageclass ==========
# ========== storageclass: nfs ==========
# nfs provisioner helm version
# nfs_provisioner_version: 4.0.18
kubernetes:
controller_manager:
extra_args:
cluster-signing-duration: 87600h
download:
# if set as "cn", so that online downloads will try to use available domestic sources whenever possible.
zone: ""
kubernetes:
kube_version: {{ .kube_version }}
# helm binary
helm_version: v3.11.2
etcd:
# etcd binary
etcd_version: v3.5.8
image_registry:
# ========== image registry ==========
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
keepalived_version: 2.0.20
# ========== image registry: harbor ==========
# harbor image tag
harbor_version: v2.9.1
# docker-compose binary
dockercompose_version: v2.16.0
# ========== image registry: docker-registry ==========
# docker-registry image tag
docker_registry_version: 2.8.3
cri:
sandbox_image:
tag: "3.7"
# support: containerd,docker
container_manager: containerd
sandbox_image:
tag: "3.7"
# ========== cri ==========
# crictl binary
crictl_version: v1.26.0
# ========== cri: docker ==========
# docker binary
docker_version: 23.0.6
# cridockerd. Required when kube_version is greater than 1.24
cridockerd_version: v0.3.1
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.6.21
# runc binary
runc_version: v1.1.5
cni:
multus:
image:
tag: v4.0.2
# ========== cni ==========
# cni_plugins binary (optional)
# cni_plugins_version: v1.2.0
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.26.1
# ========== cni: cilium ==========
# cilium helm
cilium_version: 1.13.5
# ========== cni: kubeovn ==========
# kubeovn helm
kubeovn_version: 1.10.0
# ========== cni: hybridnet ==========
# hybridnet helm
hybridnet_version: 0.6.8
storage_class:
# ========== storageclass ==========
# ========== storageclass: local ==========
local:
provisioner_image:
tag: 3.6.0
linux_utils_image:
tag: 3.6.0
# ========== storageclass: nfs ==========
# nfs provisioner helm version
nfs_provisioner_version: 4.0.8
dns:
dns_image:
tag: v1.9.3
dns_cache_image:
tag: 1.22.20
# image_manifests:
# - docker.io/calico/apiserver:v3.26.1
# - docker.io/calico/cni:v3.26.1

133
builtin/core/defaults/config/v1.27.yaml
View File

@ -1,70 +1,81 @@
apiVersion: kubekey.kubesphere.io/v1
kind: Config
spec:
# zone for kk. how to download files
# kkzone: cn
# work_dir is the directory where the artifact is extracted.
# work_dir: /var/lib/kubekey/
# the version of kubernetes to be installed.
# should be greater than or equal to kube_version_min_required.
kube_version: {{ .kube_version }}
# helm binary
helm_version: v3.12.1
# etcd binary
etcd_version: v3.5.9
# ========== image registry ==========
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
# keepalived_version: 2.0.20
# ========== image registry: harbor ==========
# harbor image tag
# harbor_version: v2.10.1
# docker-compose binary
# dockercompose_version: v2.20.3
# ========== image registry: docker-registry ==========
# docker-registry image tag
# docker_registry_version: 2.8.3
# ========== cri ==========
# crictl binary
crictl_version: v1.27.0
# ========== cri: docker ==========
# docker binary
# docker_version: 23.0.6
# cridockerd. Required when kube_version is greater than 1.24
# cridockerd_version: v0.3.1
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.7.2
# runc binary
runc_version: v1.1.7
# ========== cni ==========
# cni_plugins binary
# cni_plugins_version: v1.2.0
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.26.1
# ========== cni: cilium ==========
# cilium helm
# cilium_version: 1.14.2
# ========== cni: kubeovn ==========
# kubeovn helm
# kubeovn_version: 1.11.0
# ========== cni: hybridnet ==========
# hybridnet helm
# hybridnet_version: 0.6.8
# ========== storageclass ==========
# ========== storageclass: nfs ==========
# nfs provisioner helm version
# nfs_provisioner_version: 4.0.20
kubernetes:
controller_manager:
extra_args:
cluster-signing-duration: 87600h
download:
# if set as "cn", so that online downloads will try to use available domestic sources whenever possible.
zone: ""
kubernetes:
kube_version: {{ .kube_version }}
# helm binary
helm_version: v3.12.1
etcd:
# etcd binary
etcd_version: v3.5.9
image_registry:
# ========== image registry ==========
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
keepalived_version: 2.0.20
# ========== image registry: harbor ==========
# harbor image tag
harbor_version: v2.10.1
# docker-compose binary
dockercompose_version: v2.20.3
# ========== image registry: docker-registry ==========
# docker-registry image tag
docker_registry_version: 2.8.3
cri:
sandbox_image:
tag: "3.7"
# support: containerd,docker
container_manager: containerd
sandbox_image:
tag: "3.7"
# ========== cri ==========
# crictl binary
crictl_version: v1.27.0
# ========== cri: docker ==========
# docker binary
docker_version: 23.0.6
# cridockerd. Required when kube_version is greater than 1.24
cridockerd_version: v0.3.1
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.7.2
# runc binary
runc_version: v1.1.7
cni:
multus:
image:
tag: v4.0.2
# ========== cni ==========
# cni_plugins binary (optional)
# cni_plugins_version: v1.2.0
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.26.1
# ========== cni: cilium ==========
# cilium helm
cilium_version: 1.14.2
# ========== cni: kubeovn ==========
# kubeovn helm
kubeovn_version: 1.11.0
# ========== cni: hybridnet ==========
# hybridnet helm
hybridnet_version: 0.6.8
storage_class:
# ========== storageclass ==========
# ========== storageclass: local ==========
local:
provisioner_image:
tag: 3.7.0
linux_utils_image:
tag: 3.7.0
# ========== storageclass: nfs ==========
# nfs provisioner helm version
nfs_provisioner_version: 4.0.10
dns:
dns_image:
tag: v1.10.1
dns_cache_image:
tag: 1.22.20
# image_manifests:
# - docker.io/calico/apiserver:v3.26.1
# - docker.io/calico/cni:v3.26.1

133
builtin/core/defaults/config/v1.28.yaml
View File

@ -1,70 +1,81 @@
apiVersion: kubekey.kubesphere.io/v1
kind: Config
spec:
# zone for kk. how to download files
# kkzone: cn
# work_dir is the directory where the artifact is extracted.
# work_dir: /var/lib/kubekey/
# the version of kubernetes to be installed.
# should be greater than or equal to kube_version_min_required.
kube_version: {{ .kube_version }}
# helm binary
helm_version: v3.12.1
# etcd binary
etcd_version: v3.5.9
# ========== image registry ==========
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
# keepalived_version: 2.0.20
# ========== image registry: harbor ==========
# harbor image tag
# harbor_version: v2.10.1
# docker-compose binary
# dockercompose_version: v2.20.3
# ========== image registry: docker-registry ==========
# docker-registry image tag
# docker_registry_version: 2.8.3
# ========== cri ==========
# crictl binary
crictl_version: v1.28.0
# ========== cri: docker ==========
# docker binary
# docker_version: 24.0.6
# cridockerd. Required when kube_version is greater than 1.24
# cridockerd_version: v0.3.1
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.7.3
# runc binary
runc_version: v1.1.7
# ========== cni ==========
# cni_plugins binary
# cni_plugins_version: v1.2.0
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.28.2
# ========== cni: cilium ==========
# cilium helm
# cilium_version: 1.15.0
# ========== cni: kubeovn ==========
# kubeovn helm
# kubeovn_version: 1.12.0
# ========== cni: hybridnet ==========
# hybridnet helm
# hybridnet_version: 0.6.8
# ========== storageclass ==========
# ========== storageclass: nfs ==========
# nfs provisioner helm version
# nfs_provisioner_version: 4.0.20
kubernetes:
controller_manager:
extra_args:
cluster-signing-duration: 87600h
download:
# if set as "cn", so that online downloads will try to use available domestic sources whenever possible.
zone: ""
kubernetes:
kube_version: {{ .kube_version }}
# helm binary
helm_version: v3.12.1
etcd:
# etcd binary
etcd_version: v3.5.9
image_registry:
# ========== image registry ==========
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
keepalived_version: 2.0.20
# ========== image registry: harbor ==========
# harbor image tag
harbor_version: v2.10.1
# docker-compose binary
dockercompose_version: v2.20.3
# ========== image registry: docker-registry ==========
# docker-registry image tag
docker_registry_version: 2.8.3
cri:
sandbox_image:
tag: "3.8"
# support: containerd,docker
container_manager: containerd
sandbox_image:
tag: "3.8"
# ========== cri ==========
# crictl binary
crictl_version: v1.28.0
# ========== cri: docker ==========
# docker binary
docker_version: 24.0.6
# cridockerd. Required when kube_version is greater than 1.24
cridockerd_version: v0.3.1
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.7.3
# runc binary
runc_version: v1.1.7
cni:
multus:
image:
tag: v4.1.0
# ========== cni ==========
# cni_plugins binary (optional)
# cni_plugins_version: v1.2.0
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.28.2
# ========== cni: cilium ==========
# cilium helm
cilium_version: 1.15.0
# ========== cni: kubeovn ==========
# kubeovn helm
kubeovn_version: 1.12.0
# ========== cni: hybridnet ==========
# hybridnet helm
hybridnet_version: 0.6.8
storage_class:
# ========== storageclass ==========
# ========== storageclass: local ==========
local:
provisioner_image:
tag: 3.8.0
linux_utils_image:
tag: 3.8.0
# ========== storageclass: nfs ==========
# nfs provisioner helm version
nfs_provisioner_version: 4.0.10
dns:
dns_image:
tag: v1.10.1
dns_cache_image:
tag: 1.22.20
# image_manifests:
# - docker.io/calico/apiserver:v3.28.2
# - docker.io/calico/cni:v3.28.2

133
builtin/core/defaults/config/v1.29.yaml
View File

@ -1,70 +1,81 @@
apiVersion: kubekey.kubesphere.io/v1
kind: Config
spec:
# zone for kk. how to download files
# kkzone: cn
# work_dir is the directory where the artifact is extracted.
# work_dir: /var/lib/kubekey/
# the version of kubernetes to be installed.
# should be greater than or equal to kube_version_min_required.
kube_version: {{ .kube_version }}
# helm binary
helm_version: v3.13.3
# etcd binary
etcd_version: v3.5.10
# ========== image registry ==========
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
# keepalived_version: 2.0.20
# ========== image registry: harbor ==========
# harbor image tag
# harbor_version: v2.10.1
# docker-compose binary
# dockercompose_version: v2.20.3
# ========== image registry: docker-registry ==========
# docker-registry image tag
# docker_registry_version: 2.8.3
# ========== cri ==========
# crictl binary
crictl_version: v1.29.0
# ========== cri: docker ==========
# docker binary
# docker_version: 24.0.7
# cridockerd. Required when kube_version is greater than 1.24
# cridockerd_version: v0.3.1
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.7.6
# runc binary
runc_version: v1.1.7
# ========== cni ==========
# cni_plugins binary
# cni_plugins_version: v1.2.0
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.28.2
# ========== cni: cilium ==========
# cilium helm
# cilium_version: 1.15.4
# ========== cni: kubeovn ==========
# kubeovn helm
# kubeovn_version: 1.13.0
# ========== cni: hybridnet ==========
# hybridnet helm
# hybridnet_version: 0.6.8
# ========== storageclass ==========
# ========== storageclass: nfs ==========
# nfs provisioner helm version
# nfs_provisioner_version: 4.0.20
kubernetes:
controller_manager:
extra_args:
cluster-signing-duration: 87600h
download:
# if set as "cn", so that online downloads will try to use available domestic sources whenever possible.
zone: ""
kubernetes:
kube_version: {{ .kube_version }}
# helm binary
helm_version: v3.13.3
etcd:
# etcd binary
etcd_version: v3.5.10
image_registry:
# ========== image registry ==========
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
keepalived_version: 2.0.20
# ========== image registry: harbor ==========
# harbor image tag
harbor_version: v2.10.1
# docker-compose binary
dockercompose_version: v2.20.3
# ========== image registry: docker-registry ==========
# docker-registry image tag
docker_registry_version: 2.8.3
cri:
sandbox_image:
tag: "3.8"
# support: containerd,docker
container_manager: containerd
sandbox_image:
tag: "3.8"
# ========== cri ==========
# crictl binary
crictl_version: v1.29.0
# ========== cri: docker ==========
# docker binary
docker_version: 24.0.7
# cridockerd. Required when kube_version is greater than 1.24
cridockerd_version: v0.3.1
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.7.6
# runc binary
runc_version: v1.1.7
cni:
multus:
image:
tag: v4.1.1
# ========== cni ==========
# cni_plugins binary (optional)
# cni_plugins_version: v1.2.0
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.28.2
# ========== cni: cilium ==========
# cilium helm
cilium_version: 1.15.4
# ========== cni: kubeovn ==========
# kubeovn helm
kubeovn_version: 1.13.0
# ========== cni: hybridnet ==========
# hybridnet helm
hybridnet_version: 0.6.8
storage_class:
# ========== storageclass ==========
# ========== storageclass: local ==========
local:
provisioner_image:
tag: 3.9.0
linux_utils_image:
tag: 3.9.0
# ========== storageclass: nfs ==========
# nfs provisioner helm version
nfs_provisioner_version: 4.1.0
dns:
dns_image:
tag: v1.11.1
dns_cache_image:
tag: 1.23.1
# image_manifests:
# - docker.io/calico/apiserver:v3.28.2
# - docker.io/calico/cni:v3.28.2

133
builtin/core/defaults/config/v1.30.yaml
View File

@ -1,70 +1,81 @@
apiVersion: kubekey.kubesphere.io/v1
kind: Config
spec:
# zone for kk. how to download files
# kkzone: cn
# work_dir is the directory where the artifact is extracted.
# work_dir: /var/lib/kubekey/
# the version of kubernetes to be installed.
# should be greater than or equal to kube_version_min_required.
kube_version: {{ .kube_version }}
# helm binary
helm_version: v3.13.3
# etcd binary
etcd_version: v3.5.10
# ========== image registry ==========
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
# keepalived_version: 2.0.20
# ========== image registry: harbor ==========
# harbor image tag
# harbor_version: v2.10.1
# docker-compose binary
# dockercompose_version: v2.20.3
# ========== image registry: docker-registry ==========
# docker-registry image tag
# docker_registry_version: 2.8.3
# ========== cri ==========
# crictl binary
crictl_version: v1.30.0
# ========== cri: docker ==========
# docker binary
# docker_version: 24.0.7
# cridockerd. Required when kube_version is greater than 1.24
# cridockerd_version: v0.3.1
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.7.6
# runc binary
runc_version: v1.1.7
# ========== cni ==========
# cni_plugins binary
# cni_plugins_version: v1.2.0
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.28.2
# ========== cni: cilium ==========
# cilium helm
# cilium_version: 1.15.4
# ========== cni: kubeovn ==========
# kubeovn helm
# kubeovn_version: 1.13.0
# ========== cni: hybridnet ==========
# hybridnet helm
# hybridnet_version: 0.6.8
# ========== storageclass ==========
# ========== storageclass: nfs ==========
# nfs provisioner helm version
# nfs_provisioner_version: 4.0.20
kubernetes:
controller_manager:
extra_args:
cluster-signing-duration: 87600h
download:
# if set as "cn", so that online downloads will try to use available domestic sources whenever possible.
zone: ""
kubernetes:
kube_version: {{ .kube_version }}
# helm binary
helm_version: v3.13.3
etcd:
# etcd binary
etcd_version: v3.5.10
image_registry:
# ========== image registry ==========
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
keepalived_version: 2.0.20
# ========== image registry: harbor ==========
# harbor image tag
harbor_version: v2.10.1
# docker-compose binary
dockercompose_version: v2.20.3
# ========== image registry: docker-registry ==========
# docker-registry image tag
docker_registry_version: 2.8.3
cri:
sandbox_image:
tag: "3.8"
# support: containerd,docker
container_manager: containerd
sandbox_image:
tag: "3.8"
# ========== cri ==========
# crictl binary
crictl_version: v1.30.0
# ========== cri: docker ==========
# docker binary
docker_version: 24.0.7
# cridockerd. Required when kube_version is greater than 1.24
cridockerd_version: v0.3.1
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.7.6
# runc binary
runc_version: v1.1.7
cni:
multus:
image:
tag: v4.2.1
# ========== cni ==========
# cni_plugins binary (optional)
# cni_plugins_version: v1.2.0
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.28.2
# ========== cni: cilium ==========
# cilium helm
cilium_version: 1.15.4
# ========== cni: kubeovn ==========
# kubeovn helm
kubeovn_version: 1.13.0
# ========== cni: hybridnet ==========
# hybridnet helm
hybridnet_version: 0.6.8
storage_class:
# ========== storageclass ==========
# ========== storageclass: local ==========
local:
provisioner_image:
tag: 4.0.0
linux_utils_image:
tag: 4.0.0
# ========== storageclass: nfs ==========
# nfs provisioner helm version
nfs_provisioner_version: 4.1.0
dns:
dns_image:
tag: v1.11.1
dns_cache_image:
tag: 1.23.1
# image_manifests:
# - docker.io/calico/apiserver:v3.28.2
# - docker.io/calico/cni:v3.28.2

133
builtin/core/defaults/config/v1.31.yaml
View File

@ -1,70 +1,81 @@
apiVersion: kubekey.kubesphere.io/v1
kind: Config
spec:
# zone for kk. how to download files
# kkzone: cn
# work_dir is the directory where the artifact is extracted.
# work_dir: /var/lib/kubekey/
# the version of kubernetes to be installed.
# should be greater than or equal to kube_version_min_required.
kube_version: {{ .kube_version }}
# helm binary
helm_version: v3.13.3
# etcd binary
etcd_version: v3.5.11
# ========== image registry ==========
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
# keepalived_version: 2.0.20
# ========== image registry: harbor ==========
# harbor image tag
# harbor_version: v2.10.1
# docker-compose binary
# dockercompose_version: v2.20.3
# ========== image registry: docker-registry ==========
# docker-registry image tag
# docker_registry_version: 2.8.3
# ========== cri ==========
# crictl binary
crictl_version: v1.31.0
# ========== cri: docker ==========
# docker binary
# docker_version: 24.0.7
# cridockerd. Required when kube_version is greater than 1.24
# cridockerd_version: v0.3.1
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.7.6
# runc binary
runc_version: v1.1.7
# ========== cni ==========
# cni_plugins binary
# cni_plugins_version: v1.2.0
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.28.2
# ========== cni: cilium ==========
# cilium helm
# cilium_version: 1.15.4
# ========== cni: kubeovn ==========
# kubeovn helm
# kubeovn_version: 1.13.0
# ========== cni: hybridnet ==========
# hybridnet helm
# hybridnet_version: 0.6.8
# ========== storageclass ==========
# ========== storageclass: nfs ==========
# nfs provisioner helm version
# nfs_provisioner_version: 4.0.20
kubernetes:
controller_manager:
extra_args:
cluster-signing-duration: 87600h
download:
# if set as "cn", so that online downloads will try to use available domestic sources whenever possible.
zone: ""
kubernetes:
kube_version: {{ .kube_version }}
# helm binary
helm_version: v3.13.3
etcd:
# etcd binary
etcd_version: v3.5.11
image_registry:
# ========== image registry ==========
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
keepalived_version: 2.0.20
# ========== image registry: harbor ==========
# harbor image tag
harbor_version: v2.10.1
# docker-compose binary
dockercompose_version: v2.20.3
# ========== image registry: docker-registry ==========
# docker-registry image tag
docker_registry_version: 2.8.3
cri:
sandbox_image:
tag: "3.8"
# support: containerd,docker
container_manager: containerd
sandbox_image:
tag: "3.8"
# ========== cri ==========
# crictl binary
crictl_version: v1.31.0
# ========== cri: docker ==========
# docker binary
docker_version: 24.0.7
# cridockerd. Required when kube_version is greater than 1.24
cridockerd_version: v0.3.1
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.7.6
# runc binary
runc_version: v1.1.7
cni:
multus:
image:
tag: v4.2.1
# ========== cni ==========
# cni_plugins binary (optional)
# cni_plugins_version: v1.2.0
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.28.2
# ========== cni: cilium ==========
# cilium helm
cilium_version: 1.15.4
# ========== cni: kubeovn ==========
# kubeovn helm
kubeovn_version: 1.13.0
# ========== cni: hybridnet ==========
# hybridnet helm
hybridnet_version: 0.6.8
storage_class:
# ========== storageclass ==========
# ========== storageclass: local ==========
local:
provisioner_image:
tag: 4.1.0
linux_utils_image:
tag: 4.1.0
# ========== storageclass: nfs ==========
# nfs provisioner helm version
nfs_provisioner_version: 4.2.0
dns:
dns_image:
tag: v1.12.0
dns_cache_image:
tag: 1.23.1
# image_manifests:
# - docker.io/calico/apiserver:v3.28.2
# - docker.io/calico/cni:v3.28.2

133
builtin/core/defaults/config/v1.32.yaml
View File

@ -1,70 +1,81 @@
apiVersion: kubekey.kubesphere.io/v1
kind: Config
spec:
# zone for kk. how to download files
# kkzone: cn
# work_dir is the directory where the artifact is extracted.
# work_dir: /var/lib/kubekey/
# the version of kubernetes to be installed.
# should be greater than or equal to kube_version_min_required.
kube_version: {{ .kube_version }}
# helm binary
helm_version: v3.14.3
# etcd binary
etcd_version: v3.5.11
# ========== image registry ==========
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
# keepalived_version: 2.0.20
# ========== image registry: harbor ==========
# harbor image tag
# harbor_version: v2.10.1
# docker-compose binary
# dockercompose_version: v2.20.3
# ========== image registry: docker-registry ==========
# docker-registry image tag
# docker_registry_version: 2.8.3
# ========== cri ==========
# crictl binary
crictl_version: v1.32.0
# ========== cri: docker ==========
# docker binary
# docker_version: 24.0.7
# cridockerd. Required when kube_version is greater than 1.24
# cridockerd_version: v0.3.1
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.7.6
# runc binary
runc_version: v1.1.7
# ========== cni ==========
# cni_plugins binary
# cni_plugins_version: v1.2.0
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.28.2
# ========== cni: cilium ==========
# cilium helm
# cilium_version: 1.15.4
# ========== cni: kubeovn ==========
# kubeovn helm
# kubeovn_version: 1.13.0
# ========== cni: hybridnet ==========
# hybridnet helm
# hybridnet_version: 0.6.8
# ========== storageclass ==========
# ========== storageclass: nfs ==========
# nfs provisioner helm version
# nfs_provisioner_version: 4.0.20
kubernetes:
controller_manager:
extra_args:
cluster-signing-duration: 87600h
download:
# if set as "cn", so that online downloads will try to use available domestic sources whenever possible.
zone: ""
kubernetes:
kube_version: {{ .kube_version }}
# helm binary
helm_version: v3.14.3
etcd:
# etcd binary
etcd_version: v3.5.11
image_registry:
# ========== image registry ==========
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
keepalived_version: 2.0.20
# ========== image registry: harbor ==========
# harbor image tag
harbor_version: v2.10.1
# docker-compose binary
dockercompose_version: v2.20.3
# ========== image registry: docker-registry ==========
# docker-registry image tag
docker_registry_version: 2.8.3
cri:
sandbox_image:
tag: "3.8"
# support: containerd,docker
container_manager: containerd
sandbox_image:
tag: "3.8"
# ========== cri ==========
# crictl binary
crictl_version: v1.32.0
# ========== cri: docker ==========
# docker binary
docker_version: 24.0.7
# cridockerd. Required when kube_version is greater than 1.24
cridockerd_version: v0.3.1
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.7.6
# runc binary
runc_version: v1.1.7
cni:
multus:
image:
tag: v4.3.0
# ========== cni ==========
# cni_plugins binary (optional)
# cni_plugins_version: v1.2.0
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.28.2
# ========== cni: cilium ==========
# cilium helm
cilium_version: 1.15.4
# ========== cni: kubeovn ==========
# kubeovn helm
kubeovn_version: 1.13.0
# ========== cni: hybridnet ==========
# hybridnet helm
hybridnet_version: 0.6.8
storage_class:
# ========== storageclass ==========
# ========== storageclass: local ==========
local:
provisioner_image:
tag: 4.2.0
linux_utils_image:
tag: 4.2.0
# ========== storageclass: nfs ==========
# nfs provisioner helm version
nfs_provisioner_version: 4.2.0
dns:
dns_image:
tag: v1.12.0
dns_cache_image:
tag: 1.24.0
# image_manifests:
# - docker.io/calico/apiserver:v3.28.2
# - docker.io/calico/cni:v3.28.2

133
builtin/core/defaults/config/v1.33.yaml
View File

@ -1,70 +1,81 @@
apiVersion: kubekey.kubesphere.io/v1
kind: Config
spec:
# zone for kk. how to download files
# kkzone: cn
# work_dir is the directory where the artifact is extracted.
# work_dir: /var/lib/kubekey/
# the version of kubernetes to be installed.
# should be greater than or equal to kube_version_min_required.
kube_version: {{ .kube_version }}
# helm binary
helm_version: v3.18.5
# etcd binary
etcd_version: v3.5.11
# ========== image registry ==========
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
# keepalived_version: 2.0.20
# ========== image registry: harbor ==========
# harbor image tag
# harbor_version: v2.10.1
# docker-compose binary
# dockercompose_version: v2.20.3
# ========== image registry: docker-registry ==========
# docker-registry image tag
# docker_registry_version: 2.8.3
# ========== cri ==========
# crictl binary
crictl_version: v1.33.0
# ========== cri: docker ==========
# docker binary
# docker_version: 24.0.7
# cridockerd. Required when kube_version is greater than 1.24
# cridockerd_version: v0.3.1
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.7.6
# runc binary
runc_version: v1.1.7
# ========== cni ==========
# cni_plugins binary
# cni_plugins_version: v1.2.0
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.28.2
# ========== cni: cilium ==========
# cilium helm
# cilium_version: 1.15.4
# ========== cni: kubeovn ==========
# kubeovn helm
# kubeovn_version: 1.13.0
# ========== cni: hybridnet ==========
# hybridnet helm
# hybridnet_version: 0.6.8
# ========== storageclass ==========
# ========== storageclass: nfs ==========
# nfs provisioner helm version
# nfs_provisioner_version: 4.0.20
kubernetes:
controller_manager:
extra_args:
cluster-signing-duration: 87600h
download:
# if set as "cn", so that online downloads will try to use available domestic sources whenever possible.
zone: ""
kubernetes:
kube_version: {{ .kube_version }}
# helm binary
helm_version: v3.18.5
etcd:
# etcd binary
etcd_version: v3.5.11
image_registry:
# ========== image registry ==========
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
keepalived_version: 2.0.20
# ========== image registry: harbor ==========
# harbor image tag
harbor_version: v2.10.1
# docker-compose binary
dockercompose_version: v2.20.3
# ========== image registry: docker-registry ==========
# docker-registry image tag
docker_registry_version: 2.8.3
cri:
sandbox_image:
tag: "3.9"
# support: containerd,docker
container_manager: containerd
sandbox_image:
tag: "3.9"
# ========== cri ==========
# crictl binary
crictl_version: v1.33.0
# ========== cri: docker ==========
# docker binary
docker_version: 24.0.7
# cridockerd. Required when kube_version is greater than 1.24
cridockerd_version: v0.3.1
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.7.6
# runc binary
runc_version: v1.1.7
cni:
multus:
image:
tag: v4.3.0
# ========== cni ==========
# cni_plugins binary (optional)
# cni_plugins_version: v1.2.0
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.28.2
# ========== cni: cilium ==========
# cilium helm
cilium_version: 1.15.4
# ========== cni: kubeovn ==========
# kubeovn helm
kubeovn_version: 1.13.0
# ========== cni: hybridnet ==========
# hybridnet helm
hybridnet_version: 0.6.8
storage_class:
# ========== storageclass ==========
# ========== storageclass: local ==========
local:
provisioner_image:
tag: 4.3.0
linux_utils_image:
tag: 4.3.0
# ========== storageclass: nfs ==========
# nfs provisioner helm version
nfs_provisioner_version: 4.3.0
dns:
dns_image:
tag: v1.13.0
dns_cache_image:
tag: 1.24.0
# image_manifests:
# - docker.io/calico/apiserver:v3.28.2
# - docker.io/calico/cni:v3.28.2

92
builtin/core/playbooks/add_nodes.yaml
View File

@ -1,97 +1,47 @@
---
- import_playbook: hook/default.yaml
- import_playbook: hook/pre_install.yaml
# load defaults vars
# Load default variables and perform prechecks on all hosts
- hosts:
- all
vars_files:
- vars/common.yaml
- vars/kubernetes.yaml
gather_facts: true
roles:
- defaults
- precheck
# precheck
# Download all required software and generate certificates on the localhost
- hosts:
- localhost
gather_facts: true
roles:
- role: precheck/artifact_check
when: .artifact.artifact_file | empty | not
- certs/init
- download
# Initialize all nodes and install necessary software packages
- hosts:
- k8s_cluster
- etcd
- k8s_cluster
- image_registry
- nfs
gather_facts: true
roles:
- precheck/env_check
- native
- hosts:
- localhost
gather_facts: true
roles:
- init/init-artifact
# init os
# Install the etcd cluster
- hosts:
- etcd
- k8s_cluster
- registry
- nfs
gather_facts: true
roles:
- init/init-os
- hosts:
- kube_control_plane
tasks:
- name: select init node
run_once: true
add_hostvars:
hosts: k8s_cluster
vars:
init_kubernetes_node: >-
{{- $initNodes := list -}}
{{- range .groups.kube_control_plane -}}
{{- if index $.hostvars . "kubernetes_install_LoadState" "stdout" | eq "loaded" -}}
{{- $initNodes = append $initNodes . -}}
{{- end -}}
{{- end -}}
{{- if $initNodes | len | eq 1 -}}
{{ $initNodes | first }}
{{- else if $initNodes | len | lt 1 -}}
{{ index $initNodes (randInt 0 ((sub ($initNodes | len) 1) | int)) }}
{{- end -}}
- name: init node
when: eq .inventory_hostname .init_kubernetes_node
block:
- name: Generate certificate key by kubeadm
command: |
if [ ! -f /etc/kubernetes/kubeadm-config.yaml ]; then
kubectl get cm kubeadm-config -n kube-system -o=jsonpath='{.data.ClusterConfiguration}' > /etc/kubernetes/kubeadm-config.yaml
fi
/usr/local/bin/kubeadm init phase upload-certs --upload-certs --config /etc/kubernetes/kubeadm-config.yaml 2>&1 \
| awk '/Using certificate key:/{getline; print}'
register: kubeadm_cert_result
- name: add certificate key to all hosts
add_hostvars:
hosts: k8s_cluster
vars:
kubeadm_cert: >-
{{ .kubeadm_cert_result.stdout }}
- name: Generate token by kubeadm
command: /usr/local/bin/kubeadm token create
register: kubeadm_token_result
- name: add token to all hosts
add_hostvars:
hosts: k8s_cluster
vars:
kubeadm_token: >-
{{ .kubeadm_token_result.stdout }}
- etcd
- hosts:
- k8s_cluster
roles:
- role: install/cri
- role: cri
when: or (.add_nodes | default list | empty) (.add_nodes | default list | has .inventory_hostname)
- role: kubernetes/init-kubernetes
when: or (.add_nodes | default list | empty) (.add_nodes | default list | has .inventory_hostname)
- role: kubernetes/pre-kubernetes
when: or (.add_nodes | default list | empty) (.add_nodes | default list | has .inventory_hostname)
when: or (.add_nodes | default list | empty) (.add_nodes | default list | has .inventory_hostname)
- role: kubernetes/join-kubernetes
when: or (.add_nodes | default list | empty) (.add_nodes | default list | has .inventory_hostname)
- role: kubernetes/certs

11
builtin/core/playbooks/artifact_export.yaml
View File

@ -1,11 +1,16 @@
---
- import_playbook: hook/default.yaml
# Load default variables and perform prechecks on all hosts
- hosts:
- all
gather_facts: true
roles:
- defaults
# Download all required software and generate certificates on the localhost
- hosts:
- localhost
roles:
- init/init-artifact
- init/init-cert
- download
tasks:
- name: Export artifact
command: |

61
builtin/core/playbooks/artifact_images.yaml
View File

@ -1,12 +1,17 @@
---
- import_playbook: hook/default.yaml
# Load default variables and perform prechecks on all hosts
- hosts:
- all
tags: ["always"]
gather_facts: true
roles:
- defaults
- hosts:
- localhost
tags: ["always"]
pre_tasks:
- name: Image | Download container images
tags: ["always"]
tasks:
- name: PullImage | Download container images
tags: ["pull"]
image:
pull:
images_dir: >-
@ -14,6 +19,46 @@
manifests: "{{ .image_manifests | toJson }}"
when:
- .image_manifests | default list | empty | not
roles:
- role: install/image-registry
tags: ["always"]
- name: PushImage | Push images to registry
tags: ["push"]
block:
- name: PushImage | Ensure Harbor project exists for each image
when: .image_registry.type | eq "harbor"
command: |
# Traverse first-level subdirectories in images_dir, skipping 'blobs'
for registry_dir in {{ .binary_dir }}/images/*; do
if [ ! -d "$registry_dir" ] || [ "$(basename "$registry_dir")" = "blobs" ]; then
continue
fi
# Traverse second-level subdirectories in each registry_dir
for project_dir in "$registry_dir"/*; do
if [ ! -d "$project_dir" ]; then
continue
fi
project=$(basename "$project_dir")
# Check if the Harbor project exists; create it if it does not
resp=$(curl -u "{{ .image_registry.auth.username }}:{{ .image_registry.auth.password }}" -k -X GET "https://{{ .image_registry.auth.registry }}/api/v2.0/projects/${project}")
if echo "$resp" | grep -q '"code":"NOT_FOUND"'; then
curl -u "{{ .image_registry.auth.username }}:{{ .image_registry.auth.password }}" -k -X POST \
-H "Content-Type: application/json" \
"https://{{ .image_registry.auth.registry }}/api/v2.0/projects" \
-d "{ \"project_name\": \"${project}\", \"public\": true}"
fi
done
done
- name: PushImage | Push images package to image registry
image:
push:
images_dir: >-
{{ .binary_dir }}/images/
dest: >-
{{ .image_registry.auth.registry }}/{{ .module.image.src.reference.repository }}:{{ .module.image.src.reference.reference }}
username: >-
{{ .image_registry.auth.username }}
password: >-
{{ .image_registry.auth.password }}
skip_tls_verify: true

13
builtin/core/playbooks/certs_renew.yaml
View File

@ -1,20 +1,17 @@
---
# load defaults vars
- import_playbook: hook/default.yaml
# Load default variables and perform prechecks on all hosts
- hosts:
- all
vars_files:
- vars/certs_renew.yaml
gather_facts: true
roles:
- defaults
- hosts:
- localhost
tags: ["certs"]
roles:
- init/init-cert
- cert/init
- hosts:
- all
tags: ["certs"]
roles:
- role: certs/renew

67
builtin/core/playbooks/create_cluster.yaml
View File

@ -1,90 +1,71 @@
---
- import_playbook: hook/default.yaml
- import_playbook: hook/pre_install.yaml
# load defaults vars
# Load default variables and perform prechecks on all hosts
- hosts:
- all
vars_files:
- vars/common.yaml
- vars/kubernetes.yaml
gather_facts: true
roles:
- defaults
- precheck
# precheck
# Download all required software and generate certificates on the localhost
- hosts:
- localhost
roles:
- role: precheck/artifact_check
when: .artifact.artifact_file | empty | not
- hosts:
- k8s_cluster
- etcd
- image_registry
- nfs
gather_facts: true
roles:
- precheck/env_check
- certs/init
- download
- hosts:
- localhost
gather_facts: true
roles:
- init/init-artifact
- init/init-cert
# init os
# Initialize all nodes and install necessary software packages
- hosts:
- etcd
- k8s_cluster
- image_registry
- nfs
roles:
- init/init-os
# install
- hosts:
- nfs
gather_facts: true
roles:
- install/nfs
- native
# Install the etcd cluster
- hosts:
- etcd
gather_facts: true
roles:
- install/etcd
- etcd
# Install the private image registry
- hosts:
- image_registry
gather_facts: true
roles:
- install/image-registry
- image-registry
# Install the Kubernetes cluster
- hosts:
- k8s_cluster
gather_facts: true
roles:
- install/cri
- cri
- kubernetes/pre-kubernetes
- kubernetes/init-kubernetes
- kubernetes/join-kubernetes
- role: kubernetes/join-kubernetes
when:
- .init_kubernetes_node | ne .inventory_hostname
- .kubernetes_install_LoadState.stdout | eq "not-found"
- role: kubernetes/certs
when:
- .kubernetes.certs.renew
- .groups.kube_control_plane | default list | has .inventory_hostname
post_tasks:
- name: Add custom label to cluster
- name: Add custom labels to the cluster nodes
command: |
{{- range $k, $v := .kubernetes.custom_labels }}
/usr/local/bin/kubectl label --overwrite node {{ $.hostname }} {{ $k }}={{ $v }}
{{- end }}
when: .kubernetes.custom_label | empty | not
# Install Kubernetes cluster software components (CNI and storage class) on a random control plane node
- hosts:
- kube_control_plane|random
roles:
- install/cni
- install/storageclass
- role: install/security
when: .security_enhancement
- cni
- storage-class
- import_playbook: hook/post_install.yaml

15
builtin/core/playbooks/delete_cluster.yaml
View File

@ -1,12 +1,12 @@
---
- import_playbook: hook/default.yaml
- import_playbook: hook/pre_install.yaml
# load defaults vars
# Load default variables and perform prechecks on all hosts
- hosts:
- all
vars_files:
- vars/common.yaml
- vars/kubernetes.yaml
gather_facts: true
roles:
- defaults
- hosts:
- k8s_cluster
@ -19,11 +19,12 @@
post_tasks:
- name: delete localDNS file
ignore_errors: true
loop: "{{ .native.localDNS | toJson }}"
command: |
sed -i ':a;$!{N;ba};s@# kubekey hosts BEGIN.*# kubekey hosts END@@' {{ .item }}
sed -i ':a;$!{N;ba};s@# kubekey control_plane_endpoint BEGIN.*# kubekey control_plane_endpoint END@@' {{ .item }}
sed -i ':a;$!{N;ba};s@# kubekey kubernetes control_plane_endpoint BEGIN.*# kubekey kubernetes control_plane_endpoint END@@' {{ .item }}
sed -i ':a;$!{N;ba};s@# kubekey image_registry control_plane_endpoint BEGIN.*# kubekey image_registry control_plane_endpoint END@@' {{ .item }}
when: .deleteDNS
loop: "{{ .localDNS | toJson }}"
- hosts:
- etcd

44
builtin/core/playbooks/delete_nodes.yaml
View File

@ -1,32 +1,17 @@
---
- import_playbook: hook/default.yaml
# load defaults vars
# Load default variables and perform prechecks on all hosts
- hosts:
- all
vars_files:
- vars/common.yaml
- vars/kubernetes.yaml
gather_facts: true
roles:
- defaults
- precheck
- hosts:
- kube_control_plane
gather_facts: true
tasks:
- name: Get kubelet.service LoadState and save to variable
command: systemctl show kubelet.service -p LoadState --value
register: kubernetes_install_LoadState
- name: Get kubelet.service ActiveState and save to variable
command: systemctl show kubelet.service -p ActiveState --value
register: kubernetes_install_ActiveState
- name: Check kubernetes service and version
when: .kubernetes_install_LoadState.stdout | eq "loaded"
block:
- name: Kubernetes should be active
assert:
that: .kubernetes_install_ActiveState.stdout | eq "active"
fail_msg: >-
kubernetes should be active when it's loaded
- name: Keep at least one control_plane node.
- name: DeleteNode | Ensure at least one control plane node remains in the cluster
run_once: true
command: |
{{- $cpNodes := list -}}
@ -35,17 +20,15 @@
{{- $cpNodes = append $cpNodes . -}}
{{- end -}}
{{- end -}}
{{- if (subtractList $cpNodes .delete_nodes) | empty | not }}
exit 0
{{- else }}
echo "should keep at least one control_plane"
{{- if (subtractList $cpNodes .delete_nodes) | empty }}
echo "At least one control plane node must be retained in the cluster." >&2
exit 1
{{- end }}
- hosts:
- k8s_cluster
pre_tasks:
- name: delete node from cluster
- name: DeleteNode | Remove node from Kubernetes cluster
when: .delete_nodes | default list | has .inventory_hostname
command: |
if kubectl get node {{ .hostname }} > /dev/null 2>&1; then
@ -55,7 +38,7 @@
else
kubectl drain {{ .hostname }} --ignore-daemonsets --delete-emptydir-data --force
fi
{{- if .kubernetes.kube_network_plugin | eq "calico" }}
{{- if .cni.type | eq "calico" }}
calicoctl delete node {{ .hostname }}
{{- end }}
kubectl delete node {{ .hostname }}
@ -69,15 +52,16 @@
- .groups.image_registry | default list | has .inventory_hostname | not
- .delete_nodes | default list | has .inventory_hostname
post_tasks:
- name: delete localDNS file
- name: DeleteNode | Clean up local DNS configuration files
ignore_errors: true
loop: "{{ .native.localDNS | toJson }}"
command: |
sed -i ':a;$!{N;ba};s@# kubekey hosts BEGIN.*# kubekey hosts END@@' {{ .item }}
sed -i ':a;$!{N;ba};s@# kubekey control_plane_endpoint BEGIN.*# kubekey control_plane_endpoint END@@' {{ .item }}
sed -i ':a;$!{N;ba};s@# kubekey kubernetes control_plane_endpoint BEGIN.*# kubekey kubernetes control_plane_endpoint END@@' {{ .item }}
sed -i ':a;$!{N;ba};s@# kubekey image_registry control_plane_endpoint BEGIN.*# kubekey image_registry control_plane_endpoint END@@' {{ .item }}
when:
- .deleteDNS
- .delete_nodes | default list | has .inventory_hostname
loop: "{{ .localDNS | toJson }}"
- hosts:
- etcd

10
builtin/core/playbooks/delete_registry.yaml
View File

@ -1,12 +1,10 @@
---
- import_playbook: hook/default.yaml
# load defaults vars
# Load default variables and perform prechecks on all hosts
- hosts:
- all
vars_files:
- vars/common.yaml
- vars/kubernetes.yaml
gather_facts: true
roles:
- defaults
- hosts:
- image_registry

34
builtin/core/playbooks/hook/default.yaml
View File

@ -1,34 +0,0 @@
---
- hosts:
- all
gather_facts: true
tags: ["always"]
vars:
architectures:
amd64:
- amd64
- x86_64
arm64:
- arm64
- aarch64
tasks:
- name: Get os arch for each node
tags: ["always"]
set_fact:
binary_type: >-
{{- if .architectures.amd64 | has .os.architecture -}}
amd64
{{- else if .architectures.arm64 | has .os.architecture -}}
arm64
{{- end -}}
- hosts:
- all
tags: ["always"]
vars:
# work_dir: default is <current_dir>/kubekey
binary_dir: >-
{{ .work_dir }}/kubekey
scripts_dir: >-
{{ .binary_dir }}/scripts
tmp_dir: /tmp/kubekey

27
builtin/core/playbooks/hook/post_install.yaml
View File

@ -1,9 +1,16 @@
---
- name: Execute post install scripts
- name: Post | Apply Security Enhancements
hosts:
- all
roles:
- role: security
when: .security_enhancement
- name: Post | Run Post-Installation Scripts
hosts:
- all
tasks:
- name: Copy post install scripts to remote
- name: Post | Copy post-installation scripts to remote hosts
ignore_errors: true
copy:
src: >-
@ -11,15 +18,15 @@
dest: >-
/etc/kubekey/scripts/post_install_{{ .inventory_hostname }}.sh
mode: 0755
register: execute_result
register: post_install_copy_result
- name: Execute post install scripts
when: .execute_result.error | empty
- name: Post | Execute post-installation scripts on remote hosts
when: .post_install_copy_result.error | empty
command: |
for file in /etc/kubekey/scripts/post_install_*.sh; do
if [ -f $file ]; then
# execute file
chmod +x $file
$file
if [ -f "$file" ]; then
# Make the script executable and run it
chmod +x "$file"
"$file"
fi
done
done

18
builtin/core/playbooks/hook/pre_install.yaml
View File

@ -1,9 +1,9 @@
---
- name: Execute pre install scripts
- name: Pre | Run Pre-Installation Scripts
hosts:
- all
tasks:
- name: Copy pre install scripts to remote
- name: Pre | Copy pre-installation scripts to remote hosts
ignore_errors: true
copy:
src: >-
@ -11,15 +11,15 @@
dest: >-
/etc/kubekey/scripts/pre_install_{{ .inventory_hostname }}.sh
mode: 0755
register: execute_result
register: pre_install_copy_result
- name: Execute pre install scripts
when: .execute_result.error | empty
- name: Pre | Execute pre-installation scripts on remote hosts
when: .pre_install_copy_result.error | empty
command: |
for file in /etc/kubekey/scripts/pre_install_*.sh; do
if [ -f $file ]; then
# execute file
chmod +x $file
$file
if [ -f "$file" ]; then
# Make the script executable and run it
chmod +x "$file"
"$file"
fi
done

19
builtin/core/playbooks/init_os.yaml
View File

@ -1,16 +1,25 @@
---
- import_playbook: hook/default.yaml
# Load default variables and perform prechecks on all hosts
- hosts:
- all
gather_facts: true
roles:
- defaults
# Download all required software and generate certificates on the localhost
- hosts:
- localhost
gather_facts: true
roles:
- init/init-artifact
- init/init-cert
- certs/init
- download
# Initialize all nodes and install necessary software packages
- hosts:
- etcd
- k8s_cluster
- registry
- image_registry
- nfs
roles:
- init/init-os
- native

32
builtin/core/playbooks/init_registry.yaml
View File

@ -1,15 +1,25 @@
---
- import_playbook: hook/default.yaml
# Load default variables and perform prechecks on all hosts
- hosts:
- localhost
roles:
- init/init-artifact
- init/init-cert
- hosts:
- image_registry
- all
tags: ["always"]
gather_facts: true
roles:
- init/init-os
- install/image-registry
- role: defaults
# Download all required software and generate certificates on the localhost
- hosts:
- localhost
gather_facts: true
roles:
- role: certs/init
- role: download
# Initialize all nodes and install necessary software packages
- hosts:
- image_registry
tags: ["always"]
roles:
- role: native
- role: image-registry

19
builtin/core/playbooks/precheck.yaml
View File

@ -1,19 +1,8 @@
---
- import_playbook: hook/default.yaml
# Load default variables and perform prechecks on all hosts
- hosts:
- localhost
roles:
- role: precheck/artifact_check
when: .artifact.artifact_file | empty | not
- hosts:
- k8s_cluster
- etcd
- image_registry
- nfs
- all
gather_facts: true
tags: ["always"]
roles:
- role: precheck/env_check
tags: ["always"]
- defaults
- precheck

8
builtin/core/playbooks/vars/certs_renew.yaml
View File

@ -1,8 +0,0 @@
kubernetes:
etcd:
deployment_type: external
cri:
# support: containerd,docker
container_manager: docker
image_registry:
type: harbor

45
builtin/core/playbooks/vars/common.yaml
View File

@ -1,45 +0,0 @@
# The global registry used for all images. Leave empty to use default registries.
global_registry: ""
# The registry to use for docker.io images.
dockerio_registry: >-
{{- if .global_registry | empty | not -}}
{{ .global_registry }}
{{- else -}}
docker.io
{{- end -}}
# The registry to use for quay.io images.
quayio_registry: >-
{{- if .global_registry | empty | not -}}
{{ .global_registry }}
{{- else -}}
quay.io
{{- end -}}
# The registry to use for ghcr.io images.
ghcrio_registry: >-
{{- if .global_registry | empty | not -}}
{{ .global_registry }}
{{- else -}}
ghcr.io
{{- end -}}
# Enable or disable security enhancement features.
security_enhancement: false
# Set to true to remove the container runtime interface (CRI) such as containerd or Docker from target nodes.
deleteCRI: false
# Set to true to uninstall etcd from target nodes.
deleteETCD: false
# Set to true to remove local DNS entries managed by Kubekey from the specified files.
deleteDNS: false
# Set to true to uninstall the image registry from target nodes.
deleteImageRegistry: false
# List of local DNS files to clean up if deleteDNS is enabled.
localDNS:
- /etc/hosts

193
builtin/core/playbooks/vars/kubernetes.yaml
View File

@ -1,193 +0,0 @@
kubernetes:
cluster_name: kubekey
# Supported network plugins: flannel, calico
kube_network_plugin: calico
# The image repository for Kubernetes components.
image_repository: >-
{{ .dockerio_registry }}/kubesphere
# Minimum memory (in MB) required for each kube_worker node.
# This value must be at least minimal_node_memory_mb.
minimal_node_memory_mb: 10
# Maximum number of pods allowed per node.
max_pods: 110
audit: false
networking:
# The complete pod CIDR for the cluster. Supports: ipv4, ipv6, or dual-stack (ipv4,ipv6).
pod_cidr: 10.233.64.0/18
# Subnet mask size for IPv4 pod CIDR on each node.
ipv4_mask_size: 24
# Subnet mask size for IPv6 pod CIDR on each node.
ipv6_mask_size: 64
# The complete service CIDR for the cluster. Supports: ipv4, ipv6, or dual-stack (ipv4,ipv6).
service_cidr: 10.233.0.0/18
dns_domain: cluster.local
dns_image:
registry: >-
{{ .dockerio_registry }}
repository: >-
coredns
tag: 1.8.6
dns_cache_image:
registry: >-
{{ .dockerio_registry }}
repository: kubesphere/k8s-dns-node-cache
tag: 1.22.20
dns_service_ip: >-
{{ index (.kubernetes.networking.service_cidr | ipInCIDR) 2 }}
# The IP address for nodelocaldns to bind.
clusterDNS: 169.254.25.10
apiserver:
port: 6443
certSANs: []
extra_args:
# Example: feature-gates: ExpandCSIVolumes=true,CSIStorageCapacity=true,RotateKubeletServerCertificate=true
controller_manager:
extra_args:
# Example: feature-gates: ExpandCSIVolumes=true,CSIStorageCapacity=true,RotateKubeletServerCertificate=true
scheduler:
extra_args:
# Example: feature-gates: ExpandCSIVolumes=true,CSIStorageCapacity=true,RotateKubeletServerCertificate=true
kube_proxy:
enabled: true
# Supported proxy modes: ipvs, iptables
mode: "ipvs"
config:
iptables:
masqueradeAll: false
masqueradeBit: 14
minSyncPeriod: 0s
syncPeriod: 30s
kubelet:
max_pod: 110
pod_pids_limit: 10000
# feature_gates:
container_log_max_size: 5Mi
container_log_max_files: 3
# extra_args:
coredns:
dns_etc_hosts: []
# DNS zone configuration
zone_configs:
# Each entry defines DNS zones to match. Default port is 53.
# ".": matches all DNS zones.
# "example.com": matches *.example.com using DNS server on port 53.
# "example.com:54": matches *.example.com using DNS server on port 54.
- zones: [".:53"]
additional_configs:
- errors
- ready
- prometheus :9153
- loop
- reload
- loadbalance
cache: 30
kubernetes:
zones:
- "{{ .kubernetes.networking.dns_domain }}"
# Internal DNS message rewriting can be configured here.
# rewrite:
# - rule: continue
# field: name
# type: exact
# value: "example.com example2.com"
# options: ""
forward:
# Forwarding rules for DNS queries.
- from: "."
# Destination endpoints for forwarding. The TO syntax allows protocol specification.
to: ["/etc/resolv.conf"]
# List of domains to exclude from forwarding.
except: []
# Use TCP for forwarding even if the request was over UDP.
force_tcp: false
# Prefer UDP for forwarding, retry with TCP if response is truncated.
prefer_udp: false
# Number of consecutive failed health checks before marking an upstream as down.
# max_fails: 2
# Time after which cached connections expire.
# expire: 10s
# TLS properties for secure connections can be set here.
# tls:
# cert_file: ""
# key_file: ""
# ca_file: ""
# tls_servername: ""
# Policy for selecting upstream servers: random (default), round_robin, sequential.
# policy: "random"
# Health check configuration for upstream servers.
# health_check: ""
# Maximum number of concurrent DNS queries.
max_concurrent: 1000
# Specify a stable IP address or DNS name for the control plane endpoint.
# For high availability, it is recommended to use a DNS domain name for control_plane_endpoint.
# Options:
# 1. If a DNS domain name is available:
# - Set control_plane_endpoint to the DNS name and configure it to resolve to all control plane node IPs.
# 2. If a DNS domain name is not available:
# - Set control_plane_endpoint to a DNS name that can be added later.
# - Add the DNS name resolution to the localDNS file on each node in the format:
# {{ vip }} {{ control_plane_endpoint }}
# - If a VIP is available:
# Deploy kube-vip on control plane nodes to map the VIP to the actual node IPs.
# - If a VIP is not available:
# Deploy HAProxy on worker nodes. Map a fixed IP (e.g., 127.0.0.2) as the VIP and route it to all control plane node IPs.
#
# Non-HA scenario: (No installation provided; parameters are for manual configuration.)
# In this case, set the VIP to one of the control plane nodes.
control_plane_endpoint:
host: lb.kubesphere.local
port: "{{ .kubernetes.apiserver.port }}"
# Supported types: local, kube_vip, haproxy
# If type is local, the following applies:
# - On control-plane nodes: 127.0.0.1 {{ .kubernetes.control_plane_endpoint.host }}
# - On worker nodes: {{ .init_kubernetes_node }} {{ .kubernetes.control_plane_endpoint.host }}
type: local
kube_vip:
# The IP address of the node's network interface (e.g., "eth0").
# address:
# Supported modes: ARP, BGP
mode: ARP
image:
registry: >-
{{ .dockerio_registry }}
repository: plndr/kube-vip
tag: v0.7.2
haproxy:
# The IP address on the node's "lo" (loopback) interface.
address: 127.0.0.1
health_port: 8081
image:
registry: >-
{{ .dockerio_registry }}
repository: library/haproxy
tag: 2.9.6-alpine
etcd:
# etcd can be deployed in three ways:
# - external: Use an external etcd cluster.
# - internal: Deploy etcd as a static pod.
deployment_type: external
image:
registry: >-
{{ .dockerio_registry }}
repository: kubesphere/etcd
tag: 3.5.0
# custom_labels: {}
# Enable or disable automatic renewal of Kubernetes certificates.
certs:
# Kubernetes Certificate Authority (CA) files can be provided in three ways:
# 1. kubeadm: Leave ca_cert and ca_key empty to let kubeadm generate them automatically.
# These certificates are valid for 10 years and remain unchanged.
# 2. kubekey: Set ca_cert to {{ .binary_dir }}/pki/ca.cert and ca_key to {{ .binary_dir }}/pki/ca.key.
# These are generated by kubekey, valid for 10 years, and can be updated using `cert.ca_date`.
# 3. custom: Provide your own CA files by specifying the absolute paths for ca_cert and ca_key.
#
# To use custom CA files, specify their absolute paths below.
# If left empty, the default behavior (kubeadm or kubekey) will be used.
ca_cert: ""
ca_key: ""
# The following fields are for the Kubernetes front-proxy CA certificate and key.
# To use custom front-proxy CA files, specify their absolute paths below.
# If left empty, the default behavior will be used.
front_proxy_cert: ""
front_proxy_key: ""
renew: true

5
builtin/core/roles/init/init-cert/tasks/main.yaml → builtin/core/roles/certs/init/tasks/main.yaml
View File

@ -1,5 +1,6 @@
---
- name: Cert | Generate the root CA certificate file
tags: ["always"]
gen_cert:
cn: root
date: "{{ .certs.ca.date }}"
@ -10,6 +11,7 @@
{{ .binary_dir }}/pki/root.crt
- name: Cert | Generate Kubernetes CA certificates
tags: ["kubernetes"]
block:
- name: Cert | Generate the Kubernetes CA certificate file
gen_cert:
@ -41,6 +43,7 @@
{{ .binary_dir }}/pki/front-proxy.crt
- name: Cert | Generate the etcd certificate file
tags: ["etcd"]
gen_cert:
root_key: >-
{{ .binary_dir }}/pki/root.key
@ -69,6 +72,7 @@
when: .groups.etcd | default list | empty | not
- name: Cert | Generate the image registry certificate file
tags: ["image_registry"]
gen_cert:
root_key: >-
{{ .binary_dir }}/pki/root.key
@ -100,6 +104,7 @@
when: .groups.image_registry | default list | empty | not
- name: Cert | Set ownership of the PKI directory to the sudo user
tags: ["kubernetes"]
block:
- name: Cert | Change ownership of the PKI directory to the sudo user
ignore_errors: true

6
builtin/core/roles/certs/renew/etcd/tasks/main.yaml
View File

@ -2,19 +2,19 @@
- name: ETCD | Copy CA certificate to remote host
copy:
src: >-
{{ .binary_dir }}/pki/root.crt
{{ ..etcd.ca_file }}
dest: /etc/ssl/etcd/ssl/ca.crt
- name: ETCD | Copy server certificate to remote host
copy:
src: >-
{{ .binary_dir }}/pki/etcd.crt
{{ .etcd.cert_file }}
dest: /etc/ssl/etcd/ssl/server.crt
- name: ETCD | Copy server private key to remote host
copy:
src: >-
{{ .binary_dir }}/pki/etcd.key
{{ .etcd.key_file }}
dest: /etc/ssl/etcd/ssl/server.key
- name: ETCD | Restart etcd service to apply new certificates

4
builtin/core/roles/certs/renew/image-registry/tasks/harbor.yaml
View File

@ -4,14 +4,14 @@
src: >-
{{ .binary_dir }}/pki/image_registry.crt
dest: >-
/opt/harbor/{{ .harbor_version }}/ssl/server.crt
/opt/harbor/{{ .image_registry.harbor_version }}/ssl/server.crt
- name: Harbor | Copy image registry private key to remote host
copy:
src: >-
{{ .binary_dir }}/pki/image_registry.key
dest: >-
/opt/harbor/{{ .harbor_version }}/ssl/server.key
/opt/harbor/{{ .image_registry.harbor_version }}/ssl/server.key
- name: Harbor | Restart Harbor service to apply new certificates
command: systemctl restart harbor.service

6
builtin/core/roles/certs/renew/image-registry/tasks/registry.yaml
View File

@ -4,14 +4,14 @@
src: >-
{{ .binary_dir }}/pki/image_registry.crt
dest: >-
/opt/docker-registry/{{ .docker_registry_version }}/ssl/server.crt
/opt/docker-registry/{{ .image_registry.docker_registry_version }}/ssl/server.crt
- name: Docker Registry | Copy image registry private key to remote host
copy:
src: >-
{{ .binary_dir }}/pki/image_registry.key
dest: >-
/opt/docker-registry/{{ .docker_registry_version }}/ssl/server.key
/opt/docker-registry/{{ .image_registry.docker_registry_version }}/ssl/server.key
- name: Docker Registry | Restart registry service to apply new certificates
command: systemctl restart registry.service
command: systemctl restart docker-registry.service

6
builtin/core/roles/certs/renew/kubernetes/tasks/etcd.yaml
View File

@ -2,20 +2,20 @@
- name: ETCD | Copy CA certificate to remote host
copy:
src: >-
{{ .binary_dir }}/pki/root.crt
{{ .etcd.ca_file }}
dest: /etc/kubernetes/pki/etcd/ca.crt
mode: 0755
- name: ETCD | Copy client certificate to remote host
copy:
src: >-
{{ .binary_dir }}/pki/etcd.crt
{{ .etcd.cert_file }}
dest: /etc/kubernetes/pki/etcd/client.crt
mode: 0755
- name: ETCD | Copy client key to remote host
copy:
src: >-
{{ .binary_dir }}/pki/etcd.key
{{ .etcd.key_file }}
dest: /etc/kubernetes/pki/etcd/client.key
mode: 0755

4
builtin/core/roles/certs/renew/kubernetes/tasks/kube.yaml
View File

@ -15,7 +15,7 @@
/usr/local/bin/kubeadm alpha certs renew admin.conf
/usr/local/bin/kubeadm alpha certs renew controller-manager.conf
/usr/local/bin/kubeadm alpha certs renew scheduler.conf
{{- if .kubernetes.etcd.deployment_type | eq "internal" }}
{{- if .etcd.deployment_type | eq "internal" }}
/usr/local/bin/kubeadm alpha certs renew etcd-healthcheck-client
/usr/local/bin/kubeadm alpha certs renew etcd-peer
/usr/local/bin/kubeadm alpha certs renew etcd-server
@ -28,7 +28,7 @@
/usr/local/bin/kubeadm certs renew admin.conf
/usr/local/bin/kubeadm certs renew controller-manager.conf
/usr/local/bin/kubeadm certs renew scheduler.conf
{{- if .kubernetes.etcd.deployment_type | eq "internal" }}
{{- if .etcd.deployment_type | eq "internal" }}
/usr/local/bin/kubeadm certs renew etcd-healthcheck-client
/usr/local/bin/kubeadm certs renew etcd-peer
/usr/local/bin/kubeadm certs renew etcd-server

6
builtin/core/roles/certs/renew/kubernetes/tasks/main.yaml
View File

@ -3,7 +3,7 @@
- include_tasks: etcd.yaml
when:
- .kubernetes.etcd.deployment_type | eq "external"
- .etcd.deployment_type | eq "external"
- .groups.etcd | default list | empty | not
- name: Kubernetes | Restart Kubernetes control plane pods
@ -13,7 +13,7 @@
docker ps -af name=k8s_PODS_kube-apiserver* -q | xargs --no-run-if-empty docker rm -f
docker ps -af name=k8s_PODS_kube-controller-manager* -q | xargs --no-run-if-empty docker rm -f
docker ps -af name=k8s_PODS_kube-scheduler* -q | xargs --no-run-if-empty docker rm -f
{{- if .kubernetes.etcd.deployment_type | eq "docker" }}
{{- if .etcd.deployment_type | eq "docker" }}
# Restarting etcd pods managed by Docker
docker ps -af name=k8s_PODS_etcd* -q | xargs --no-run-if-empty docker rm -f
{{- end }}
@ -22,7 +22,7 @@
crictl pods --name kube-apiserver-* -q | xargs -I% --no-run-if-empty bash -c 'crictl stopp % && crictl rmp %'
crictl pods --name kube-controller-manager-* -q | xargs -I% --no-run-if-empty bash -c 'crictl stopp % && crictl rmp %'
crictl pods --name kube-scheduler-* -q | xargs -I% --no-run-if-empty bash -c 'crictl stopp % && crictl rmp %'
{{- if .kubernetes.etcd.deployment_type | eq "internal" }}
{{- if .etcd.deployment_type | eq "internal" }}
# Restarting etcd pods managed by the container runtime
crictl pods --name etcd-* -q | xargs -I% --no-run-if-empty bash -c 'crictl stopp % && crictl rmp %'
{{- end }}

12
builtin/core/roles/cni/calico/defaults/main.yaml Normal file
View File

@ -0,0 +1,12 @@
cni:
calico:
values: |
# calico helm values
tigeraOperator:
registry: {{ .image_registry.quayio_registry }}
calicoctl:
image: {{ .image_registry.dockerio_registry }}/calico/ctl
installation:
registry: {{ .image_registry.dockerio_registry }}
calicoNetwork:
bgp: Enabled

33
builtin/core/roles/cni/calico/tasks/main.yaml Normal file
View File

@ -0,0 +1,33 @@
---
- name: Calico | Check if calicoctl is installed
ignore_errors: true
command: calicoctl version
register: calicoctl_install_version
register_type: yaml
- name: Calico | Install calicoctl if it is not present
when: .calicoctl_install_version.error | empty | not
block:
- name: Calico | Copy calicoctl binary to remote node
copy:
src: >-
{{ .binary_dir }}/cni/calico/{{ .cni.calico_version }}/{{ .binary_type }}/calicoctl
dest: /usr/local/bin/calicoctl
mode: 0755
- name: Calico | Copy Calico Helm package to remote node
copy:
src: >-
{{ .binary_dir }}/cni/calico/tigera-operator-{{ .cni.calico_version }}.tgz
dest: >-
/etc/kubernetes/cni/tigera-operator-{{ .cni.calico_version }}.tgz
- name: Calico | Generate custom values file for Calico
copy:
content: |
{{ .cni.calico.values }}
dest: /etc/kubernetes/cni/calico-values.yaml
- name: Calico | Deploy Calico using Helm
command: |
helm upgrade --install --create-namespace --namespace tigera-operator calico /etc/kubernetes/cni/tigera-operator-{{ .cni.calico_version }}.tgz -f /etc/kubernetes/cni/calico-values.yaml

28
builtin/core/roles/install/cni/cilium/defaults/main.yaml → builtin/core/roles/cni/cilium/defaults/main.yaml
View File

@ -3,47 +3,47 @@ cni:
values: |
# cilium helm values
image:
repository: {{ .quayio_registry }}/cilium/cilium-cli
repository: {{ .image_registry.quayio_registry }}/cilium/cilium-cli
certgen:
image:
repository: {{ .quayio_registry }}/cilium/certgen
repository: {{ .image_registry.quayio_registry }}/cilium/certgen
hubble:
relay:
image:
repository: {{ .quayio_registry }}/cilium/hubble-relay-ci
repository: {{ .image_registry.quayio_registry }}/cilium/hubble-relay-ci
ui:
backend:
image:
repository: {{ .quayio_registry }}/cilium/hubble-ui-backend
repository: {{ .image_registry.quayio_registry }}/cilium/hubble-ui-backend
frontend:
image:
repository: {{ .quayio_registry }}/cilium/hubble-ui
repository: {{ .image_registry.quayio_registry }}/cilium/hubble-ui
envoy:
image:
repository: {{ .quayio_registry }}/cilium/cilium-envoy
repository: {{ .image_registry.quayio_registry }}/cilium/cilium-envoy
operator:
replicas: 2
image:
repository: {{ .quayio_registry }}/cilium/operator
repository: {{ .image_registry.quayio_registry }}/cilium/operator
nodeinit:
image:
repository: {{ .quayio_registry }}/cilium/startup-script
repository: {{ .image_registry.quayio_registry }}/cilium/startup-script
preflight:
image:
repository: {{ .quayio_registry }}/cilium/cilium-ci
repository: {{ .image_registry.quayio_registry }}/cilium/cilium-ci
clustermesh:
apiserver:
image:
repository: {{ .quayio_registry }}/cilium/clustermesh-apiserver-ci
repository: {{ .image_registry.quayio_registry }}/cilium/clustermesh-apiserver-ci
authentication:
mutual:
spire:
install:
initImage:
repository: {{ .dockerio_registry }}/library/busybox
repository: {{ .image_registry.dockerio_registry }}/library/busybox
agent:
image:
repository: {{ .ghcrio_registry }}/spiffe/spire-agent
repository: {{ .image_registry.ghcrio_registry }}/spiffe/spire-agent
server:
image:
repository: {{ .ghcrio_registry }}/spiffe/spire-server
@ -56,12 +56,12 @@ cni:
{{- if .cni.ipv4_support }}
clusterPoolIPv4PodCIDRList:
- {{ .cni.ipv4_pods_cidr }}
clusterPoolIPv4MaskSize: {{ .cni.ipv4_block_size }}
clusterPoolIPv4MaskSize: {{ .cni.ipv4_mask_size }}
{{- end }}
{{- if .cni.ipv6_support }}
clusterPoolIPv6PodCIDRList:
- {{ .cni.ipv6_pods_cidr }}
clusterPoolIPv6MaskSize: {{ .cni.ipv6_block_size }}
clusterPoolIPv6MaskSize: {{ .cni.ipv6_mask_size }}
{{- end }}
{{- if not (.kubernetes.kube_proxy.enabled | default true) }}
kubeProxyReplacement: "true"

18
builtin/core/roles/cni/cilium/tasks/main.yaml Normal file
View File

@ -0,0 +1,18 @@
---
- name: Cilium | Ensure the cilium Helm chart archive is available
copy:
src: >-
{{ .binary_dir }}/cni/cilium/cilium-{{ .cni.cilium_version }}.tgz
dest: >-
/etc/kubernetes/cni/cilium-{{ .cni.cilium_version }}.tgz
- name: Cilium | Create the cilium Helm custom values file
copy:
content: |
{{ .cni.cilium.values }}
dest: /etc/kubernetes/cni/cilium-values.yaml
# See: https://docs.cilium.io/en/stable/installation/k8s-install-helm/
- name: Cilium | Deploy cilium with Helm
command: |
helm upgrade --install --namespace kube-system cilium /etc/kubernetes/cni/cilium-{{ .cni.cilium_version }}.tgz -f /etc/kubernetes/cni/cilium-values.yaml

17
builtin/core/roles/cni/defaults/main.yaml Normal file
View File

@ -0,0 +1,17 @@
cni:
# In Kubernetes, Pod CIDR supports IPv4, IPv6, and dual-stack. Specify as:
# "Single-stack IPv4": pod_cidr in "ipv4" format
# "Single-stack IPv6": pod_cidr in "ipv6" format
# "Dual-stack": pod_cidr in "ipv4,ipv6" format
ipv4_support: >-
{{ eq (.cni.pod_cidr | splitList "," | first | ipFamily) "IPv4" }}
ipv4_pods_cidr: >-
{{- if eq (.cni.pod_cidr | splitList "," | first | ipFamily) "IPv4" -}}
{{ .cni.pod_cidr | splitList "," | first }}
{{- end -}}
ipv6_support: >-
{{- eq (.cni.pod_cidr | default "10.233.64.0/18" | splitList "," | last | ipFamily) "IPv6" }}
ipv6_pods_cidr: >-
{{- if eq (.cni.pod_cidr | default "10.233.64.0/18" | splitList "," | last | ipFamily) "IPv6" -}}
{{ .cni.pod_cidr | default "10.233.64.0/18" | splitList "," | last }}
{{- end -}}

4
builtin/core/roles/install/cni/flannel/defaults/main.yaml → builtin/core/roles/cni/flannel/defaults/main.yaml
View File

@ -7,8 +7,8 @@ cni:
podCidrv6: {{ .cni.ipv6_pod_cidr }}
flannel:
image:
repository: {{ .dockerio_registry }}/flannel/flannel
repository: {{ .image_registry.dockerio_registry }}/flannel/flannel
image_cni:
repository: {{ .dockerio_registry }}/flannel/flannel-cni-plugin
repository: {{ .image_registry.dockerio_registry }}/flannel/flannel-cni-plugin
# support "vxlan" and "host-gw"
backend: vxlan

0
builtin/core/roles/install/cni/flannel/tasks/main.yaml → builtin/core/roles/cni/flannel/tasks/main.yaml
View File

2
builtin/core/roles/install/cni/hybridnet/defaults/main.yaml → builtin/core/roles/cni/hybridnet/defaults/main.yaml
View File

@ -3,4 +3,4 @@ cni:
values: |
# hybridnet helm values
images:
registryURL: {{ .dockerio_registry }}
registryURL: {{ .image_registry.dockerio_registry }}

6
builtin/core/roles/install/cni/hybridnet/tasks/main.yaml → builtin/core/roles/cni/hybridnet/tasks/main.yaml
View File

@ -2,9 +2,9 @@
- name: Hybridnet | Synchronize Hybridnet Helm chart package to remote node
copy:
src: >-
{{ .binary_dir }}/cni/hybridnet-{{ .hybridnet_version }}.tgz
{{ .binary_dir }}/cni/hybridnet-{{ .cni.hybridnet_version }}.tgz
dest: >-
/etc/kubernetes/cni/hybridnet-{{ .hybridnet_version }}.tgz
/etc/kubernetes/cni/hybridnet-{{ .cni.hybridnet_version }}.tgz
- name: Hybridnet | Generate Hybridnet custom values file
copy:
@ -15,4 +15,4 @@
# Reference: https://artifacthub.io/packages/helm/hybridnet/hybridnet
- name: Hybridnet | Install Hybridnet using Helm
command: |
helm upgrade --install --namespace kube-system hybridnet /etc/kubernetes/cni/hybridnet-{{ .hybridnet_version }}.tgz -f /etc/kubernetes/cni/hybridnet-values.yaml
helm upgrade --install --namespace kube-system hybridnet /etc/kubernetes/cni/hybridnet-{{ .cni.hybridnet_version }}.tgz -f /etc/kubernetes/cni/hybridnet-values.yaml

8
builtin/core/roles/install/cni/kubeovn/defaults/main.yaml → builtin/core/roles/cni/kubeovn/defaults/main.yaml
View File

@ -4,7 +4,7 @@ cni:
# kube-ovn helm values
global:
registry:
address: {{ .dockerio_registry }}/kubeovn
address: {{ .image_registry.dockerio_registry }}/kubeovn
{{- $ips := list }}
{{- range .groups.kube_control_plane | default list }}
{{- $internalIPv4 := index $.hostvars . "internal_ipv4" | default "" }}
@ -21,13 +21,13 @@ cni:
{{- if and .cni.ipv4_support (not .cni.ipv6_support) }}
ipv4:
POD_CIDR: {{ .cni.ipv4_pods_cidr }}
SVC_CIDR: {{ .cni.kube_svc_cidr }}
SVC_CIDR: {{ .cni.service_cidr }}
{{ else if and .cni.ipv6_support (not .cni.ipv4_support) }}
ipv6:
POD_CIDR: {{ .cni.ipv6_pods_cidr }}
SVC_CIDR: {{ .cni.kube_svc_cidr }}
SVC_CIDR: {{ .cni.service_cidr }}
{{ else if and .cni.ipv4_support .cni.ipv6_support }}
dual_stack:
POD_CIDR: {{ .cni.ipv4_pods_cidr }},{{ .cni.ipv6_pods_cidr }}
SVC_CIDR: {{ .cni.kube_svc_cidr }}
SVC_CIDR: {{ .cni.service_cidr }}
{{- end }}

8
builtin/core/roles/install/cni/kubeovn/tasks/main.yaml → builtin/core/roles/cni/kubeovn/tasks/main.yaml
View File

@ -2,9 +2,9 @@
- name: Kubeovn | Synchronize Kube-OVN Helm chart package to remote node
copy:
src: >-
{{ .binary_dir }}/cni/kubeovn/kubeovn-{{ .kubeovn_version }}.tgz
{{ .binary_dir }}/cni/kubeovn/kubeovn-{{ .cni.kubeovn_version }}.tgz
dest: >-
/etc/kubernetes/cni/kubeovn-{{ .kubeovn_version }}.tgz
/etc/kubernetes/cni/kubeovn-{{ .cni.kubeovn_version }}.tgz
- name: Kubeovn | Generate Kube-OVN custom values file
copy:
@ -19,9 +19,9 @@
- name: Kubeovn | Install Kube-OVN using Helm with custom values
command: |
helm upgrade --install --namespace kubeovn-system kubeovn /etc/kubernetes/cni/kubeovn-{{ .kubeovn_version }}.tgz -f /etc/kubernetes/cni/kubeovn-values.yaml
helm upgrade --install --namespace kubeovn-system kubeovn /etc/kubernetes/cni/kubeovn-{{ .cni.kubeovn_version }}.tgz -f /etc/kubernetes/cni/kubeovn-values.yaml
# Reference: https://kubeovn.github.io/docs/stable/start/one-step-install/#helm-chart
- name: Kubeovn | Install Kube-OVN using Helm
command: |
helm upgrade --install --namespace kubeovn-system kubeovn /etc/kubernetes/cni/kubeovn-{{ .kubeovn_version }}.tgz
helm upgrade --install --namespace kubeovn-system kubeovn /etc/kubernetes/cni/kubeovn-{{ .cni.kubeovn_version }}.tgz

19
builtin/core/roles/cni/meta/main.yaml Normal file
View File

@ -0,0 +1,19 @@
---
dependencies:
- role: cni/multus
when: .cni.multus.enabled
- role: cni/calico
when: .cni.type | eq "calico"
- role: cni/cilium
when: .cni.type | eq "cilium"
- role: cni/flannel
when: .cni.type | eq "flannel"
- role: cni/kubeovn
when: .cni.type | eq "kubeovn"
- role: cni/hybridnet
when: .cni.type | eq "hybridnet"

0
builtin/core/roles/install/cni/multus/tasks/main.yaml → builtin/core/roles/cni/multus/tasks/main.yaml
View File

0
builtin/core/roles/install/cni/multus/templates/multus.yaml → builtin/core/roles/cni/multus/templates/multus.yaml
View File

0
builtin/core/roles/install/cri/containerd/defaults/main.yaml → builtin/core/roles/cri/containerd/defaults/main.yaml
View File

0
builtin/core/roles/install/cri/containerd/files/containerd.service → builtin/core/roles/cri/containerd/files/containerd.service
View File

22
builtin/core/roles/install/cri/containerd/tasks/main.yaml → builtin/core/roles/cri/containerd/tasks/main.yaml
View File

@ -5,10 +5,10 @@
register: runc_install_version
- name: Containerd | Ensure the runc binary is present on the remote node
when: or (.runc_install_version.error | empty | not) (.runc_install_version.stdout | contains (printf "runc version %s\n" (.runc_version | default "" | trimPrefix "v" )) | not)
when: or (.runc_install_version.error | empty | not) (.runc_install_version.stdout | contains (printf "runc version %s\n" (.cri.runc_version | default "" | trimPrefix "v" )) | not)
copy:
src: >-
{{ .binary_dir }}/runc/{{ .runc_version }}/{{ .binary_type }}/runc.{{ .binary_type }}
{{ .binary_dir }}/runc/{{ .cri.runc_version }}/{{ .binary_type }}/runc.{{ .binary_type }}
dest: /usr/local/bin/runc
mode: 0755
@ -18,17 +18,17 @@
register: containerd_install_version
- name: Containerd | Install and configure containerd if not present or version mismatch
when: or (.containerd_install_version.error | empty | not) (.containerd_install_version.stdout | contains (printf " %s " .containerd_version) | not)
when: or (.containerd_install_version.error | empty | not) (.containerd_install_version.stdout | contains (printf " %s " .cri.containerd_version) | not)
block:
- name: Containerd | Copy containerd binary archive to the remote node
copy:
src: >-
{{ .binary_dir }}/containerd/{{ .containerd_version }}/{{ .binary_type }}/containerd-{{ .containerd_version | default "" | trimPrefix "v" }}-linux-{{ .binary_type }}.tar.gz
{{ .binary_dir }}/containerd/{{ .cri.containerd_version }}/{{ .binary_type }}/containerd-{{ .cri.containerd_version | default "" | trimPrefix "v" }}-linux-{{ .binary_type }}.tar.gz
dest: >-
{{ .tmp_dir }}/containerd-{{ .containerd_version | default "" | trimPrefix "v" }}-linux-{{ .binary_type }}.tar.gz
{{ .tmp_dir }}/containerd-{{ .cri.containerd_version | default "" | trimPrefix "v" }}-linux-{{ .binary_type }}.tar.gz
- name: Containerd | Extract containerd binaries to /usr/local/bin
command: |
tar -xvf {{ .tmp_dir }}/containerd-{{ .containerd_version | default "" | trimPrefix "v" }}-linux-{{ .binary_type }}.tar.gz --strip-components=1 -C /usr/local/bin/
tar -xvf {{ .tmp_dir }}/containerd-{{ .cri.containerd_version | default "" | trimPrefix "v" }}-linux-{{ .binary_type }}.tar.gz --strip-components=1 -C /usr/local/bin/
- name: Containerd | Generate the containerd configuration file
template:
src: config.toml
@ -42,23 +42,25 @@
systemctl daemon-reload && systemctl start containerd.service && systemctl enable containerd.service
- name: Containerd | Synchronize image registry TLS certificates to the remote node
when: .groups.image_registry | default list | empty | not
block:
- name: Containerd | Copy image registry CA certificate to the remote node
when: .image_registry.auth.ca_file | empty | not
copy:
src: >-
{{ .binary_dir }}/pki/root.crt
{{ .image_registry.auth.ca_file }}
dest: >-
/etc/containerd/certs.d/{{ .image_registry.auth.registry }}/ca.crt
- name: Containerd | Copy image registry server certificate to the remote node
when: .image_registry.auth.cert_file | empty | not
copy:
src: >-
{{ .binary_dir }}/pki/image_registry.crt
{{ .image_registry.auth.cert_file }}
dest: >-
/etc/containerd/certs.d/{{ .image_registry.auth.registry }}/server.crt
- name: Containerd | Copy image registry server key to the remote node
when: .image_registry.auth.key_file | empty | not
copy:
src: >-
{{ .binary_dir }}/pki/image_registry.key
{{ .image_registry.auth.key_file }}
dest: >-
/etc/containerd/certs.d/{{ .image_registry.auth.registry }}/server.key

12
builtin/core/roles/install/cri/containerd/templates/config.toml → builtin/core/roles/cri/containerd/templates/config.toml
View File

@ -63,19 +63,23 @@ state = "/run/containerd"
username = "{{ .image_registry.auth.username }}"
password = "{{ .image_registry.auth.password }}"
[plugins."io.containerd.grpc.v1.cri".registry.configs."{{ .image_registry.auth.registry }}".tls]
{{- if .groups.image_registry | default list | empty | not }}ecure_skip_verify = true
{{- if .image_registry.auth.ca_file | empty | not }}
ca_file = "/etc/containerd/certs.d/{{ .image_registry.auth.registry }}/ca.crt"
{{- end }}
{{- if .image_registry.auth.cert_file | empty | not }}
cert_file = "/etc/containerd/certs.d/{{ .image_registry.auth.registry }}/server.crt"
{{- end }}
{{- if .image_registry.auth.key_file | empty | not }}
key_file = "/etc/containerd/certs.d/{{ .image_registry.auth.registry }}/server.key"
{{- end }}
insecure_skip_verify = {{ .image_registry.auth.skip_ssl | default true }}
insecure_skip_verify = {{ .image_registry.auth.insecure | default true }}
{{- if .cri.registry.auths | empty | not }}
{{- range .cri.registry.auths }}
[plugins."io.containerd.grpc.v1.cri".registry.configs."{{ .repo }}".auth]
username = "{{ .username }}"
password = "{{ .password }}"
[plugins."io.containerd.grpc.v1.cri".registry.configs."{{ .repo }}".tls]
{{- if.ca_file }}
{{- if .ca_file }}
ca_file = {{ .ca_file }}
{{- end }}
{{- if .crt_file }}
@ -84,6 +88,6 @@ state = "/run/containerd"
{{- if .key_file }}
key_file = {{ .key_file }}
{{- end }}
insecure_skip_verify = {{ .skip_ssl | default true }}
insecure_skip_verify = {{ .insecure | default true }}
{{- end }}
{{- end }}

8
builtin/core/roles/install/cri/crictl/tasks/main.yaml → builtin/core/roles/cri/crictl/tasks/main.yaml
View File

@ -5,17 +5,17 @@
register: crictl_install_version
- name: Crictl | Install and configure crictl if not present or version mismatch
when: or (.crictl_install_version.error | empty | not) (.crictl_install_version.stdout | ne (printf "crictl version %s" .crictl_version))
when: or (.crictl_install_version.error | empty | not) (.crictl_install_version.stdout | ne (printf "crictl version %s" .cri.crictl_version))
block:
- name: Crictl | Copy crictl binary archive to the remote node
copy:
src: >-
{{ .binary_dir }}/crictl/{{ .crictl_version }}/{{ .binary_type }}/crictl-{{ .crictl_version }}-linux-{{ .binary_type }}.tar.gz
{{ .binary_dir }}/crictl/{{ .cri.crictl_version }}/{{ .binary_type }}/crictl-{{ .cri.crictl_version }}-linux-{{ .binary_type }}.tar.gz
dest: >-
{{ .tmp_dir }}/crictl-{{ .crictl_version }}-linux-{{ .binary_type }}.tar.gz
{{ .tmp_dir }}/crictl-{{ .cri.crictl_version }}-linux-{{ .binary_type }}.tar.gz
- name: Crictl | Extract crictl binary to /usr/local/bin
command: |
tar -xvf {{ .tmp_dir }}/crictl-{{ .crictl_version }}-linux-{{ .binary_type }}.tar.gz -C /usr/local/bin/
tar -xvf {{ .tmp_dir }}/crictl-{{ .cri.crictl_version }}-linux-{{ .binary_type }}.tar.gz -C /usr/local/bin/
- name: Crictl | Generate crictl configuration file
template:
src: crictl.yaml

0
builtin/core/roles/install/cri/crictl/templates/crictl.yaml → builtin/core/roles/cri/crictl/templates/crictl.yaml
View File

0
builtin/core/roles/install/cri/docker/defaults/main.yaml → builtin/core/roles/cri/docker/defaults/main.yaml
View File

0
builtin/core/roles/install/cri/docker/files/containerd.service → builtin/core/roles/cri/docker/files/containerd.service
View File

0
builtin/core/roles/install/cri/docker/files/docker.service → builtin/core/roles/cri/docker/files/docker.service
View File

8
builtin/core/roles/install/cri/docker/tasks/cridockerd.yaml → builtin/core/roles/cri/docker/tasks/cridockerd.yaml
View File

@ -5,17 +5,17 @@
register: cridockerd_install_version
- name: Cridockerd | Install and configure cri-dockerd if not present or version mismatch
when: or (.cridockerd_install_version.error | empty | not) (.cridockerd_install_version.stdout | hasPrefix (printf "cri-dockerd %s " .cridockerd_version) | not)
when: or (.cridockerd_install_version.error | empty | not) (.cridockerd_install_version.stdout | hasPrefix (printf "cri-dockerd %s " .cri.cridockerd_version) | not)
block:
- name: Cridockerd | Copy cri-dockerd binary archive to the remote node
copy:
src: >-
{{ .binary_dir }}/cri-dockerd/{{ .cridockerd_version }}/{{ .binary_type }}/cri-dockerd-{{ .cridockerd_version | default "" | trimPrefix "v" }}.{{ .binary_type }}.tgz
{{ .binary_dir }}/cri-dockerd/{{ .cri.cridockerd_version }}/{{ .binary_type }}/cri-dockerd-{{ .cri.cridockerd_version | default "" | trimPrefix "v" }}.{{ .binary_type }}.tgz
dest: >-
{{ .tmp_dir }}/cri-dockerd-{{ .cridockerd_version | default "" | trimPrefix "v" }}.{{ .binary_type }}.tgz
{{ .tmp_dir }}/cri-dockerd-{{ .cri.cridockerd_version | default "" | trimPrefix "v" }}.{{ .binary_type }}.tgz
- name: Cridockerd | Extract cri-dockerd binary to /usr/local/bin
command: |
tar -xvf {{ .tmp_dir }}/cri-dockerd-{{ .cridockerd_version | default "" | trimPrefix "v" }}.{{ .binary_type }}.tgz --strip-components=1 -C /usr/local/bin/
tar -xvf {{ .tmp_dir }}/cri-dockerd-{{ .cri.cridockerd_version | default "" | trimPrefix "v" }}.{{ .binary_type }}.tgz --strip-components=1 -C /usr/local/bin/
- name: Cridockerd | Generate cri-dockerd systemd service file
template:
src: cri-dockerd.service

24
builtin/core/roles/install/cri/docker/tasks/main.yaml → builtin/core/roles/cri/docker/tasks/main.yaml
View File

@ -2,7 +2,7 @@
# Docker | Install cri-dockerd if required for Kubernetes >= v1.24.0
- include_tasks: cridockerd.yaml
when:
- .kube_version | semverCompare ">=v1.24.0"
- .kubernetes.kube_version | semverCompare ">=v1.24.0"
- name: Docker | Check if Docker is installed on the system
ignore_errors: true
@ -10,17 +10,17 @@
register: docker_install_version
- name: Docker | Install and configure Docker if not present or version mismatch
when: or (.docker_install_version.error | empty | not) (.docker_install_version.stdout | hasPrefix (printf "Docker version %s," .docker_version) | not)
when: or (.docker_install_version.error | empty | not) (.docker_install_version.stdout | hasPrefix (printf "Docker version %s," .cri.docker_version) | not)
block:
- name: Docker | Copy Docker binary archive to the remote node
copy:
src: >-
{{ .binary_dir }}/docker/{{ .docker_version }}/{{ .binary_type }}/docker-{{ .docker_version }}.tgz
{{ .binary_dir }}/docker/{{ .cri.docker_version }}/{{ .binary_type }}/docker-{{ .cri.docker_version }}.tgz
dest: >-
{{ .tmp_dir }}/docker-{{ .docker_version }}.tgz
{{ .tmp_dir }}/docker-{{ .cri.docker_version }}.tgz
- name: Docker | Extract Docker binaries to /usr/local/bin
command: |
tar -C /usr/local/bin/ --strip-components=1 -xvf {{ .tmp_dir }}/docker-{{ .docker_version }}.tgz --wildcards docker/*
tar -C /usr/local/bin/ --strip-components=1 -xvf {{ .tmp_dir }}/docker-{{ .cri.docker_version }}.tgz --wildcards 'docker/*'
- name: Docker | Generate Docker configuration file
template:
src: daemon.json
@ -39,23 +39,25 @@
systemctl daemon-reload && systemctl start docker.service && systemctl enable docker.service
- name: Docker | Synchronize image registry TLS certificates to the remote node
when: .groups.image_registry | default list | empty | not
block:
- name: Docker | Copy image registry CA certificate to the remote node
when: .image_registry.auth.ca_file | empty | not
copy:
src: >-
{{ .binary_dir }}/pki/root.crt
{{ .image_registry.auth.ca_file }}
dest: >-
/etc/docker/certs.d/{{ .image_registry.auth.registry }}/ca.crt
- name: Docker | Copy image registry client certificate to the remote node
- name: Docker | Copy image registry server certificate to the remote node
when: .image_registry.auth.cert_file | empty | not
copy:
src: >-
{{ .binary_dir }}/pki/image_registry.crt
{{ .image_registry.auth.cert_file }}
dest: >-
/etc/docker/certs.d/{{ .image_registry.auth.registry }}/client.cert
- name: Docker | Copy image registry client key to the remote node
- name: Docker | Copy image registry server key to the remote node
when: .image_registry.auth.key_file | empty | not
copy:
src: >-
{{ .binary_dir }}/pki/image_registry.key
{{ .image_registry.auth.key_file }}
dest: >-
/etc/docker/certs.d/{{ .image_registry.auth.registry }}/client.key

0
builtin/core/roles/install/cri/docker/templates/cri-dockerd.service → builtin/core/roles/cri/docker/templates/cri-dockerd.service
View File

2
builtin/core/roles/install/cri/docker/templates/daemon.json → builtin/core/roles/cri/docker/templates/daemon.json
View File

@ -10,7 +10,7 @@
"registry-mirrors": {{ .cri.registry.mirrors | toJson }},
{{- end }}
{{- $insecure_registries := .cri.registry.insecure_registries | default list -}}
{{- if .image_registry.auth.skip_ssl -}}
{{- if .image_registry.auth.insecure -}}
{{- $insecure_registries = append $insecure_registries .image_registry.auth.registry -}}
{{- end -}}
"insecure-registries": {{ $insecure_registries | toJson }},

8
builtin/core/roles/cri/meta/main.yaml Normal file
View File

@ -0,0 +1,8 @@
dependencies:
- role: cri/crictl
- role: cri/docker
when: .cri.container_manager | eq "docker"
- role: cri/containerd
when: .cri.container_manager | eq "containerd"

36
builtin/core/roles/defaults/defaults/main/01-cluster_require.yaml Normal file
View File

@ -0,0 +1,36 @@
# Cluster parameter boundaries
cluster_require:
# Maximum etcd WAL fsync duration for 99th percentile (in nanoseconds)
etcd_disk_wal_fysnc_duration_seconds: 10000000
# Allow installation on unsupported Linux distributions
allow_unsupported_distribution_setup: false
# Supported operating system distributions
supported_os_distributions:
- ubuntu
- '"ubuntu"'
- centos
- '"centos"'
# Required network plugins
require_network_plugin: ['calico', 'flannel', 'cilium', 'hybridnet', 'kube-ovn']
# Minimum supported Kubernetes version
kube_version_min_required: v1.23.0
# Minimum memory (in MB) required for each control plane node
# Must be greater than or equal to minimal_master_memory_mb
minimal_master_memory_mb: 10
# Minimum memory (in MB) required for each worker node
# Must be greater than or equal to minimal_node_memory_mb
minimal_node_memory_mb: 10
# Supported etcd deployment types
require_etcd_deployment_type: ['internal', 'external']
# Supported container runtimes
require_container_manager: ['docker', 'containerd']
# Minimum required version of containerd
containerd_min_version_required: v1.6.0
# Supported CPU architectures
supported_architectures:
- amd64
- x86_64
- arm64
- aarch64
# Minimum required Linux kernel version
min_kernel_version: 4.9.17

39
builtin/core/roles/defaults/defaults/main/01-main.yaml Normal file
View File

@ -0,0 +1,39 @@
work_dir: /root/kubekey
binary_dir: >-
{{ .work_dir }}/kubekey
scripts_dir: >-
{{ .binary_dir }}/scripts
tmp_dir: /tmp/kubekey
# Mapping of common machine architecture names to their standard forms
transform_architectures:
amd64:
- amd64
- x86_64
arm64:
- arm64
- aarch64
# Enable enhanced security features for stricter cluster security requirements.
security_enhancement: false
# Enable Kubernetes audit logging.
# Audit logs record and track critical operations within the cluster, helping administrators monitor security events, troubleshoot issues, and meet compliance requirements (e.g., SOC2, ISO 27001).
audit: false
# When removing a node, also uninstall the node's container runtime (CRI), such as Docker or containerd.
deleteCRI: true
# When removing a node, also uninstall etcd from the node.
deleteETCD: true
# When removing a node, restore the node's DNS configuration.
deleteDNS: true
# When removing a node, also uninstall any private image registry (such as Harbor or registry) installed on the node.
# This is typically used in conjunction with nodes defined in inventory.groups.image_registry.
deleteImageRegistry: false
# image_manifests: List of container images to be synchronized to the private registry
image_manifests: []

49
builtin/core/roles/defaults/defaults/main/02-certs.yaml Normal file
View File

@ -0,0 +1,49 @@
# Certificate generation configuration
# The following certificates will be generated:
# - etcd certificates
# - Kubernetes cluster certificates (replacing the CA certificate generated by kubeadm, which is limited to a 10-year validity)
# - Image registry certificates (for Harbor and similar registries)
# Certificate chain structure:
# CA (self-signed or provided)
# |- etcd.cert
# |- etcd.key
# |
# |- image_registry.cert
# |- image_registry.key
# |
# |- kubernetes.cert
# |- kubernetes.key
# | |- kubeadm uses this to generate server certificates (kube-apiserver certificate)
# |- front-proxy.cert
# |- front-proxy.key
# |
# |- image-registry.cert
# |- image-registry.key
certs:
# CA certificate settings
ca:
# CA certificate expiration time
date: 87600h
# Certificate generation policy:
# IfNotPresent: Validate the certificate if it exists; generate a self-signed certificate only if it does not exist
gen_cert_policy: IfNotPresent
kubernetes_ca:
date: 87600h
# How to generate the certificate file. Supported values: IfNotPresent, Always
gen_cert_policy: IfNotPresent
front_proxy_ca:
date: 87600h
# How to generate the certificate file. Supported values: IfNotPresent, Always
gen_cert_policy: IfNotPresent
# etcd certificate
etcd:
date: 87600h
# How to generate the certificate file. Supported values: IfNotPresent, Always
gen_cert_policy: IfNotPresent
# image_registry certificate
image_registry:
date: 87600h
# How to generate the certificate file. Supported values: IfNotPresent, Always
gen_cert_policy: IfNotPresent

79
builtin/core/roles/defaults/defaults/main/02-image_registry.yaml Normal file
View File

@ -0,0 +1,79 @@
# In an online environment (when image_registry.auth.registry is empty), images are pulled directly from their original registries to the cluster.
# In an offline environment (when image_registry.auth.registry is set), images are first pulled from the source registry, cached locally, pushed to a private registry (such as Harbor), and then used by the cluster.
image_registry:
# Specify which image registry to install. Supported values: harbor, docker-registry
# If left empty, no image registry will be installed (assumes an existing registry is already available).
type: ""
ha_vip: ""
# Directory where images to be pushed to the registry are stored.
# Path for storing offline images
images_dir: >-
{{ .tmp_dir }}/images/
# Image registry authentication settings
auth:
registry: >-
{{- if .image_registry.type | empty | not }}
{{- if .image_registry.ha_vip | empty | not -}}
{{ .image_registry.ha_vip }}
{{- else if .groups.image_registry | default list | empty | not -}}
{{- $internalIPv4 := index .hostvars (.groups.image_registry | default list | first) "internal_ipv4" | default "" -}}
{{- $internalIPv6 := index .hostvars (.groups.image_registry | default list | first) "internal_ipv6" | default "" -}}
{{- if $internalIPv4 | empty | not -}}
{{ $internalIPv4 }}
{{- else if $internalIPv6 | empty | not -}}
{{ $internalIPv6 }}
{{- end -}}
{{- end -}}
{{- end -}}
username: admin
password: Harbor12345
insecure: >-
{{- if .image_registry.type | empty -}}
true
{{- end -}}
ca_file: >-
{{- if .image_registry.type | empty | not -}}
{{ .binary_dir }}/pki/root.crt
{{- end -}}
cert_file: >-
{{- if .image_registry.type | empty | not -}}
{{ .binary_dir }}/pki/image_registry.crt
{{- end -}}
key_file: >-
{{- if .image_registry.type | empty | not -}}
{{ .binary_dir }}/pki/image_registry.key
{{- end -}}
# Registry endpoint for images from docker.io
dockerio_registry: >-
{{- if .image_registry.auth.registry | empty | not -}}
{{ .image_registry.auth.registry }}
{{- else -}}
docker.io
{{- end -}}
# Registry endpoint for images from quay.io
quayio_registry: >-
{{- if .image_registry.auth.registry | empty | not -}}
{{ .image_registry.auth.registry }}
{{- else -}}
quay.io
{{- end -}}
# Registry endpoint for images from ghcr.io
ghcrio_registry: >-
{{- if .image_registry.auth.registry | empty | not -}}
{{ .image_registry.auth.registry }}
{{- else -}}
ghcr.io
{{- end -}}
# ========== image registry ==========
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
keepalived_version: 2.0.20
# ========== image registry: harbor ==========
# harbor image tag
harbor_version: v2.10.1
# ========== image registry: docker-registry ==========
# docker-registry image tag
docker_registry_version: 2.8.3

25
builtin/core/roles/defaults/defaults/main/02-native.yaml Normal file
View File

@ -0,0 +1,25 @@
# Essential operating system configuration settings
native:
ntp:
# List of NTP servers used for system time synchronization
servers:
- "cn.pool.ntp.org"
# Toggle to enable or disable the NTP service
enabled: true
# System timezone configuration
timezone: Asia/Shanghai
# NFS service configuration for nodes assigned the 'nfs' role in the inventory
nfs:
# Directories to be shared via NFS
share_dir:
- /share/
# Whether to set the node's hostname to the value defined in inventory.hosts.
set_hostname: true
# List of DNS configuration files to update on each node.
# This ensures that, during cluster installation, critical hostnames can be resolved locally even if no DNS service is available.
# For example:
# [control_plane_endpoint of master node] -> master node IP
# [hostname of the node being installed] -> corresponding node IP
localDNS:
- /etc/hosts

116
builtin/core/roles/defaults/defaults/main/03-kubernetes.yaml Normal file
View File

@ -0,0 +1,116 @@
kubernetes:
# Name of the cluster to be installed
cluster_name: kubekey
# Kubernetes version to deploy
kube_version: v1.33.1
# helm binary
helm_version: v3.18.5
# Image repository for built-in Kubernetes images
image_repository: >-
{{ .image_registry.dockerio_registry }}/kubesphere
# Kubernetes network configuration
# kube-apiserver pod parameters
apiserver:
port: 6443
certSANs: []
extra_args:
# Example: feature-gates: ExpandCSIVolumes=true,CSIStorageCapacity=true,RotateKubeletServerCertificate=true
# kube-controller-manager pod parameters
controller_manager:
extra_args:
cluster-signing-duration: 87600h
# Example: feature-gates: ExpandCSIVolumes=true,CSIStorageCapacity=true,RotateKubeletServerCertificate=true
# kube-scheduler pod parameters
scheduler:
extra_args:
# Example: feature-gates: ExpandCSIVolumes=true,CSIStorageCapacity=true,RotateKubeletServerCertificate=true
# kube-proxy pod parameters
kube_proxy:
enabled: true
# Supported proxy modes: ipvs, iptables
mode: "ipvs"
config:
iptables:
masqueradeAll: false
masqueradeBit: 14
minSyncPeriod: 0s
syncPeriod: 30s
# kubelet service parameters
kubelet:
max_pod: 110
pod_pids_limit: 10000
# feature_gates:
container_log_max_size: 5Mi
container_log_max_files: 3
# extra_args:
# Specify a stable IP address or DNS name for the control plane endpoint.
# For high availability, it is recommended to set control_plane_endpoint to a DNS name.
# Configuration guidance:
# 1. If a DNS name is available:
# - Set control_plane_endpoint to that DNS name and ensure it resolves to all control plane node IPs.
# 2. If no DNS name is available:
# - You can set a DNS name now and add the resolution later.
# - Add the resolution to each node's local DNS file, for example:
# {{ vip }} {{ control_plane_endpoint }}
# - If you have a VIP (Virtual IP):
# Deploy kube-vip on control plane nodes to map the VIP to the actual node IPs.
# - If you do not have a VIP:
# Deploy HAProxy on worker nodes, use a fixed IP (such as 127.0.0.2) as the VIP, and forward to all control plane node IPs.
#
# For non-HA scenarios (manual configuration only, not automatically installed):
# You can set the VIP to the IP of a single control plane node.
control_plane_endpoint:
host: lb.kubesphere.local
port: "{{ .kubernetes.apiserver.port }}"
# Supported types: local, kube_vip, haproxy
# When type is local, configure as follows:
# - On control-plane nodes: 127.0.0.1 {{ .kubernetes.control_plane_endpoint.host }}
# - On worker nodes: {{ .init_kubernetes_node }} {{ .kubernetes.control_plane_endpoint.host }}
type: local
kube_vip:
# The IP address of the node's network interface (e.g., "eth0").
address: ""
# Supported modes: ARP, BGP
mode: ARP
image:
registry: >-
{{ .dockerio_registry }}
repository: plndr/kube-vip
tag: v0.7.2
haproxy:
# The IP address on the node's "lo" (loopback) interface.
address: 127.0.0.1
health_port: 8081
image:
registry: >-
{{ .dockerio_registry }}
repository: library/haproxy
tag: 2.9.6-alpine
# Whether to automatically renew Kubernetes certificates
certs:
# There are three ways to provide the Kubernetes CA (Certificate Authority) files:
# 1. kubeadm: Leave ca_cert and ca_key empty, and kubeadm will generate them automatically. These certificates are valid for 10 years and will not change.
# 2. kubekey: Set ca_cert to {{ .binary_dir }}/pki/ca.cert and ca_key to {{ .binary_dir }}/pki/ca.key.
# These certificates are generated by kubekey, valid for 10 years, and can be updated via `cert.ca_date`.
# 3. Custom: Manually specify the absolute paths for ca_cert and ca_key to use your own CA files.
#
# To use custom CA files, fill in the absolute paths below.
# If left empty, the default behavior (kubeadm or kubekey) will be used.
ca_cert: ""
ca_key: ""
# The following fields are for the Kubernetes front-proxy CA certificate and key.
# To use custom front-proxy CA files, fill in the absolute paths below.
# If left empty, the default behavior will be used.
front_proxy_cert: ""
front_proxy_key: ""
# Automatically renew service certificates (Note: CA certificates cannot be renewed automatically)
renew: false

41
builtin/core/roles/defaults/defaults/main/04-cni.yaml Normal file
View File

@ -0,0 +1,41 @@
cni:
# CNI plugin to use (equivalent to kubernetes.kube_network_plugin)
# Specify the network plugin to install for the cluster. Supported: calico, cilium, flannel, hybridnet, kubeovn, other
# kube_network_plugin: calico
type: calico
# Maximum number of pods supported per node
max_pods: 110
# The complete Pod IP pool for the cluster. Supports IPv4, IPv6, and dual-stack.
pod_cidr: 10.233.64.0/18
# IPv4 subnet mask length for pod allocation per node. Determines the size of each node's pod IP pool.
ipv4_mask_size: 24
# IPv6 subnet mask length for pod allocation per node.
ipv6_mask_size: 64
# The complete Service IP pool for the cluster. Supports IPv4, IPv6, and dual-stack.
service_cidr: 10.233.0.0/18
# Network enhancement plugin for multiple pod network interfaces (Multus)
multus:
# Enable or disable the network enhancement plugin
enabled: false
image:
registry: >-
{{ .image_registry.ghcrio_registry }}
repository: k8snetworkplumbingwg/multus-cni
tag: v4.3.0
# ========== cni ==========
# cni_plugins binary
# cni_plugins_version: v1.2.0
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.28.2
# ========== cni: cilium ==========
# cilium helm
cilium_version: 1.15.4
# ========== cni: kubeovn ==========
# kubeovn helm
kubeovn_version: 1.13.0
# ========== cni: hybridnet ==========
# hybridnet helm
hybridnet_version: 0.6.8

40
builtin/core/roles/defaults/defaults/main/04-cri.yaml Normal file
View File

@ -0,0 +1,40 @@
cri:
# Container runtime to use. Supported: containerd, docker
container_manager: containerd
# Cgroup driver for the container runtime. Supported: systemd, cgroupfs
cgroup_driver: systemd
# Pause/sandbox image configuration
sandbox_image:
registry: >-
{{ .image_registry.dockerio_registry }}
repository: kubesphere/pause
tag: "3.9"
# CRI socket endpoint for the selected container runtime
cri_socket: >-
{{- if .cri.container_manager | eq "containerd" -}}
unix:///var/run/containerd/containerd.sock
{{- else if and (.cri.container_manager | eq "docker") (.kubernetes.kube_version | semverCompare ">=v1.24.0") -}}
unix:///var/run/cri-dockerd.sock
{{- end -}}
# Registry configuration for CRI, including mirrors, insecure registries, and authentication
registry:
mirrors: ["https://registry-1.docker.io"]
insecure_registries: []
auths: []
# ========== cri ==========
# crictl binary
crictl_version: v1.33.0
# ========== cri: docker ==========
# docker binary
docker_version: 24.0.7
# docker-compose binary
dockercompose_version: v2.20.3
# cridockerd. Required when kube_version is greater than 1.24
cridockerd_version: v0.3.1
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.7.6
# runc binary
runc_version: v1.1.7

44
builtin/core/roles/defaults/defaults/main/04-etcd.yaml Normal file
View File

@ -0,0 +1,44 @@
# etcd service configuration
etcd:
# etcd supports two deployment types:
# - external: Use an external etcd cluster.
# - internal: Deploy etcd as static Pods within the cluster.
deployment_type: external
etcd_version: v3.5.11
image:
registry: >-
{{ .image_registry.dockerio_registry }}
repository: kubesphere/etcd
tag: "{{ .etcd.etcd_version }}"
# endpoints: ["https://127.1.1.1:2379"]
# Environment variables for etcd service
env:
election_timeout: 5000
heartbeat_interval: 250
compaction_retention: 8
snapshot_count: 10000
data_dir: /var/lib/etcd
token: k8s_etcd
# metrics: basic
# quota_backend_bytes: 100
# max_request_bytes: 100
# max_snapshots: 100
# max_wals: 5
# log_level: info
# unsupported_arch: arm64
# etcd backup configuration
backup:
backup_dir: /var/lib/etcd-backup
keep_backup_number: 5
etcd_backup_script: "backup.sh"
on_calendar: "*-*-* *:00/30:00"
# Enable etcd performance tuning (set to true to enable)
performance: false
# Enable etcd traffic prioritization (set to true to enable)
traffic_priority: false
ca_file: >-
{{ .binary_dir }}/pki/root.crt
cert_file: >-
{{ .binary_dir }}/pki/etcd.crt
key_file: >-
{{ .binary_dir }}/pki/etcd.key

78
builtin/core/roles/defaults/defaults/main/05-dns.yaml Normal file
View File

@ -0,0 +1,78 @@
dns:
# ====== In-Cluster DNS Service Configuration ======
# The DNS domain suffix used for all services and pods within the cluster.
dns_domain: cluster.local
# CoreDNS image settings
dns_image:
registry: >-
{{ .image_registry.dockerio_registry }}
repository: >-
kubesphere
tag: v1.11.1
# NodeLocalDNS image settings
dns_cache_image:
registry: >-
{{ .image_registry.dockerio_registry }}
repository: kubesphere/k8s-dns-node-cache
tag: 1.24.0
# The IP address assigned to the cluster DNS service
dns_service_ip: >-
{{ index (.cni.service_cidr | ipInCIDR) 2 }}
# The IP address NodeLocalDNS will bind to on each node
dns_cache_ip: 169.254.25.10
# CoreDNS pod configuration
coredns:
dns_etc_hosts: []
# DNS zone matching configuration
zone_configs:
# Each entry defines which DNS zones to match. The default port is 53.
# ".": matches all DNS zones.
# "example.com": matches *.example.com using DNS server on port 53.
# "example.com:54": matches *.example.com using DNS server on port 54.
- zones: [".:53"]
additional_configs:
- errors
- ready
- prometheus :9153
- loop
- reload
- loadbalance
cache: 30
kubernetes:
zones:
- "{{ .dns.dns_domain }}"
# You can configure internal DNS message rewriting here if needed.
# rewrite:
# - rule: continue
# field: name
# type: exact
# value: "example.com example2.com"
# options: ""
forward:
# DNS query forwarding rules.
- from: "."
# Destination endpoints for forwarding. The 'to' syntax allows protocol specification.
to: ["/etc/resolv.conf"]
# Domains to exclude from forwarding.
except: []
# Use TCP for forwarding, even if the original request was UDP.
force_tcp: false
# Prefer UDP for forwarding; fallback to TCP if the response is truncated.
prefer_udp: false
# Number of consecutive failed health checks before marking an upstream as down.
# max_fails: 2
# Time after which cached connections expire.
# expire: 10s
# TLS properties for secure connections can be set here.
# tls:
# cert_file: ""
# key_file: ""
# ca_file: ""
# tls_servername: ""
# Policy for selecting upstream servers: random (default), round_robin, sequential.
# policy: "random"
# Health check configuration for upstream servers.
# health_check: ""
# Maximum number of concurrent DNS queries allowed.
max_concurrent: 1000

32
builtin/core/roles/defaults/defaults/main/05-storage_class.yaml Normal file
View File

@ -0,0 +1,32 @@
# Storage class configuration for Kubernetes persistent storage integration
storage_class:
# Local storage class configuration
local:
enabled: true # Enable local storage class
default: true # Set as the default storage class
provisioner_image:
registry: >-
{{ .image_registry.dockerio_registry }}
repository: openebs/provisioner-localpv
tag: 4.3.0
linux_utils_image:
registry: >-
{{ .image_registry.dockerio_registry }}
repository: openebs/linux-utils
tag: 4.3.0
path: /var/openebs/local # Host path for local storage volumes
# NFS storage class configuration
nfs:
# Ensure nfs-utils is installed on every node in the k8s_cluster group
enabled: false # Enable NFS storage class
default: false # Set as the default storage class
# NFS server address
server: >-
{{ .groups.nfs | default list | first }}
path: /share/kubernetes # NFS export path for persistent volumes
# ========== storageclass ==========
# ========== storageclass: nfs ==========
# nfs provisioner helm version
nfs_provisioner_version: 4.0.20

78
builtin/core/roles/defaults/tasks/main.yaml Normal file
View File

@ -0,0 +1,78 @@
- name: Defaults | Load defaults based on Kubernetes version
block:
- name: Defaults | Load version-specific settings for Kubernetes
when: .kubernetes.kube_version | empty | not
include_vars: >-
{{ slice (.kubernetes.kube_version | splitList ".") 0 2 | join "." }}.yaml
- name: Defaults | Load architecture-specific download URLs for each artifact version
include_vars: 10-download.yaml
- name: Defaults | Reset temporary directory
command: |
if [ -d {{ .tmp_dir }} ]; then
rm -rf {{ .tmp_dir }}
fi
mkdir -m 777 -p {{ .tmp_dir }}
- name: Defaults | Determine operating system architecture for each node
set_fact:
binary_type: >-
{{- if .transform_architectures.amd64 | has .os.architecture -}}
amd64
{{- else if .transform_architectures.arm64 | has .os.architecture -}}
arm64
{{- end -}}
- name: Defaults | Gather Kubernetes service status
when: .groups.k8s_cluster | has .inventory_hostname
block:
- name: Defaults | Get kubelet.service LoadState
command: systemctl show kubelet.service -p LoadState --value
register: kubernetes_install_LoadState
- name: Defaults | Get kubelet.service ActiveState
command: systemctl show kubelet.service -p ActiveState --value
register: kubernetes_install_ActiveState
- name: Defaults | Get installed Kubernetes version
ignore_errors: true
command: kubelet --version
register: kubernetes_install_version
- name: Defaults | Gather ETCD service status
when: .groups.etcd | has .inventory_hostname
block:
- name: Defaults | Get etcd.service LoadState and save to variable
command: systemctl show etcd.service -p LoadState --value
register: etcd_install_LoadState
- name: Defaults | Get etcd.service ActiveState and save to variable
command: systemctl show etcd.service -p ActiveState --value
register: etcd_install_ActiveState
- name: Defaults | Get installed etcd version
ignore_errors: true
command: etcd --version
register: etcd_install_version
register_type: yaml
- name: Defaults | Select the initialization node for the cluster
run_once: true
add_hostvars:
hosts: k8s_cluster
vars:
init_kubernetes_node: >-
{{- $initNodes := list -}}
{{- $notInitNodes := list -}}
{{- range .groups.kube_control_plane -}}
{{- if index $.hostvars . "kubernetes_install_LoadState" "stdout" | eq "loaded" -}}
{{- $initNodes = append $initNodes . -}}
{{- else if index $.hostvars . "kubernetes_install_LoadState" "stdout" | eq "not-found" -}}
{{- $notInitNodes = append $notInitNodes . -}}
{{- end -}}
{{- end -}}
{{- if $initNodes | len | eq 1 -}}
{{ $initNodes | first }}
{{- else if $initNodes | len | lt 1 -}}
{{ index $initNodes (randInt 0 ((sub ($initNodes | len) 1) | int)) }}
{{- else if $notInitNodes | len | eq 1 -}}
{{ $notInitNodes | first }}
{{- else if $notInitNodes | len | lt 1 -}}
{{ index $notInitNodes (randInt 0 ((sub ($notInitNodes | len) 1) | int)) }}
{{- end -}}

224
builtin/core/roles/defaults/vars/10-download.yaml Normal file
View File

@ -0,0 +1,224 @@
download:
# if set as "cn", so that online downloads will try to use available domestic sources whenever possible.
zone: ""
arch: [ "amd64" ]
# offline artifact package for kk.
artifact_file: ""
# the md5_file of artifact_file.
artifact_md5: ""
artifact_url:
etcd:
amd64: >-
{{- if .download.zone | eq "cn" -}}
https://kubernetes-release.pek3b.qingstor.com/etcd/release/download/{{ .etcd.etcd_version }}/etcd-{{ .etcd.etcd_version }}-linux-amd64.tar.gz
{{- else -}}
https://github.com/etcd-io/etcd/releases/download/{{ .etcd.etcd_version }}/etcd-{{ .etcd.etcd_version }}-linux-amd64.tar.gz
{{- end -}}
arm64: >-
{{- if .download.zone | eq "cn" -}}
https://kubernetes-release.pek3b.qingstor.com/etcd/release/download/{{ .etcd.etcd_version }}/etcd-{{ .etcd.etcd_version }}-linux-arm64.tar.gz
{{- else -}}
https://github.com/etcd-io/etcd/releases/download/{{ .etcd.etcd_version }}/etcd-{{ .etcd.etcd_version }}-linux-arm64.tar.gz
{{- end -}}
kubeadm:
amd64: >-
{{- if .download.zone | eq "cn" -}}
https://kubernetes-release.pek3b.qingstor.com/release/{{ .kubernetes.kube_version }}/bin/linux/amd64/kubeadm
{{- else -}}
https://dl.k8s.io/release/{{ .kubernetes.kube_version }}/bin/linux/amd64/kubeadm
{{- end -}}
arm64: >-
{{- if .download.zone | eq "cn" -}}
https://kubernetes-release.pek3b.qingstor.com/release/{{ .kubernetes.kube_version }}/bin/linux/arm64/kubeadm
{{- else -}}
https://dl.k8s.io/release/{{ .kubernetes.kube_version }}/bin/linux/arm64/kubeadm
{{- end -}}
kubelet:
amd64: >-
{{- if .download.zone | eq "cn" -}}
https://kubernetes-release.pek3b.qingstor.com/release/{{ .kubernetes.kube_version }}/bin/linux/amd64/kubelet
{{- else -}}
https://dl.k8s.io/release/{{ .kubernetes.kube_version }}/bin/linux/amd64/kubelet
{{- end -}}
arm64: >-
{{- if .download.zone | eq "cn" -}}
https://kubernetes-release.pek3b.qingstor.com/release/{{ .kubernetes.kube_version }}/bin/linux/arm64/kubelet
{{- else -}}
https://dl.k8s.io/release/{{ .kubernetes.kube_version }}/bin/linux/arm64/kubelet
{{- end -}}
kubectl:
amd64: >-
{{- if .download.zone | eq "cn" -}}
https://kubernetes-release.pek3b.qingstor.com/release/{{ .kubernetes.kube_version }}/bin/linux/amd64/kubectl
{{- else -}}
https://dl.k8s.io/release/{{ .kubernetes.kube_version }}/bin/linux/amd64/kubectl
{{- end -}}
arm64: >-
{{- if .download.zone | eq "cn" -}}
https://kubernetes-release.pek3b.qingstor.com/release/{{ .kubernetes.kube_version }}/bin/linux/arm64/kubectl
{{- else -}}
https://dl.k8s.io/release/{{ .kubernetes.kube_version }}/bin/linux/arm64/kubectl
{{- end -}}
cni_plugins:
amd64: >-
{{- if .download.zone | eq "cn" -}}
https://github.com/containernetworking/plugins/releases/download/{{ .cni.cni_plugins_version }}/cni-plugins-linux-amd64-{{ .cni.cni_plugins_version }}.tgz
{{- else -}}
https://containernetworking.pek3b.qingstor.com/plugins/releases/download/{{ .cni.cni_plugins_version }}/cni-plugins-linux-amd64-{{ .cni.cni_plugins_version }}.tgz
{{- end -}}
arm64: >-
{{- if .download.zone | eq "cn" -}}
https://github.com/containernetworking/plugins/releases/download/{{ .cni.cni_plugins_version }}/cni-plugins-linux-arm64-{{ .cni.cni_plugins_version }}.tgz
{{- else -}}
https://containernetworking.pek3b.qingstor.com/plugins/releases/download/{{ .cni.cni_plugins_version }}/cni-plugins-linux-arm64-{{ .cni.cni_plugins_version }}.tgz
{{- end -}}
helm:
amd64: >-
{{- if .download.zone | eq "cn" -}}
https://kubernetes-helm.pek3b.qingstor.com/helm-{{ .kubernetes.helm_version }}-linux-amd64.tar.gz
{{- else -}}
https://get.helm.sh/helm-{{ .kubernetes.helm_version }}-linux-amd64.tar.gz
{{- end -}}
arm64: >-
{{- if .download.zone | eq "cn" -}}
https://kubernetes-helm.pek3b.qingstor.com/helm-{{ .kubernetes.helm_version }}-linux-arm64.tar.gz
{{- else -}}
https://get.helm.sh/helm-{{ .kubernetes.helm_version }}-linux-arm64.tar.gz
{{- end -}}
crictl:
amd64: >-
{{- if .download.zone | eq "cn" -}}
https://kubernetes-release.pek3b.qingstor.com/cri-tools/releases/download/{{ .cri.crictl_version }}/crictl-{{ .cri.crictl_version }}-linux-amd64.tar.gz
{{- else -}}
https://github.com/kubernetes-sigs/cri-tools/releases/download/{{ .cri.crictl_version }}/crictl-{{ .cri.crictl_version }}-linux-amd64.tar.gz
{{- end -}}
arm64: >-
{{- if .download.zone | eq "cn" -}}
https://kubernetes-release.pek3b.qingstor.com/cri-tools/releases/download/{{ .cri.crictl_version }}/crictl-{{ .cri.crictl_version }}-linux-arm64.tar.gz
{{- else -}}
https://github.com/kubernetes-sigs/cri-tools/releases/download/{{ .cri.crictl_version }}/crictl-{{ .cri.crictl_version }}-linux-arm64.tar.gz
{{- end -}}
docker:
amd64: >-
{{- if .download.zone | eq "cn" -}}
https://mirrors.aliyun.com/docker-ce/linux/static/stable/x86_64/docker-{{ .cri.docker_version }}.tgz
{{- else -}}
https://download.docker.com/linux/static/stable/x86_64/docker-{{ .cri.docker_version }}.tgz
{{- end -}}
arm64: >-
{{- if .download.zone | eq "cn" -}}
https://mirrors.aliyun.com/docker-ce/linux/static/stable/aarch64/docker-{{ .cri.docker_version }}.tgz
{{- else -}}
https://download.docker.com/linux/static/stable/aarch64/docker-{{ .cri.docker_version }}.tgz
{{- end -}}
cridockerd:
amd64: >-
{{- if .download.zone | eq "cn" -}}
https://kubernetes-release.pek3b.qingstor.com/releases/download/{{ .cri.cridockerd_version }}/cri-dockerd-{{ .cri.cridockerd_version | default "" | trimPrefix "v" }}.amd64.tgz
{{- else -}}
https://github.com/Mirantis/cri-dockerd/releases/download/{{ .cri.cridockerd_version }}/cri-dockerd-{{ .cri.cridockerd_version | default "" | trimPrefix "v" }}.amd64.tgz
{{- end -}}
arm64: >-
{{- if .download.zone | eq "cn" -}}
https://kubernetes-release.pek3b.qingstor.com/releases/download/{{ .cri.cridockerd_version }}/cri-dockerd-{{ .cri.cridockerd_version | default "" | trimPrefix "v" }}.arm64.tgz
{{- else -}}
https://github.com/Mirantis/cri-dockerd/releases/download/{{ .cri.cridockerd_version }}/cri-dockerd-{{ .cri.cridockerd_version | default "" | trimPrefix "v" }}.arm64.tgz
{{- end -}}
containerd:
amd64: >-
{{- if .download.zone | eq "cn" -}}
https://kubernetes-release.pek3b.qingstor.com/containerd/containerd/releases/download/{{ .cri.containerd_version }}/containerd-{{ .cri.containerd_version | default "" | trimPrefix "v" }}-linux-amd64.tar.gz
{{- else -}}
https://github.com/containerd/containerd/releases/download/{{ .cri.containerd_version }}/containerd-{{ .cri.containerd_version | default "" | trimPrefix "v" }}-linux-amd64.tar.gz
{{- end -}}
arm64: >-
{{- if .download.zone | eq "cn" -}}
https://kubernetes-release.pek3b.qingstor.com/containerd/containerd/releases/download/{{ .cri.containerd_version }}/containerd-{{ .cri.containerd_version | default "" | trimPrefix "v" }}-linux-arm64.tar.gz
{{- else -}}
https://github.com/containerd/containerd/releases/download/{{ .cri.containerd_version }}/containerd-{{ .cri.containerd_version | default "" | trimPrefix "v" }}-linux-arm64.tar.gz
{{- end -}}
runc:
amd64: >-
{{- if .download.zone | eq "cn" -}}
https://kubernetes-release.pek3b.qingstor.com/opencontainers/runc/releases/download/{{ .cri.runc_version }}/runc.amd64
{{- else -}}
https://github.com/opencontainers/runc/releases/download/{{ .cri.runc_version }}/runc.amd64
{{- end -}}
arm64: >-
{{- if .download.zone | eq "cn" -}}
https://kubernetes-release.pek3b.qingstor.com/opencontainers/runc/releases/download/{{ .cri.runc_version }}/runc.arm64
{{- else -}}
https://github.com/opencontainers/runc/releases/download/{{ .cri.runc_version }}/runc.arm64
{{- end -}}
dockercompose:
amd64: >-
{{- if .download.zone | eq "cn" -}}
https://kubernetes-release.pek3b.qingstor.com/docker/compose/releases/download/{{ .cri.dockercompose_version }}/docker-compose-linux-x86_64
{{- else -}}
https://github.com/docker/compose/releases/download/{{ .cri.dockercompose_version }}/docker-compose-linux-x86_64
{{- end -}}
arm64: >-
{{- if .download.zone | eq "cn" -}}
https://kubernetes-release.pek3b.qingstor.com/docker/compose/releases/download/{{ .cri.dockercompose_version }}/docker-compose-linux-aarch64
{{- else -}}
https://github.com/docker/compose/releases/download/{{ .cri.dockercompose_version }}/docker-compose-linux-aarch64
{{- end -}}
# docker_registry:
# amd64: >-
# {{- if .download.zone | eq "cn" -}}
# https://kubernetes-release.pek3b.qingstor.com/registry/{{ .image_registry.docker_registry_version }}/docker-registry-{{ .image_registry.docker_registry_version }}-linux-amd64.tgz
# {{- else -}}
# https://github.com/kubesphere/kubekey/releases/download/{{ .image_registry.docker_registry_version }}/docker-registry-{{ .image_registry.docker_registry_version }}-linux-amd64.tgz
# {{- end -}}
# arm64: >-
# {{- if .download.zone | eq "cn" -}}
# https://kubernetes-release.pek3b.qingstor.com/registry/{{ .image_registry.docker_registry_version }}/docker-registry-{{ .image_registry.docker_registry_version }}-linux-arm64.tgz
# {{- else -}}
# https://github.com/kubesphere/kubekey/releases/download/{{ .image_registry.docker_registry_version }}/docker-registry-{{ .image_registry.docker_registry_version }}-linux-arm64.tgz
# {{- end -}}
harbor:
amd64: >-
{{- if .download.zone | eq "cn" -}}
https://github.com/goharbor/harbor/releases/download/{{ .image_registry.harbor_version }}/harbor-offline-installer-{{ .image_registry.harbor_version }}.tgz
{{- else -}}
https://github.com/goharbor/harbor/releases/download/{{ .image_registry.harbor_version }}/harbor-offline-installer-{{ .image_registry.harbor_version }}.tgz
{{- end -}}
# arm64: >-
# {{- if .download.zone | eq "cn" -}}
# https://github.com/goharbor/harbor/releases/download/{{ .image_registry.harbor_version }}/harbor-{{ .image_registry.harbor_version }}-linux-arm64.tgz
# {{- else -}}
# https://github.com/goharbor/harbor/releases/download/{{ .image_registry.harbor_version }}/harbor-{{ .image_registry.harbor_version }}-linux-arm64.tgz
# {{- end -}}
# keepalived:
# amd64: >-
# {{- if .download.zone | eq "cn" -}}
# https://kubernetes-release.pek3b.qingstor.com/osixia/keepalived/releases/download/{{ .image_registry.keepalived_version }}/keepalived-{{ .image_registry.keepalived_version }}-linux-amd64.tgz
# {{- else -}}
# https://github.com/osixia/keepalived/releases/download/{{ .image_registry.keepalived_version }}/keepalived-{{ .image_registry.keepalived_version }}-linux-amd64.tgz
# {{- end -}}
# arm64: >-
# {{- if .download.zone | eq "cn" -}}
# https://kubernetes-release.pek3b.qingstor.com/osixia/keepalived/releases/download/{{ .image_registry.keepalived_version }}/keepalived-{{ .image_registry.keepalived_version }}-linux-arm64.tgz
# {{- else -}}
# https://github.com/osixia/keepalived/releases/download/{{ .image_registry.keepalived_version }}/keepalived-{{ .image_registry.keepalived_version }}-linux-arm64.tgz
# {{- end -}}
# Notice: In the early calico helm chart, appVersion is not same as version(eg. v3.17.4)
calico: https://github.com/projectcalico/calico/releases/download/{{ .cni.calico_version }}/tigera-operator-{{ .cni.calico_version }}.tgz
calicoctl:
amd64: >-
{{- if .download.zone | eq "cn" -}}
https://kubernetes-release.pek3b.qingstor.com/projectcalico/calico/releases/download/{{ .cni.calico_version }}/calicoctl-linux-amd64
{{- else -}}
https://github.com/projectcalico/calico/releases/download/{{ .cni.calico_version }}/calicoctl-linux-amd64
{{- end -}}
arm64: >-
{{- if .download.zone | eq "cn" -}}
https://kubernetes-release.pek3b.qingstor.com/projectcalico/calico/releases/download/{{ .cni.calico_version }}/calicoctl-linux-arm64
{{- else -}}
https://github.com/projectcalico/calico/releases/download/{{ .cni.calico_version }}/calicoctl-linux-arm64
{{- end -}}
cilium: https://helm.cilium.io/cilium-{{ .cni.cilium_version }}.tgz
kubeovn: https://kubeovn.github.io/kube-ovn/kube-ovn-{{ .cni.kubeovn_version }}.tgz
hybridnet: https://github.com/alibaba/hybridnet/releases/download/helm-chart-{{ .cni.hybridnet_version }}/hybridnet-{{ .cni.hybridnet_version }}.tgz
nfs_provisioner: https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner/releases/download/nfs-subdir-external-provisioner-4.0.18/nfs-subdir-external-provisioner-{{ .storage_class.nfs_provisioner_version }}.tgz
download_image: true

99
builtin/core/roles/defaults/vars/v1.23.yaml Normal file
View File

@ -0,0 +1,99 @@
apiVersion: kubekey.kubesphere.io/v1
kind: Config
spec:
kubernetes:
# helm binary
helm_version: v3.8.2
etcd:
# etcd binary
etcd_version: v3.5.4
image_registry:
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
keepalived_version: 2.0.20
# ========== image registry: harbor ==========
# harbor image tag
harbor_version: v2.6.3
# docker-compose binary
dockercompose_version: v2.12.2
# ========== image registry: docker-registry ==========
# docker-registry image tag
docker_registry_version: 2.8.3
cri:
# support: containerd,docker
container_manager: docker
sandbox_image:
tag: "3.6"
# ========== cri ==========
# crictl binary
crictl_version: v1.23.0
# ========== cri: docker ==========
# docker binary
docker_version: 20.10.18
# cridockerd. Required when kube_version is greater than 1.24
cridockerd_version: v0.3.10
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.6.8
# runc binary
runc_version: v1.1.4
cni:
multus:
image:
tag: v3.9.3
# ========== cni ==========
# cni_plugins binary (optional)
# cni_plugins_version: v1.1.1
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.24.5
# ========== cni: cilium ==========
# cilium helm
cilium_version: 1.12.6
# ========== cni: kubeovn ==========
# kubeovn helm
kubeovn_version: 1.10.0
# ========== cni: hybridnet ==========
# hybridnet helm
hybridnet_version: 0.6.8
storage_class:
# ========== storageclass ==========
# ========== storageclass: local ==========
local:
provisioner_image:
tag: 3.3.0
linux_utils_image:
tag: 3.3.0
# ========== storageclass: nfs ==========
# nfs provisioner helm version
nfs_provisioner_version: 4.0.2
dns:
dns_image:
tag: v1.8.6
dns_cache_image:
tag: 1.21.1
# image_manifests:
# - docker.io/calico/apiserver:v3.24.5
# - docker.io/calico/cni:v3.24.5
# - docker.io/calico/csi:v3.24.5
# - docker.io/calico/kube-controllers:v3.24.5
# - docker.io/calico/node-driver-registrar:v3.24.5
# - docker.io/calico/node:v3.24.5
# - docker.io/calico/pod2daemon-flexvol:v3.24.5
# - docker.io/kubesphere/k8s-dns-node-cache:1.22.20
# - docker.io/openebs/provisioner-localpv:3.3.0
# - docker.io/coredns/coredns:1.8.6
# - docker.io/kubesphere/kube-apiserver:{{ .kube_version }}
# - docker.io/kubesphere/kube-controller-manager:{{ .kube_version }}
# - docker.io/kubesphere/kube-proxy:{{ .kube_version }}
# - docker.io/kubesphere/kube-scheduler:{{ .kube_version }}
# - docker.io/kubesphere/pause:3.6
# - quay.io/tigera/operator:v1.28.5
# - docker.io/calico/ctl:v3.24.5
# - docker.io/calico/typha:v3.24.5
# - docker.io/calico/apiserver:v3.24.5
# - docker.io/calico/kube-controllers:v3.24.5
# - docker.io/calico/node:v3.24.5
# - docker.io/calico/pod2daemon-flexvol:v3.24.5
# - docker.io/calico/cni:v3.24.5
# - docker.io/calico/node-driver-registrar:v3.24.5
# - docker.io/calico/csi:v3.24.5

100
builtin/core/roles/defaults/vars/v1.24.yaml Normal file
View File

@ -0,0 +1,100 @@
apiVersion: kubekey.kubesphere.io/v1
kind: Config
spec:
kubernetes:
# helm binary
helm_version: v3.10.3
etcd:
# etcd binary
etcd_version: v3.5.6
image_registry:
# ========== image registry ==========
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
keepalived_version: v2.0.20
# ========== image registry: harbor ==========
# harbor image tag
harbor_version: v2.7.1
# docker-compose binary
dockercompose_version: v2.14.0
# ========== image registry: docker-registry ==========
# docker-registry image tag
docker_registry_version: 2.8.3
cri:
# support: containerd,docker
container_manager: containerd
sandbox_image:
tag: "3.6"
# ========== cri ==========
# crictl binary
crictl_version: v1.24.0
# ========== cri: docker ==========
# docker binary
docker_version: 20.10.24
# cridockerd. Required when kube_version is greater than 1.24
cridockerd_version: v0.3.1
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.6.16
# runc binary
runc_version: v1.1.4
cni:
multus:
image:
tag: v3.10.1
# ========== cni ==========
# cni_plugins binary (optional)
# cni_plugins_version: v1.1.1
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.25.1
# ========== cni: cilium ==========
# cilium helm
cilium_version: 1.13.5
# ========== cni: kubeovn ==========
# kubeovn helm
kubeovn_version: 1.10.0
# ========== cni: hybridnet ==========
# hybridnet helm
hybridnet_version: 0.6.8
storage_class:
# ========== storageclass ==========
# ========== storageclass: local ==========
local:
provisioner_image:
tag: 3.4.0
linux_utils_image:
tag: 3.4.0
# ========== storageclass: nfs ==========
# nfs provisioner helm version
nfs_provisioner_version: 4.0.2
dns:
dns_image:
tag: v1.8.6
dns_cache_image:
tag: 1.22.20
# image_manifests:
# - docker.io/calico/apiserver:v3.25.1
# - docker.io/calico/cni:v3.25.1
# - docker.io/calico/csi:v3.25.1
# - docker.io/calico/kube-controllers:v3.25.1
# - docker.io/calico/node-driver-registrar:v3.25.1
# - docker.io/calico/node:v3.25.1
# - docker.io/calico/pod2daemon-flexvol:v3.25.1
# - docker.io/kubesphere/k8s-dns-node-cache:1.22.20
# - docker.io/openebs/provisioner-localpv:3.3.0
# - docker.io/coredns/coredns:1.8.6
# - docker.io/kubesphere/kube-apiserver:{{ .kube_version }}
# - docker.io/kubesphere/kube-controller-manager:{{ .kube_version }}
# - docker.io/kubesphere/kube-proxy:{{ .kube_version }}
# - docker.io/kubesphere/kube-scheduler:{{ .kube_version }}
# - docker.io/kubesphere/pause:3.6
# - quay.io/tigera/operator:v1.29.3
# - docker.io/calico/ctl:v3.25.1
# - docker.io/calico/typha:v3.25.1
# - docker.io/calico/apiserver:v3.25.1
# - docker.io/calico/kube-controllers:v3.25.1
# - docker.io/calico/node:v3.25.1
# - docker.io/calico/pod2daemon-flexvol:v3.25.1
# - docker.io/calico/cni:v3.25.1
# - docker.io/calico/node-driver-registrar:v3.25.1
# - docker.io/calico/csi:v3.25.1

100
builtin/core/roles/defaults/vars/v1.25.yaml Normal file
View File

@ -0,0 +1,100 @@
apiVersion: kubekey.kubesphere.io/v1
kind: Config
spec:
kubernetes:
# helm binary
helm_version: v3.10.3
etcd:
# etcd binary
etcd_version: v3.5.7
image_registry:
# ========== image registry ==========
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
keepalived_version: 2.0.20
# ========== image registry: harbor ==========
# harbor image tag
harbor_version: v2.8.1
# docker-compose binary
dockercompose_version: v2.15.1
# ========== image registry: docker-registry ==========
# docker-registry image tag
docker_registry_version: 2.8.3
cri:
# support: containerd,docker
container_manager: containerd
sandbox_image:
tag: "3.6"
# ========== cri ==========
# crictl binary
crictl_version: v1.25.0
# ========== cri: docker ==========
# docker binary
docker_version: 20.10.24
# cridockerd. Required when kube_version is greater than 1.24
cridockerd_version: v0.3.1
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.6.19
# runc binary
runc_version: v1.1.4
cni:
multus:
image:
tag: v3.11.3
# ========== cni ==========
# cni_plugins binary (optional)
# cni_plugins_version: v1.1.1
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.25.1
# ========== cni: cilium ==========
# cilium helm
cilium_version: 1.13.5
# ========== cni: kubeovn ==========
# kubeovn helm
kubeovn_version: 1.10.0
# ========== cni: hybridnet ==========
# hybridnet helm
hybridnet_version: 0.6.8
storage_class:
# ========== storageclass ==========
# ========== storageclass: local ==========
local:
provisioner_image:
tag: 3.5.0
linux_utils_image:
tag: 3.5.0
# ========== storageclass: nfs ==========
# nfs provisioner helm version
nfs_provisioner_version: 4.0.8
dns:
dns_image:
tag: v1.9.3
dns_cache_image:
tag: 1.22.20
# image_manifests:
# - docker.io/calico/apiserver:v3.25.1
# - docker.io/calico/cni:v3.25.1
# - docker.io/calico/csi:v3.25.1
# - docker.io/calico/kube-controllers:v3.25.1
# - docker.io/calico/node-driver-registrar:v3.25.1
# - docker.io/calico/node:v3.25.1
# - docker.io/calico/pod2daemon-flexvol:v3.25.1
# - docker.io/kubesphere/k8s-dns-node-cache:1.22.20
# - docker.io/openebs/provisioner-localpv:3.3.0
# - docker.io/coredns/coredns:1.8.6
# - docker.io/kubesphere/kube-apiserver:{{ .kube_version }}
# - docker.io/kubesphere/kube-controller-manager:{{ .kube_version }}
# - docker.io/kubesphere/kube-proxy:{{ .kube_version }}
# - docker.io/kubesphere/kube-scheduler:{{ .kube_version }}
# - docker.io/kubesphere/pause:3.6
# - quay.io/tigera/operator:v1.29.3
# - docker.io/calico/ctl:v3.25.1
# - docker.io/calico/typha:v3.25.1
# - docker.io/calico/apiserver:v3.25.1
# - docker.io/calico/kube-controllers:v3.25.1
# - docker.io/calico/node:v3.25.1
# - docker.io/calico/pod2daemon-flexvol:v3.25.1
# - docker.io/calico/cni:v3.25.1
# - docker.io/calico/node-driver-registrar:v3.25.1
# - docker.io/calico/csi:v3.25.1

100
builtin/core/roles/defaults/vars/v1.26.yaml Normal file
View File

@ -0,0 +1,100 @@
apiVersion: kubekey.kubesphere.io/v1
kind: Config
spec:
kubernetes:
# helm binary
helm_version: v3.11.2
etcd:
# etcd binary
etcd_version: v3.5.8
image_registry:
# ========== image registry ==========
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
keepalived_version: 2.0.20
# ========== image registry: harbor ==========
# harbor image tag
harbor_version: v2.9.1
# docker-compose binary
dockercompose_version: v2.16.0
# ========== image registry: docker-registry ==========
# docker-registry image tag
docker_registry_version: 2.8.3
cri:
# support: containerd,docker
container_manager: containerd
sandbox_image:
tag: "3.7"
# ========== cri ==========
# crictl binary
crictl_version: v1.26.0
# ========== cri: docker ==========
# docker binary
docker_version: 23.0.6
# cridockerd. Required when kube_version is greater than 1.24
cridockerd_version: v0.3.1
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.6.21
# runc binary
runc_version: v1.1.5
cni:
multus:
image:
tag: v4.0.2
# ========== cni ==========
# cni_plugins binary (optional)
# cni_plugins_version: v1.2.0
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.26.1
# ========== cni: cilium ==========
# cilium helm
cilium_version: 1.13.5
# ========== cni: kubeovn ==========
# kubeovn helm
kubeovn_version: 1.10.0
# ========== cni: hybridnet ==========
# hybridnet helm
hybridnet_version: 0.6.8
storage_class:
# ========== storageclass ==========
# ========== storageclass: local ==========
local:
provisioner_image:
tag: 3.6.0
linux_utils_image:
tag: 3.6.0
# ========== storageclass: nfs ==========
# nfs provisioner helm version
nfs_provisioner_version: 4.0.8
dns:
dns_image:
tag: v1.9.3
dns_cache_image:
tag: 1.22.20
# image_manifests:
# - docker.io/calico/apiserver:v3.26.1
# - docker.io/calico/cni:v3.26.1
# - docker.io/calico/csi:v3.26.1
# - docker.io/calico/kube-controllers:v3.26.1
# - docker.io/calico/node-driver-registrar:v3.26.1
# - docker.io/calico/node:v3.26.1
# - docker.io/calico/pod2daemon-flexvol:v3.26.1
# - docker.io/kubesphere/k8s-dns-node-cache:1.22.20
# - docker.io/openebs/provisioner-localpv:3.3.0
# - docker.io/coredns/coredns:1.8.6
# - docker.io/kubesphere/kube-apiserver:{{ .kube_version }}
# - docker.io/kubesphere/kube-controller-manager:{{ .kube_version }}
# - docker.io/kubesphere/kube-proxy:{{ .kube_version }}
# - docker.io/kubesphere/kube-scheduler:{{ .kube_version }}
# - docker.io/kubesphere/pause:3.7
# - quay.io/tigera/operator:v1.30.4
# - docker.io/calico/ctl:v3.26.1
# - docker.io/calico/typha:v3.26.1
# - docker.io/calico/apiserver:v3.26.1
# - docker.io/calico/kube-controllers:v3.26.1
# - docker.io/calico/node:v3.26.1
# - docker.io/calico/pod2daemon-flexvol:v3.26.1
# - docker.io/calico/cni:v3.26.1
# - docker.io/calico/node-driver-registrar:v3.26.1
# - docker.io/calico/csi:v3.26.1

100
builtin/core/roles/defaults/vars/v1.27.yaml Normal file
View File

@ -0,0 +1,100 @@
apiVersion: kubekey.kubesphere.io/v1
kind: Config
spec:
kubernetes:
# helm binary
helm_version: v3.12.1
etcd:
# etcd binary
etcd_version: v3.5.9
image_registry:
# ========== image registry ==========
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
keepalived_version: 2.0.20
# ========== image registry: harbor ==========
# harbor image tag
harbor_version: v2.10.1
# docker-compose binary
dockercompose_version: v2.20.3
# ========== image registry: docker-registry ==========
# docker-registry image tag
docker_registry_version: 2.8.3
cri:
# support: containerd,docker
container_manager: containerd
sandbox_image:
tag: "3.7"
# ========== cri ==========
# crictl binary
crictl_version: v1.27.0
# ========== cri: docker ==========
# docker binary
docker_version: 23.0.6
# cridockerd. Required when kube_version is greater than 1.24
cridockerd_version: v0.3.1
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.7.2
# runc binary
runc_version: v1.1.7
cni:
multus:
image:
tag: v4.0.2
# ========== cni ==========
# cni_plugins binary (optional)
# cni_plugins_version: v1.2.0
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.26.1
# ========== cni: cilium ==========
# cilium helm
cilium_version: 1.14.2
# ========== cni: kubeovn ==========
# kubeovn helm
kubeovn_version: 1.11.0
# ========== cni: hybridnet ==========
# hybridnet helm
hybridnet_version: 0.6.8
storage_class:
# ========== storageclass ==========
# ========== storageclass: local ==========
local:
provisioner_image:
tag: 3.7.0
linux_utils_image:
tag: 3.7.0
# ========== storageclass: nfs ==========
# nfs provisioner helm version
nfs_provisioner_version: 4.0.10
dns:
dns_image:
tag: v1.10.1
dns_cache_image:
tag: 1.22.20
# image_manifests:
# - docker.io/calico/apiserver:v3.26.1
# - docker.io/calico/cni:v3.26.1
# - docker.io/calico/csi:v3.26.1
# - docker.io/calico/kube-controllers:v3.26.1
# - docker.io/calico/node-driver-registrar:v3.26.1
# - docker.io/calico/node:v3.26.1
# - docker.io/calico/pod2daemon-flexvol:v3.26.1
# - docker.io/kubesphere/k8s-dns-node-cache:1.22.20
# - docker.io/openebs/provisioner-localpv:3.3.0
# - docker.io/coredns/coredns:1.8.6
# - docker.io/kubesphere/kube-apiserver:{{ .kube_version }}
# - docker.io/kubesphere/kube-controller-manager:{{ .kube_version }}
# - docker.io/kubesphere/kube-proxy:{{ .kube_version }}
# - docker.io/kubesphere/kube-scheduler:{{ .kube_version }}
# - docker.io/kubesphere/pause:3.7
# - quay.io/tigera/operator:v1.30.4
# - docker.io/calico/ctl:v3.26.1
# - docker.io/calico/typha:v3.26.1
# - docker.io/calico/apiserver:v3.26.1
# - docker.io/calico/kube-controllers:v3.26.1
# - docker.io/calico/node:v3.26.1
# - docker.io/calico/pod2daemon-flexvol:v3.26.1
# - docker.io/calico/cni:v3.26.1
# - docker.io/calico/node-driver-registrar:v3.26.1
# - docker.io/calico/csi:v3.26.1

100
builtin/core/roles/defaults/vars/v1.28.yaml Normal file
View File

@ -0,0 +1,100 @@
apiVersion: kubekey.kubesphere.io/v1
kind: Config
spec:
kubernetes:
# helm binary
helm_version: v3.12.1
etcd:
# etcd binary
etcd_version: v3.5.9
image_registry:
# ========== image registry ==========
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
keepalived_version: 2.0.20
# ========== image registry: harbor ==========
# harbor image tag
harbor_version: v2.10.1
# docker-compose binary
dockercompose_version: v2.20.3
# ========== image registry: docker-registry ==========
# docker-registry image tag
docker_registry_version: 2.8.3
cri:
# support: containerd,docker
container_manager: containerd
sandbox_image:
tag: "3.8"
# ========== cri ==========
# crictl binary
crictl_version: v1.28.0
# ========== cri: docker ==========
# docker binary
docker_version: 24.0.6
# cridockerd. Required when kube_version is greater than 1.24
cridockerd_version: v0.3.1
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.7.3
# runc binary
runc_version: v1.1.7
cni:
multus:
image:
tag: v4.1.0
# ========== cni ==========
# cni_plugins binary (optional)
# cni_plugins_version: v1.2.0
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.28.2
# ========== cni: cilium ==========
# cilium helm
cilium_version: 1.15.0
# ========== cni: kubeovn ==========
# kubeovn helm
kubeovn_version: 1.12.0
# ========== cni: hybridnet ==========
# hybridnet helm
hybridnet_version: 0.6.8
storage_class:
# ========== storageclass ==========
# ========== storageclass: local ==========
local:
provisioner_image:
tag: 3.8.0
linux_utils_image:
tag: 3.8.0
# ========== storageclass: nfs ==========
# nfs provisioner helm version
nfs_provisioner_version: 4.0.10
dns:
dns_image:
tag: v1.10.1
dns_cache_image:
tag: 1.22.20
# image_manifests:
# - docker.io/calico/apiserver:v3.28.2
# - docker.io/calico/cni:v3.28.2
# - docker.io/calico/csi:v3.28.2
# - docker.io/calico/kube-controllers:v3.28.2
# - docker.io/calico/node-driver-registrar:v3.28.2
# - docker.io/calico/node:v3.28.2
# - docker.io/calico/pod2daemon-flexvol:v3.28.2
# - docker.io/kubesphere/k8s-dns-node-cache:1.22.20
# - docker.io/openebs/provisioner-localpv:3.3.0
# - docker.io/coredns/coredns:1.8.6
# - docker.io/kubesphere/kube-apiserver:{{ .kube_version }}
# - docker.io/kubesphere/kube-controller-manager:{{ .kube_version }}
# - docker.io/kubesphere/kube-proxy:{{ .kube_version }}
# - docker.io/kubesphere/kube-scheduler:{{ .kube_version }}
# - docker.io/kubesphere/pause:3.8
# - quay.io/tigera/operator:v1.34.5
# - docker.io/calico/ctl:v3.28.2
# - docker.io/calico/typha:v3.28.2
# - docker.io/calico/apiserver:v3.28.2
# - docker.io/calico/kube-controllers:v3.28.2
# - docker.io/calico/node:v3.28.2
# - docker.io/calico/pod2daemon-flexvol:v3.28.2
# - docker.io/calico/cni:v3.28.2
# - docker.io/calico/node-driver-registrar:v3.28.2
# - docker.io/calico/csi:v3.28.2

100
builtin/core/roles/defaults/vars/v1.29.yaml Normal file
View File

@ -0,0 +1,100 @@
apiVersion: kubekey.kubesphere.io/v1
kind: Config
spec:
kubernetes:
# helm binary
helm_version: v3.13.3
etcd:
# etcd binary
etcd_version: v3.5.10
image_registry:
# ========== image registry ==========
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
keepalived_version: 2.0.20
# ========== image registry: harbor ==========
# harbor image tag
harbor_version: v2.10.1
# docker-compose binary
dockercompose_version: v2.20.3
# ========== image registry: docker-registry ==========
# docker-registry image tag
docker_registry_version: 2.8.3
cri:
# support: containerd,docker
container_manager: containerd
sandbox_image:
tag: "3.8"
# ========== cri ==========
# crictl binary
crictl_version: v1.29.0
# ========== cri: docker ==========
# docker binary
docker_version: 24.0.7
# cridockerd. Required when kube_version is greater than 1.24
cridockerd_version: v0.3.1
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.7.6
# runc binary
runc_version: v1.1.7
cni:
multus:
image:
tag: v4.1.1
# ========== cni ==========
# cni_plugins binary (optional)
# cni_plugins_version: v1.2.0
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.28.2
# ========== cni: cilium ==========
# cilium helm
cilium_version: 1.15.4
# ========== cni: kubeovn ==========
# kubeovn helm
kubeovn_version: 1.13.0
# ========== cni: hybridnet ==========
# hybridnet helm
hybridnet_version: 0.6.8
storage_class:
# ========== storageclass ==========
# ========== storageclass: local ==========
local:
provisioner_image:
tag: 3.9.0
linux_utils_image:
tag: 3.9.0
# ========== storageclass: nfs ==========
# nfs provisioner helm version
nfs_provisioner_version: 4.1.0
dns:
dns_image:
tag: v1.11.1
dns_cache_image:
tag: 1.23.1
# image_manifests:
# - docker.io/calico/apiserver:v3.28.2
# - docker.io/calico/cni:v3.28.2
# - docker.io/calico/csi:v3.28.2
# - docker.io/calico/kube-controllers:v3.28.2
# - docker.io/calico/node-driver-registrar:v3.28.2
# - docker.io/calico/node:v3.28.2
# - docker.io/calico/pod2daemon-flexvol:v3.28.2
# - docker.io/kubesphere/k8s-dns-node-cache:1.22.20
# - docker.io/openebs/provisioner-localpv:3.3.0
# - docker.io/coredns/coredns:1.8.6
# - docker.io/kubesphere/kube-apiserver:{{ .kube_version }}
# - docker.io/kubesphere/kube-controller-manager:{{ .kube_version }}
# - docker.io/kubesphere/kube-proxy:{{ .kube_version }}
# - docker.io/kubesphere/kube-scheduler:{{ .kube_version }}
# - docker.io/kubesphere/pause:3.8
# - quay.io/tigera/operator:v1.34.5
# - docker.io/calico/ctl:v3.28.2
# - docker.io/calico/typha:v3.28.2
# - docker.io/calico/apiserver:v3.28.2
# - docker.io/calico/kube-controllers:v3.28.2
# - docker.io/calico/node:v3.28.2
# - docker.io/calico/pod2daemon-flexvol:v3.28.2
# - docker.io/calico/cni:v3.28.2
# - docker.io/calico/node-driver-registrar:v3.28.2
# - docker.io/calico/csi:v3.28.2

100
builtin/core/roles/defaults/vars/v1.30.yaml Normal file
View File

@ -0,0 +1,100 @@
apiVersion: kubekey.kubesphere.io/v1
kind: Config
spec:
kubernetes:
# helm binary
helm_version: v3.13.3
etcd:
# etcd binary
etcd_version: v3.5.10
image_registry:
# ========== image registry ==========
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
keepalived_version: 2.0.20
# ========== image registry: harbor ==========
# harbor image tag
harbor_version: v2.10.1
# docker-compose binary
dockercompose_version: v2.20.3
# ========== image registry: docker-registry ==========
# docker-registry image tag
docker_registry_version: 2.8.3
cri:
# support: containerd,docker
container_manager: containerd
sandbox_image:
tag: "3.8"
# ========== cri ==========
# crictl binary
crictl_version: v1.30.0
# ========== cri: docker ==========
# docker binary
docker_version: 24.0.7
# cridockerd. Required when kube_version is greater than 1.24
cridockerd_version: v0.3.1
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.7.6
# runc binary
runc_version: v1.1.7
cni:
multus:
image:
tag: v4.2.1
# ========== cni ==========
# cni_plugins binary (optional)
# cni_plugins_version: v1.2.0
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.28.2
# ========== cni: cilium ==========
# cilium helm
cilium_version: 1.15.4
# ========== cni: kubeovn ==========
# kubeovn helm
kubeovn_version: 1.13.0
# ========== cni: hybridnet ==========
# hybridnet helm
hybridnet_version: 0.6.8
storage_class:
# ========== storageclass ==========
# ========== storageclass: local ==========
local:
provisioner_image:
tag: 4.0.0
linux_utils_image:
tag: 4.0.0
# ========== storageclass: nfs ==========
# nfs provisioner helm version
nfs_provisioner_version: 4.1.0
dns:
dns_image:
tag: v1.11.1
dns_cache_image:
tag: 1.23.1
# image_manifests:
# - docker.io/calico/apiserver:v3.28.2
# - docker.io/calico/cni:v3.28.2
# - docker.io/calico/csi:v3.28.2
# - docker.io/calico/kube-controllers:v3.28.2
# - docker.io/calico/node-driver-registrar:v3.28.2
# - docker.io/calico/node:v3.28.2
# - docker.io/calico/pod2daemon-flexvol:v3.28.2
# - docker.io/kubesphere/k8s-dns-node-cache:1.22.20
# - docker.io/openebs/provisioner-localpv:3.3.0
# - docker.io/coredns/coredns:1.8.6
# - docker.io/kubesphere/kube-apiserver:{{ .kube_version }}
# - docker.io/kubesphere/kube-controller-manager:{{ .kube_version }}
# - docker.io/kubesphere/kube-proxy:{{ .kube_version }}
# - docker.io/kubesphere/kube-scheduler:{{ .kube_version }}
# - docker.io/kubesphere/pause:3.8
# - quay.io/tigera/operator:v1.34.5
# - docker.io/calico/ctl:v3.28.2
# - docker.io/calico/typha:v3.28.2
# - docker.io/calico/apiserver:v3.28.2
# - docker.io/calico/kube-controllers:v3.28.2
# - docker.io/calico/node:v3.28.2
# - docker.io/calico/pod2daemon-flexvol:v3.28.2
# - docker.io/calico/cni:v3.28.2
# - docker.io/calico/node-driver-registrar:v3.28.2
# - docker.io/calico/csi:v3.28.2

100
builtin/core/roles/defaults/vars/v1.31.yaml Normal file
View File

@ -0,0 +1,100 @@
apiVersion: kubekey.kubesphere.io/v1
kind: Config
spec:
kubernetes:
# helm binary
helm_version: v3.13.3
etcd:
# etcd binary
etcd_version: v3.5.11
image_registry:
# ========== image registry ==========
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
keepalived_version: 2.0.20
# ========== image registry: harbor ==========
# harbor image tag
harbor_version: v2.10.1
# docker-compose binary
dockercompose_version: v2.20.3
# ========== image registry: docker-registry ==========
# docker-registry image tag
docker_registry_version: 2.8.3
cri:
# support: containerd,docker
container_manager: containerd
sandbox_image:
tag: "3.8"
# ========== cri ==========
# crictl binary
crictl_version: v1.31.0
# ========== cri: docker ==========
# docker binary
docker_version: 24.0.7
# cridockerd. Required when kube_version is greater than 1.24
cridockerd_version: v0.3.1
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.7.6
# runc binary
runc_version: v1.1.7
cni:
multus:
image:
tag: v4.2.1
# ========== cni ==========
# cni_plugins binary (optional)
# cni_plugins_version: v1.2.0
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.28.2
# ========== cni: cilium ==========
# cilium helm
cilium_version: 1.15.4
# ========== cni: kubeovn ==========
# kubeovn helm
kubeovn_version: 1.13.0
# ========== cni: hybridnet ==========
# hybridnet helm
hybridnet_version: 0.6.8
storage_class:
# ========== storageclass ==========
# ========== storageclass: local ==========
local:
provisioner_image:
tag: 4.1.0
linux_utils_image:
tag: 4.1.0
# ========== storageclass: nfs ==========
# nfs provisioner helm version
nfs_provisioner_version: 4.2.0
dns:
dns_image:
tag: v1.11.1
dns_cache_image:
tag: 1.23.1
# image_manifests:
# - docker.io/calico/apiserver:v3.28.2
# - docker.io/calico/cni:v3.28.2
# - docker.io/calico/csi:v3.28.2
# - docker.io/calico/kube-controllers:v3.28.2
# - docker.io/calico/node-driver-registrar:v3.28.2
# - docker.io/calico/node:v3.28.2
# - docker.io/calico/pod2daemon-flexvol:v3.28.2
# - docker.io/kubesphere/k8s-dns-node-cache:1.22.20
# - docker.io/openebs/provisioner-localpv:3.3.0
# - docker.io/coredns/coredns:1.8.6
# - docker.io/kubesphere/kube-apiserver:{{ .kube_version }}
# - docker.io/kubesphere/kube-controller-manager:{{ .kube_version }}
# - docker.io/kubesphere/kube-proxy:{{ .kube_version }}
# - docker.io/kubesphere/kube-scheduler:{{ .kube_version }}
# - docker.io/kubesphere/pause:3.8
# - quay.io/tigera/operator:v1.34.5
# - docker.io/calico/ctl:v3.28.2
# - docker.io/calico/typha:v3.28.2
# - docker.io/calico/apiserver:v3.28.2
# - docker.io/calico/kube-controllers:v3.28.2
# - docker.io/calico/node:v3.28.2
# - docker.io/calico/pod2daemon-flexvol:v3.28.2
# - docker.io/calico/cni:v3.28.2
# - docker.io/calico/node-driver-registrar:v3.28.2
# - docker.io/calico/csi:v3.28.2

100
builtin/core/roles/defaults/vars/v1.32.yaml Normal file
View File

@ -0,0 +1,100 @@
apiVersion: kubekey.kubesphere.io/v1
kind: Config
spec:
kubernetes:
# helm binary
helm_version: v3.14.3
etcd:
# etcd binary
etcd_version: v3.5.11
image_registry:
# ========== image registry ==========
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
keepalived_version: 2.0.20
# ========== image registry: harbor ==========
# harbor image tag
harbor_version: v2.10.1
# docker-compose binary
dockercompose_version: v2.20.3
# ========== image registry: docker-registry ==========
# docker-registry image tag
docker_registry_version: 2.8.3
cri:
# support: containerd,docker
container_manager: containerd
sandbox_image:
tag: "3.8"
# ========== cri ==========
# crictl binary
crictl_version: v1.32.0
# ========== cri: docker ==========
# docker binary
docker_version: 24.0.7
# cridockerd. Required when kube_version is greater than 1.24
cridockerd_version: v0.3.1
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.7.6
# runc binary
runc_version: v1.1.7
cni:
multus:
image:
tag: v4.3.0
# ========== cni ==========
# cni_plugins binary (optional)
# cni_plugins_version: v1.2.0
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.28.2
# ========== cni: cilium ==========
# cilium helm
cilium_version: 1.15.4
# ========== cni: kubeovn ==========
# kubeovn helm
kubeovn_version: 1.13.0
# ========== cni: hybridnet ==========
# hybridnet helm
hybridnet_version: 0.6.8
storage_class:
# ========== storageclass ==========
# ========== storageclass: local ==========
local:
provisioner_image:
tag: 4.2.0
linux_utils_image:
tag: 4.2.0
# ========== storageclass: nfs ==========
# nfs provisioner helm version
nfs_provisioner_version: 4.2.0
dns:
dns_image:
tag: v1.11.1
dns_cache_image:
tag: 1.24.0
# image_manifests:
# - docker.io/calico/apiserver:v3.28.2
# - docker.io/calico/cni:v3.28.2
# - docker.io/calico/csi:v3.28.2
# - docker.io/calico/kube-controllers:v3.28.2
# - docker.io/calico/node-driver-registrar:v3.28.2
# - docker.io/calico/node:v3.28.2
# - docker.io/calico/pod2daemon-flexvol:v3.28.2
# - docker.io/kubesphere/k8s-dns-node-cache:1.22.20
# - docker.io/openebs/provisioner-localpv:3.3.0
# - docker.io/coredns/coredns:1.8.6
# - docker.io/kubesphere/kube-apiserver:{{ .kube_version }}
# - docker.io/kubesphere/kube-controller-manager:{{ .kube_version }}
# - docker.io/kubesphere/kube-proxy:{{ .kube_version }}
# - docker.io/kubesphere/kube-scheduler:{{ .kube_version }}
# - docker.io/kubesphere/pause:3.8
# - quay.io/tigera/operator:v1.34.5
# - docker.io/calico/ctl:v3.28.2
# - docker.io/calico/typha:v3.28.2
# - docker.io/calico/apiserver:v3.28.2
# - docker.io/calico/kube-controllers:v3.28.2
# - docker.io/calico/node:v3.28.2
# - docker.io/calico/pod2daemon-flexvol:v3.28.2
# - docker.io/calico/cni:v3.28.2
# - docker.io/calico/node-driver-registrar:v3.28.2
# - docker.io/calico/csi:v3.28.2

100
builtin/core/roles/defaults/vars/v1.33.yaml Normal file
View File

@ -0,0 +1,100 @@
apiVersion: kubekey.kubesphere.io/v1
kind: Config
spec:
kubernetes:
# helm binary
helm_version: v3.18.5
etcd:
# etcd binary
etcd_version: v3.5.11
image_registry:
# ========== image registry ==========
# keepalived image tag. Used for load balancing when there are multiple image registry nodes.
keepalived_version: 2.0.20
# ========== image registry: harbor ==========
# harbor image tag
harbor_version: v2.10.1
# docker-compose binary
dockercompose_version: v2.20.3
# ========== image registry: docker-registry ==========
# docker-registry image tag
docker_registry_version: 2.8.3
cri:
# support: containerd,docker
container_manager: containerd
sandbox_image:
tag: "3.9"
# ========== cri ==========
# crictl binary
crictl_version: v1.33.0
# ========== cri: docker ==========
# docker binary
docker_version: 24.0.7
# cridockerd. Required when kube_version is greater than 1.24
cridockerd_version: v0.3.1
# ========== cri: containerd ==========
# containerd binary
containerd_version: v1.7.6
# runc binary
runc_version: v1.1.7
cni:
multus:
image:
tag: v4.3.0
# ========== cni ==========
# cni_plugins binary (optional)
# cni_plugins_version: v1.2.0
# ========== cni: calico ==========
# calicoctl binary
calico_version: v3.28.2
# ========== cni: cilium ==========
# cilium helm
cilium_version: 1.15.4
# ========== cni: kubeovn ==========
# kubeovn helm
kubeovn_version: 1.13.0
# ========== cni: hybridnet ==========
# hybridnet helm
hybridnet_version: 0.6.8
storage_class:
# ========== storageclass ==========
# ========== storageclass: local ==========
local:
provisioner_image:
tag: 4.3.0
linux_utils_image:
tag: 4.3.0
# ========== storageclass: nfs ==========
# nfs provisioner helm version
nfs_provisioner_version: 4.3.0
dns:
dns_image:
tag: v1.11.1
dns_cache_image:
tag: 1.24.0
# image_manifests:
# - docker.io/calico/apiserver:v3.28.2
# - docker.io/calico/cni:v3.28.2
# - docker.io/calico/csi:v3.28.2
# - docker.io/calico/kube-controllers:v3.28.2
# - docker.io/calico/node-driver-registrar:v3.28.2
# - docker.io/calico/node:v3.28.2
# - docker.io/calico/pod2daemon-flexvol:v3.28.2
# - docker.io/kubesphere/k8s-dns-node-cache:1.22.20
# - docker.io/openebs/provisioner-localpv:3.3.0
# - docker.io/coredns/coredns:1.8.6
# - docker.io/kubesphere/kube-apiserver:{{ .kube_version }}
# - docker.io/kubesphere/kube-controller-manager:{{ .kube_version }}
# - docker.io/kubesphere/kube-proxy:{{ .kube_version }}
# - docker.io/kubesphere/kube-scheduler:{{ .kube_version }}
# - docker.io/kubesphere/pause:3.9
# - quay.io/tigera/operator:v1.34.5
# - docker.io/calico/ctl:v3.28.2
# - docker.io/calico/typha:v3.28.2
# - docker.io/calico/apiserver:v3.28.2
# - docker.io/calico/kube-controllers:v3.28.2
# - docker.io/calico/node:v3.28.2
# - docker.io/calico/pod2daemon-flexvol:v3.28.2
# - docker.io/calico/cni:v3.28.2
# - docker.io/calico/node-driver-registrar:v3.28.2
# - docker.io/calico/csi:v3.28.2

214
builtin/core/roles/init/init-artifact/tasks/download_binary.yaml → builtin/core/roles/download/tasks/binary.yaml
View File

@ -1,266 +1,288 @@
---
- name: Binary | Ensure etcd binary is present
tags: ["etcd"]
loop: "{{ .download.arch | toJson }}"
when:
- .etcd.deployment_type | eq "external"
- .etcd.etcd_version | empty | not
command: |
artifact_name={{ get .artifact.artifact_url.etcd .item | splitList "/" | last }}
artifact_path={{ .binary_dir }}/etcd/{{ .etcd_version }}/{{ .item }}
artifact_name={{ get .download.artifact_url.etcd .item | splitList "/" | last }}
artifact_path={{ .binary_dir }}/etcd/{{ .etcd.etcd_version }}/{{ .item }}
if [ ! -f $artifact_path/$artifact_name ]; then
mkdir -p $artifact_path
# Attempt to download etcd binary
http_code=$(curl -Lo /dev/null -s -w "%{http_code}" {{ get .artifact.artifact_url.etcd .item }})
http_code=$(curl -Lo /dev/null -s -w "%{http_code}" {{ get .download.artifact_url.etcd .item }})
if [ $http_code != 200 ]; then
echo "Failed to download etcd binary. HTTP status code: $http_code"
exit 1
fi
curl -L -o $artifact_path/$artifact_name {{ get .artifact.artifact_url.etcd .item }}
curl -L -o $artifact_path/$artifact_name {{ get .download.artifact_url.etcd .item }}
fi
loop: "{{ .artifact.arch | toJson }}"
when: .etcd_version | empty | not
- name: Binary | Ensure Kubernetes binaries are present
tags: ["kube"]
tags: ["kubernetes"]
loop: "{{ .download.arch | toJson }}"
when: .kubernetes.kube_version | empty | not
command: |
kube_path={{ .binary_dir }}/kube/{{ .kube_version }}/{{ .item }}
kube_path={{ .binary_dir }}/kube/{{ .kubernetes.kube_version }}/{{ .item }}
if [ ! -f $kube_path/kubelet ]; then
mkdir -p $kube_path
# Download kubelet if missing
http_code=$(curl -Lo /dev/null -s -w "%{http_code}" {{ get .artifact.artifact_url.kubelet .item }})
http_code=$(curl -Lo /dev/null -s -w "%{http_code}" {{ get .download.artifact_url.kubelet .item }})
if [ $http_code != 200 ]; then
echo "Failed to download kubelet. HTTP status code: $http_code"
exit 1
fi
curl -L -o $kube_path/kubelet {{ get .artifact.artifact_url.kubelet .item }}
curl -L -o $kube_path/kubelet {{ get .download.artifact_url.kubelet .item }}
fi
if [ ! -f $kube_path/kubeadm ]; then
mkdir -p $kube_path
# Download kubeadm if missing
http_code=$(curl -Lo /dev/null -s -w "%{http_code}" {{ get .artifact.artifact_url.kubeadm .item }})
http_code=$(curl -Lo /dev/null -s -w "%{http_code}" {{ get .download.artifact_url.kubeadm .item }})
if [ $http_code != 200 ]; then
echo "Failed to download kubeadm. HTTP status code: $http_code"
exit 1
fi
curl -L -o $kube_path/kubeadm {{ get .artifact.artifact_url.kubeadm .item }}
curl -L -o $kube_path/kubeadm {{ get .download.artifact_url.kubeadm .item }}
fi
if [ ! -f $kube_path/kubectl ]; then
mkdir -p $kube_path
# Download kubectl if missing
http_code=$(curl -Lo /dev/null -s -w "%{http_code}" {{ get .artifact.artifact_url.kubectl .item }})
http_code=$(curl -Lo /dev/null -s -w "%{http_code}" {{ get .download.artifact_url.kubectl .item }})
if [ $http_code != 200 ]; then
echo "Failed to download kubectl. HTTP status code: $http_code"
exit 1
fi
curl -L -o $kube_path/kubectl {{ get .artifact.artifact_url.kubectl .item }}
curl -L -o $kube_path/kubectl {{ get .download.artifact_url.kubectl .item }}
fi
loop: "{{ .artifact.arch | toJson }}"
when: .kube_version | empty | not
- name: Binary | Ensure CNI plugins are present
tags: ["cni"]
tags: ["kubernetes"]
loop: "{{ .download.arch | toJson }}"
when: .cni.cni_plugins_version | empty | not
command: |
artifact_name={{ get .artifact.artifact_url.cni_plugins .item | splitList "/" | last }}
artifact_path={{ .binary_dir }}/cni/plugins/{{ .cni_plugins_version }}/{{ .item }}
artifact_name={{ get .download.artifact_url.cni_plugins .item | splitList "/" | last }}
artifact_path={{ .binary_dir }}/cni/plugins/{{ .cni.cni_plugins_version }}/{{ .item }}
if [ ! -f $artifact_path/$artifact_name ]; then
mkdir -p $artifact_path
# Attempt to download CNI plugins
http_code=$(curl -Lo /dev/null -s -w "%{http_code}" {{ get .artifact.artifact_url.cni_plugins .item }})
http_code=$(curl -Lo /dev/null -s -w "%{http_code}" {{ get .download.artifact_url.cni_plugins .item }})
if [ $http_code != 200 ]; then
echo "Failed to download CNI plugins. HTTP status code: $http_code"
exit 1
fi
curl -L -o $artifact_path/$artifact_name {{ get .artifact.artifact_url.cni_plugins .item }}
curl -L -o $artifact_path/$artifact_name {{ get .download.artifact_url.cni_plugins .item }}
fi
loop: "{{ .artifact.arch | toJson }}"
when: .cni_plugins_version | empty | not
- name: Binary | Ensure Helm binary is present
tags: ["helm"]
tags: ["kubernetes"]
loop: "{{ .download.arch | toJson }}"
when: .kubernetes.helm_version | empty | not
command: |
artifact_name={{ get .artifact.artifact_url.helm .item | splitList "/" | last }}
artifact_path={{ .binary_dir }}/helm/{{ .helm_version }}/{{ .item }}
artifact_name={{ get .download.artifact_url.helm .item | splitList "/" | last }}
artifact_path={{ .binary_dir }}/helm/{{ .kubernetes.helm_version }}/{{ .item }}
if [ ! -f $artifact_path/$artifact_name ]; then
mkdir -p $artifact_path
# Attempt to download Helm binary
http_code=$(curl -Lo /dev/null -s -w "%{http_code}" {{ get .artifact.artifact_url.helm .item }})
http_code=$(curl -Lo /dev/null -s -w "%{http_code}" {{ get .download.artifact_url.helm .item }})
if [ $http_code != 200 ]; then
echo "Failed to download Helm binary. HTTP status code: $http_code"
exit 1
fi
curl -L -o $artifact_path/$artifact_name {{ get .artifact.artifact_url.helm .item }}
curl -L -o $artifact_path/$artifact_name {{ get .download.artifact_url.helm .item }}
fi
loop: "{{ .artifact.arch | toJson }}"
when: .helm_version | empty | not
- name: Binary | Ensure crictl binary is present
tags: ["crictl"]
tags: ["kubernetes"]
loop: "{{ .download.arch | toJson }}"
when: .cri.crictl_version | empty | not
command: |
artifact_name={{ get .artifact.artifact_url.crictl .item | splitList "/" | last }}
artifact_path={{ .binary_dir }}/crictl/{{ .crictl_version }}/{{ .item }}
artifact_name={{ get .download.artifact_url.crictl .item | splitList "/" | last }}
artifact_path={{ .binary_dir }}/crictl/{{ .cri.crictl_version }}/{{ .item }}
if [ ! -f $artifact_path/$artifact_name ]; then
mkdir -p $artifact_path
# Attempt to download crictl binary
http_code=$(curl -Lo /dev/null -s -w "%{http_code}" {{ get .artifact.artifact_url.crictl .item }})
http_code=$(curl -Lo /dev/null -s -w "%{http_code}" {{ get .download.artifact_url.crictl .item }})
if [ $http_code != 200 ]; then
echo "Failed to download crictl binary. HTTP status code: $http_code"
exit 1
fi
curl -L -o $artifact_path/$artifact_name {{ get .artifact.artifact_url.crictl .item }}
curl -L -o $artifact_path/$artifact_name {{ get .download.artifact_url.crictl .item }}
fi
loop: "{{ .artifact.arch | toJson }}"
when: .crictl_version | empty | not
- name: Binary | Ensure Docker binary is present
tags: ["docker"]
tags: ["kubernetes","image_registry"]
loop: "{{ .download.arch | toJson }}"
when:
- .cri.docker_version | empty | not
- or (.image_registry.type | empty | not) (.cri.container_manager | eq "docker")
command: |
artifact_name={{ get .artifact.artifact_url.docker .item | splitList "/" | last }}
artifact_path={{ .binary_dir }}/docker/{{ .docker_version }}/{{ .item }}
artifact_name={{ get .download.artifact_url.docker .item | splitList "/" | last }}
artifact_path={{ .binary_dir }}/docker/{{ .cri.docker_version }}/{{ .item }}
if [ ! -f $artifact_path/$artifact_name ]; then
mkdir -p $artifact_path
# Attempt to download Docker binary
http_code=$(curl -Lo /dev/null -s -w "%{http_code}" {{ get .artifact.artifact_url.docker .item }})
http_code=$(curl -Lo /dev/null -s -w "%{http_code}" {{ get .download.artifact_url.docker .item }})
if [ $http_code != 200 ]; then
echo "Failed to download Docker binary. HTTP status code: $http_code"
exit 1
fi
curl -L -o $artifact_path/$artifact_name {{ get .artifact.artifact_url.docker .item }}
curl -L -o $artifact_path/$artifact_name {{ get .download.artifact_url.docker .item }}
fi
loop: "{{ .artifact.arch | toJson }}"
when: .docker_version | empty | not
- name: Binary | Ensure cri-dockerd binary is present
tags: ["cridockerd"]
tags: ["kubernetes"]
loop: "{{ .download.arch | toJson }}"
when:
- .cri.cridockerd_version | empty | not
- .cri.container_manager | eq "docker"
- .kubernetes.kube_version | semverCompare ">=v1.24.0"
command: |
artifact_name={{ get .artifact.artifact_url.cridockerd .item | splitList "/" | last }}
artifact_path={{ .binary_dir }}/cri-dockerd/{{ .cridockerd_version }}/{{ .item }}
artifact_name={{ get .download.artifact_url.cridockerd .item | splitList "/" | last }}
artifact_path={{ .binary_dir }}/cri-dockerd/{{ .cri.cridockerd_version }}/{{ .item }}
if [ ! -f $artifact_path/$artifact_name ]; then
mkdir -p $artifact_path
# Attempt to download cri-dockerd binary
http_code=$(curl -Lo /dev/null -s -w "%{http_code}" {{ get .artifact.artifact_url.cridockerd .item }})
http_code=$(curl -Lo /dev/null -s -w "%{http_code}" {{ get .download.artifact_url.cridockerd .item }})
if [ $http_code != 200 ]; then
echo "Failed to download cri-dockerd binary. HTTP status code: $http_code"
exit 1
fi
curl -L -o $artifact_path/$artifact_name {{ get .artifact.artifact_url.cridockerd .item }}
curl -L -o $artifact_path/$artifact_name {{ get .download.artifact_url.cridockerd .item }}
fi
loop: "{{ .artifact.arch | toJson }}"
when: .cridockerd_version | empty | not
- name: Binary | Ensure containerd binary is present
tags: ["containerd"]
tags: ["kubernetes"]
loop: "{{ .download.arch | toJson }}"
when:
- .cri.containerd_version | empty | not
- .cri.container_manager | eq "containerd"
command: |
artifact_name={{ get .artifact.artifact_url.containerd .item | splitList "/" | last }}
artifact_path={{ .binary_dir }}/containerd/{{ .containerd_version }}/{{ .item }}
artifact_name={{ get .download.artifact_url.containerd .item | splitList "/" | last }}
artifact_path={{ .binary_dir }}/containerd/{{ .cri.containerd_version }}/{{ .item }}
if [ ! -f $artifact_path/$artifact_name ]; then
mkdir -p $artifact_path
# Attempt to download containerd binary
http_code=$(curl -Lo /dev/null -s -w "%{http_code}" {{ get .artifact.artifact_url.containerd .item }})
http_code=$(curl -Lo /dev/null -s -w "%{http_code}" {{ get .download.artifact_url.containerd .item }})
if [ $http_code != 200 ]; then
echo "Failed to download containerd binary. HTTP status code: $http_code"
exit 1
fi
curl -L -o $artifact_path/$artifact_name {{ get .artifact.artifact_url.containerd .item }}
curl -L -o $artifact_path/$artifact_name {{ get .download.artifact_url.containerd .item }}
fi
loop: "{{ .artifact.arch | toJson }}"
when: .containerd_version | empty | not
- name: Binary | Ensure runc binary is present
tags: ["runc"]
tags: ["kubernetes"]
loop: "{{ .download.arch | toJson }}"
when:
- .cri.runc_version | empty | not
- .cri.container_manager | eq "containerd"
command: |
artifact_name={{ get .artifact.artifact_url.runc .item | splitList "/" | last }}
artifact_path={{ .binary_dir }}/runc/{{ .runc_version }}/{{ .item }}
artifact_name={{ get .download.artifact_url.runc .item | splitList "/" | last }}
artifact_path={{ .binary_dir }}/runc/{{ .cri.runc_version }}/{{ .item }}
if [ ! -f $artifact_path/$artifact_name ]; then
mkdir -p $artifact_path
# Attempt to download runc binary
http_code=$(curl -Lo /dev/null -s -w "%{http_code}" {{ get .artifact.artifact_url.runc .item }})
http_code=$(curl -Lo /dev/null -s -w "%{http_code}" {{ get .download.artifact_url.runc .item }})
if [ $http_code != 200 ]; then
echo "Failed to download runc binary. HTTP status code: $http_code"
exit 1
fi
curl -L -o $artifact_path/$artifact_name {{ get .artifact.artifact_url.runc .item }}
curl -L -o $artifact_path/$artifact_name {{ get .download.artifact_url.runc .item }}
fi
loop: "{{ .artifact.arch | toJson }}"
when: .runc_version | empty | not
- name: Binary | Ensure calicoctl binary is present
tags: ["calicoctl"]
tags: ["kubernetes"]
loop: "{{ .download.arch | toJson }}"
when:
- .cni.calico_version | empty | not
- .cni.type | eq "calico"
command: |
artifact_name=calicoctl
artifact_path={{ .binary_dir }}/cni/calico/{{ .calico_version }}/{{ .item }}
artifact_path={{ .binary_dir }}/cni/calico/{{ .cni.calico_version }}/{{ .item }}
if [ ! -f $artifact_path/$artifact_name ]; then
mkdir -p $artifact_path
# Attempt to download calicoctl binary
http_code=$(curl -Lo /dev/null -s -w "%{http_code}" {{ get .artifact.artifact_url.calicoctl .item }})
http_code=$(curl -Lo /dev/null -s -w "%{http_code}" {{ get .download.artifact_url.calicoctl .item }})
if [ $http_code != 200 ]; then
echo "Failed to download calicoctl binary. HTTP status code: $http_code"
exit 1
fi
curl -L -o $artifact_path/$artifact_name {{ get .artifact.artifact_url.calicoctl .item }}
curl -L -o $artifact_path/$artifact_name {{ get .download.artifact_url.calicoctl .item }}
fi
loop: "{{ .artifact.arch | toJson }}"
when: .calico_version | empty | not
- name: Binary | Ensure Docker Registry binary is present
tags: ["registry"]
tags: ["image_registry"]
loop: "{{ .download.arch | toJson }}"
when:
- .image_registry.docker_registry_version | empty | not
- .image_registry.type | eq "docker-registry"
command: |
artifact_name={{ get .artifact.artifact_url.docker_registry .item | splitList "/" | last }}
artifact_path={{ .binary_dir }}/image-registry/docker-registry/{{ .docker_registry_version }}/{{ .item }}
artifact_name={{ get .download.artifact_url.docker_registry .item | splitList "/" | last }}
artifact_path={{ .binary_dir }}/image-registry/docker-registry/{{ .image_registry.docker_registry_version }}/{{ .item }}
if [ ! -f $artifact_path/$artifact_name ]; then
mkdir -p $artifact_path
# Attempt to download Docker Registry binary
http_code=$(curl -Lo /dev/null -s -w "%{http_code}" {{ get .artifact.artifact_url.docker_registry .item }})
http_code=$(curl -Lo /dev/null -s -w "%{http_code}" {{ get .download.artifact_url.docker_registry .item }})
if [ $http_code != 200 ]; then
echo "Failed to download Docker Registry binary. HTTP status code: $http_code"
exit 1
fi
curl -L -o $artifact_path/$artifact_name {{ get .artifact.artifact_url.docker_registry .item }}
curl -L -o $artifact_path/$artifact_name {{ get .download.artifact_url.docker_registry .item }}
fi
loop: "{{ .artifact.arch | toJson }}"
when: .docker_registry_version | empty | not
- name: Binary | Ensure docker-compose binary is present
tags: ["docker-compose"]
tags: ["image_registry"]
loop: "{{ .download.arch | toJson }}"
when:
- .cri.dockercompose_version | empty | not
- .image_registry.type | eq "harbor"
command: |
compose_name=docker-compose
compose_path={{ .binary_dir }}/image-registry/docker-compose/{{ .dockercompose_version }}/{{ .item }}
compose_path={{ .binary_dir }}/image-registry/docker-compose/{{ .cri.dockercompose_version }}/{{ .item }}
if [ ! -f $compose_path/$compose_name ]; then
mkdir -p $compose_path
# Attempt to download docker-compose binary
curl -L -o $compose_path/$compose_name {{ get .artifact.artifact_url.dockercompose .item }}
curl -L -o $compose_path/$compose_name {{ get .download.artifact_url.dockercompose .item }}
fi
loop: "{{ .artifact.arch | toJson }}"
when: .dockercompose_version | empty | not
- name: Binary | Ensure Harbor binary is present
tags: ["harbor"]
tags: ["image_registry"]
loop: "{{ .download.arch | toJson }}"
when:
- .image_registry.harbor_version | empty | not
- .image_registry.type | eq "harbor"
command: |
harbor_name={{ get .artifact.artifact_url.harbor .item | splitList "/" | last }}
harbor_path={{ .binary_dir }}/image-registry/harbor/{{ .harbor_version }}/{{ .item }}
harbor_name={{ get .download.artifact_url.harbor .item | splitList "/" | last }}
harbor_path={{ .binary_dir }}/image-registry/harbor/{{ .image_registry.harbor_version }}/{{ .item }}
if [ ! -f $harbor_path/$harbor_name ]; then
mkdir -p $harbor_path
# Attempt to download Harbor binary
http_code=$(curl -Lo /dev/null -s -w "%{http_code}" {{ get .artifact.artifact_url.harbor .item }})
http_code=$(curl -Lo /dev/null -s -w "%{http_code}" {{ get .download.artifact_url.harbor .item }})
if [ $http_code != 200 ]; then
echo "Failed to download Harbor binary. HTTP status code: $http_code"
exit 1
fi
curl -L -o $harbor_path/$harbor_name {{ get .artifact.artifact_url.harbor .item }}
curl -L -o $harbor_path/$harbor_name {{ get .download.artifact_url.harbor .item }}
fi
loop: "{{ .artifact.arch | toJson }}"
when: .harbor_version | empty | not
- name: Binary | Ensure keepalived binary is present
tags: ["keepalived"]
tags: ["image_registry"]
loop: "{{ .download.arch | toJson }}"
when:
- .image_registry.keepalived_version | empty | not
- .image_registry.ha_vip | empty | not
- .groups.image_registry | len | lt 1
command: |
artifact_name={{ get .artifact.artifact_url.keepalived .item | splitList "/" | last }}
artifact_name={{ get .download.artifact_url.keepalived .item | splitList "/" | last }}
artifact_path={{ .binary_dir }}/image-registry/keepalived/{{ .keepalived_version }}/{{ .item }}
if [ ! -f $artifact_path/$artifact_name ]; then
mkdir -p $artifact_path
# Attempt to download keepalived binary
http_code=$(curl -Lo /dev/null -s -w "%{http_code}" {{ get .artifact.artifact_url.keepalived .item }})
http_code=$(curl -Lo /dev/null -s -w "%{http_code}" {{ get .download.artifact_url.keepalived .item }})
if [ $http_code != 200 ]; then
echo "Failed to download keepalived binary. HTTP status code: $http_code"
exit 1
fi
curl -L -o $artifact_path/$artifact_name {{ get .artifact.artifact_url.keepalived .item }}
curl -L -o $artifact_path/$artifact_name {{ get .download.artifact_url.keepalived .item }}
fi
loop: "{{ .artifact.arch | toJson }}"
when: .keepalived_version | empty | not

51
builtin/core/roles/init/init-artifact/tasks/download_helm.yaml → builtin/core/roles/download/tasks/helm.yaml
View File

@ -1,69 +1,78 @@
---
- name: Helm | Ensure the Calico binary is available
when:
- .cni.calico_version | empty | not
- .cni.type | eq "calico"
command: |
artifact_name={{ .artifact.artifact_url.calico | splitList "/" | last }}
artifact_name={{ .download.artifact_url.calico | splitList "/" | last }}
artifact_path={{ .binary_dir }}/cni/calico
if [ ! -f $artifact_path/$artifact_name ]; then
mkdir -p $artifact_path
# Download the Calico binary if it does not exist
curl -Lo $artifact_path/$artifact_name {{ .artifact.artifact_url.calico }}
curl -Lo $artifact_path/$artifact_name {{ .download.artifact_url.calico }}
fi
when: .calico_version | empty | not
- name: Helm | Ensure the Cilium binary is available
when:
- .cni.cilium_version | empty | not
- .cni.type | eq "cilium"
command: |
artifact_name={{ .artifact.artifact_url.cilium | splitList "/" | last }}
artifact_name={{ .download.artifact_url.cilium | splitList "/" | last }}
artifact_path={{ .binary_dir }}/cni/cilium
if [ ! -f $artifact_path/$artifact_name ]; then
mkdir -p $artifact_path
# Download the Cilium binary if it does not exist
curl -Lo $artifact_path/$artifact_name {{ .artifact.artifact_url.cilium }}
curl -Lo $artifact_path/$artifact_name {{ .download.artifact_url.cilium }}
fi
when: .cilium_version | empty | not
- name: Helm | Ensure the Flannel binary is available
when:
- .cni.flannel_version | empty | not
- .cni.type | eq "flannel"
command: |
artifact_name={{ .artifact.artifact_url.flannel | splitList "/" | last }}
artifact_name={{ .download.artifact_url.flannel | splitList "/" | last }}
artifact_path={{ .binary_dir }}/cni/flannel
if [ ! -f $artifact_path/$artifact_name ]; then
mkdir -p $artifact_path
# Download the Flannel binary if it does not exist
curl -Lo $artifact_path/$artifact_name {{ .artifact.artifact_url.flannel }}
curl -Lo $artifact_path/$artifact_name {{ .download.artifact_url.flannel }}
fi
when: .flannel_version | empty | not
- name: Helm | Ensure the Kube-OVN binary is available
tags: ["kubeovn"]
when:
- .kubeovn_version | empty | not
- .cni.type | eq "kubeovn"
command: |
artifact_name={{ .artifact.artifact_url.kubeovn | splitList "/" | last }}
artifact_name={{ .download.artifact_url.kubeovn | splitList "/" | last }}
artifact_path={{ .binary_dir }}/cni/kubeovn
if [ ! -f $artifact_path/$artifact_name ]; then
mkdir -p $artifact_path
# Download the Kube-OVN binary if it does not exist
curl -Lo $artifact_path/$artifact_name {{ .artifact.artifact_url.kubeovn }}
curl -Lo $artifact_path/$artifact_name {{ .download.artifact_url.kubeovn }}
fi
when: .kubeovn_version | empty | not
- name: Helm | Ensure the Hybridnet binary is available
tags: ["hybridnet"]
when:
- .cni.hybridnet_version | empty | not
- .cni.type | eq "hybridnet"
command: |
artifact_name={{ .artifact.artifact_url.hybridnet | splitList "/" | last }}
artifact_name={{ .download.artifact_url.hybridnet | splitList "/" | last }}
artifact_path={{ .binary_dir }}/cni/hybridnet
if [ ! -f $artifact_path/$artifact_name ]; then
mkdir -p $artifact_path
# Download the Hybridnet binary if it does not exist
curl -Lo $artifact_path/$artifact_name {{ .artifact.artifact_url.hybridnet }}
curl -Lo $artifact_path/$artifact_name {{ .download.artifact_url.hybridnet }}
fi
when: .hybridnet_version | empty | not
- name: Helm | Ensure the NFS Provisioner binary is available
tags: ["nfs_provisioner"]
when:
- .storage_class.nfs_provisioner_version | empty | not
- .storage_class.nfs.enabled
command: |
artifact_name={{ .artifact.artifact_url.nfs_provisioner | splitList "/" | last }}
artifact_name={{ .download.artifact_url.nfs_provisioner | splitList "/" | last }}
artifact_path={{ .binary_dir }}/sc
if [ ! -f $artifact_path/$artifact_name ]; then
mkdir -p $artifact_path
# Download the NFS Provisioner binary if it does not exist
curl -Lo $artifact_path/$artifact_name {{ .artifact.artifact_url.nfs_provisioner }}
curl -Lo $artifact_path/$artifact_name {{ .download.artifact_url.nfs_provisioner }}
fi
when: .nfs_provisioner_version | empty | not

8
builtin/core/roles/download/tasks/images.yaml Normal file
View File

@ -0,0 +1,8 @@
- name: Image | Download container images
image:
pull:
images_dir: >-
{{ .binary_dir }}/images/
manifests: "{{ .image_manifests | toJson }}"
when:
- .image_manifests | default list | empty | not

23
builtin/core/roles/init/init-artifact/tasks/main.yaml → builtin/core/roles/download/tasks/main.yaml
View File

@ -1,30 +1,27 @@
---
- name: Artifact | Extract artifact archive to working directory
tags: ["always"]
command: |
if [ -f "{{ .artifact_file }}" ]; then
if [ -f "{{ .download.artifact_file }}" ]; then
mkdir -p {{ .binary_dir }}
tar -zxvf {{ .artifact_file }} -C {{ .binary_dir }}
fi
when: .artifact_file | empty | not
when: .download.artifact_file | empty | not
- name: Artifact | Download required binaries and images
when: .artifact_file | empty
when: .download.artifact_file | empty
block:
# Download core binaries
- include_tasks: download_binary.yaml
- include_tasks: binary.yaml
# Download Helm and CNI binaries
- include_tasks: download_helm.yaml
- include_tasks: helm.yaml
tags: ["kubernetes"]
# Download remote images to the local images directory
- name: Artifact | Download container images
image:
pull:
images_dir: >-
{{ .binary_dir }}/images/
manifests: "{{ .image_manifests | toJson }}"
when:
- .image_manifests | default list | empty | not
- include_tasks: images.yaml
tags: ["kubernetes", "image_registry"]
- name: Artifact | Set ownership of working directory to sudo user
tags: ["always"]
ignore_errors: true
command: |
chown -R ${SUDO_UID}:${SUDO_GID} {{ .work_dir }}

0
builtin/core/roles/install/etcd/files/backup.service → builtin/core/roles/etcd/files/backup.service
View File

0
builtin/core/roles/install/etcd/files/etcd.service → builtin/core/roles/etcd/files/etcd.service
View File

0
builtin/core/roles/install/etcd/tasks/backup_service.yaml → builtin/core/roles/etcd/tasks/backup_service.yaml
View File

0
builtin/core/roles/install/etcd/tasks/expansion.yaml → builtin/core/roles/etcd/tasks/expansion.yaml
View File

0
builtin/core/roles/install/etcd/tasks/install.yaml → builtin/core/roles/etcd/tasks/install.yaml
View File

2
builtin/core/roles/install/etcd/tasks/main.yaml → builtin/core/roles/etcd/tasks/main.yaml
View File

@ -4,7 +4,7 @@
- name: ETCD | Upgrade etcd if a newer version is available
when:
- .etcd_install_LoadState.stdout | eq "loaded"
- .etcd_version | semverCompare (printf ">v%s" (index .etcd_install_version "stdout" "etcd Version"))
- .etcd.etcd_version | semverCompare (printf ">v%s" (index .etcd_install_version "stdout" "etcd Version"))
include_tasks: upgrade.yaml
- name: ETCD | Expand the etcd cluster by adding new nodes if required

52
builtin/core/roles/install/etcd/tasks/prepare.yaml → builtin/core/roles/etcd/tasks/prepare.yaml
View File

@ -1,26 +1,13 @@
- name: Prepare | Check etcd.service status in systemd
block:
- name: Prepare | Get etcd.service LoadState and save to variable
command: systemctl show etcd.service -p LoadState --value
register: etcd_install_LoadState
- name: Prepare | Get etcd.service ActiveState and save to variable
command: systemctl show etcd.service -p ActiveState --value
register: etcd_install_ActiveState
- name: Prepare | Ensure installed etcd is running and healthy
when: .etcd_install_LoadState.stdout | eq "loaded"
assert:
that: .etcd_install_ActiveState.stdout | eq "active"
fail_msg: >-
etcd service is installed but not running
---
- name: Prepare | Ensure installed etcd is running and healthy
when: .etcd_install_LoadState.stdout | eq "loaded"
assert:
that: .etcd_install_ActiveState.stdout | eq "active"
fail_msg: >-
etcd service is installed but not running
- name: Prepare | Set etcd node parameters
block:
- name: Prepare | Set etcd state to existing if already installed
when: .etcd_install_LoadState.stdout | eq "loaded"
set_fact:
etcd:
state: existing
- name: Prepare | Identify nodes with installed or missing etcd
run_once: true
add_hostvars:
@ -46,37 +33,32 @@
- name: Prepare | Check installed etcd version
when: .etcd_install_LoadState.stdout | eq "loaded"
block:
- name: Prepare | Get installed etcd version
command: etcd --version
register: etcd_install_version
register_type: yaml
- name: Prepare | Ensure target etcd version is not lower than installed version
when: .etcd_install_LoadState.stdout | eq "loaded"
assert:
that: .etcd_version | semverCompare (printf ">=v%s" (index .etcd_install_version "stdout" "etcd Version"))
fail_msg: >-
Installed etcd version: {{ index .etcd_install_version "stdout" "etcd Version" }} is lower than target etcd version: {{ .etcd_version }}
Installed etcd version: {{ index .etcd_install_version "stdout" "etcd Version" }} is lower than target etcd version: {{ .etcd.etcd_version }}
- name: Prepare | Synchronize etcd package to node if new install or upgrade
when:
- .etcd_install_version.error | empty
- or (eq .etcd_install_version.stdout "skip") (eq .etcd_version (printf ">=v%s" (index .etcd_install_version "stdout" "etcd Version")))
- or (.etcd_install_version.error | empty | not) (.etcd.etcd_version | semverCompare (printf ">v%s" (index .etcd_install_version "stdout" "etcd Version")))
block:
- name: Prepare | Copy etcd binary package to remote node
copy:
src: >-
{{ .binary_dir }}/etcd/{{ .etcd_version }}/{{ .binary_type }}/etcd-{{ .etcd_version }}-linux-{{ .binary_type }}.tar.gz
{{ .binary_dir }}/etcd/{{ .etcd.etcd_version }}/{{ .binary_type }}/etcd-{{ .etcd.etcd_version }}-linux-{{ .binary_type }}.tar.gz
dest: >-
{{ .tmp_dir }}/etcd-{{ .etcd_version }}-linux-{{ .binary_type }}.tar.gz
{{ .tmp_dir }}/etcd-{{ .etcd.etcd_version }}-linux-{{ .binary_type }}.tar.gz
- name: Prepare | Extract etcd binary package to /usr/local/bin/
command: |
tar --strip-components=1 -C /usr/local/bin/ -xvf {{ .tmp_dir }}/etcd-{{ .etcd_version }}-linux-{{ .binary_type }}.tar.gz \
--wildcards etcd-{{ .etcd_version }}-linux-{{ .binary_type }}/etcd*
tar --strip-components=1 -C /usr/local/bin/ -xvf {{ .tmp_dir }}/etcd-{{ .etcd.etcd_version }}-linux-{{ .binary_type }}.tar.gz \
--wildcards 'etcd-{{ .etcd.etcd_version }}-linux-{{ .binary_type }}/etcd*'
- name: Prepare | Synchronize certificates to node for new install or expansion
when: >-
or
(eq .etcd_install_version.stdout "skip")
(.etcd_install_version.error | empty | not)
(and
(.installed_etcd | empty | not)
(.need_installed_etcd | fromJson | empty | not)
@ -85,15 +67,15 @@
- name: Prepare | Copy CA certificate to etcd node
copy:
src: >-
{{ .binary_dir }}/pki/root.crt
{{ .etcd.ca_file }}
dest: /etc/ssl/etcd/ssl/ca.crt
- name: Prepare | Copy server certificate to etcd node
copy:
src: >-
{{ .binary_dir }}/pki/etcd.crt
{{ .etcd.cert_file }}
dest: /etc/ssl/etcd/ssl/server.crt
- name: Prepare | Copy server key to etcd node
copy:
src: >-
{{ .binary_dir }}/pki/etcd.key
{{ .etcd.key_file }}
dest: /etc/ssl/etcd/ssl/server.key

Some files were not shown because too many files have changed in this diff Show More