easzlab · gjmzj · Aug 7, 2019 · Aug 5, 2019 · Aug 5, 2019 · Aug 5, 2019
diff --git a/docs/setup/00-planning_and_overall_intro.md b/docs/setup/00-planning_and_overall_intro.md
@@ -64,9 +64,9 @@ apt-get install git python-pip -y
 yum install git python-pip -y
 # pip安装ansible(国内如果安装太慢可以直接用pip阿里云加速)
 #pip install pip --upgrade
-#pip install ansible==2.6.12
-pip install pip --upgrade -i http://mirrors.aliyun.com/pypi/simple/ --trusted-host mirrors.aliyun.com
-pip install ansible==2.6.12 -i http://mirrors.aliyun.com/pypi/simple/ --trusted-host mirrors.aliyun.com
+#pip install ansible==2.6.12 netaddr==0.7.19
+pip install pip --upgrade -i https://mirrors.aliyun.com/pypi/simple/
+pip install ansible==2.6.12 netaddr==0.7.19 -i https://mirrors.aliyun.com/pypi/simple/
 ```
 
 - 3.2 在ansible控制端配置免密码登陆

diff --git a/roles/cluster-addon/defaults/main.yml b/roles/cluster-addon/defaults/main.yml
@@ -1,6 +1,8 @@
 # dns 自动安装，'dns_backend'可选"coredns"和“kubedns”
 dns_install: "yes"
 dns_backend: "coredns"
+# 设置 dns svc ip (这里选用 SERVICE_CIDR 中第2个IP)
+CLUSTER_DNS_SVC_IP: "{{ SERVICE_CIDR | ipaddr('net') | ipaddr(2) | ipaddr('address') }}"
 kubednsVer: "1.14.13"
 corednsVer: "1.5.0"
 kubedns_offline: "kubedns_{{ kubednsVer }}.tar"

diff --git a/roles/cluster-addon/tasks/main.yml b/roles/cluster-addon/tasks/main.yml
@@ -3,14 +3,6 @@
   with_items:
   - /opt/kube/kube-system
 
-# 设置 dns svc ip (这里选用 SERVICE_CIDR 中第2个IP)
-- name: 注册变量 DNS_SVC_IP
-  shell: echo {{ SERVICE_CIDR }}|cut -d/ -f1|awk -F. '{print $1"."$2"."$3"."$4+2}'
-  register: DNS_SVC_IP
-
-- name: 设置变量 CLUSTER_DNS_SVC_IP
-  set_fact: CLUSTER_DNS_SVC_IP={{ DNS_SVC_IP.stdout }}
-
 # DNS文件中部分参数根据hosts文件设置而定，因此需要用template模块替换参数
 - name: 准备 DNS的部署文件
   template: src={{ item }}.yaml.j2 dest=/opt/kube/kube-system/{{ item }}.yaml

diff --git a/roles/kube-master/defaults/main.yml b/roles/kube-master/defaults/main.yml
@@ -1,7 +1,8 @@
 # etcd 集群服务地址列表, 根据etcd组成员自动生成
 TMP_ENDPOINTS: "{% for h in groups['etcd'] %}https://{{ h }}:2379,{% endfor %}"
-ETCD_ENDPOINTS: "{{ TMP_ENDPOINTS.rstrip(',') }}"
-
+ETCD_ENDPOINTS: "{{ TMP_ENDPOINTS.rstrip(',') }}" 
+# 设置 dns svc ip (这里选用 SERVICE_CIDR 中第1个IP)
+CLUSTER_KUBERNETES_SVC_IP: "{{ SERVICE_CIDR | ipaddr('net') | ipaddr(1) | ipaddr('address') }}"
 # k8s 集群 master 节点证书配置，可以添加多个ip和域名（比如增加公网ip和域名）
 MASTER_CERT_HOSTS:
   - "10.1.1.1"

diff --git a/roles/kube-master/tasks/main.yml b/roles/kube-master/tasks/main.yml
@@ -7,16 +7,6 @@
   - kubectl
   tags: upgrade_k8s
 
-# 设置 kubernetes svc ip (一般是 SERVICE_CIDR 中第一个IP)
-- name: 注册变量 KUBERNETES_SVC_IP
-  shell: echo {{ SERVICE_CIDR }}|cut -d/ -f1|awk -F. '{print $1"."$2"."$3"."$4+1}'
-  register: KUBERNETES_SVC_IP
-  tags: change_cert
-
-- name: 设置变量 CLUSTER_KUBERNETES_SVC_IP
-  set_fact: CLUSTER_KUBERNETES_SVC_IP={{ KUBERNETES_SVC_IP.stdout }}
-  tags: change_cert
-
 - name: 创建 kubernetes 证书签名请求
   template: src=kubernetes-csr.json.j2 dest={{ ca_dir }}/kubernetes-csr.json
   tags: change_cert

diff --git a/roles/kube-node/defaults/main.yml b/roles/kube-node/defaults/main.yml
@@ -1,6 +1,9 @@
 # 默认使用kube-proxy的 'iptables' 模式，可选 'ipvs' 模式(experimental)
 PROXY_MODE: "ipvs"
 
+# 设置 dns svc ip (这里选用 SERVICE_CIDR 中第2个IP)
+CLUSTER_DNS_SVC_IP: "{{ SERVICE_CIDR | ipaddr('net') | ipaddr(2) | ipaddr('address') }}"
+
 # 基础容器镜像
 SANDBOX_IMAGE: "mirrorgooglecontainers/pause-amd64:3.1"
 #SANDBOX_IMAGE: "registry.access.redhat.com/rhel7/pod-infrastructure:latest"

diff --git a/roles/kube-node/tasks/main.yml b/roles/kube-node/tasks/main.yml
@@ -66,16 +66,6 @@
 - name: 准备 cni配置文件
   template: src=cni-default.conf.j2 dest=/etc/cni/net.d/10-default.conf
 
-# 设置 dns svc ip (这里选用 SERVICE_CIDR 中第2个IP)
-- name: 注册变量 DNS_SVC_IP
-  shell: echo {{ SERVICE_CIDR }}|cut -d/ -f1|awk -F. '{print $1"."$2"."$3"."$4+2}'
-  register: DNS_SVC_IP
-  tags: upgrade_k8s, restart_node
-
-- name: 设置变量 CLUSTER_DNS_SVC_IP
-  set_fact: CLUSTER_DNS_SVC_IP={{ DNS_SVC_IP.stdout }}
-  tags: upgrade_k8s, restart_node
-
 # 判断 kubernetes 版本
 - name: 注册变量 TMP_VER
   shell: "{{ base_dir }}/bin/kube-apiserver --version|cut -d' ' -f2|cut -d'v' -f2"

diff --git a/roles/kube-ovn/defaults/main.yml b/roles/kube-ovn/defaults/main.yml
@@ -1,5 +1,10 @@
 # 选择 OVN DB and OVN Control Plane 节点，默认为第一个master节点
 OVN_DB_NODE: "{{ groups['kube-master'][0] }}"
 
+kube_ovn_default_cidr: "{{ CLUSTER_CIDR }}"
+kube_ovn_default_gateway: "{{ CLUSTER_CIDR | ipaddr('net') | ipaddr(1) | ipaddr('address') }}"
+kube_ovn_node_switch_cidr: 100.64.0.0/16
+kube_ovn_enable_mirror: false
+
 # 离线镜像tar包
 kube_ovn_offline: "kube_ovn_0.6.0.tar"
diff --git a/roles/kube-ovn/templates/kube-ovn.yaml.j2 b/roles/kube-ovn/templates/kube-ovn.yaml.j2
@@ -43,9 +43,9 @@ spec:
           command:
           - /kube-ovn/start-controller.sh
           args:
-          - --default-cidr=10.16.0.0/16
-          - --default-gateway=10.16.0.1
-          - --node-switch-cidr=100.64.0.0/16
+          - --default-cidr={{ kube_ovn_default_cidr }}
+          - --default-gateway={{ kube_ovn_default_gateway }}
+          - --node-switch-cidr={{ kube_ovn_node_switch_cidr }}
           env:
             - name: POD_NAME
               valueFrom:
@@ -128,7 +128,8 @@ spec:
           - sh
           - /kube-ovn/start-cniserver.sh
         args:
-          - --enable-mirror=false
+          - --enable-mirror={{ kube_ovn_enable_mirror|string|lower }}
+          - --service-cluster-ip-range={{ SERVICE_CIDR }}
         securityContext:
           runAsUser: 0
           privileged: true