Set ssl_ca_dirs for rkt based on fact
Since systemd kubelet.service has {{ ssl_ca_dirs }}, fact should be gathered before writing kubelet.service. Closes: #1007 Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
This commit is contained in:
parent
0ddcc74412
commit
5494d608e5
2 changed files with 11 additions and 7 deletions
|
@ -21,10 +21,6 @@
|
||||||
path: /var/lib/kubelet
|
path: /var/lib/kubelet
|
||||||
when: kubelet_deployment_type == "rkt"
|
when: kubelet_deployment_type == "rkt"
|
||||||
|
|
||||||
- name: install | Write kubelet systemd init file
|
|
||||||
template: "src=kubelet.{{ kubelet_deployment_type }}.service.j2 dest=/etc/systemd/system/kubelet.service backup=yes"
|
|
||||||
notify: restart kubelet
|
|
||||||
|
|
||||||
- name: install | Set SSL CA directories
|
- name: install | Set SSL CA directories
|
||||||
set_fact:
|
set_fact:
|
||||||
ssl_ca_dirs: "[
|
ssl_ca_dirs: "[
|
||||||
|
@ -39,6 +35,10 @@
|
||||||
]"
|
]"
|
||||||
tags: facts
|
tags: facts
|
||||||
|
|
||||||
|
- name: install | Write kubelet systemd init file
|
||||||
|
template: "src=kubelet.{{ kubelet_deployment_type }}.service.j2 dest=/etc/systemd/system/kubelet.service backup=yes"
|
||||||
|
notify: restart kubelet
|
||||||
|
|
||||||
- name: install | Install kubelet launch script
|
- name: install | Install kubelet launch script
|
||||||
template: src=kubelet-container.j2 dest="{{ bin_dir }}/kubelet" owner=kube mode=0755 backup=yes
|
template: src=kubelet-container.j2 dest="{{ bin_dir }}/kubelet" owner=kube mode=0755 backup=yes
|
||||||
notify: restart kubelet
|
notify: restart kubelet
|
||||||
|
|
|
@ -27,7 +27,9 @@ ExecStart=/usr/bin/rkt run \
|
||||||
--volume etcd-ssl,kind=host,source={{ etcd_config_dir }},readOnly=true \
|
--volume etcd-ssl,kind=host,source={{ etcd_config_dir }},readOnly=true \
|
||||||
--volume opt-cni,kind=host,source=/opt/cni,readOnly=true \
|
--volume opt-cni,kind=host,source=/opt/cni,readOnly=true \
|
||||||
--volume run,kind=host,source=/run,readOnly=false \
|
--volume run,kind=host,source=/run,readOnly=false \
|
||||||
--volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \
|
{% for dir in ssl_ca_dirs -%}
|
||||||
|
--volume {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }},kind=host,source={{ dir }},readOnly=true \
|
||||||
|
{% endfor -%}
|
||||||
--volume var-lib-docker,kind=host,source={{ docker_daemon_graph }},readOnly=false \
|
--volume var-lib-docker,kind=host,source={{ docker_daemon_graph }},readOnly=false \
|
||||||
--volume var-lib-kubelet,kind=host,source=/var/lib/kubelet,readOnly=false \
|
--volume var-lib-kubelet,kind=host,source=/var/lib/kubelet,readOnly=false \
|
||||||
--volume var-log,kind=host,source=/var/log \
|
--volume var-log,kind=host,source=/var/log \
|
||||||
|
@ -38,7 +40,9 @@ ExecStart=/usr/bin/rkt run \
|
||||||
--mount volume=etcd-ssl,target={{ etcd_config_dir }} \
|
--mount volume=etcd-ssl,target={{ etcd_config_dir }} \
|
||||||
--mount volume=opt-cni,target=/opt/cni \
|
--mount volume=opt-cni,target=/opt/cni \
|
||||||
--mount volume=run,target=/run \
|
--mount volume=run,target=/run \
|
||||||
--mount volume=usr-share-certs,target=/usr/share/ca-certificates \
|
{% for dir in ssl_ca_dirs -%}
|
||||||
|
--mount volume={{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }},target={{ dir }} \
|
||||||
|
{% endfor -%}
|
||||||
--mount volume=var-lib-docker,target=/var/lib/docker \
|
--mount volume=var-lib-docker,target=/var/lib/docker \
|
||||||
--mount volume=var-lib-kubelet,target=/var/lib/kubelet \
|
--mount volume=var-lib-kubelet,target=/var/lib/kubelet \
|
||||||
--mount volume=var-log,target=/var/log \
|
--mount volume=var-log,target=/var/log \
|
||||||
|
|
Loading…
Reference in a new issue