c12s-kubespray/roles/kubernetes/node/templates/kubelet.rkt.service.j2
Sergii Golovatiuk aeadaa1184 Set ssl_ca_dirs for rkt based on fact
Since systemd kubelet.service has {{ ssl_ca_dirs }}, fact should be
gathered before writing kubelet.service.

Closes: #1007
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-13 13:28:29 +01:00

68 lines
2.9 KiB
Django/Jinja

[Unit]
Description=Kubernetes Kubelet Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
{% if kube_network_plugin is defined and kube_network_plugin == "calico" %}
After=calico-node.service
Wants=network.target calico-node.service
{% else %}
Wants=network.target
{% endif %}
[Service]
Restart=on-failure
RestartSec=10s
TimeoutStartSec=0
LimitNOFILE=40000
ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/run/kubelet.uuid
ExecStartPre=-/bin/mkdir -p /var/lib/kubelet
EnvironmentFile={{kube_config_dir}}/kubelet.env
# stage1-fly mounts /proc /sys /dev so no need to duplicate the mounts
ExecStart=/usr/bin/rkt run \
--volume dns,kind=host,source=/etc/resolv.conf \
--volume etc-cni,kind=host,source=/etc/cni,readOnly=true \
--volume etc-kubernetes,kind=host,source={{ kube_config_dir }},readOnly=false \
--volume etc-ssl-certs,kind=host,source=/etc/ssl/certs,readOnly=true \
--volume etcd-ssl,kind=host,source={{ etcd_config_dir }},readOnly=true \
--volume opt-cni,kind=host,source=/opt/cni,readOnly=true \
--volume run,kind=host,source=/run,readOnly=false \
{% for dir in ssl_ca_dirs -%}
--volume {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }},kind=host,source={{ dir }},readOnly=true \
{% endfor -%}
--volume var-lib-docker,kind=host,source={{ docker_daemon_graph }},readOnly=false \
--volume var-lib-kubelet,kind=host,source=/var/lib/kubelet,readOnly=false \
--volume var-log,kind=host,source=/var/log \
--mount volume=dns,target=/etc/resolv.conf \
--mount volume=etc-cni,target=/etc/cni \
--mount volume=etc-kubernetes,target={{ kube_config_dir }} \
--mount volume=etc-ssl-certs,target=/etc/ssl/certs \
--mount volume=etcd-ssl,target={{ etcd_config_dir }} \
--mount volume=opt-cni,target=/opt/cni \
--mount volume=run,target=/run \
{% for dir in ssl_ca_dirs -%}
--mount volume={{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }},target={{ dir }} \
{% endfor -%}
--mount volume=var-lib-docker,target=/var/lib/docker \
--mount volume=var-lib-kubelet,target=/var/lib/kubelet \
--mount volume=var-log,target=/var/log \
--stage1-from-dir=stage1-fly.aci \
{{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} \
--uuid-file-save=/var/run/kubelet.uuid \
--debug --exec=/kubelet -- \
$KUBE_LOGTOSTDERR \
$KUBE_LOG_LEVEL \
$KUBELET_API_SERVER \
$KUBELET_ADDRESS \
$KUBELET_PORT \
$KUBELET_HOSTNAME \
$KUBE_ALLOW_PRIV \
$KUBELET_ARGS \
$DOCKER_SOCKET \
$KUBELET_REGISTER_NODE \
$KUBELET_NETWORK_PLUGIN
ExecStop=-/usr/bin/rkt stop --uuid-file=/var/run/kubelet.uuid
[Install]
WantedBy=multi-user.target