From 283c4169ac8cd3311779a52f3e63009ed54f4f3c Mon Sep 17 00:00:00 2001 From: Smaine Kahlouch Date: Fri, 22 Jan 2016 14:25:33 +0100 Subject: [PATCH] run apiserver as a service reorder master handlers typo for sysvinit --- roles/download/defaults/main.yml | 8 ++ roles/etcd/tasks/configure.yml | 2 +- roles/kubernetes/master/handlers/main.yml | 17 ++- .../master/tasks/gen_kube_tokens.yml | 24 ++++ roles/kubernetes/master/tasks/main.yml | 71 ++++++++--- .../templates/deb-kube-apiserver.initd.j2 | 118 ++++++++++++++++++ .../master/templates/kube-apiserver.j2 | 44 +++++++ .../templates/kube-apiserver.service.j2 | 28 +++++ roles/kubernetes/node/defaults/main.yml | 3 + roles/kubernetes/node/handlers/main.yml | 8 +- .../node/tasks/gen_calico_tokens.yml | 27 ++++ roles/kubernetes/node/tasks/gen_tokens.yml | 48 ------- roles/kubernetes/node/tasks/install.yml | 3 - roles/kubernetes/node/tasks/main.yml | 34 +++-- roles/kubernetes/node/tasks/secrets.yml | 2 +- .../node/templates/deb-kubelet.initd.j2 | 2 +- roles/kubernetes/node/templates/kubelet.j2 | 10 +- .../node/templates/kubelet.service.j2 | 2 +- .../node/templates/rh-kubelet.initd.j2 | 2 +- 19 files changed, 365 insertions(+), 88 deletions(-) create mode 100644 roles/kubernetes/master/tasks/gen_kube_tokens.yml create mode 100644 roles/kubernetes/master/templates/deb-kube-apiserver.initd.j2 create mode 100644 roles/kubernetes/master/templates/kube-apiserver.j2 create mode 100644 roles/kubernetes/master/templates/kube-apiserver.service.j2 create mode 100644 roles/kubernetes/node/tasks/gen_calico_tokens.yml delete mode 100644 roles/kubernetes/node/tasks/gen_tokens.yml diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index 4598e0156..e5e81e188 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -19,6 +19,7 @@ calico_plugin_checksum: "032f582f5eeec6fb26191d2fbcbf8bca4da3b14abb579db7baa7b35 etcd_checksum: "6c4e5cdeaaac1a70b8f06b5dd6b82c37ff19993c9bca81248975610e555c4b9b" kubectl_checksum: "873ba19926d17a3287dc8639ea1434fe3cd0cb4e61d82101ba754922cfc7a633" kubelet_checksum: "f2d1eae3fa6e304f6cbc9b2621e4b86fc3bcb4e74a15d35f58bf00e45c706e0a" +kube_apiserver_checksum: "bb3814c4df65f1587a3650140437392ce3fb4b64f51d459457456691c99f1202" downloads: - name: calico @@ -56,3 +57,10 @@ downloads: url: "{{ kube_download_url }}/kubectl" owner: "kube" mode: "0755" + + - name: kubernetes-apiserver + dest: kubernetes/bin/kube-apiserver + sha256: "{{kube_apiserver_checksum}}" + url: "{{ kube_download_url }}/kube-apiserver" + owner: "kube" + mode: "0755" diff --git a/roles/etcd/tasks/configure.yml b/roles/etcd/tasks/configure.yml index ab3a5052d..c4cf496bf 100644 --- a/roles/etcd/tasks/configure.yml +++ b/roles/etcd/tasks/configure.yml @@ -17,7 +17,7 @@ when: init_system == "sysvinit" and ansible_os_family == "Debian" notify: restart etcd -- name: Configure | Create etcd environment vars file +- name: Configure | Create etcd config file template: src: etcd.j2 dest: /etc/etcd.env diff --git a/roles/kubernetes/master/handlers/main.yml b/roles/kubernetes/master/handlers/main.yml index 22af48901..048c3801f 100644 --- a/roles/kubernetes/master/handlers/main.yml +++ b/roles/kubernetes/master/handlers/main.yml @@ -1,14 +1,25 @@ --- -- name: reload systemd - command: systemctl daemon-reload - - name: restart systemd-kubelet command: /bin/true notify: - reload systemd - restart kubelet +- name: restart systemd-kube-apiserver + command: /bin/true + notify: + - reload systemd + - restart kube-apiserver + +- name: reload systemd + command: systemctl daemon-reload + - name: restart kubelet service: name: kubelet state: restarted + +- name: restart kube-apiserver + service: + name: kube-apiserver + state: restarted diff --git a/roles/kubernetes/master/tasks/gen_kube_tokens.yml b/roles/kubernetes/master/tasks/gen_kube_tokens.yml new file mode 100644 index 000000000..43726a46d --- /dev/null +++ b/roles/kubernetes/master/tasks/gen_kube_tokens.yml @@ -0,0 +1,24 @@ +--- +- name: tokens | generate tokens for master components + command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}" + environment: + TOKEN_DIR: "{{ kube_token_dir }}" + with_nested: + - [ "system:kubectl" ] + - "{{ groups['kube-master'] }}" + register: gentoken_master + changed_when: "'Added' in gentoken_master.stdout" + when: inventory_hostname == groups['kube-master'][0] + notify: restart kube-apiserver + +- name: tokens | generate tokens for node components + command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}" + environment: + TOKEN_DIR: "{{ kube_token_dir }}" + with_nested: + - [ 'system:kubelet' ] + - "{{ groups['kube-node'] }}" + register: gentoken_node + changed_when: "'Added' in gentoken_node.stdout" + when: inventory_hostname == groups['kube-master'][0] + notify: restart kube-apiserver diff --git a/roles/kubernetes/master/tasks/main.yml b/roles/kubernetes/master/tasks/main.yml index 3543ded91..d5f2d8ca8 100644 --- a/roles/kubernetes/master/tasks/main.yml +++ b/roles/kubernetes/master/tasks/main.yml @@ -1,13 +1,18 @@ --- +- include: gen_kube_tokens.yml + tags: tokens + - name: Copy kubectl bash completion copy: src: kubectl_bash_completion.sh dest: /etc/bash_completion.d/kubectl.sh -- name: Install kubectl binary - command: cp -pf "{{ local_release_dir }}/kubernetes/bin/kubectl" "{{ bin_dir }}/kubectl" +- name: Install kubernetes binaries + command: cp -pf "{{ local_release_dir }}/kubernetes/bin/{{ item }}" "{{ bin_dir }}/{{ item }}" changed_when: false - notify: restart kubelet + with_items: + - kubectl + - kube-apiserver - name: populate users for basic auth in API lineinfile: @@ -16,6 +21,7 @@ line: '{{ item.value.pass }},{{ item.key }},{{ item.value.role }}' backup: yes with_dict: "{{ kube_users }}" + notify: restart kube-apiserver # Sync masters - name: synchronize auth directories for masters @@ -33,21 +39,48 @@ delegate_to: "{{ groups['kube-master'][0] }}" when: inventory_hostname != "{{ groups['kube-master'][0] }}" -# Write manifests -- name: Write kube-apiserver manifest +- name: install | Write kube-apiserver systemd init file template: - src: manifests/kube-apiserver.manifest.j2 - dest: "{{ kube_manifest_dir }}/kube-apisever.manifest" - notify: restart kubelet + src: "kube-apiserver.service.j2" + dest: "/etc/systemd/system/kube-apiserver.service" + backup: yes + when: init_system == "systemd" + notify: restart systemd-kube-apiserver -- meta: flush_handlers +- name: install | Write kube-apiserver initd script + template: + src: "deb-kube-apiserver.initd.j2" + dest: "/etc/init.d/kube-apiserver" + owner: root + mode: 755 + backup: yes + when: init_system == "sysvinit" and ansible_os_family == "Debian" + notify: restart kube-apiserver -- name: wait for the apiserver to be running (pulling image and running container) - wait_for: - port: "{{kube_apiserver_insecure_port}}" - delay: 10 - timeout: 60 +- name: Allow apiserver to bind on both secure and insecure ports + shell: setcap cap_net_bind_service+ep {{ bin_dir }}/kube-apiserver + changed_when: false +- name: Write kube-apiserver config file + template: + src: "kube-apiserver.j2" + dest: "{{ kube_config_dir }}/kube-apiserver.env" + backup: yes + notify: restart kube-apiserver + +# restart apiserver if calico tokens list has changed +- name: Reload tokens (restart apiserver) + command: /bin/true + notify: restart kube-apiserver + changed_when: is_gentoken_calico|default(false) + +- name: Enable apiserver + service: + name: kube-apiserver + enabled: yes + state: started + +# Create kube-system namespace - name: copy 'kube-system' namespace manifest copy: src=namespace.yml dest=/etc/kubernetes/kube-system-ns.yml run_once: yes @@ -60,12 +93,18 @@ ignore_errors: yes run_once: yes +- name: wait for the apiserver to be running + wait_for: + port: "{{kube_apiserver_insecure_port}}" + delay: 10 + timeout: 60 + - name: Create 'kube-system' namespace command: kubectl create -f /etc/kubernetes/kube-system-ns.yml - when: kubesystem|failed changed_when: False - run_once: yes + when: kubesystem|failed and inventory_hostname == groups['kube-master'][0] +# Write manifests - name: Write kube-controller-manager manifest template: src: manifests/kube-controller-manager.manifest.j2 diff --git a/roles/kubernetes/master/templates/deb-kube-apiserver.initd.j2 b/roles/kubernetes/master/templates/deb-kube-apiserver.initd.j2 new file mode 100644 index 000000000..576c70128 --- /dev/null +++ b/roles/kubernetes/master/templates/deb-kube-apiserver.initd.j2 @@ -0,0 +1,118 @@ +#!/bin/bash +# +### BEGIN INIT INFO +# Provides: kube-apiserver +# Required-Start: $local_fs $network $syslog +# Required-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: The Kubernetes apiserver +# Description: +# The Kubernetes apiserver. +### END INIT INFO + + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="The Kubernetes apiserver" +NAME=kube-apiserver +DAEMON={{ bin_dir }}/kube-apiserver +DAEMON_LOG_FILE=/var/log/$NAME.log +PIDFILE=/var/run/$NAME.pid +SCRIPTNAME=/etc/init.d/$NAME +DAEMON_USER=root + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/kubernetes/$NAME.env ] && . /etc/kubernetes/$NAME.env + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.2-14) to ensure that this file is present +# and status_of_proc is working. +. /lib/lsb/init-functions + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --background --no-close \ + --make-pidfile --pidfile $PIDFILE \ + --exec $DAEMON -c $DAEMON_USER --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --background --no-close \ + --make-pidfile --pidfile $PIDFILE \ + --exec $DAEMON -c $DAEMON_USER -- \ + $DAEMON_ARGS >> $DAEMON_LOG_FILE 2>&1 \ + || return 2 +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + + +case "$1" in + start) + log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) log_end_msg 0 || exit 0 ;; + 2) log_end_msg 1 || exit 1 ;; + esac + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) log_end_msg 0 ;; + 2) exit 1 ;; + esac + ;; + status) + status_of_proc -p $PIDFILE "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + + restart|force-reload) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 + exit 3 + ;; +esac diff --git a/roles/kubernetes/master/templates/kube-apiserver.j2 b/roles/kubernetes/master/templates/kube-apiserver.j2 new file mode 100644 index 000000000..3dabca551 --- /dev/null +++ b/roles/kubernetes/master/templates/kube-apiserver.j2 @@ -0,0 +1,44 @@ +### +# kubernetes system config +# +# The following values are used to configure the kube-apiserver + +{% if init_system == "sysvinit" %} +# Logging directory +KUBE_LOGGING="--log-dir={{ kube_log_dir }} --logtostderr=true" +{% else %} +# logging to stderr means we get it in the systemd journal +KUBE_LOGGING="--logtostderr=true" +{% endif %} + +# Apiserver Log level, 0 is debug +KUBE_LOG_LEVEL="{{ kube_log_level | default('--v=2') }}" + +# Should this cluster be allowed to run privileged docker containers +KUBE_ALLOW_PRIV="--allow_privileged=true" + +# The port on the local server to listen on. +KUBE_API_PORT="--insecure-port={{kube_apiserver_insecure_port}} --secure-port={{ kube_apiserver_port }}" + +# Address range to use for services +KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range={{ kube_service_addresses }}" + +# Location of the etcd cluster +KUBE_ETCD_SERVERS="--etcd_servers={% for host in groups['etcd'] %}http://{{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}:2379{% if not loop.last %},{% endif %}{% endfor %}" + +# default admission control policies +KUBE_ADMISSION_CONTROL="--admission_control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota" + +# RUNTIME API CONFIGURATION (e.g. enable extensions) +KUBE_RUNTIME_CONFIG="{% if kube_api_runtime_config is defined %}{% for conf in kube_api_runtime_config %}--runtime-config={{ conf }} {% endfor %}{% endif %}" + +# TLS CONFIGURATION +KUBE_TLS_CONFIG="--tls_cert_file={{ kube_cert_dir }}/apiserver.pem --tls_private_key_file={{ kube_cert_dir }}/apiserver-key.pem --client_ca_file={{ kube_cert_dir }}/ca.pem" + +# Add you own! +KUBE_API_ARGS="--token_auth_file={{ kube_token_dir }}/known_tokens.csv --basic-auth-file={{ kube_users_dir }}/known_users.csv --service_account_key_file={{ kube_cert_dir }}/apiserver-key.pem" + +{% if init_system == "sysvinit" %} +DAEMON_ARGS="$KUBE_LOGGING $KUBE_LOG_LEVEL $KUBE_ALLOW_PRIV $KUBE_API_PORT $KUBE_SERVICE_ADDRESSES \ +$KUBE_ETCD_SERVERS $KUBE_ADMISSION_CONTROL $KUBE_RUNTIME_CONFIG $KUBE_TLS_CONFIG $KUBE_API_ARGS" +{% endif %} diff --git a/roles/kubernetes/master/templates/kube-apiserver.service.j2 b/roles/kubernetes/master/templates/kube-apiserver.service.j2 new file mode 100644 index 000000000..9e8bffe71 --- /dev/null +++ b/roles/kubernetes/master/templates/kube-apiserver.service.j2 @@ -0,0 +1,28 @@ +[Unit] +Description=Kubernetes API Server +Documentation=https://github.com/GoogleCloudPlatform/kubernetes +Requires=kube-apiserver.service +After=kube-apiserver.service + +[Service] +EnvironmentFile=/etc/kubernetes/kube-apiserver.env +User=kube +ExecStart={{ bin_dir }}/kube-apiserver \ + $KUBE_LOGTOSTDERR \ + $KUBE_LOG_LEVEL \ + $KUBE_ETCD_SERVERS \ + $KUBE_API_ADDRESS \ + $KUBE_API_PORT \ + $KUBELET_PORT \ + $KUBE_ALLOW_PRIV \ + $KUBE_SERVICE_ADDRESSES \ + $KUBE_ADMISSION_CONTROL \ + $KUBE_RUNTIME_CONFIG \ + $KUBE_TLS_CONFIG \ + $KUBE_API_ARGS +Restart=on-failure +Type=notify +LimitNOFILE=65536 + +[Install] +WantedBy=multi-user.target diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml index 24ac9732d..cbbddf8e5 100644 --- a/roles/kubernetes/node/defaults/main.yml +++ b/roles/kubernetes/node/defaults/main.yml @@ -24,6 +24,9 @@ kube_users_dir: "{{ kube_config_dir }}/users" # pods on startup kube_manifest_dir: "{{ kube_config_dir }}/manifests" +# Logging directory (sysvinit systems) +kube_log_dir: "/var/log/kubernetes" + dns_domain: "{{ cluster_name }}" kube_proxy_mode: userspace diff --git a/roles/kubernetes/node/handlers/main.yml b/roles/kubernetes/node/handlers/main.yml index 268715e59..e0b39d599 100644 --- a/roles/kubernetes/node/handlers/main.yml +++ b/roles/kubernetes/node/handlers/main.yml @@ -1,12 +1,16 @@ --- +- name: reload systemd + command: systemctl daemon-reload + - name: restart systemd-kubelet command: /bin/true notify: - reload systemd - restart kubelet -- name: reload systemd - command: systemctl daemon-reload +- name: set is_gentoken_calico fact + set_fact: + is_gentoken_calico: true - name: restart kubelet service: diff --git a/roles/kubernetes/node/tasks/gen_calico_tokens.yml b/roles/kubernetes/node/tasks/gen_calico_tokens.yml new file mode 100644 index 000000000..c9a4f2955 --- /dev/null +++ b/roles/kubernetes/node/tasks/gen_calico_tokens.yml @@ -0,0 +1,27 @@ +--- +- name: tokens | copy the token gen script + copy: + src=kube-gen-token.sh + dest={{ kube_script_dir }} + mode=u+x + when: inventory_hostname == groups['kube-master'][0] + +- name: tokens | generate tokens for calico + command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}" + environment: + TOKEN_DIR: "{{ kube_token_dir }}" + with_nested: + - [ "system:calico" ] + - "{{ groups['k8s-cluster'] }}" + register: gentoken_calico + changed_when: "'Added' in gentoken_calico.stdout" + when: kube_network_plugin == "calico" + delegate_to: "{{ groups['kube-master'][0] }}" + notify: set is_gentoken_calico fact + +- name: tokens | get the calico token values + slurp: + src: "{{ kube_token_dir }}/system:calico-{{ inventory_hostname }}.token" + register: calico_token + when: kube_network_plugin == "calico" + delegate_to: "{{ groups['kube-master'][0] }}" diff --git a/roles/kubernetes/node/tasks/gen_tokens.yml b/roles/kubernetes/node/tasks/gen_tokens.yml deleted file mode 100644 index 4a60ac254..000000000 --- a/roles/kubernetes/node/tasks/gen_tokens.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- -- name: tokens | copy the token gen script - copy: - src=kube-gen-token.sh - dest={{ kube_script_dir }} - mode=u+x - when: inventory_hostname == groups['kube-master'][0] - -- name: tokens | generate tokens for master components - command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}" - environment: - TOKEN_DIR: "{{ kube_token_dir }}" - with_nested: - - [ "system:kubectl" ] - - "{{ groups['kube-master'] }}" - register: gentoken - changed_when: "'Added' in gentoken.stdout" - when: inventory_hostname == groups['kube-master'][0] - -- name: tokens | generate tokens for node components - command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}" - environment: - TOKEN_DIR: "{{ kube_token_dir }}" - with_nested: - - [ 'system:kubelet' ] - - "{{ groups['kube-node'] }}" - register: gentoken - changed_when: "'Added' in gentoken.stdout" - when: inventory_hostname == groups['kube-master'][0] - -- name: tokens | generate tokens for calico - command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}" - environment: - TOKEN_DIR: "{{ kube_token_dir }}" - with_nested: - - [ "system:calico" ] - - "{{ groups['k8s-cluster'] }}" - register: gentoken - changed_when: "'Added' in gentoken.stdout" - when: kube_network_plugin == "calico" - delegate_to: "{{ groups['kube-master'][0] }}" - -- name: tokens | get the calico token values - slurp: - src: "{{ kube_token_dir }}/system:calico-{{ inventory_hostname }}.token" - register: calico_token - when: kube_network_plugin == "calico" - delegate_to: "{{ groups['kube-master'][0] }}" diff --git a/roles/kubernetes/node/tasks/install.yml b/roles/kubernetes/node/tasks/install.yml index 9017003b2..b31ad6c6a 100644 --- a/roles/kubernetes/node/tasks/install.yml +++ b/roles/kubernetes/node/tasks/install.yml @@ -1,7 +1,4 @@ --- -- debug: msg="{{init_system == "systemd"}}" -- debug: msg="{{init_system}}" - - name: install | Write kubelet systemd init file template: src=kubelet.service.j2 dest=/etc/systemd/system/kubelet.service backup=yes when: init_system == "systemd" diff --git a/roles/kubernetes/node/tasks/main.yml b/roles/kubernetes/node/tasks/main.yml index e34284352..e41193585 100644 --- a/roles/kubernetes/node/tasks/main.yml +++ b/roles/kubernetes/node/tasks/main.yml @@ -1,12 +1,28 @@ --- -- name: create kubernetes config directory - file: path={{ kube_config_dir }} state=directory - -- name: create kubernetes script directory - file: path={{ kube_script_dir }} state=directory - -- name: Make sure manifest directory exists - file: path={{ kube_manifest_dir }} state=directory +- name: Create kubernetes config directory + file: + path: "{{ kube_config_dir }}" + state: directory + owner: kube + +- name: Create kubernetes script directory + file: + path: "{{ kube_script_dir }}" + state: directory + owner: kube + +- name: Create kubernetes manifests directory + file: + path: "{{ kube_manifest_dir }}" + state: directory + owner: kube + +- name: Create kubernetes logs directory + file: + path: "{{ kube_log_dir }}" + state: directory + owner: kube + when: init_system == "sysvinit" - include: secrets.yml tags: @@ -15,7 +31,7 @@ - include: install.yml - name: Write kubelet config file - template: src=kubelet.j2 dest={{ kube_config_dir }}/kubelet backup=yes + template: src=kubelet.j2 dest={{ kube_config_dir }}/kubelet.env backup=yes notify: - restart kubelet diff --git a/roles/kubernetes/node/tasks/secrets.yml b/roles/kubernetes/node/tasks/secrets.yml index e448d6f2e..8a2997ca5 100644 --- a/roles/kubernetes/node/tasks/secrets.yml +++ b/roles/kubernetes/node/tasks/secrets.yml @@ -16,7 +16,7 @@ - include: gen_certs.yml when: inventory_hostname == groups['kube-master'][0] -- include: gen_tokens.yml +- include: gen_calico_tokens.yml # Sync certs between nodes - name: Secrets | create user diff --git a/roles/kubernetes/node/templates/deb-kubelet.initd.j2 b/roles/kubernetes/node/templates/deb-kubelet.initd.j2 index 4f823ca76..65fd537f0 100644 --- a/roles/kubernetes/node/templates/deb-kubelet.initd.j2 +++ b/roles/kubernetes/node/templates/deb-kubelet.initd.j2 @@ -27,7 +27,7 @@ DAEMON_USER=root [ -x "$DAEMON" ] || exit 0 # Read configuration variable file if it is present -[ -r /etc/kubernetes/$NAME ] && . /etc/kubernetes/$NAME +[ -r /etc/kubernetes/$NAME.env ] && . /etc/kubernetes/$NAME.env # Define LSB log_* functions. # Depend on lsb-base (>= 3.2-14) to ensure that this file is present diff --git a/roles/kubernetes/node/templates/kubelet.j2 b/roles/kubernetes/node/templates/kubelet.j2 index 38d5166e7..04a0a6c31 100644 --- a/roles/kubernetes/node/templates/kubelet.j2 +++ b/roles/kubernetes/node/templates/kubelet.j2 @@ -1,4 +1,10 @@ -KUBE_LOGTOSTDERR="--logtostderr=true" +{% if init_system == "sysvinit" %} +# Logging directory +KUBE_LOGGING="--log-dir={{ kube_log_dir }} --logtostderr=true" +{% else %} +# logging to stderr means we get it in the systemd journal +KUBE_LOGGING="--logtostderr=true" +{% endif %} KUBE_LOG_LEVEL="--v={{ kube_log_level | default('2') }}" KUBE_ALLOW_PRIV="--allow_privileged=true" KUBELET_API_SERVER="--api_servers={% for host in groups['kube-master'] %}https://{{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}:{{ kube_apiserver_port }}{% if not loop.last %},{% endif %}{% endfor %}" @@ -23,6 +29,6 @@ KUBELET_NETWORK_PLUGIN="--network_plugin={{ kube_network_plugin }}" # Should this cluster be allowed to run privileged docker containers KUBE_ALLOW_PRIV="--allow_privileged=true" {% if init_system == "sysvinit" %} -DAEMON_ARGS="$KUBE_LOGTOSTDERR $KUBE_LOG_LEVEL $KUBE_ALLOW_PRIV $KUBELET_API_SERVER $KUBELET_ADDRESS \ +DAEMON_ARGS="$KUBE_LOGGING $KUBE_LOG_LEVEL $KUBE_ALLOW_PRIV $KUBELET_API_SERVER $KUBELET_ADDRESS \ $KUBELET_HOSTNAME $KUBELET_REGISTER_NODE $KUBELET_ARGS $KUBELET_ARGS $KUBELET_NETWORK_PLUGIN" {% endif %} diff --git a/roles/kubernetes/node/templates/kubelet.service.j2 b/roles/kubernetes/node/templates/kubelet.service.j2 index c6fb53e4a..13e9c6506 100644 --- a/roles/kubernetes/node/templates/kubelet.service.j2 +++ b/roles/kubernetes/node/templates/kubelet.service.j2 @@ -8,7 +8,7 @@ After=docker.service {% endif %} [Service] -EnvironmentFile=/etc/kubernetes/kubelet +EnvironmentFile=/etc/kubernetes/kubelet.env ExecStart={{ bin_dir }}/kubelet \ $KUBE_LOGTOSTDERR \ $KUBE_LOG_LEVEL \ diff --git a/roles/kubernetes/node/templates/rh-kubelet.initd.j2 b/roles/kubernetes/node/templates/rh-kubelet.initd.j2 index 95666afde..5a709e118 100644 --- a/roles/kubernetes/node/templates/rh-kubelet.initd.j2 +++ b/roles/kubernetes/node/templates/rh-kubelet.initd.j2 @@ -27,7 +27,7 @@ pidfile="/var/run/$prog.pid" lockfile="/var/lock/subsys/$prog" logfile="/var/log/$prog" -[ -e /etc/kubernetes/$prog ] && . /etc/kubernetes/$prog +[ -e /etc/kubernetes/$prog.env ] && . /etc/kubernetes/$prog.env start() { if [ ! -x $exec ]; then