From da50ed0936742bb633c6b48a84ffca98d8ab03ad Mon Sep 17 00:00:00 2001 From: Jeff Bornemann Date: Tue, 30 Jul 2019 15:00:10 -0400 Subject: [PATCH] move flexvolume plugin directory creation to preinstall (#4999) * move flexvolume plugin directory creation to preinstall * changes per pr feedback --- .../sample/group_vars/k8s-cluster/k8s-cluster.yml | 3 +++ roles/kubernetes/node/defaults/main.yml | 2 -- roles/kubernetes/node/templates/kubelet.service.j2 | 1 - roles/kubernetes/preinstall/defaults/main.yml | 1 + roles/kubernetes/preinstall/tasks/0040-set_facts.yml | 10 ++++++++++ .../preinstall/tasks/0050-create_directories.yml | 1 + 6 files changed, 15 insertions(+), 3 deletions(-) diff --git a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml index 7df70a753..7a49bee19 100644 --- a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml +++ b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml @@ -191,6 +191,9 @@ podsecuritypolicy_enabled: false # Acceptable options are 'pods', 'system-reserved', 'kube-reserved' and ''. Default is "". # kubelet_enforce_node_allocatable: pods +# An alternative flexvolume plugin directory +# kubelet_flexvolumes_plugins_dir: /usr/libexec/kubernetes/kubelet-plugins/volume/exec + ## Supplementary addresses that can be added in kubernetes ssl keys. ## That can be useful for example to setup a keepalived virtual IP # supplementary_addresses_in_ssl_keys: [10.0.0.1, 10.0.0.2, 10.0.0.3] diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml index 64502af65..3b549da86 100644 --- a/roles/kubernetes/node/defaults/main.yml +++ b/roles/kubernetes/node/defaults/main.yml @@ -50,8 +50,6 @@ loadbalancer_apiserver_cpu_requests: 25m # - extensions/v1beta1/daemonsets=true # - extensions/v1beta1/deployments=true -kubelet_flexvolumes_plugins_dir: /usr/libexec/kubernetes/kubelet-plugins/volume/exec - # A port range to reserve for services with NodePort visibility. # Inclusive at both ends of the range. kube_apiserver_node_port_range: "30000-32767" diff --git a/roles/kubernetes/node/templates/kubelet.service.j2 b/roles/kubernetes/node/templates/kubelet.service.j2 index 4b4dce7c7..71c97e0d0 100644 --- a/roles/kubernetes/node/templates/kubelet.service.j2 +++ b/roles/kubernetes/node/templates/kubelet.service.j2 @@ -7,7 +7,6 @@ Wants=docker.socket [Service] User=root EnvironmentFile=-{{ kube_config_dir }}/kubelet.env -ExecStartPre=-/bin/mkdir -p {{ kubelet_flexvolumes_plugins_dir }} ExecStart={{ bin_dir }}/kubelet \ $KUBE_LOGTOSTDERR \ $KUBE_LOG_LEVEL \ diff --git a/roles/kubernetes/preinstall/defaults/main.yml b/roles/kubernetes/preinstall/defaults/main.yml index 926de4e3e..1ffcfb346 100644 --- a/roles/kubernetes/preinstall/defaults/main.yml +++ b/roles/kubernetes/preinstall/defaults/main.yml @@ -25,6 +25,7 @@ kube_cert_group: kube-cert kube_config_dir: /etc/kubernetes kube_cert_dir: "{{ kube_config_dir }}/ssl" kube_cert_compat_dir: /etc/kubernetes/pki +kubelet_flexvolumes_plugins_dir: /usr/libexec/kubernetes/kubelet-plugins/volume/exec # Container Linux by CoreOS cloud init config file to define /etc/resolv.conf content # for hostnet pods and infra needs diff --git a/roles/kubernetes/preinstall/tasks/0040-set_facts.yml b/roles/kubernetes/preinstall/tasks/0040-set_facts.yml index 939da53a4..4a6318cc9 100644 --- a/roles/kubernetes/preinstall/tasks/0040-set_facts.yml +++ b/roles/kubernetes/preinstall/tasks/0040-set_facts.yml @@ -178,3 +178,13 @@ etcd_deployment_type: host when: - etcd_kubeadm_enabled + +- name: check /usr readonly + stat: + path: "/usr" + register: usr + +- name: set alternate flexvolume path + set_fact: + kubelet_flexvolumes_plugins_dir: /var/lib/kubelet/volumeplugins + when: not usr.stat.writeable diff --git a/roles/kubernetes/preinstall/tasks/0050-create_directories.yml b/roles/kubernetes/preinstall/tasks/0050-create_directories.yml index 4ba782bdc..07dccd475 100644 --- a/roles/kubernetes/preinstall/tasks/0050-create_directories.yml +++ b/roles/kubernetes/preinstall/tasks/0050-create_directories.yml @@ -22,6 +22,7 @@ - "{{ kube_cert_dir }}" - "{{ kube_manifest_dir }}" - "{{ kube_script_dir }}" + - "{{ kubelet_flexvolumes_plugins_dir }}" - name: Check if kubernetes kubeadm compat cert dir exists stat: