From 8f00a07bf6fb515afb5b846d89619bb688ded36c Mon Sep 17 00:00:00 2001 From: Greg Althaus Date: Thu, 9 Feb 2017 09:56:12 -0600 Subject: [PATCH] Due to the nsenter and other reworks, it appears that kubelet lost the ability to load kernel modules. This puts that back by adding the lib/modules mount to kubelet. The new variable kubelet_load_modules can be set to true to enable this item. It is OFF by default. --- docs/vars.md | 4 ++++ inventory/group_vars/all.yml | 8 ++++++++ roles/kubernetes/node/templates/kubelet-container.j2 | 3 +++ 3 files changed, 15 insertions(+) diff --git a/docs/vars.md b/docs/vars.md index c904e9336..2f19d1348 100644 --- a/docs/vars.md +++ b/docs/vars.md @@ -92,6 +92,10 @@ Stack](https://github.com/kubernetes-incubator/kargo/blob/master/docs/dns-stack. ``--insecure-registry=myregistry.mydomain:5000`` * *http_proxy/https_proxy/no_proxy* - Proxy variables for deploying behind a proxy +* *kubelet_load_modules* - For some things, kubelet needs to load kernel modules. For example, + dynamic kernel services are needed for mounting persistent volumes into containers. These may not be + loaded by preinstall kubernetes processes. For example, ceph and rbd backed volumes. Set this variable to + true to let kubelet load kernel modules. #### User accounts diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml index cc26d5847..50a14ee8a 100644 --- a/inventory/group_vars/all.yml +++ b/inventory/group_vars/all.yml @@ -48,6 +48,14 @@ kube_log_level: 2 # 1.5 default behavior. The flag is actually only added if the used kubernetes version is >= 1.5 kube_api_anonymous_auth: false +# +# For some things, kubelet needs to load kernel modules. For example, dynamic kernel services are needed +# for mounting persistent volumes into containers. These may not be loaded by preinstall kubernetes +# processes. For example, ceph and rbd backed volumes. Uncomment to allow kubelet to load kernel +# modules. +# +#kubelet_load_modules: true + # Users to create for basic auth in Kubernetes API via HTTP kube_api_pwd: "changeme" kube_users: diff --git a/roles/kubernetes/node/templates/kubelet-container.j2 b/roles/kubernetes/node/templates/kubelet-container.j2 index 1e2e13a93..388fab3c7 100644 --- a/roles/kubernetes/node/templates/kubelet-container.j2 +++ b/roles/kubernetes/node/templates/kubelet-container.j2 @@ -14,6 +14,9 @@ {% for dir in ssl_ca_dirs -%} -v {{ dir }}:{{ dir }}:ro \ {% endfor -%} + {% if kubelet_load_modules is defined and kubelet_load_modules == true -%} + -v /lib/modules:/lib/modules:ro \ + {% endif -%} -v /sys:/sys:ro \ -v {{ docker_daemon_graph }}:/var/lib/docker:rw \ -v /var/lib/kubelet:/var/lib/kubelet:shared \