diff --git a/deploy/tools/README.md b/deploy/tools/README.md index 3d2ac623399ffb933597bebe42189c1625102f8d..5067db171930ed89bc49f6b2fb071ad6642528d1 100644 --- a/deploy/tools/README.md +++ b/deploy/tools/README.md @@ -92,6 +92,8 @@ kubectl apply -f calico.yaml firewall-cmd --zone=public --add-port=111/tcp firewall-cmd --zone=public --add-port=179/tcp ``` + 为了保证重启之后端口仍然打开,将其持久化 + firewall-cmd --runtime-to-permanent ### 符合性测试 diff --git a/deploy/tools/deploy.sh b/deploy/tools/deploy.sh index fd882e0c1d7a1f3c1ab482aca2b16dda3375e076..21571bd0c1c31cb4df299cf132e55fc716017137 100755 --- a/deploy/tools/deploy.sh +++ b/deploy/tools/deploy.sh @@ -232,7 +232,7 @@ function install_kubetest() { fi if [ -d "$GOPATH/src/k8s.io/kubernetes" ];then - echo "$GOPATH/src/k8s.io/test-infra exist, remove it to continue prepare kubetest enviorment" + echo "$GOPATH/src/k8s.io/kubernetes, remove it to continue prepare kubetest enviorment" exit 1 fi diff --git a/deploy/tools/etcd.sh b/deploy/tools/etcd.sh index 7ef29a2274f7837cc1e43732283201fb13a2ac43..202e46f0e1c98e4005dbcac3d020a6f89b527f2e 100755 --- a/deploy/tools/etcd.sh +++ b/deploy/tools/etcd.sh @@ -129,6 +129,7 @@ function test_etcd() { firewall-cmd --zone=public --add-port=2379/tcp firewall-cmd --zone=public --add-port=2380/tcp firewall-cmd --zone=public --add-port=2381/tcp +firewall-cmd --runtime-to-permanent if [ x"$1" == x"config" ] || [ x"$1" == x"deploy" ]; then if [ x"$2" == "x" ] || [ x"$3" == "x" ] || [ x"$4" == "x" ]; then diff --git a/deploy/tools/helper.sh b/deploy/tools/helper.sh index f03cafd0ed72247d00f580bdd7f56ee583c81a43..f34f52b942b91ddcd5858b93113607b340cd663d 100755 --- a/deploy/tools/helper.sh +++ b/deploy/tools/helper.sh @@ -503,6 +503,7 @@ function cleanup_node() { firewall-cmd --zone=public --remove-port=10250/tcp firewall-cmd --zone=public --remove-port=10256/tcp + firewall-cmd --runtime-to-permanent } function cleanup_loadbalancer() { @@ -532,6 +533,7 @@ function cleanup_loadbalancer() { done firewall-cmd --zone=public --remove-port=${API_SERVER_EXPOSE_PORT}/tcp + firewall-cmd --runtime-to-permanent } function apply_system_resources() { @@ -587,4 +589,5 @@ function cleanup_master() { firewall-cmd --zone=public --remove-port=10252/tcp # kube-scheduler firewall-cmd --zone=public --remove-port=10251/tcp + firewall-cmd --runtime-to-permanent } diff --git a/deploy/tools/install_controller.sh b/deploy/tools/install_controller.sh index bd72aca5e3cb26edc1a42893fffe4f4058ac793c..332836157643f9f7ba5e1418d1078b7c89128d27 100755 --- a/deploy/tools/install_controller.sh +++ b/deploy/tools/install_controller.sh @@ -234,5 +234,7 @@ firewall-cmd --zone=public --add-port=10251/tcp echo "-------set_scheduler_configs----------" set_scheduler_configs +firewall-cmd --runtime-to-permanent + # start services systemctl start kube-apiserver kube-controller-manager kube-scheduler diff --git a/deploy/tools/loadbalancer.sh b/deploy/tools/loadbalancer.sh index 10b26e2d57d7cabc4767622a576742fb70b75b61..fb798d46650917cdd0836711d64b79dcc7381b4e 100755 --- a/deploy/tools/loadbalancer.sh +++ b/deploy/tools/loadbalancer.sh @@ -50,7 +50,7 @@ EOF # insert server local insert_line=11 for i in "${!MASTER_IPS[@]}"; do - sed -i "$insert_line a\\ server ${MASTER_IPS[$i]}:6443 max_fails=3 fail_timeout=30s;" $result_dir/kube-nginx.conf + sed -i "$insert_line a\\ server ${MASTER_IPS[$i]}:6443 max_fails=3 fail_timeout=30s;" /etc/kubernetes/kube-nginx.conf insert_line=$(($insert_line+1)) done @@ -63,9 +63,10 @@ Wants=network-online.target [Service] Type=forking -ExecStartPre=/usr/sbin/nginx -c $result_dir/kube-nginx.conf -t -ExecStart=/usr/sbin/nginx -c $result_dir/kube-nginx.conf -ExecReload=/usr/sbin/nginx -c $result_dir/kube-nginx.conf -s reload +ExecStartPre=setenforce 0 +ExecStartPre=/usr/sbin/nginx -c /etc/kubernetes/kube-nginx.conf -t +ExecStart=/usr/sbin/nginx -c /etc/kubernetes/kube-nginx.conf +ExecReload=/usr/sbin/nginx -c /etc/kubernetes/kube-nginx.conf -s reload PrivateTmp=true Restart=always RestartSec=5 @@ -92,5 +93,7 @@ firewall-cmd --zone=public --add-port=${lb_port}/tcp echo "-------set_nginx_configs $lb_port-------" set_nginx_configs "$lb_port" +firewall-cmd --runtime-to-permanent + # start services systemctl start nginx diff --git a/deploy/tools/node.sh b/deploy/tools/node.sh index 1fde94e3e2392fb7b409eabde63972d00d394b33..9275c21f01298c6bad6c3d407c57410c2b13af15 100755 --- a/deploy/tools/node.sh +++ b/deploy/tools/node.sh @@ -146,6 +146,8 @@ firewall-cmd --zone=public --add-port=10256/tcp echo "-------set_kube_proxy $NODE_KUBE_CLUSTER_CIDR $hostname_override------------" set_kube_proxy "$NODE_KUBE_CLUSTER_CIDR" "$hostname_override" +firewall-cmd --runtime-to-permanent + # add cni configs ./network.sh default