Commit graph

12 commits

Author SHA1 Message Date
Brad Beam
4d9ee730ac Merge pull request #1092 from bradbeam/rkt_docker
Adding flag for docker container in kubelet w/ rkt
2017-06-06 12:58:40 -05:00
Spencer Smith
755c20f2f9 ensure the /etc/os-release is mounted read only 2017-05-01 14:51:40 -04:00
Spencer Smith
f608e9e4f8 add for rkt as well 2017-04-28 17:45:10 -04:00
Matthew Mosesohn
90e8d4c4ea Add /var/lib/cni to kubelet
Necessary to persist this directory for host-local IPAM used by Canal
Add pre-upgrade task to copy /var/lib/cni out of old kubelet.
2017-04-03 19:38:24 +03:00
Brad Beam
a8cfab27fe Adding flag for docker container in kubelet w/ rkt 2017-02-28 07:55:12 -06:00
Brad Beam
a939c53d86 Adding KUBELET_CLOUDPROVIDER to kubelet.rkt.service 2017-02-28 06:29:35 -06:00
Brad Beam
2a3dee5f90 Adding support for proxy w/ rkt kubelet 2017-02-14 08:09:49 -06:00
Sergii Golovatiuk
5494d608e5 Set ssl_ca_dirs for rkt based on fact
Since systemd kubelet.service has {{ ssl_ca_dirs }}, fact should be
gathered before writing kubelet.service.

Closes: #1007
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-13 13:28:29 +01:00
Matthew Mosesohn
be24fab5d0 Revert "Drop linux capabilities and rework users/groups" 2017-02-06 15:58:54 +03:00
Bogdan Dobrelya
48e77cd8bb Drop linux capabilities and rework users/groups
* Drop linux capabilities for unprivileged containerized
  worlkoads Kargo configures for deployments.
* Configure required securityContext/user/group/groups for kube
  components' static manifests, etcd, calico-rr and k8s apps,
  like dnsmasq daemonset.
* Rework cloud-init (etcd) users creation for CoreOS.
* Fix nologin paths, adjust defaults for addusers role and ensure
  supplementary groups membership added for users.
* Add netplug user for network plugins (yet unused by privileged
  networking containers though).
* Grant the kube and netplug users read access for etcd certs via
  the etcd certs group.
* Grant group read access to kube certs via the kube cert group.
* Remove priveleged mode for calico-rr and run it under its uid/gid
  and supplementary etcd_cert group.
* Adjust docs.
* Align cpu/memory limits and dropped caps with added rkt support
  for control plane.

Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-01-20 08:50:42 +01:00
Brad Beam
7420bf584c Adding /opt/cni /etc/cni to rkt run kubelet 2017-01-10 08:48:58 -06:00
Brad Beam
9432a5cd73 Adding kubelet in rkt 2017-01-03 14:49:48 -06:00