Merge pull request #1015 from holser/rkt_ssl_ca_dirs
Set ssl_ca_dirs for rkt based on fact
This commit is contained in:
commit
f671ef5ad2
2 changed files with 11 additions and 7 deletions
|
@ -21,10 +21,6 @@
|
||||||
path: /var/lib/kubelet
|
path: /var/lib/kubelet
|
||||||
when: kubelet_deployment_type == "rkt"
|
when: kubelet_deployment_type == "rkt"
|
||||||
|
|
||||||
- name: install | Write kubelet systemd init file
|
|
||||||
template: "src=kubelet.{{ kubelet_deployment_type }}.service.j2 dest=/etc/systemd/system/kubelet.service backup=yes"
|
|
||||||
notify: restart kubelet
|
|
||||||
|
|
||||||
- name: install | Set SSL CA directories
|
- name: install | Set SSL CA directories
|
||||||
set_fact:
|
set_fact:
|
||||||
ssl_ca_dirs: "[
|
ssl_ca_dirs: "[
|
||||||
|
@ -39,6 +35,10 @@
|
||||||
]"
|
]"
|
||||||
tags: facts
|
tags: facts
|
||||||
|
|
||||||
|
- name: install | Write kubelet systemd init file
|
||||||
|
template: "src=kubelet.{{ kubelet_deployment_type }}.service.j2 dest=/etc/systemd/system/kubelet.service backup=yes"
|
||||||
|
notify: restart kubelet
|
||||||
|
|
||||||
- name: install | Install kubelet launch script
|
- name: install | Install kubelet launch script
|
||||||
template: src=kubelet-container.j2 dest="{{ bin_dir }}/kubelet" owner=kube mode=0755 backup=yes
|
template: src=kubelet-container.j2 dest="{{ bin_dir }}/kubelet" owner=kube mode=0755 backup=yes
|
||||||
notify: restart kubelet
|
notify: restart kubelet
|
||||||
|
|
|
@ -27,9 +27,11 @@ ExecStart=/usr/bin/rkt run \
|
||||||
--volume etcd-ssl,kind=host,source={{ etcd_config_dir }},readOnly=true \
|
--volume etcd-ssl,kind=host,source={{ etcd_config_dir }},readOnly=true \
|
||||||
--volume opt-cni,kind=host,source=/opt/cni,readOnly=true \
|
--volume opt-cni,kind=host,source=/opt/cni,readOnly=true \
|
||||||
--volume run,kind=host,source=/run,readOnly=false \
|
--volume run,kind=host,source=/run,readOnly=false \
|
||||||
--volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \
|
{% for dir in ssl_ca_dirs -%}
|
||||||
|
--volume {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }},kind=host,source={{ dir }},readOnly=true \
|
||||||
|
{% endfor -%}
|
||||||
--volume var-lib-docker,kind=host,source={{ docker_daemon_graph }},readOnly=false \
|
--volume var-lib-docker,kind=host,source={{ docker_daemon_graph }},readOnly=false \
|
||||||
--volume var-lib-kubelet,kind=host,source=/var/lib/kubelet,readOnly=false \
|
--volume var-lib-kubelet,kind=host,source=/var/lib/kubelet,readOnly=false \
|
||||||
--volume var-log,kind=host,source=/var/log \
|
--volume var-log,kind=host,source=/var/log \
|
||||||
--mount volume=dns,target=/etc/resolv.conf \
|
--mount volume=dns,target=/etc/resolv.conf \
|
||||||
--mount volume=etc-cni,target=/etc/cni \
|
--mount volume=etc-cni,target=/etc/cni \
|
||||||
|
@ -38,7 +40,9 @@ ExecStart=/usr/bin/rkt run \
|
||||||
--mount volume=etcd-ssl,target={{ etcd_config_dir }} \
|
--mount volume=etcd-ssl,target={{ etcd_config_dir }} \
|
||||||
--mount volume=opt-cni,target=/opt/cni \
|
--mount volume=opt-cni,target=/opt/cni \
|
||||||
--mount volume=run,target=/run \
|
--mount volume=run,target=/run \
|
||||||
--mount volume=usr-share-certs,target=/usr/share/ca-certificates \
|
{% for dir in ssl_ca_dirs -%}
|
||||||
|
--mount volume={{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }},target={{ dir }} \
|
||||||
|
{% endfor -%}
|
||||||
--mount volume=var-lib-docker,target=/var/lib/docker \
|
--mount volume=var-lib-docker,target=/var/lib/docker \
|
||||||
--mount volume=var-lib-kubelet,target=/var/lib/kubelet \
|
--mount volume=var-lib-kubelet,target=/var/lib/kubelet \
|
||||||
--mount volume=var-log,target=/var/log \
|
--mount volume=var-log,target=/var/log \
|
||||||
|
|
Loading…
Reference in a new issue