Remove nsenter workaround
- Docker 1.12 and further don't need nsenter hack. This patch removes it. Also, it bumps the minimal version to 1.12. Closes #776 Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
This commit is contained in:
parent
bdc65990e1
commit
585afef945
2 changed files with 36 additions and 15 deletions
|
@ -1,16 +1,23 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
{{ docker_bin_dir }}/docker run --privileged \
|
{{ docker_bin_dir }}/docker run \
|
||||||
--net=host --pid=host --name=kubelet --restart=on-failure:5 \
|
--net=host \
|
||||||
-v /etc/cni:/etc/cni:ro \
|
--pid=host \
|
||||||
-v /opt/cni:/opt/cni:ro \
|
--privileged \
|
||||||
-v {{kube_config_dir}}:{{kube_config_dir}} \
|
--name=kubelet \
|
||||||
-v /sys:/sys \
|
--restart=on-failure:5 \
|
||||||
-v /dev:/dev \
|
--memory={{ kubelet_memory_limit|regex_replace('Mi', 'M') }} \
|
||||||
-v {{ docker_daemon_graph }}:/var/lib/docker \
|
--cpu-shares={{ kubelet_cpu_limit|regex_replace('m', '') }} \
|
||||||
-v /var/run:/var/run \
|
-v /etc/cni:/etc/cni:ro \
|
||||||
-v /var/lib/kubelet:/var/lib/kubelet \
|
-v /opt/cni:/opt/cni:ro \
|
||||||
--memory={{ kubelet_memory_limit|regex_replace('Mi', 'M') }} --cpu-shares={{ kubelet_cpu_limit|regex_replace('m', '') }} \
|
-v /etc/ssl:/etc/ssl:ro \
|
||||||
{{ hyperkube_image_repo }}:{{ hyperkube_image_tag}} \
|
{% for dir in ssl_ca_dirs -%}
|
||||||
nsenter --target=1 --mount --wd=. -- \
|
-v {{ dir }}:{{ dir }}:ro \
|
||||||
./hyperkube kubelet \
|
{% endfor -%}
|
||||||
$@
|
-v /sys:/sys:ro \
|
||||||
|
-v {{ docker_daemon_graph }}:/var/lib/docker:rw \
|
||||||
|
-v /var/lib/kubelet:/var/lib/kubelet:shared \
|
||||||
|
-v /var/run:/var/run:rw \
|
||||||
|
-v {{kube_config_dir}}:{{kube_config_dir}}:ro \
|
||||||
|
{{ hyperkube_image_repo }}:{{ hyperkube_image_tag}} \
|
||||||
|
./hyperkube kubelet \
|
||||||
|
$@
|
||||||
|
|
|
@ -160,6 +160,20 @@
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
tags: facts
|
tags: facts
|
||||||
|
|
||||||
|
- name: SSL CA directories | Set SSL CA directories
|
||||||
|
set_fact:
|
||||||
|
ssl_ca_dirs: "[
|
||||||
|
{% if ansible_os_family in ['CoreOS', 'Container Linux by CoreOS'] -%}
|
||||||
|
'/usr/share/ca-certificates',
|
||||||
|
{% elif ansible_os_family == 'RedHat' -%}
|
||||||
|
'/etc/pki/tls',
|
||||||
|
'/etc/pki/ca-trust',
|
||||||
|
{% elif ansible_os_family == 'Debian' -%}
|
||||||
|
'/usr/share/ca-certificates',
|
||||||
|
{% endif -%}
|
||||||
|
]"
|
||||||
|
tags: facts
|
||||||
|
|
||||||
- name: Gen_certs | add CA to trusted CA dir
|
- name: Gen_certs | add CA to trusted CA dir
|
||||||
copy:
|
copy:
|
||||||
src: "{{ kube_cert_dir }}/ca.pem"
|
src: "{{ kube_cert_dir }}/ca.pem"
|
||||||
|
|
Loading…
Reference in a new issue