Remove nsenter workaround

- Docker 1.12 and further don't need nsenter hack. This patch removes
  it.  Also, it bumps the minimal version to 1.12.

Closes #776

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
This commit is contained in:
Sergii Golovatiuk 2017-01-20 15:55:12 +01:00
parent bdc65990e1
commit 585afef945
2 changed files with 36 additions and 15 deletions

View file

@ -1,16 +1,23 @@
#!/bin/bash #!/bin/bash
{{ docker_bin_dir }}/docker run --privileged \ {{ docker_bin_dir }}/docker run \
--net=host --pid=host --name=kubelet --restart=on-failure:5 \ --net=host \
-v /etc/cni:/etc/cni:ro \ --pid=host \
-v /opt/cni:/opt/cni:ro \ --privileged \
-v {{kube_config_dir}}:{{kube_config_dir}} \ --name=kubelet \
-v /sys:/sys \ --restart=on-failure:5 \
-v /dev:/dev \ --memory={{ kubelet_memory_limit|regex_replace('Mi', 'M') }} \
-v {{ docker_daemon_graph }}:/var/lib/docker \ --cpu-shares={{ kubelet_cpu_limit|regex_replace('m', '') }} \
-v /var/run:/var/run \ -v /etc/cni:/etc/cni:ro \
-v /var/lib/kubelet:/var/lib/kubelet \ -v /opt/cni:/opt/cni:ro \
--memory={{ kubelet_memory_limit|regex_replace('Mi', 'M') }} --cpu-shares={{ kubelet_cpu_limit|regex_replace('m', '') }} \ -v /etc/ssl:/etc/ssl:ro \
{{ hyperkube_image_repo }}:{{ hyperkube_image_tag}} \ {% for dir in ssl_ca_dirs -%}
nsenter --target=1 --mount --wd=. -- \ -v {{ dir }}:{{ dir }}:ro \
./hyperkube kubelet \ {% endfor -%}
$@ -v /sys:/sys:ro \
-v {{ docker_daemon_graph }}:/var/lib/docker:rw \
-v /var/lib/kubelet:/var/lib/kubelet:shared \
-v /var/run:/var/run:rw \
-v {{kube_config_dir}}:{{kube_config_dir}}:ro \
{{ hyperkube_image_repo }}:{{ hyperkube_image_tag}} \
./hyperkube kubelet \
$@

View file

@ -160,6 +160,20 @@
{%- endif %} {%- endif %}
tags: facts tags: facts
- name: SSL CA directories | Set SSL CA directories
set_fact:
ssl_ca_dirs: "[
{% if ansible_os_family in ['CoreOS', 'Container Linux by CoreOS'] -%}
'/usr/share/ca-certificates',
{% elif ansible_os_family == 'RedHat' -%}
'/etc/pki/tls',
'/etc/pki/ca-trust',
{% elif ansible_os_family == 'Debian' -%}
'/usr/share/ca-certificates',
{% endif -%}
]"
tags: facts
- name: Gen_certs | add CA to trusted CA dir - name: Gen_certs | add CA to trusted CA dir
copy: copy:
src: "{{ kube_cert_dir }}/ca.pem" src: "{{ kube_cert_dir }}/ca.pem"