When adding nodes to a TKE cluster, you can perform batch operations, such as modification of kernel parameters, by entering a script in Custom Data. However, if you need to perform batch operations on existing nodes, you can use the Ansible open-source tool described in this document.
Ansible is a popular open-source OPS tool that can be used to directly perform batch operations on devices over SSH protocol, without the need to manually preinstall dependencies. The following figure shows how it works:
sudo apt update && sudo apt install software-properties-common -y && sudo apt-add-repository --yes --update ppa:ansible/ansible && sudo apt install ansible -y
sudo yum install ansible -y
Add private IPs of all target nodes to the host.ini
file, with one IP address per line, as shown in the example below:
10.0.3.33
10.0.2.4
To operate on all nodes, you can run the following commands to generate the host.ini
file:
kubectl get nodes -o jsonpath='{.items[*].status.addresses[?(@.type=="InternalIP")].address}' | tr ' ' '\n' > hosts.ini
Define the batch operations that you want to perform in a script and save it as a script file, as shown in the following example:
A self-built image repository is created, and no certificate has been issued by an authority. It uses the certificate issued by HTTP or HTTPS. By default, an error occurs when dockerd pulls images from this repository. You can perform batch modification of the dockerd configuration on nodes to add the address of the self-built repository to insecure-registries
in the dockerd configuration. This allows dockerd to ignore the certificate check. The content of the modify-dockerd.sh
script file is as follows:
# yum install -y jq # centos
apt install -y jq # ubuntu
cat /etc/docker/daemon.json | jq '."insecure-registries" += ["myharbor.com"]' > /tmp/daemon.json
cp /tmp/daemon.json /etc/docker/daemon.json
systemctl restart dockerd
Usually, when TKE nodes are added, they all point to the same SSH login key or password. Perform the following operations based on your actual situation:
tke.key
.chmod 0600 tke.key
ansible all -i hosts.ini --ssh-common-args="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" --user ubuntu --become --become-user=root --private-key=tke.key -m script -a "modify-dockerd.sh"
ansible all -i hosts.ini --ssh-common-args="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" --user root -m script -a "modify-dockerd.sh"
read -s PASS
ubuntu
. See the sample below:ansible all -i hosts.ini --ssh-common-args="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" --user ubuntu --become --become-user=root -e "ansible_password=$PASS" -m script -a "modify-dockerd.sh"
root
. See the sample below:ansible all -i hosts.ini --ssh-common-args="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" --user root -e "ansible_password=$PASS" -m script -a "modify-dockerd.sh"
Apakah halaman ini membantu?