Skip to content

Commit

Permalink
集群apiserver证书支持直接配置IP和域名
Browse files Browse the repository at this point in the history
  • Loading branch information
@denglouping
denglouping committed Mar 1, 2024
1 parent 3fa6160 commit 081e44f
Show file tree
Hide file tree
Showing 3 changed files with 42 additions and 17 deletions.
17 changes: 17 additions & 0 deletions bcs-ops/k8s/render_kubeadm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,23 @@ render_cluster() {
cat >"${config_file}" <<EOF
apiVersion: kubeadm.k8s.io/$kubeadm_tag
apiServer:
$(
if [[ ${ENABLE_APISERVER_HA} == "true" ]] && [[ ${APISERVER_HA_MODE} == "external" ]];then
cat <<EXTERNAL_EOF
certSANs:
EXTERNAL_EOF
if [[ -n "${VIP}" ]];then
cat <<EXTERNAL_EOF
- "${VIP}"
EXTERNAL_EOF
fi
if [[ -n "${APISERVER_HOST}" ]];then
cat <<EXTERNAL_EOF
- "${APISERVER_HOST}"
EXTERNAL_EOF
fi
fi
)
extraArgs:
authorization-mode: Node,RBAC
$(
Expand Down
34 changes: 17 additions & 17 deletions bcs-ops/readme.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ set +x

1. 通过`set -a 命令`配置环境变量,环境变量配置见[`环境变量`](#环境变量)
2. `./bcs-ops -r bcsenv` 在第一台主机(后称中控机)上渲染配置文件 `env/bcs.env`
3. 在中控机上启动集群控制平面:`./bcs-ops --instal master`,集群启动成功后会显示加入集群的指令
3. 在中控机上启动集群控制平面:`./bcs-ops --install master`,集群启动成功后会显示加入集群的指令
4. 集群加入指令有效期为 1 小时,中控机执行 `./bcs-ops --render joincmd` 可再次渲染生成加入集群的指令,渲染结果如下所示

```plaintext
Expand Down Expand Up @@ -196,22 +196,22 @@ set +x

#### apiserver ha 环境变量

| 环境变量 | 默认值 | 说明 |
| ------------------------- | --------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `ENABLE_APISERVER_HA` | `false` | apiserver ha 模式,默认关闭。 |
| `APISERVER_HA_MODE` | `bcs-apiserver-proxy` | 模式选择,支持 [bcs-apiserver-proxy](https://github.com/TencentBlueKing/bk-bcs/blob/625be3183d99ee3500123016a6dea99d78165565/docs/features/bcs-apiserver-proxy/bcs-apiserver-proxy.md#L1)`[kube-vip](https://kube-vip.io/)` |
| `VIP` | | VIP 地址,可配置与集群内不冲突的 ip 地址 |
| `VS_PORT` | `6443` | bap 代理端口 |
| `APISERVER_PROXY_VERSION` | `v1.29.0-alpha.130-tencent` | bap 镜像版本 |
| `PROXY_TOOL_PATH` | `/usr/bin` | bap 工具安装目录 |
| `PERSIST_DIR` | `/root/.bcs` | bap 持久化目录 |
| `LVS_SCHEDULER` | `rr` | bap 负载均衡策略 |
| `MANAGER_INTERVAL` | `10` | bap 监听时间 |
| `DEBUG_MODE` | `true` | bap DEBUG 模式 默认开启 |
| `LOG_LEVEL` | `3` | bap 日志等级 |
| `KUBE_VIP_VERSION` | `v0.5.12` | kube-vip 镜像版本 |
| `BIND_INTERFACE` | `""` | kube-vip 绑定网卡名 |
| `VIP_CIDR` | `32` | VIP CIDR 掩码长度 |
| 环境变量 | 默认值 | 说明 |
| ------------------------- | --------------------------- |--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `ENABLE_APISERVER_HA` | `false` | apiserver ha 模式,默认关闭。 |
| `APISERVER_HA_MODE` | `bcs-apiserver-proxy` | 模式选择,支持 [bcs-apiserver-proxy](https://github.com/TencentBlueKing/bk-bcs/blob/625be3183d99ee3500123016a6dea99d78165565/docs/features/bcs-apiserver-proxy/bcs-apiserver-proxy.md#L1), [kube-vip](https://kube-vip.io/), external |
| `VIP` | | VIP 地址,可配置与集群内不冲突的 ip 地址 |
| `VS_PORT` | `6443` | bap 代理端口 |
| `APISERVER_PROXY_VERSION` | `v1.29.0-alpha.130-tencent` | bap 镜像版本 |
| `PROXY_TOOL_PATH` | `/usr/bin` | bap 工具安装目录 |
| `PERSIST_DIR` | `/root/.bcs` | bap 持久化目录 |
| `LVS_SCHEDULER` | `rr` | bap 负载均衡策略 |
| `MANAGER_INTERVAL` | `10` | bap 监听时间 |
| `DEBUG_MODE` | `true` | bap DEBUG 模式 默认开启 |
| `LOG_LEVEL` | `3` | bap 日志等级 |
| `KUBE_VIP_VERSION` | `v0.5.12` | kube-vip 镜像版本 |
| `BIND_INTERFACE` | `""` | kube-vip 绑定网卡名 |
| `VIP_CIDR` | `32` | VIP CIDR 掩码长度 |

### 示例

Expand Down
8 changes: 8 additions & 0 deletions bcs-ops/system/config_envfile.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,7 @@ init_env() {
ENABLE_APISERVER_HA=${ENABLE_APISERVER_HA:-"false"}
APISERVER_HA_MODE=${APISERVER_HA_MODE:-"bcs-apiserver-proxy"}
VIP=${VIP:-}
APISERVER_HOST=${APISERVER_HOST:-}
## bcs apiserver proxy
APISERVER_PROXY_VERSION=${APISERVER_PROXY_VERSION:-"v1.29.0-alpha.130-tencent"}
PROXY_TOOL_PATH=${PROXY_TOOL_PATH:-"/usr/bin"}
Expand Down Expand Up @@ -226,6 +227,12 @@ now is ${K8S_IPv6_STATUS}"

[[ -n $K8S_CTRL_IP ]] || K8S_CTRL_IP=$LAN_IP

if [[ ${ENABLE_APISERVER_HA} == "external" ]];then
if [[ -z "${VIP}" ]] && [[ -z "${APISERVER_HOST}" ]];then
utils::log "ERROR" \
"if ENABLE_APISERVER_HA is ${ENABLE_APISERVER_HA}, VIP or APISERVER_HOST must be set"
fi
fi
}

render_env() {
Expand Down Expand Up @@ -323,6 +330,7 @@ BKREPO_URL="${BKREPO_URL}"
ENABLE_APISERVER_HA="${ENABLE_APISERVER_HA}"
APISERVER_HA_MODE="${APISERVER_HA_MODE}"
VIP="${VIP}"
APISERVER_HOST="${APISERVER_HOST}"
## bcs apiserver proxy
APISERVER_PROXY_VERSION="${APISERVER_PROXY_VERSION}"
PROXY_TOOL_PATH="${PROXY_TOOL_PATH}"
Expand Down

0 comments on commit 081e44f

Please sign in to comment.