cd kubespray/inventory/group_vars

vi k8s-cluster.yml

# k8s-cluster 為控制一些基礎資訊的配置檔案。

# all.yml 控制一些需要詳細配置的資訊 

#  這裡開啟  kubelet_load_modules: true


# API 負載均衡，否在預設都連線到第一臺master (坑爹)
loadbalancer_apiserver_localhost: true


# 修改 api 密碼

vi roles/kubespray-defaults/defaults/main.yaml

kube_api_pwd: xxxx



# 修改 flannel 網路的模式 預設是 vxlan 修改為 host-gw
# 注 host-gw 模式 伺服器必須 二層互通

vi roles/network_plugin/flannel/defaults/main.yml

flannel_backend_type: "vxlan"

修改

flannel_backend_type: "host-gw"


## 修改 證書過期時間  -days xxxx

vi /opt/kubespray/roles/kubernetes/secrets/files/make-ssl.sh

openssl req -x509 -new -nodes -key ca-key.pem -days 10000 -out ca.pem -subj "/CN=kube-ca" > /dev/null 2>&1


openssl x509 -req -in ${name}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out ${name}.pem -days 3650 -extensions v3_req -extfile ${CONFIG} > /dev/null 2>&1



## 修改所有 images 的地址為個人的倉庫地址

roles/download/defaults/main.yml
roles/dnsmasq/templates/dnsmasq-autoscaler.yml.j2
roles/kubernetes-apps/ansible/defaults/main.yml


sed -i 's/gcr\.io\/google_containers/jicki/g' roles/download/defaults/main.yml

sed -i 's/gcr\.io\/google_containers/jicki/g' roles/dnsmasq/templates/dnsmasq-autoscaler.yml.j2

sed -i 's/gcr\.io\/google_containers/jicki/g' roles/kubernetes-apps/ansible/defaults/main.yml





roles/download/defaults/main.yml
roles/kubernetes-apps/local_volume_provisioner/defaults/main.yml


sed -i 's/quay\.io\/coreos/jicki/g' roles/download/defaults/main.yml

sed -i 's/quay\.io\/calico/jicki/g' roles/download/defaults/main.yml

sed -i 's/quay\.io\/external_storage/jicki/g' roles/kubernetes-apps/local_volume_provisioner/defaults/main.yml