diff --git a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml index 6096f52a3..bee09d4a6 100644 --- a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml +++ b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml @@ -154,6 +154,14 @@ k8s_image_pull_policy: IfNotPresent # audit log for kubernetes kubernetes_audit: false +# dynamic kubelet configuration +dynamic_kubelet_configuration: false + +# define kubelet config dir for dynamic kubelet +#kubelet_config_dir: +default_kubelet_config_dir: "{{ kube_config_dir }}/dynamic_kubelet_dir" +dynamic_kubelet_configuration_dir: "{{ kubelet_config_dir | default(default_kubelet_config_dir) }}" + # pod security policy (RBAC must be enabled either by having 'RBAC' in authorization_modes or kubeadm enabled) podsecuritypolicy_enabled: false diff --git a/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2 index 447c382b6..4c729e9ac 100644 --- a/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2 +++ b/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2 @@ -150,3 +150,7 @@ nodeRegistration: {% if container_manager == 'crio' %} criSocket: /var/run/crio/crio.sock {% endif %} +{% if dynamic_kubelet_configuration %} +featureGates: + DynamicKubeletConfig: true +{% endif %} diff --git a/roles/kubernetes/node/tasks/main.yml b/roles/kubernetes/node/tasks/main.yml index 69302915f..03d08bb1a 100644 --- a/roles/kubernetes/node/tasks/main.yml +++ b/roles/kubernetes/node/tasks/main.yml @@ -32,6 +32,13 @@ tags: - kubelet +- name: Make sure dynamic kubelet configuration directory is writeable + file: + path: "{{ dynamic_kubelet_configuration_dir }}" + mode: 0600 + state: directory + when: dynamic_kubelet_configuration + - name: Write kubelet config file (kubeadm) template: src: kubelet.kubeadm.env.j2 diff --git a/roles/kubernetes/node/templates/kubelet.kubeadm.env.j2 b/roles/kubernetes/node/templates/kubelet.kubeadm.env.j2 index 7597fd9ae..0424efdf9 100644 --- a/roles/kubernetes/node/templates/kubelet.kubeadm.env.j2 +++ b/roles/kubernetes/node/templates/kubelet.kubeadm.env.j2 @@ -48,6 +48,9 @@ KUBELET_HOSTNAME="--hostname-override={{ kube_override_hostname }}" {% else %} --fail-swap-on={{ kubelet_fail_swap_on|default(true)}} \ {% endif %} +{% if dynamic_kubelet_configuration %} +--dynamic-config-dir={{ dynamic_kubelet_configuration_dir }} \ +{% endif %} --runtime-cgroups={{ kubelet_runtime_cgroups }} --kubelet-cgroups={{ kubelet_kubelet_cgroups }} \ {% endset %} diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml index d3e563935..b41134323 100644 --- a/roles/kubespray-defaults/defaults/main.yaml +++ b/roles/kubespray-defaults/defaults/main.yaml @@ -136,6 +136,14 @@ kube_apiserver_port: 6443 kube_apiserver_insecure_bind_address: 127.0.0.1 kube_apiserver_insecure_port: 8080 +# dynamic kubelet configuration +dynamic_kubelet_configuration: false + +# define kubelet config dir for dynamic kubelet +#kubelet_config_dir: +default_kubelet_config_dir: "{{ kube_config_dir }}/dynamic_kubelet_dir" +dynamic_kubelet_configuration_dir: "{{ kubelet_config_dir | default(default_kubelet_config_dir) }}" + # Aggregator kube_api_aggregator_routing: false diff --git a/tests/files/gce_centos-weave-kubeadm.yml b/tests/files/gce_centos-weave-kubeadm.yml index 199fa437c..24183eb6e 100644 --- a/tests/files/gce_centos-weave-kubeadm.yml +++ b/tests/files/gce_centos-weave-kubeadm.yml @@ -10,5 +10,6 @@ kube_network_plugin: weave kubeadm_enabled: true deploy_netchecker: true kubernetes_audit: true +dynamic_kubelet_configuration: true kubedns_min_replicas: 1 cloud_provider: gce