mirror of
https://github.com/kubesphere/kubekey.git
synced 2025-12-25 17:12:50 +00:00
feat: add role dependency in builtin playbook (#2653)
Signed-off-by: joyceliu <joyceliu@yunify.com>
This commit is contained in:
liujian
GitHub
parent
e5077f51e9
commit
b68c73de2d
|
|
@ -1,25 +0,0 @@
|
|||
.PHONY: create-role
|
||||
create-role: ## create a role necessary file in roles
|
||||
@echo "Creating role $(role) in ${base} ..."
|
||||
@mkdir -p ${base}/roles/$(role)/tasks
|
||||
@echo "---" > ${base}/roles/$(role)/tasks/main.yaml
|
||||
@mkdir -p ${base}/roles/$(role)/defaults
|
||||
@echo "" > ${base}/roles/$(role)/defaults/main.yaml
|
||||
ifeq ($(VARIABLE_NAME),"full")
|
||||
@mkdir -p ${base}/roles/$(role)/handlers
|
||||
@mkdir -p ${base}/roles/$(role)/templates
|
||||
@mkdir -p ${base}/roles/$(role)/files
|
||||
@mkdir -p ${base}/roles/$(role)/vars
|
||||
@mkdir -p ${base}/roles/$(role)/meta
|
||||
@echo "---" > ${base}/roles/$(role)/handlers/main.yaml
|
||||
@echo "---" > ${base}/roles/$(role)/templates/main.yaml
|
||||
@echo "---" > ${base}/roles/$(role)/files/main.yaml
|
||||
@echo "---" > ${base}/roles/$(role)/vars/main.yaml
|
||||
@echo "---" > ${base}/roles/$(role)/defaults/main.yaml
|
||||
@echo "---" > ${base}/roles/$(role)/meta/main.yaml
|
||||
endif
|
||||
@echo "Role $(role) created successfully"
|
||||
|
||||
.PHONY: help
|
||||
help: ## Display this help.
|
||||
@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n\nTargets:\n"} /^[0-9A-Za-z_-]+:.*?##/ { printf " \033[36m%-45s\033[0m %s\n", $$1, $$2 } /^\$$\([0-9A-Za-z_-]+\):.*?##/ { gsub("_","-", $$1); printf " \033[36m%-45s\033[0m %s\n", tolower(substr($$1, 3, length($$1)-7)), $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
|
||||
|
|
@ -20,9 +20,9 @@ spec:
|
|||
# harbor_version: v2.6.3
|
||||
# docker-compose binary
|
||||
# dockercompose_version: v2.12.2
|
||||
# ========== image registry: registry ==========
|
||||
# registry image tag
|
||||
# registry_version: 2.8.3
|
||||
# ========== image registry: docker-registry ==========
|
||||
# docker-registry image tag
|
||||
# docker_registry_version: 2.8.3
|
||||
# ========== cri ==========
|
||||
# crictl binary
|
||||
crictl_version: v1.23.0
|
||||
|
|
|
|||
|
|
@ -20,9 +20,9 @@ spec:
|
|||
# harbor_version: v2.7.1
|
||||
# docker-compose binary
|
||||
# dockercompose_version: v2.14.0
|
||||
# ========== image registry: registry ==========
|
||||
# registry image tag
|
||||
# registry_version: 2.8.3
|
||||
# ========== image registry: docker-registry ==========
|
||||
# docker-registry image tag
|
||||
# docker_registry_version: 2.8.3
|
||||
# ========== cri ==========
|
||||
# crictl binary
|
||||
crictl_version: v1.24.0
|
||||
|
|
|
|||
|
|
@ -20,9 +20,9 @@ spec:
|
|||
# harbor_version: v2.8.1
|
||||
# docker-compose binary
|
||||
# dockercompose_version: v2.15.1
|
||||
# ========== image registry: registry ==========
|
||||
# registry image tag
|
||||
# registry_version: 2.8.3
|
||||
# ========== image registry: docker-registry ==========
|
||||
# docker-registry image tag
|
||||
# docker_registry_version: 2.8.3
|
||||
# ========== cri ==========
|
||||
# crictl binary
|
||||
crictl_version: v1.25.0
|
||||
|
|
|
|||
|
|
@ -20,9 +20,9 @@ spec:
|
|||
# harbor_version: v2.9.1
|
||||
# docker-compose binary
|
||||
# dockercompose_version: v2.16.0
|
||||
# ========== image registry: registry ==========
|
||||
# registry image tag
|
||||
# registry_version: 2.8.3
|
||||
# ========== image registry: docker-registry ==========
|
||||
# docker-registry image tag
|
||||
# docker_registry_version: 2.8.3
|
||||
# ========== cri ==========
|
||||
# crictl binary
|
||||
crictl_version: v1.26.0
|
||||
|
|
|
|||
|
|
@ -20,9 +20,9 @@ spec:
|
|||
# harbor_version: v2.10.1
|
||||
# docker-compose binary
|
||||
# dockercompose_version: v2.20.3
|
||||
# ========== image registry: registry ==========
|
||||
# registry image tag
|
||||
# registry_version: 2.8.3
|
||||
# ========== image registry: docker-registry ==========
|
||||
# docker-registry image tag
|
||||
# docker_registry_version: 2.8.3
|
||||
# ========== cri ==========
|
||||
# crictl binary
|
||||
crictl_version: v1.27.0
|
||||
|
|
|
|||
|
|
@ -20,9 +20,9 @@ spec:
|
|||
# harbor_version: v2.10.1
|
||||
# docker-compose binary
|
||||
# dockercompose_version: v2.20.3
|
||||
# ========== image registry: registry ==========
|
||||
# registry image tag
|
||||
# registry_version: 2.8.3
|
||||
# ========== image registry: docker-registry ==========
|
||||
# docker-registry image tag
|
||||
# docker_registry_version: 2.8.3
|
||||
# ========== cri ==========
|
||||
# crictl binary
|
||||
crictl_version: v1.28.0
|
||||
|
|
|
|||
|
|
@ -20,9 +20,9 @@ spec:
|
|||
# harbor_version: v2.10.1
|
||||
# docker-compose binary
|
||||
# dockercompose_version: v2.20.3
|
||||
# ========== image registry: registry ==========
|
||||
# registry image tag
|
||||
# registry_version: 2.8.3
|
||||
# ========== image registry: docker-registry ==========
|
||||
# docker-registry image tag
|
||||
# docker_registry_version: 2.8.3
|
||||
# ========== cri ==========
|
||||
# crictl binary
|
||||
crictl_version: v1.29.0
|
||||
|
|
|
|||
|
|
@ -20,9 +20,9 @@ spec:
|
|||
# harbor_version: v2.10.1
|
||||
# docker-compose binary
|
||||
# dockercompose_version: v2.20.3
|
||||
# ========== image registry: registry ==========
|
||||
# registry image tag
|
||||
# registry_version: 2.8.3
|
||||
# ========== image registry: docker-registry ==========
|
||||
# docker-registry image tag
|
||||
# docker_registry_version: 2.8.3
|
||||
# ========== cri ==========
|
||||
# crictl binary
|
||||
crictl_version: v1.30.0
|
||||
|
|
|
|||
|
|
@ -20,9 +20,9 @@ spec:
|
|||
# harbor_version: v2.10.1
|
||||
# docker-compose binary
|
||||
# dockercompose_version: v2.20.3
|
||||
# ========== image registry: registry ==========
|
||||
# registry image tag
|
||||
# registry_version: 2.8.3
|
||||
# ========== image registry: docker-registry ==========
|
||||
# docker-registry image tag
|
||||
# docker_registry_version: 2.8.3
|
||||
# ========== cri ==========
|
||||
# crictl binary
|
||||
crictl_version: v1.31.0
|
||||
|
|
|
|||
|
|
@ -20,9 +20,9 @@ spec:
|
|||
# harbor_version: v2.10.1
|
||||
# docker-compose binary
|
||||
# dockercompose_version: v2.20.3
|
||||
# ========== image registry: registry ==========
|
||||
# registry image tag
|
||||
# registry_version: 2.8.3
|
||||
# ========== image registry: docker-registry ==========
|
||||
# docker-registry image tag
|
||||
# docker_registry_version: 2.8.3
|
||||
# ========== cri ==========
|
||||
# crictl binary
|
||||
crictl_version: v1.32.0
|
||||
|
|
|
|||
|
|
@ -20,9 +20,9 @@ spec:
|
|||
# harbor_version: v2.10.1
|
||||
# docker-compose binary
|
||||
# dockercompose_version: v2.20.3
|
||||
# ========== image registry: registry ==========
|
||||
# registry image tag
|
||||
# registry_version: 2.8.3
|
||||
# ========== image registry: docker-registry ==========
|
||||
# docker-registry image tag
|
||||
# docker_registry_version: 2.8.3
|
||||
# ========== cri ==========
|
||||
# crictl binary
|
||||
crictl_version: v1.33.0
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@
|
|||
- hosts:
|
||||
- image_registry
|
||||
roles:
|
||||
- role: uninstall/image_registry
|
||||
- role: uninstall/image-registry
|
||||
when:
|
||||
- .deleteImageRegistry
|
||||
|
||||
|
|
|
|||
|
|
@ -79,7 +79,7 @@
|
|||
- hosts:
|
||||
- image_registry
|
||||
roles:
|
||||
- role: uninstall/image_registry
|
||||
- role: uninstall/image-registry
|
||||
when:
|
||||
- .deleteImageRegistry
|
||||
- .delete_nodes | default list | has .inventory_hostname
|
||||
|
|
|
|||
|
|
@ -10,6 +10,6 @@
|
|||
- hosts:
|
||||
- image_registry
|
||||
roles:
|
||||
- role: uninstall/image_registry
|
||||
- role: uninstall/image-registry
|
||||
|
||||
- import_playbook: hook/post_install.yaml
|
||||
|
|
@ -5,7 +5,7 @@
|
|||
src: >-
|
||||
{{ .binary_dir }}/pki/image_registry.crt
|
||||
dest: >-
|
||||
/opt/registry/{{ .registry_version }}/ssl/server.crt
|
||||
/opt/docker-registry/{{ .docker_registry_version }}/ssl/server.crt
|
||||
|
||||
- name: Sync image registry key file to remote
|
||||
tags: ["certs"]
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
src: >-
|
||||
{{ .binary_dir }}/pki/image_registry.key
|
||||
dest: >-
|
||||
/opt/registry/{{ .registry_version }}/ssl/server.key
|
||||
/opt/docker-registry/{{ .docker_registry_version }}/ssl/server.key
|
||||
|
||||
- name: Restart registry service
|
||||
tags: ["certs"]
|
||||
|
|
|
|||
|
|
@ -162,18 +162,18 @@ artifact:
|
|||
{{- else -}}
|
||||
https://github.com/docker/compose/releases/download/{{ .dockercompose_version }}/docker-compose-linux-aarch64
|
||||
{{- end -}}
|
||||
# registry:
|
||||
# docker_registry:
|
||||
# amd64: >-
|
||||
# {{- if .kkzone | eq "cn" -}}
|
||||
# https://kubernetes-release.pek3b.qingstor.com/registry/{{ .registry_version }}/registry-{{ .registry_version }}-linux-amd64.tgz
|
||||
# https://kubernetes-release.pek3b.qingstor.com/registry/{{ .docker_registry_version }}/docker-registry-{{ .docker_registry_version }}-linux-amd64.tgz
|
||||
# {{- else -}}
|
||||
# https://github.com/kubesphere/kubekey/releases/download/{{ .registry_version }}/registry-{{ .registry_version }}-linux-amd64.tgz
|
||||
# https://github.com/kubesphere/kubekey/releases/download/{{ .docker_registry_version }}/docker-registry-{{ .docker_registry_version }}-linux-amd64.tgz
|
||||
# {{- end -}}
|
||||
# arm64: >-
|
||||
# {{- if .kkzone | eq "cn" -}}
|
||||
# https://kubernetes-release.pek3b.qingstor.com/registry/{{ .registry_version }}/registry-{{ .registry_version }}-linux-arm64.tgz
|
||||
# https://kubernetes-release.pek3b.qingstor.com/registry/{{ .docker_registry_version }}/docker-registry-{{ .docker_registry_version }}-linux-arm64.tgz
|
||||
# {{- else -}}
|
||||
# https://github.com/kubesphere/kubekey/releases/download/{{ .registry_version }}/registry-{{ .registry_version }}-linux-arm64.tgz
|
||||
# https://github.com/kubesphere/kubekey/releases/download/{{ .docker_registry_version }}/docker-registry-{{ .docker_registry_version }}-linux-arm64.tgz
|
||||
# {{- end -}}
|
||||
harbor:
|
||||
amd64: >-
|
||||
|
|
|
|||
|
|
@ -201,20 +201,20 @@
|
|||
- name: Check binaries for registry
|
||||
tags: ["registry"]
|
||||
command: |
|
||||
artifact_name={{ get .artifact.artifact_url.registry .item | splitList "/" | last }}
|
||||
artifact_path={{ .binary_dir }}/image-registry/registry/{{ .registry_version }}/{{ .item }}
|
||||
artifact_name={{ get .artifact.artifact_url.docker_registry .item | splitList "/" | last }}
|
||||
artifact_path={{ .binary_dir }}/image-registry/docker-registry/{{ .docker_registry_version }}/{{ .item }}
|
||||
if [ ! -f $artifact_path/$artifact_name ]; then
|
||||
mkdir -p $artifact_path
|
||||
# download online
|
||||
http_code=$(curl -Lo /dev/null -s -w "%{http_code}" {{ get .artifact.artifact_url.registry .item }})
|
||||
http_code=$(curl -Lo /dev/null -s -w "%{http_code}" {{ get .artifact.artifact_url.docker_registry .item }})
|
||||
if [ $http_code != 200 ]; then
|
||||
echo "http code is $http_code"
|
||||
exit 1
|
||||
fi
|
||||
curl -L -o $artifact_path/$artifact_name {{ get .artifact.artifact_url.registry .item }}
|
||||
curl -L -o $artifact_path/$artifact_name {{ get .artifact.artifact_url.docker_registry .item }}
|
||||
fi
|
||||
loop: "{{ .artifact.arch | toJson }}"
|
||||
when: .registry_version | empty | not
|
||||
when: .docker_registry_version | empty | not
|
||||
|
||||
- name: Check binaries for docker-compose
|
||||
tags: ["docker-compose"]
|
||||
|
|
|
|||
|
|
@ -0,0 +1,12 @@
|
|||
cni:
|
||||
calico:
|
||||
values: |
|
||||
# calico helm values
|
||||
tigeraOperator:
|
||||
registry: {{ .quayio_registry }}
|
||||
calicoctl:
|
||||
image: {{ .dockerio_registry }}/calico/ctl
|
||||
installation:
|
||||
registry: {{ .dockerio_registry }}
|
||||
calicoNetwork:
|
||||
bgp: Enabled
|
||||
|
|
@ -0,0 +1,70 @@
|
|||
cni:
|
||||
cilium:
|
||||
values: |
|
||||
# cilium helm values
|
||||
image:
|
||||
repository: {{ .quayio_registry }}/cilium/cilium-cli
|
||||
certgen:
|
||||
image:
|
||||
repository: {{ .quayio_registry }}/cilium/certgen
|
||||
hubble:
|
||||
relay:
|
||||
image:
|
||||
repository: {{ .quayio_registry }}/cilium/hubble-relay-ci
|
||||
ui:
|
||||
backend:
|
||||
image:
|
||||
repository: {{ .quayio_registry }}/cilium/hubble-ui-backend
|
||||
frontend:
|
||||
image:
|
||||
repository: {{ .quayio_registry }}/cilium/hubble-ui
|
||||
envoy:
|
||||
image:
|
||||
repository: {{ .quayio_registry }}/cilium/cilium-envoy
|
||||
operator:
|
||||
replicas: 2
|
||||
image:
|
||||
repository: {{ .quayio_registry }}/cilium/operator
|
||||
nodeinit:
|
||||
image:
|
||||
repository: {{ .quayio_registry }}/cilium/startup-script
|
||||
preflight:
|
||||
image:
|
||||
repository: {{ .quayio_registry }}/cilium/cilium-ci
|
||||
clustermesh:
|
||||
apiserver:
|
||||
image:
|
||||
repository: {{ .quayio_registry }}/cilium/clustermesh-apiserver-ci
|
||||
authentication:
|
||||
mutual:
|
||||
spire:
|
||||
install:
|
||||
initImage:
|
||||
repository: {{ .dockerio_registry }}/library/busybox
|
||||
agent:
|
||||
image:
|
||||
repository: {{ .ghcrio_registry }}/spiffe/spire-agent
|
||||
server:
|
||||
image:
|
||||
repository: {{ .ghcrio_registry }}/spiffe/spire-server
|
||||
ipv4:
|
||||
enabled: {{ .cni.ipv4_support }}
|
||||
ipv6:
|
||||
enabled: {{ .cni.ipv6_support }}
|
||||
ipam:
|
||||
operator:
|
||||
{{- if .cni.ipv4_support }}
|
||||
clusterPoolIPv4PodCIDRList:
|
||||
- {{ .cni.ipv4_pods_cidr }}
|
||||
clusterPoolIPv4MaskSize: {{ .cni.ipv4_block_size }}
|
||||
{{- end }}
|
||||
{{- if .cni.ipv6_support }}
|
||||
clusterPoolIPv6PodCIDRList:
|
||||
- {{ .cni.ipv6_pods_cidr }}
|
||||
clusterPoolIPv6MaskSize: {{ .cni.ipv6_block_size }}
|
||||
{{- end }}
|
||||
{{- if not (.kubernetes.kube_proxy.enabled | default true) }}
|
||||
kubeProxyReplacement: "true"
|
||||
k8sServiceHost: {{ .kubernetes.control_plane_endpoint.host }}
|
||||
k8sServicePort: {{ .kubernetes.control_plane_endpoint.port }}
|
||||
{{- end }}
|
||||
|
|
@ -36,134 +36,4 @@ cni:
|
|||
{{ .kubernetes.networking.ipv4_mask_size | default 64 }}
|
||||
kube_svc_cidr: >-
|
||||
{{ .kubernetes.networking.service_cidr | default "10.233.0.0/18" }}
|
||||
calico:
|
||||
values: |
|
||||
# calico helm values
|
||||
tigeraOperator:
|
||||
registry: {{ .quayio_registry }}
|
||||
calicoctl:
|
||||
image: {{ .dockerio_registry }}/calico/ctl
|
||||
installation:
|
||||
registry: {{ .dockerio_registry }}
|
||||
calicoNetwork:
|
||||
bgp: Enabled
|
||||
cilium:
|
||||
values: |
|
||||
# cilium helm values
|
||||
image:
|
||||
repository: {{ .quayio_registry }}/cilium/cilium-cli
|
||||
certgen:
|
||||
image:
|
||||
repository: {{ .quayio_registry }}/cilium/certgen
|
||||
hubble:
|
||||
relay:
|
||||
image:
|
||||
repository: {{ .quayio_registry }}/cilium/hubble-relay-ci
|
||||
ui:
|
||||
backend:
|
||||
image:
|
||||
repository: {{ .quayio_registry }}/cilium/hubble-ui-backend
|
||||
frontend:
|
||||
image:
|
||||
repository: {{ .quayio_registry }}/cilium/hubble-ui
|
||||
envoy:
|
||||
image:
|
||||
repository: {{ .quayio_registry }}/cilium/cilium-envoy
|
||||
operator:
|
||||
replicas: 2
|
||||
image:
|
||||
repository: {{ .quayio_registry }}/cilium/operator
|
||||
nodeinit:
|
||||
image:
|
||||
repository: {{ .quayio_registry }}/cilium/startup-script
|
||||
preflight:
|
||||
image:
|
||||
repository: {{ .quayio_registry }}/cilium/cilium-ci
|
||||
clustermesh:
|
||||
apiserver:
|
||||
image:
|
||||
repository: {{ .quayio_registry }}/cilium/clustermesh-apiserver-ci
|
||||
authentication:
|
||||
mutual:
|
||||
spire:
|
||||
install:
|
||||
initImage:
|
||||
repository: {{ .dockerio_registry }}/library/busybox
|
||||
agent:
|
||||
image:
|
||||
repository: {{ .ghcrio_registry }}/spiffe/spire-agent
|
||||
server:
|
||||
image:
|
||||
repository: {{ .ghcrio_registry }}/spiffe/spire-server
|
||||
ipv4:
|
||||
enabled: {{ .cni.ipv4_support }}
|
||||
ipv6:
|
||||
enabled: {{ .cni.ipv6_support }}
|
||||
ipam:
|
||||
operator:
|
||||
{{- if .cni.ipv4_support }}
|
||||
clusterPoolIPv4PodCIDRList:
|
||||
- {{ .cni.ipv4_pods_cidr }}
|
||||
clusterPoolIPv4MaskSize: {{ .cni.ipv4_block_size }}
|
||||
{{- end }}
|
||||
{{- if .cni.ipv6_support }}
|
||||
clusterPoolIPv6PodCIDRList:
|
||||
- {{ .cni.ipv6_pods_cidr }}
|
||||
clusterPoolIPv6MaskSize: {{ .cni.ipv6_block_size }}
|
||||
{{- end }}
|
||||
{{- if not (.kubernetes.kube_proxy.enabled | default true) }}
|
||||
kubeProxyReplacement: "true"
|
||||
k8sServiceHost: {{ .kubernetes.control_plane_endpoint.host }}
|
||||
k8sServicePort: {{ .kubernetes.control_plane_endpoint.port }}
|
||||
{{- end }}
|
||||
flannel:
|
||||
# https://github.com/flannel-io/flannel/blob/master/Documentation/backends.md
|
||||
values: |
|
||||
# flannel helm values
|
||||
podCidr: {{ .cni.ipv4_pod_cidr }}
|
||||
podCidrv6: {{ .cni.ipv6_pod_cidr }}
|
||||
flannel:
|
||||
image:
|
||||
repository: {{ .dockerio_registry }}/flannel/flannel
|
||||
image_cni:
|
||||
repository: {{ .dockerio_registry }}/flannel/flannel-cni-plugin
|
||||
# support "vxlan" and "host-gw"
|
||||
backend: vxlan
|
||||
hybridnet:
|
||||
values: |
|
||||
# hybridnet helm values
|
||||
images:
|
||||
registryURL: {{ .dockerio_registry }}
|
||||
kubeovn:
|
||||
values: |
|
||||
# kube-ovn helm values
|
||||
global:
|
||||
registry:
|
||||
address: {{ .dockerio_registry }}/kubeovn
|
||||
{{- $ips := list }}
|
||||
{{- range .groups.kube_control_plane | default list }}
|
||||
{{- $internalIPv4 := index $.hostvars . "internal_ipv4" | default "" }}
|
||||
{{- $internalIPv6 := index $.hostvars . "internal_ipv6" | default "" }}
|
||||
{{- if $internalIPv4| empty | not }}
|
||||
{{- $ips = append $ips $internalIPv4 }}
|
||||
{{- else if $internalIPv6 | empty | not }}
|
||||
{{- $ips = append $ips $internalIPv6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
MASTER_NODES: {{ $ips | join "," }}
|
||||
networking:
|
||||
NET_STACK: {{ if and .cni.ipv4_support (not .cni.ipv6_support) }}ipv4{{ else if and .cni.ipv6_support (not .cni.ipv4_support) }}ipv6{{ else if and .cni.ipv4_support .cni.ipv6_support }}dual_stack{{ end }}
|
||||
{{- if and .cni.ipv4_support (not .cni.ipv6_support) }}
|
||||
ipv4:
|
||||
POD_CIDR: {{ .cni.ipv4_pods_cidr }}
|
||||
SVC_CIDR: {{ .cni.kube_svc_cidr }}
|
||||
{{ else if and .cni.ipv6_support (not .cni.ipv4_support) }}
|
||||
ipv6:
|
||||
POD_CIDR: {{ .cni.ipv6_pods_cidr }}
|
||||
SVC_CIDR: {{ .cni.kube_svc_cidr }}
|
||||
{{ else if and .cni.ipv4_support .cni.ipv6_support }}
|
||||
dual_stack:
|
||||
POD_CIDR: {{ .cni.ipv4_pods_cidr }},{{ .cni.ipv6_pods_cidr }}
|
||||
SVC_CIDR: {{ .cni.kube_svc_cidr }}
|
||||
{{- end }}
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,14 @@
|
|||
cni:
|
||||
flannel:
|
||||
# https://github.com/flannel-io/flannel/blob/master/Documentation/backends.md
|
||||
values: |
|
||||
# flannel helm values
|
||||
podCidr: {{ .cni.ipv4_pod_cidr }}
|
||||
podCidrv6: {{ .cni.ipv6_pod_cidr }}
|
||||
flannel:
|
||||
image:
|
||||
repository: {{ .dockerio_registry }}/flannel/flannel
|
||||
image_cni:
|
||||
repository: {{ .dockerio_registry }}/flannel/flannel-cni-plugin
|
||||
# support "vxlan" and "host-gw"
|
||||
backend: vxlan
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
cni:
|
||||
hybridnet:
|
||||
values: |
|
||||
# hybridnet helm values
|
||||
images:
|
||||
registryURL: {{ .dockerio_registry }}
|
||||
|
|
@ -0,0 +1,33 @@
|
|||
cni:
|
||||
kubeovn:
|
||||
values: |
|
||||
# kube-ovn helm values
|
||||
global:
|
||||
registry:
|
||||
address: {{ .dockerio_registry }}/kubeovn
|
||||
{{- $ips := list }}
|
||||
{{- range .groups.kube_control_plane | default list }}
|
||||
{{- $internalIPv4 := index $.hostvars . "internal_ipv4" | default "" }}
|
||||
{{- $internalIPv6 := index $.hostvars . "internal_ipv6" | default "" }}
|
||||
{{- if $internalIPv4| empty | not }}
|
||||
{{- $ips = append $ips $internalIPv4 }}
|
||||
{{- else if $internalIPv6 | empty | not }}
|
||||
{{- $ips = append $ips $internalIPv6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
MASTER_NODES: {{ $ips | join "," }}
|
||||
networking:
|
||||
NET_STACK: {{ if and .cni.ipv4_support (not .cni.ipv6_support) }}ipv4{{ else if and .cni.ipv6_support (not .cni.ipv4_support) }}ipv6{{ else if and .cni.ipv4_support .cni.ipv6_support }}dual_stack{{ end }}
|
||||
{{- if and .cni.ipv4_support (not .cni.ipv6_support) }}
|
||||
ipv4:
|
||||
POD_CIDR: {{ .cni.ipv4_pods_cidr }}
|
||||
SVC_CIDR: {{ .cni.kube_svc_cidr }}
|
||||
{{ else if and .cni.ipv6_support (not .cni.ipv4_support) }}
|
||||
ipv6:
|
||||
POD_CIDR: {{ .cni.ipv6_pods_cidr }}
|
||||
SVC_CIDR: {{ .cni.kube_svc_cidr }}
|
||||
{{ else if and .cni.ipv4_support .cni.ipv6_support }}
|
||||
dual_stack:
|
||||
POD_CIDR: {{ .cni.ipv4_pods_cidr }},{{ .cni.ipv6_pods_cidr }}
|
||||
SVC_CIDR: {{ .cni.kube_svc_cidr }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: install/cni/multus
|
||||
when: .cni.multus.enabled
|
||||
|
||||
- role: install/cni/calico
|
||||
when: .cni.type | eq "calico"
|
||||
|
||||
- role: install/cni/cilium
|
||||
when: .cni.type | eq "cilium"
|
||||
|
||||
- role: install/cni/flannel
|
||||
when: .cni.type | eq "flannel"
|
||||
|
||||
- role: install/cni/kubeovn
|
||||
when: .cni.type | eq "kubeovn"
|
||||
|
||||
- role: install/cni/hybridnet
|
||||
when: .cni.type | eq "hyvbridnet"
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
---
|
||||
- include_tasks: calico.yaml
|
||||
when: .cni.type | eq "calico"
|
||||
|
||||
- include_tasks: cilium.yaml
|
||||
when: .cni.type | eq "cilium"
|
||||
|
||||
- include_tasks: flannel.yaml
|
||||
when: .cni.type | eq "flannel"
|
||||
|
||||
- include_tasks: kubeovn.yaml
|
||||
when: .cni.type | eq "kubeovn"
|
||||
|
||||
- include_tasks: hybridnet.yaml
|
||||
when: .cni.type | eq "hyvbridnet"
|
||||
|
||||
- include_tasks: multus.yaml
|
||||
when: .cni.multus.enabled
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
cri:
|
||||
containerd:
|
||||
data_root: /var/lib/containerd
|
||||
|
|
@ -29,7 +29,7 @@
|
|||
tar -xvf {{ .tmp_dir }}/containerd-{{ .containerd_version | default "" | trimPrefix "v" }}-linux-{{ .binary_type }}.tar.gz --strip-components=1 -C /usr/local/bin/
|
||||
- name: Generate containerd config file
|
||||
template:
|
||||
src: containerd.config
|
||||
src: config.toml
|
||||
dest: /etc/containerd/config.toml
|
||||
- name: Generate containerd Service file
|
||||
copy:
|
||||
|
|
@ -18,5 +18,5 @@
|
|||
tar -xvf {{ .tmp_dir }}/crictl-{{ .crictl_version }}-linux-{{ .binary_type }}.tar.gz -C /usr/local/bin/
|
||||
- name: Generate crictl config file
|
||||
template:
|
||||
src: crictl.config
|
||||
src: crictl.yaml
|
||||
dest: /etc/crictl.yaml
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
cri:
|
||||
docker:
|
||||
data_root: /var/lib/docker
|
||||
|
|
@ -1,4 +1,9 @@
|
|||
---
|
||||
# install cridockerd
|
||||
- include_tasks: cridockerd.yaml
|
||||
when:
|
||||
- .kube_version | semverCompare ">=v1.24.0"
|
||||
|
||||
- name: Check if docker is installed
|
||||
ignore_errors: true
|
||||
command: docker --version
|
||||
|
|
@ -18,7 +23,7 @@
|
|||
tar -C /usr/local/bin/ --strip-components=1 -xvf {{ .tmp_dir }}/docker-{{ .docker_version }}.tgz --wildcards docker/*
|
||||
- name: Generate docker config file
|
||||
template:
|
||||
src: docker.config
|
||||
src: daemon.json
|
||||
dest: /etc/docker/daemon.json
|
||||
- name: Generate docker service file
|
||||
copy:
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
dependencies:
|
||||
- role: install/cri/crictl
|
||||
|
||||
- role: install/cri/docker
|
||||
when: .cri.container_manager | eq "docker"
|
||||
|
||||
- role: install/cri/containerd
|
||||
when: .cri.container_manager | eq "containerd"
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
---
|
||||
# install crictl
|
||||
- include_tasks: install_crictl.yaml
|
||||
|
||||
# install docker
|
||||
- include_tasks: install_docker.yaml
|
||||
when: .cri.container_manager | eq "docker"
|
||||
|
||||
# install containerd
|
||||
- include_tasks: install_containerd.yaml
|
||||
when: .cri.container_manager | eq "containerd"
|
||||
|
||||
# install cridockerd
|
||||
- include_tasks: install_cridockerd.yaml
|
||||
when:
|
||||
- .cri.container_manager | eq "docker"
|
||||
- .kube_version | semverCompare ">=v1.24.0"
|
||||
|
|
@ -1,4 +1,6 @@
|
|||
image_registry:
|
||||
# registry type. support: harbor, docker-registry
|
||||
type: harbor
|
||||
# ha_vip: 192.168.122.59
|
||||
# which store images data which will push to registry.
|
||||
images_dir: >-
|
||||
|
|
@ -18,44 +20,3 @@ image_registry:
|
|||
{{- end -}}
|
||||
username: admin
|
||||
password: Harbor12345
|
||||
# registry type. support: harbor, registry
|
||||
type: harbor
|
||||
# Virtual IP address for repository High Availability. the Virtual IP address should be available.
|
||||
harbor:
|
||||
data_dir: /opt/harbor/data
|
||||
registry:
|
||||
version: 2
|
||||
config:
|
||||
storage: nfs
|
||||
nfs_dir: /share/registry
|
||||
storage:
|
||||
filesystem:
|
||||
rootdir: /opt/registry/data
|
||||
# nfs_mount: /repository/registry # if set. will mount rootdirectory to nfs server in nfs_mount.
|
||||
# azure:
|
||||
# accountname: accountname
|
||||
# accountkey: base64encodedaccountkey
|
||||
# container: containername
|
||||
# gcs:
|
||||
# bucket: bucketname
|
||||
# keyfile: /path/to/keyfile
|
||||
# credentials:
|
||||
# type: service_account
|
||||
# project_id: project_id_string
|
||||
# private_key_id: private_key_id_string
|
||||
# private_key: private_key_string
|
||||
# client_email: client@example.com
|
||||
# client_id: client_id_string
|
||||
# auth_uri: http://example.com/auth_uri
|
||||
# token_uri: http://example.com/token_uri
|
||||
# auth_provider_x509_cert_url: http://example.com/provider_cert_url
|
||||
# client_x509_cert_url: http://example.com/client_cert_url
|
||||
# rootdirectory: /gcs/object/name/prefix
|
||||
# s3:
|
||||
# accesskey: awsaccesskey
|
||||
# secretkey: awssecretkey
|
||||
# region: us-west-1
|
||||
# regionendpoint: http://myobjects.local
|
||||
# bucket: bucketname
|
||||
# keyid: mykeyid
|
||||
# rootdirectory: /s3/object/name/prefix
|
||||
|
|
|
|||
|
|
@ -0,0 +1,5 @@
|
|||
cri:
|
||||
docker:
|
||||
data_root: /var/lib/docker
|
||||
containerd:
|
||||
data_root: /var/lib/containerd
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
[Unit]
|
||||
Description=containerd container runtime
|
||||
Documentation=https://containerd.io
|
||||
After=network.target local-fs.target
|
||||
|
||||
[Service]
|
||||
ExecStartPre=-/sbin/modprobe overlay
|
||||
ExecStart=/usr/local/bin/containerd
|
||||
|
||||
Type=notify
|
||||
Delegate=yes
|
||||
KillMode=process
|
||||
Restart=always
|
||||
RestartSec=5
|
||||
# Having non-zero Limit*s causes performance problems due to accounting overhead
|
||||
# in the kernel. We recommend using cgroups to do container-local accounting.
|
||||
LimitNPROC=infinity
|
||||
LimitCORE=infinity
|
||||
LimitNOFILE=1048576
|
||||
# Comment TasksMax if your systemd version does not supports it.
|
||||
# Only systemd 226 and above support this version.
|
||||
TasksMax=infinity
|
||||
OOMScoreAdjust=-999
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
@ -15,7 +15,7 @@
|
|||
{{ .tmp_dir }}/docker-{{ .docker_version }}.tgz
|
||||
- name: Generate docker config file
|
||||
template:
|
||||
src: docker.config
|
||||
src: daemon.json
|
||||
dest: /etc/docker/daemon.json
|
||||
- name: Unpackage docker binary
|
||||
command: |
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
- include_tasks: docker.yaml
|
||||
|
||||
- include_tasks: docker_compose.yaml
|
||||
|
|
@ -0,0 +1,37 @@
|
|||
image_registry:
|
||||
docker_registry:
|
||||
version: 2
|
||||
config:
|
||||
storage: nfs
|
||||
nfs_dir: /share/registry
|
||||
storage:
|
||||
filesystem:
|
||||
rootdir: /opt/docker-registry/data
|
||||
# nfs_mount: /repository/registry # if set. will mount rootdirectory to nfs server in nfs_mount.
|
||||
# azure:
|
||||
# accountname: accountname
|
||||
# accountkey: base64encodedaccountkey
|
||||
# container: containername
|
||||
# gcs:
|
||||
# bucket: bucketname
|
||||
# keyfile: /path/to/keyfile
|
||||
# credentials:
|
||||
# type: service_account
|
||||
# project_id: project_id_string
|
||||
# private_key_id: private_key_id_string
|
||||
# private_key: private_key_string
|
||||
# client_email: client@example.com
|
||||
# client_id: client_id_string
|
||||
# auth_uri: http://example.com/auth_uri
|
||||
# token_uri: http://example.com/token_uri
|
||||
# auth_provider_x509_cert_url: http://example.com/provider_cert_url
|
||||
# client_x509_cert_url: http://example.com/client_cert_url
|
||||
# rootdirectory: /gcs/object/name/prefix
|
||||
# s3:
|
||||
# accesskey: awsaccesskey
|
||||
# secretkey: awssecretkey
|
||||
# region: us-west-1
|
||||
# regionendpoint: http://myobjects.local
|
||||
# bucket: bucketname
|
||||
# keyid: mykeyid
|
||||
# rootdirectory: /s3/object/name/prefix
|
||||
|
|
@ -2,9 +2,9 @@
|
|||
- name: Sync registry image to remote
|
||||
copy:
|
||||
src: >-
|
||||
{{ .binary_dir }}/image-registry/registry/{{ .registry_version }}/{{ .binary_type }}/registry-{{ .registry_version }}-linux-{{ .binary_type }}.tgz
|
||||
{{ .binary_dir }}/image-registry/docker-registry/{{ .docker_registry_version }}/{{ .binary_type }}/docker-registry-{{ .docker_registry_version }}-linux-{{ .binary_type }}.tgz
|
||||
dest: >-
|
||||
/opt/registry/{{ .registry_version }}/registry-{{ .registry_version }}-linux-{{ .binary_type }}.tgz
|
||||
/opt/docker-registry/{{ .docker_registry_version }}/docker-registry-{{ .docker_registry_version }}-linux-{{ .binary_type }}.tgz
|
||||
|
||||
- name: Mount NFS dir
|
||||
command: |
|
||||
|
|
@ -17,52 +17,52 @@
|
|||
{{- $internalIPv4 := index .hostvars (.groups.nfs | default list | first) "internal_ipv4" | default "" }}
|
||||
{{- $internalIPv6 := index .hostvars (.groups.nfs | default list | first) "internal_ipv6" | default "" }}
|
||||
{{- if $internalIPv4 | empty | not }}
|
||||
mount -t nfs {{ $internalIPv4 }}:{{ .image_registry.registry.storage.filesystem.nfs_mount }} {{ .image_registry.registry.storage.filesystem.rootdir }}
|
||||
mount -t nfs {{ $internalIPv4 }}:{{ .image_registry.docker_registry.storage.filesystem.nfs_mount }} {{ .image_registry.docker_registry.storage.filesystem.rootdir }}
|
||||
{{- else if ne $internalIPv6 "" }}
|
||||
{{ $internalIPv6 | empty | not }}
|
||||
mount -t nfs {{ $internalIPv6 }}:{{ .image_registry.registry.storage.filesystem.nfs_mount }} {{ .image_registry.registry.storage.filesystem.rootdir }}
|
||||
mount -t nfs {{ $internalIPv6 }}:{{ .image_registry.docker_registry.storage.filesystem.nfs_mount }} {{ .image_registry.docker_registry.storage.filesystem.rootdir }}
|
||||
{{- end }}
|
||||
when:
|
||||
- .image_registry.registry.storage.filesystem.nfs_mount | empty | not
|
||||
- .image_registry.docker_registry.storage.filesystem.nfs_mount | empty | not
|
||||
- .groups.nfs | default list | len | eq 1
|
||||
|
||||
- name: Load registry image
|
||||
command: |
|
||||
docker load -i /opt/registry/{{ .registry_version }}/registry-{{ .registry_version }}-linux-{{ .binary_type }}.tgz
|
||||
docker load -i /opt/docker-registry/{{ .docker_registry_version }}/docker-registry-{{ .docker_registry_version }}-linux-{{ .binary_type }}.tgz
|
||||
|
||||
- name: Sync image registry cert file to remote
|
||||
copy:
|
||||
src: >-
|
||||
{{ .binary_dir }}/pki/image_registry.crt
|
||||
dest: >-
|
||||
/opt/registry/{{ .registry_version }}/ssl/server.crt
|
||||
/opt/docker-registry/{{ .docker_registry_version }}/ssl/server.crt
|
||||
|
||||
- name: Sync image registry key file to remote
|
||||
copy:
|
||||
src: >-
|
||||
{{ .binary_dir }}/pki/image_registry.key
|
||||
dest: >-
|
||||
/opt/registry/{{ .registry_version }}/ssl/server.key
|
||||
/opt/docker-registry/{{ .docker_registry_version }}/ssl/server.key
|
||||
|
||||
- name: Generate registry docker compose
|
||||
template:
|
||||
src: registry.docker-compose
|
||||
src: docker-compose.yaml
|
||||
dest: >-
|
||||
/opt/registry/{{ .registry_version }}/docker-compose.yml
|
||||
/opt/docker-registry/{{ .docker_registry_version }}/docker-compose.yml
|
||||
|
||||
- name: Generate registry config
|
||||
template:
|
||||
src: registry.config
|
||||
src: config.yaml
|
||||
dest: >-
|
||||
/opt/registry/{{ .registry_version }}/config.yml
|
||||
/opt/docker-registry/{{ .docker_registry_version }}/config.yml
|
||||
|
||||
- name: Register registry service
|
||||
template:
|
||||
src: registry.service
|
||||
dest: /etc/systemd/system/registry.service
|
||||
src: docker-registry.service
|
||||
dest: /etc/systemd/system/docker-registry.service
|
||||
|
||||
- name: Start registry service
|
||||
command: systemctl daemon-reload && systemctl start registry.service && systemctl enable registry.service
|
||||
command: systemctl daemon-reload && systemctl start docker-registry.service && systemctl enable docker-registry.service
|
||||
|
||||
- name: wait registry service ready
|
||||
command: |
|
||||
|
|
@ -22,52 +22,52 @@ log:
|
|||
# to:
|
||||
# - errors@example.com
|
||||
storage:
|
||||
{{- if .image_registry.registry.storage.filesystem.rootdir | empty | not }}
|
||||
{{- if .image_registry.docker_registry.storage.filesystem.rootdir | empty | not }}
|
||||
filesystem:
|
||||
rootdirectory: {{ .image_registry.registry.storage.filesystem.rootdir }}
|
||||
rootdirectory: {{ .image_registry.docker_registry.storage.filesystem.rootdir }}
|
||||
maxthreads: 100
|
||||
{{- end }}
|
||||
{{- if .image_registry.registry.storage.azure }}
|
||||
{{- if .image_registry.docker_registry.storage.azure }}
|
||||
azure:
|
||||
accountname: {{ .image_registry.registry.storage.azure.accountname }}
|
||||
accountkey: {{ .image_registry.registry.storage.azure.accountkey }}
|
||||
container: {{ .image_registry.registry.storage.azure.container }}
|
||||
accountname: {{ .image_registry.docker_registry.storage.azure.accountname }}
|
||||
accountkey: {{ .image_registry.docker_registry.storage.azure.accountkey }}
|
||||
container: {{ .image_registry.docker_registry.storage.azure.container }}
|
||||
{{- end }}
|
||||
{{- if .image_registry.registry.storage.gcs | empty | not }}
|
||||
{{- if .image_registry.docker_registry.storage.gcs | empty | not }}
|
||||
gcs:
|
||||
bucket: {{ .image_registry.registry.storage.gcs.bucket }}
|
||||
keyfile: {{ .image_registry.registry.storage.gcs.keyfile }}
|
||||
bucket: {{ .image_registry.docker_registry.storage.gcs.bucket }}
|
||||
keyfile: {{ .image_registry.docker_registry.storage.gcs.keyfile }}
|
||||
credentials:
|
||||
type: service_account
|
||||
project_id: {{ .image_registry.registry.storage.gcs.credentials.project_id }}
|
||||
private_key_id: {{ .image_registry.registry.storage.gcs.credentials.private_key_id }}
|
||||
private_key: {{ .image_registry.registry.storage.gcs.credentials.private_key }}
|
||||
client_email: {{ .image_registry.registry.storage.gcs.credentials.client_email }}
|
||||
client_id: {{ .image_registry.registry.storage.gcs.credentials.client_id }}
|
||||
auth_uri: {{ .image_registry.registry.storage.gcs.credentials.auth_uri }}
|
||||
token_uri: {{ .image_registry.registry.storage.gcs.credentials.token_uri }}
|
||||
auth_provider_x509_cert_url: {{ .image_registry.registry.storage.gcs.credentials.auth_provider_x509_cert_url }}
|
||||
client_x509_cert_url: {{ .image_registry.registry.storage.gcs.credentials.client_x509_cert_url }}
|
||||
rootdirectory: {{ .image_registry.registry.storage.gcs.rootdirectory }}
|
||||
project_id: {{ .image_registry.docker_registry.storage.gcs.credentials.project_id }}
|
||||
private_key_id: {{ .image_registry.docker_registry.storage.gcs.credentials.private_key_id }}
|
||||
private_key: {{ .image_registry.docker_registry.storage.gcs.credentials.private_key }}
|
||||
client_email: {{ .image_registry.docker_registry.storage.gcs.credentials.client_email }}
|
||||
client_id: {{ .image_registry.docker_registry.storage.gcs.credentials.client_id }}
|
||||
auth_uri: {{ .image_registry.docker_registry.storage.gcs.credentials.auth_uri }}
|
||||
token_uri: {{ .image_registry.docker_registry.storage.gcs.credentials.token_uri }}
|
||||
auth_provider_x509_cert_url: {{ .image_registry.docker_registry.storage.gcs.credentials.auth_provider_x509_cert_url }}
|
||||
client_x509_cert_url: {{ .image_registry.docker_registry.storage.gcs.credentials.client_x509_cert_url }}
|
||||
rootdirectory: {{ .image_registry.docker_registry.storage.gcs.rootdirectory }}
|
||||
{{- end }}
|
||||
{{- if .image_registry.registry.storage.s3 | empty | not }}
|
||||
{{- if .image_registry.docker_registry.storage.s3 | empty | not }}
|
||||
s3:
|
||||
accesskey: {{ .image_registry.registry.storage.s3.accesskey }}
|
||||
secretkey: {{ .image_registry.registry.storage.s3.secretkey }}
|
||||
region: {{ .image_registry.registry.storage.s3.region }}
|
||||
regionendpoint: {{ .image_registry.registry.storage.s3.regionendpoint }}
|
||||
accesskey: {{ .image_registry.docker_registry.storage.s3.accesskey }}
|
||||
secretkey: {{ .image_registry.docker_registry.storage.s3.secretkey }}
|
||||
region: {{ .image_registry.docker_registry.storage.s3.region }}
|
||||
regionendpoint: {{ .image_registry.docker_registry.storage.s3.regionendpoint }}
|
||||
forcepathstyle: true
|
||||
accelerate: false
|
||||
bucket: {{ .image_registry.registry.storage.s3.bucket }}
|
||||
bucket: {{ .image_registry.docker_registry.storage.s3.bucket }}
|
||||
encrypt: true
|
||||
keyid: {{ .image_registry.registry.storage.s3.keyid }}
|
||||
keyid: {{ .image_registry.docker_registry.storage.s3.keyid }}
|
||||
secure: true
|
||||
v4auth: true
|
||||
chunksize: 5242880
|
||||
multipartcopychunksize: 33554432
|
||||
multipartcopymaxconcurrency: 100
|
||||
multipartcopythresholdsize: 33554432
|
||||
rootdirectory: {{ .image_registry.registry.storage.s3.rootdirectory }}
|
||||
rootdirectory: {{ .image_registry.docker_registry.storage.s3.rootdirectory }}
|
||||
usedualstack: false
|
||||
loglevel: debug
|
||||
{{- end }}
|
||||
|
|
@ -2,7 +2,7 @@
|
|||
version: '2.3'
|
||||
services:
|
||||
registry:
|
||||
image: registry:{{ .registry_version }}
|
||||
image: registry:{{ .docker_registry_version }}
|
||||
container_name: registry
|
||||
restart: always
|
||||
dns_search: .
|
||||
|
|
@ -15,10 +15,10 @@ services:
|
|||
- SETUID
|
||||
volumes:
|
||||
- type: bind
|
||||
source: /opt/registry/{{ .registry_version }}/ssl/
|
||||
source: /opt/docker-registry/{{ .docker_registry_version }}/ssl/
|
||||
target: /etc/registry/ssl/
|
||||
- type: bind
|
||||
source: /opt/registry/{{ .registry_version }}/config.yml
|
||||
source: /opt/docker-registry/{{ .docker_registry_version }}/config.yml
|
||||
target: /etc/docker/registry/config.yml
|
||||
ports:
|
||||
- 443:5000
|
||||
|
|
@ -1,11 +1,11 @@
|
|||
[Unit]
|
||||
Description=registry
|
||||
Description=docker-registry
|
||||
After=docker.service systemd-networkd.service systemd-resolved.service
|
||||
Requires=docker.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStart=/usr/local/bin/docker-compose -p registry -f /opt/registry/{{ .registry_version }}/docker-compose.yml up
|
||||
ExecStart=/usr/local/bin/docker-compose -p registry -f /opt/docker-registry/{{ .docker_registry_version }}/docker-compose.yml up
|
||||
ExecStop=/usr/local/bin/docker-compose -p registry down
|
||||
Restart=on-failure
|
||||
[Install]
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
image_registry:
|
||||
# Virtual IP address for repository High Availability. the Virtual IP address should be available.
|
||||
harbor:
|
||||
data_dir: /opt/harbor/data
|
||||
|
|
@ -26,7 +26,7 @@
|
|||
|
||||
- name: Generate harbor config
|
||||
template:
|
||||
src: harbor.config
|
||||
src: harbor.yml
|
||||
dest: >-
|
||||
/opt/harbor/{{ .harbor_version }}/harbor/harbor.yml
|
||||
|
||||
|
|
@ -59,7 +59,7 @@
|
|||
|
||||
- name: Sync healthcheck shell to remote
|
||||
copy:
|
||||
src: keepalived/healthcheck.sh
|
||||
src: healthcheck.sh
|
||||
dest: >-
|
||||
/opt/keepalived/{{ .keepalived_version }}/healthcheck.sh
|
||||
mode: 0755
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: install/image-registry/docker-compose
|
||||
|
||||
- role: install/image-registry/keepalived
|
||||
when:
|
||||
- .image_registry.ha_vip | empty | not
|
||||
- .groups.image_registry | len | lt 1
|
||||
|
||||
- role: install/image-registry/harbor
|
||||
when: .image_registry.type | eq "harbor"
|
||||
|
||||
- role: install/image-registry/docker-registry
|
||||
when: .image_registry.type | eq "docker-registry"
|
||||
|
||||
|
|
@ -1,51 +0,0 @@
|
|||
---
|
||||
- name: Sync images to remote
|
||||
tags: ["only_image"]
|
||||
copy:
|
||||
src: >-
|
||||
{{ .binary_dir }}/images/
|
||||
dest: >-
|
||||
{{ .image_registry.images_dir }}
|
||||
|
||||
- name: Create harbor project for each image
|
||||
tags: ["only_image"]
|
||||
command: |
|
||||
# Iterate through first-level subdirectories in images_dir (skip blobs)
|
||||
for registry_dir in {{ .image_registry.images_dir }}*; do
|
||||
if [ ! -d "$registry_dir" ] || [ "$(basename "$registry_dir")" = "blobs" ]; then
|
||||
continue
|
||||
fi
|
||||
|
||||
# Iterate through second-level subdirectories in registry_dir
|
||||
for project_dir in "$registry_dir"/*; do
|
||||
if [ ! -d "$project_dir" ]; then
|
||||
continue
|
||||
fi
|
||||
|
||||
project=$(basename "$project_dir")
|
||||
|
||||
# Check if project exists, create if not
|
||||
resp=$(curl -u "{{ .image_registry.auth.username }}:{{ .image_registry.auth.password }}" -k -X GET "https://{{ .image_registry.auth.registry }}/api/v2.0/projects/${project}")
|
||||
if echo "$resp" | grep -q '"code":"NOT_FOUND"'; then
|
||||
curl -u "{{ .image_registry.auth.username }}:{{ .image_registry.auth.password }}" -k -X POST \
|
||||
-H "Content-Type: application/json" \
|
||||
"https://{{ .image_registry.auth.registry }}/api/v2.0/projects" \
|
||||
-d "{ \"project_name\": \"${project}\", \"public\": true}"
|
||||
fi
|
||||
done
|
||||
done
|
||||
when: .image_registry.type | eq "harbor"
|
||||
|
||||
- name: Sync images package to image_registry
|
||||
tags: ["only_image"]
|
||||
image:
|
||||
push:
|
||||
images_dir: >-
|
||||
{{ .image_registry.images_dir }}
|
||||
dest: >-
|
||||
{{ .image_registry.auth.registry }}/{{ .module.image.src.reference.repository }}:{{ .module.image.src.reference.reference }}
|
||||
username: >-
|
||||
{{ .image_registry.auth.username }}
|
||||
password: >-
|
||||
{{ .image_registry.auth.password }}
|
||||
skip_tls_verify: true
|
||||
|
|
@ -1,32 +1,51 @@
|
|||
---
|
||||
- include_tasks: install_docker.yaml
|
||||
|
||||
- include_tasks: install_docker_compose.yaml
|
||||
|
||||
- include_tasks: install_keepalived.yaml
|
||||
when:
|
||||
- .image_registry.ha_vip | empty | not
|
||||
- .groups.image_registry | len | lt 1
|
||||
|
||||
- name: Install harbor
|
||||
when: .image_registry.type | eq "harbor"
|
||||
block:
|
||||
- name: Check if harbor installed
|
||||
ignore_errors: true
|
||||
command: systemctl is-active harbor.service
|
||||
register: harbor_install_service
|
||||
- include_tasks: install_harbor.yaml
|
||||
when: .harbor_install_service.stdout | eq "inactive"
|
||||
|
||||
- name: Install registry
|
||||
when: .image_registry.type | eq "registry"
|
||||
block:
|
||||
- name: Check if registry installed
|
||||
ignore_errors: true
|
||||
command: systemctl is-active registry.service
|
||||
register: registry_install_service
|
||||
- include_tasks: install_registry.yaml
|
||||
when: .registry_install_service.stdout | eq "inactive"
|
||||
|
||||
- include_tasks: load_images.yaml
|
||||
- name: Sync images to remote
|
||||
tags: ["only_image"]
|
||||
copy:
|
||||
src: >-
|
||||
{{ .binary_dir }}/images/
|
||||
dest: >-
|
||||
{{ .image_registry.images_dir }}
|
||||
|
||||
- name: Create harbor project for each image
|
||||
tags: ["only_image"]
|
||||
command: |
|
||||
# Iterate through first-level subdirectories in images_dir (skip blobs)
|
||||
for registry_dir in {{ .image_registry.images_dir }}*; do
|
||||
if [ ! -d "$registry_dir" ] || [ "$(basename "$registry_dir")" = "blobs" ]; then
|
||||
continue
|
||||
fi
|
||||
|
||||
# Iterate through second-level subdirectories in registry_dir
|
||||
for project_dir in "$registry_dir"/*; do
|
||||
if [ ! -d "$project_dir" ]; then
|
||||
continue
|
||||
fi
|
||||
|
||||
project=$(basename "$project_dir")
|
||||
|
||||
# Check if project exists, create if not
|
||||
resp=$(curl -u "{{ .image_registry.auth.username }}:{{ .image_registry.auth.password }}" -k -X GET "https://{{ .image_registry.auth.registry }}/api/v2.0/projects/${project}")
|
||||
if echo "$resp" | grep -q '"code":"NOT_FOUND"'; then
|
||||
curl -u "{{ .image_registry.auth.username }}:{{ .image_registry.auth.password }}" -k -X POST \
|
||||
-H "Content-Type: application/json" \
|
||||
"https://{{ .image_registry.auth.registry }}/api/v2.0/projects" \
|
||||
-d "{ \"project_name\": \"${project}\", \"public\": true}"
|
||||
fi
|
||||
done
|
||||
done
|
||||
when: .image_registry.type | eq "harbor"
|
||||
|
||||
- name: Sync images package to image_registry
|
||||
tags: ["only_image"]
|
||||
image:
|
||||
push:
|
||||
images_dir: >-
|
||||
{{ .image_registry.images_dir }}
|
||||
dest: >-
|
||||
{{ .image_registry.auth.registry }}/{{ .module.image.src.reference.repository }}:{{ .module.image.src.reference.reference }}
|
||||
username: >-
|
||||
{{ .image_registry.auth.username }}
|
||||
password: >-
|
||||
{{ .image_registry.auth.password }}
|
||||
skip_tls_verify: true
|
||||
|
|
|
|||
|
|
@ -12,10 +12,4 @@ sc:
|
|||
{{ .dockerio_registry }}
|
||||
repository: openebs/linux-utils
|
||||
tag: 3.3.0
|
||||
path: /var/openebs/local
|
||||
nfs: # each k8s_cluster node should install nfs-utils
|
||||
enabled: false
|
||||
default: false
|
||||
server: >-
|
||||
{{ .groups.nfs | default list | first }}
|
||||
path: /share/kubernetes
|
||||
path: /var/openebs/local
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: install/storageclass/local
|
||||
when: .sc.local.enabled
|
||||
|
||||
- role: install/storageclass/nfs
|
||||
when: .sc.nfs.enabled
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
sc:
|
||||
nfs: # each k8s_cluster node should install nfs-utils
|
||||
enabled: false
|
||||
default: false
|
||||
server: >-
|
||||
{{ .groups.nfs | default list | first }}
|
||||
path: /share/kubernetes
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
- include_tasks: local.yaml
|
||||
when: .sc.local.enabled
|
||||
|
||||
- include_tasks: nfs.yaml
|
||||
when: .sc.nfs.enabled
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
- name: Delete cri residue files
|
||||
command: |
|
||||
rm -f /usr/local/bin/crictl
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
---
|
||||
- name: Stop docker service
|
||||
ignore_errors: true
|
||||
command: |
|
||||
systemctl stop docker.service
|
||||
systemctl disable docker.service
|
||||
rm -rf /etc/systemd/system/docker.service*
|
||||
systemctl daemon-reload
|
||||
systemctl reset-failed docker.service
|
||||
|
||||
- name: Uninstall containerd
|
||||
block:
|
||||
- name: Uninstall containerd service
|
||||
ignore_errors: true
|
||||
command: |
|
||||
systemctl stop containerd.service
|
||||
systemctl disable containerd.service
|
||||
rm -rf /etc/systemd/system/containerd.service*
|
||||
systemctl daemon-reload
|
||||
systemctl reset-failed containerd.service
|
||||
|
||||
- name: Delete containerd residue files
|
||||
command: |
|
||||
rm -rf {{ .cri.containerd.data_root }}
|
||||
rm -rf /etc/containerd
|
||||
rm -rf /usr/local/bin/containerd*
|
||||
rm -f /usr/local/bin/runc
|
||||
rm -f /usr/local/bin/ctr
|
||||
|
||||
- name: Delete docker residue files
|
||||
command: |
|
||||
rm -rf {{ .cri.docker.data_root }}
|
||||
rm -rf /etc/docker
|
||||
rm -rf /usr/local/bin/docker*
|
||||
|
||||
- name: Uninstall docker interface
|
||||
ignore_errors: true
|
||||
command: ip link delete docker0
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
- include_tasks: docker.yaml
|
||||
|
||||
# uninstall cridockerd
|
||||
- include_tasks: cridockerd.yaml
|
||||
when:
|
||||
- .cridockerd_version | empty | not
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: uninstall/cri/containerd
|
||||
when: .cri.container_manager | eq "containerd"
|
||||
|
||||
- role: uninstall/cri/docker
|
||||
when: .cri.container_manager | eq "docker"
|
||||
|
||||
- role: uninstall/cri/crictl
|
||||
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
---
|
||||
- name: Stop containerd
|
||||
include_tasks: uninstall_containerd.yaml
|
||||
when: .cri.container_manager | eq "containerd"
|
||||
|
||||
- name: Stop docker
|
||||
include_tasks: uninstall_docker.yaml
|
||||
when: .cri.container_manager | eq "docker"
|
||||
|
||||
# uninstall cridockerd
|
||||
- include_tasks: uninstall_cridockerd.yaml
|
||||
when:
|
||||
- .cri.container_manager | eq "docker"
|
||||
- .cridockerd_version | empty | not
|
||||
|
||||
- name: Delete cri residue files
|
||||
command: |
|
||||
rm -f /usr/local/bin/crictl
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
---
|
||||
- name: Stop docker service
|
||||
ignore_errors: true
|
||||
command: |
|
||||
systemctl stop docker.service
|
||||
systemctl disable docker.service
|
||||
rm -rf /etc/systemd/system/docker.service*
|
||||
systemctl daemon-reload
|
||||
systemctl reset-failed docker.service
|
||||
|
||||
- name: Uninstall containerd
|
||||
include_tasks: uninstall_containerd.yaml
|
||||
|
||||
- name: Delete docker residue files
|
||||
command: |
|
||||
rm -rf {{ .cri.docker.data_root }}
|
||||
rm -rf /etc/docker
|
||||
rm -rf /usr/local/bin/docker*
|
||||
|
||||
- name: Uninstall docker interface
|
||||
ignore_errors: true
|
||||
command: ip link delete docker0
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
image_registry:
|
||||
type: harbor
|
||||
# Virtual IP address for repository High Availability. the Virtual IP address should be available.
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
cri:
|
||||
docker:
|
||||
data_root: /var/lib/docker
|
||||
containerd:
|
||||
data_root: /var/lib/containerd
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
image_registry:
|
||||
docker_registry:
|
||||
storage:
|
||||
filesystem:
|
||||
rootdir: /opt/docker-registry/data
|
||||
# nfs_mount: /repository/registry # if set. will mount rootdirectory to nfs server in nfs_mount.
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
- name: Stop registry service
|
||||
ignore_errors: true
|
||||
command: |
|
||||
systemctl stop docker-registry.service
|
||||
systemctl disable docker-registry.service
|
||||
rm -rf /etc/systemd/system/docker-registry.service*
|
||||
systemctl daemon-reload
|
||||
systemctl reset-failed docker-registry.service
|
||||
|
||||
- name: unmount nfs
|
||||
when:
|
||||
- .image_registry.docker_registry.storage.filesystem.nfs_mount | empty | not
|
||||
- .groups.nfs | default list | len | eq 1
|
||||
command: |
|
||||
unmount {{ .image_registry.docker_registry.storage.filesystem.rootdir }}
|
||||
|
||||
- name: Delete residue registry files
|
||||
command: |
|
||||
rm -rf /opt/docker-registry/
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
image_registry:
|
||||
harbor:
|
||||
data_dir: /opt/harbor/data
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
dependencies:
|
||||
- role: uninstall/image-registry/harbor
|
||||
when: .image_registry.type | eq "harbor"
|
||||
|
||||
- role: uninstall/image-registry/docker-registry
|
||||
when: .image_registry.type | eq "docker-registry"
|
||||
|
||||
- role: uninstall/image-registry/keepalived
|
||||
when:
|
||||
- .image_registry.ha_vip | empty | not
|
||||
- .groups.image_registry | len | lt 1
|
||||
|
||||
- role: uninstall/image-registry/docker-compose
|
||||
when: .deleteCRI
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
image_registry:
|
||||
type: harbor
|
||||
# Virtual IP address for repository High Availability. the Virtual IP address should be available.
|
||||
harbor:
|
||||
data_dir: /opt/harbor/data
|
||||
registry:
|
||||
storage:
|
||||
filesystem:
|
||||
rootdir: /opt/registry
|
||||
# nfs_mount: /repository/registry # if set. will mount rootdirectory to nfs server in nfs_mount.
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
- include_tasks: harbor.yaml
|
||||
when: .image_registry.type | eq "harbor"
|
||||
|
||||
- include_tasks: registry.yaml
|
||||
when: .image_registry.type | eq "registry"
|
||||
|
||||
- include_tasks: keepalived.yaml
|
||||
when:
|
||||
- .image_registry.ha_vip | empty | not
|
||||
- .groups.image_registry | len | lt 1
|
||||
|
||||
- include_tasks: docker.yaml
|
||||
when: .deleteCRI
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
- name: Stop registry service
|
||||
ignore_errors: true
|
||||
command: |
|
||||
systemctl stop registry.service
|
||||
systemctl disable registry.service
|
||||
rm -rf /etc/systemd/system/registry.service*
|
||||
systemctl daemon-reload
|
||||
systemctl reset-failed registry.service
|
||||
|
||||
- name: unmount nfs
|
||||
when:
|
||||
- .image_registry.registry.storage.filesystem.nfs_mount | empty | not
|
||||
- .groups.nfs | default list | len | eq 1
|
||||
command: |
|
||||
unmount {{ .image_registry.registry.storage.filesystem.rootdir }}
|
||||
|
||||
- name: Delete residue registry files
|
||||
command: |
|
||||
rm -rf /opt/registry/
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
# image_registry
|
||||
|
||||
image_registry允许用户安装镜像仓库。支持harbor和registry两种镜像仓库
|
||||
image_registry允许用户安装镜像仓库。支持`harbor`和`docker-registry`两种类型
|
||||
|
||||
## requirement
|
||||
|
||||
|
|
@ -70,7 +70,7 @@ harbor是默认安装的镜像仓库
|
|||
```
|
||||
|
||||
- 在创建集群时,自动安装
|
||||
在创建集群时,会检测 `image_registry` 节点是否安装了harbor, 没有安装时会自动根据配置安装harbor。
|
||||
在创建集群时,会检测 `image_registry` 节点是否安装了`harbor`, 没有安装时会自动根据配置安装`harbor`。
|
||||
```shell
|
||||
kk create cluster -i inventory.yaml --set harbor_version=v2.10.1,docker_version=24.0.7, dockercompose_version=v2.20.3
|
||||
```
|
||||
|
|
@ -161,32 +161,32 @@ spec:
|
|||
kubekey暂未提供registry的离线镜像包地址,需通过手动打包的方式来实现。
|
||||
```shell
|
||||
# download registry images
|
||||
docker pull registry:{{ .registry_version }}
|
||||
docker pull registry:{{ .docker_registry_version }}
|
||||
# package image
|
||||
docker save -o registry-{{ .registry_version }}-linux-{{ .binary_type }}.tgz registry:{{ .registry_version }}
|
||||
docker save -o docker-registry-{{ .docker_registry_version }}-linux-{{ .binary_type }}.tgz registry:{{ .docker_registry_version }}
|
||||
# move image to workdir
|
||||
mv registry-{{ .registry_version }}-linux-{{ .binary_type }}.tgz {{ .binary_dir }}/ image-registry/registry/{{ .registry_version }}/{{ .binary_type }}/
|
||||
mv docker-registry-{{ .docker_registry_version }}-linux-{{ .binary_type }}.tgz {{ .binary_dir }}/ image-registry/docker-registry/{{ .docker_registry_version }}/{{ .binary_type }}/
|
||||
```
|
||||
`binary_type`: 是机器的架构(目前支持amd64和arm64,可通过 `gather_fact` 自动获取)
|
||||
`binary_dir`: 软件包存放地址,通常为: `{{ .work_dir}}/kubekey`
|
||||
|
||||
### 安装
|
||||
安装registry需要设置`image_registry.type`值为`registry`
|
||||
安装registry需要设置`image_registry.type`值为`docker-registry`
|
||||
1. 安装前检查
|
||||
```shell
|
||||
kk precheck image_registry -i inventory.yaml --set image_registry.type=registry --set registry_version=2.8.3,docker_version=24.0.7,dockercompose_version=v2.20.3
|
||||
kk precheck image_registry -i inventory.yaml --set image_registry.type=docker-registry --set docker_registry_version=2.8.3,docker_version=24.0.7,dockercompose_version=v2.20.3
|
||||
```
|
||||
2. 安装
|
||||
- 单独安装
|
||||
`image_registry` 可以脱离集群单独进行安装。
|
||||
```shell
|
||||
kk init registry -i inventory.yaml --set image_registry.type=registry --set registry_version=2.8.3,docker_version=24.0.7,dockercompose_version=v2.20.3 --set artifact.artifact_url.registry.amd64=registry-2.8.3-linux.amd64.tgz
|
||||
kk init registry -i inventory.yaml --set image_registry.type=docker-registry --set docker_registry_version=2.8.3,docker_version=24.0.7,dockercompose_version=v2.20.3 --set artifact.artifact_url.docker_registry.amd64=docker-registry-2.8.3-linux.amd64.tgz
|
||||
```
|
||||
|
||||
- 在创建集群时,自动安装
|
||||
在创建集群时,会检测 `image_registry` 节点是否安装了harbor, 没有安装时会自动根据配置安装harbor。
|
||||
在创建集群时,会检测 `image_registry` 节点是否安装了`docker-registry`, 没有安装时会自动根据配置安装`docker-registry`。
|
||||
```shell
|
||||
kk create cluster -i inventory.yaml --set image_registry.type=registry --set registry_version=2.8.3,docker_version=24.0.7,dockercompose_version=v2.20.3 --set artifact.artifact_url.registry.amd64=registry-2.8.3-linux.amd64.tgz
|
||||
kk create cluster -i inventory.yaml --set image_registry.type=docker-registry --set docker_registry_version=2.8.3,docker_version=24.0.7,dockercompose_version=v2.20.3 --set artifact.artifact_url.docker_registry.amd64=docker-registry-2.8.3-linux.amd64.tgz
|
||||
```
|
||||
|
||||
### registry高可用
|
||||
|
|
@ -194,22 +194,22 @@ kubekey暂未提供registry的离线镜像包地址,需通过手动打包的
|
|||
|
||||
- load balancer: 通过docker compose部署keepalived服务实现。
|
||||
- registry service: 通过docker compose部署registry实现。
|
||||
- storage service: registry 高可用可通过共享存储的方式来实现。registry 支持多种存储后端,常见的有:
|
||||
- **filesystem**: 本地存储。默认情况下,registry 使用本地磁盘存储镜像数据。如果需要实现高可用,可以将本地存储目 录挂载到 NFS 等共享存储上。配置示例:
|
||||
- storage service: docker-registry 高可用可通过共享存储的方式来实现。docker-registry 支持多种存储后端,常见的有:
|
||||
- **filesystem**: 本地存储。默认情况下,docker-registry 使用本地磁盘存储镜像数据。如果需要实现高可用,可以将本地存储目 录挂载到 NFS 等共享存储上。配置示例:
|
||||
```yaml
|
||||
image_registry:
|
||||
registry:
|
||||
docker_registry:
|
||||
storage:
|
||||
filesystem:
|
||||
rootdir: /opt/registry/data
|
||||
nfs_mount: /repository/registry # 可选,将 rootdir 挂载到 NFS 服务器
|
||||
rootdir: /opt/docker-registry/data
|
||||
nfs_mount: /repository/docker-registry # 可选,将 rootdir 挂载到 NFS 服务器
|
||||
```
|
||||
需要在 `nfs` 节点配置和挂载好共享目录,保证所有 registry 实例的数据一致性。
|
||||
|
||||
- **azure**: 使用 Azure Blob Storage 作为后端存储。适用于部署在 Azure 云环境下的场景。配置示例:
|
||||
```yaml
|
||||
image_registry:
|
||||
registry:
|
||||
docker_registry:
|
||||
storage:
|
||||
azure:
|
||||
accountname: <your-account-name>
|
||||
|
|
@ -220,7 +220,7 @@ kubekey暂未提供registry的离线镜像包地址,需通过手动打包的
|
|||
- **gcs**: 使用 Google Cloud Storage 作为后端存储。适用于部署在 GCP 云环境下的场景。配置示例:
|
||||
```yaml
|
||||
image_registry:
|
||||
registry:
|
||||
docker_registry:
|
||||
storage:
|
||||
gcs:
|
||||
bucket: <your-bucket-name>
|
||||
|
|
@ -230,7 +230,7 @@ kubekey暂未提供registry的离线镜像包地址,需通过手动打包的
|
|||
- **s3**: 使用 Amazon S3 或兼容 S3 协议的对象存储作为后端存储。适用于 AWS 或支持 S3 协议的私有云。配置示例:
|
||||
```yaml
|
||||
image_registry:
|
||||
registry:
|
||||
docker_registry:
|
||||
storage:
|
||||
s3:
|
||||
accesskey: <your-access-key>
|
||||
|
|
|
|||
Loading…
Reference in New Issue