Browse Source

Merge pull request #1015 from holser/rkt_ssl_ca_dirs

Set ssl_ca_dirs for rkt based on fact
pull/1027/head
Matthew Mosesohn 7 years ago
committed by GitHub
parent
commit
bb6415ddc4
2 changed files with 11 additions and 7 deletions
  1. 8
      roles/kubernetes/node/tasks/install.yml
  2. 10
      roles/kubernetes/node/templates/kubelet.rkt.service.j2

8
roles/kubernetes/node/tasks/install.yml

@ -21,10 +21,6 @@
path: /var/lib/kubelet path: /var/lib/kubelet
when: kubelet_deployment_type == "rkt" when: kubelet_deployment_type == "rkt"
- name: install | Write kubelet systemd init file
template: "src=kubelet.{{ kubelet_deployment_type }}.service.j2 dest=/etc/systemd/system/kubelet.service backup=yes"
notify: restart kubelet
- name: install | Set SSL CA directories - name: install | Set SSL CA directories
set_fact: set_fact:
ssl_ca_dirs: "[ ssl_ca_dirs: "[
@ -39,6 +35,10 @@
]" ]"
tags: facts tags: facts
- name: install | Write kubelet systemd init file
template: "src=kubelet.{{ kubelet_deployment_type }}.service.j2 dest=/etc/systemd/system/kubelet.service backup=yes"
notify: restart kubelet
- name: install | Install kubelet launch script - name: install | Install kubelet launch script
template: src=kubelet-container.j2 dest="{{ bin_dir }}/kubelet" owner=kube mode=0755 backup=yes template: src=kubelet-container.j2 dest="{{ bin_dir }}/kubelet" owner=kube mode=0755 backup=yes
notify: restart kubelet notify: restart kubelet

10
roles/kubernetes/node/templates/kubelet.rkt.service.j2

@ -27,9 +27,11 @@ ExecStart=/usr/bin/rkt run \
--volume etcd-ssl,kind=host,source={{ etcd_config_dir }},readOnly=true \ --volume etcd-ssl,kind=host,source={{ etcd_config_dir }},readOnly=true \
--volume opt-cni,kind=host,source=/opt/cni,readOnly=true \ --volume opt-cni,kind=host,source=/opt/cni,readOnly=true \
--volume run,kind=host,source=/run,readOnly=false \ --volume run,kind=host,source=/run,readOnly=false \
--volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \
{% for dir in ssl_ca_dirs -%}
--volume {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }},kind=host,source={{ dir }},readOnly=true \
{% endfor -%}
--volume var-lib-docker,kind=host,source={{ docker_daemon_graph }},readOnly=false \ --volume var-lib-docker,kind=host,source={{ docker_daemon_graph }},readOnly=false \
--volume var-lib-kubelet,kind=host,source=/var/lib/kubelet,readOnly=false \
--volume var-lib-kubelet,kind=host,source=/var/lib/kubelet,readOnly=false \
--volume var-log,kind=host,source=/var/log \ --volume var-log,kind=host,source=/var/log \
--mount volume=dns,target=/etc/resolv.conf \ --mount volume=dns,target=/etc/resolv.conf \
--mount volume=etc-cni,target=/etc/cni \ --mount volume=etc-cni,target=/etc/cni \
@ -38,7 +40,9 @@ ExecStart=/usr/bin/rkt run \
--mount volume=etcd-ssl,target={{ etcd_config_dir }} \ --mount volume=etcd-ssl,target={{ etcd_config_dir }} \
--mount volume=opt-cni,target=/opt/cni \ --mount volume=opt-cni,target=/opt/cni \
--mount volume=run,target=/run \ --mount volume=run,target=/run \
--mount volume=usr-share-certs,target=/usr/share/ca-certificates \
{% for dir in ssl_ca_dirs -%}
--mount volume={{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }},target={{ dir }} \
{% endfor -%}
--mount volume=var-lib-docker,target=/var/lib/docker \ --mount volume=var-lib-docker,target=/var/lib/docker \
--mount volume=var-lib-kubelet,target=/var/lib/kubelet \ --mount volume=var-lib-kubelet,target=/var/lib/kubelet \
--mount volume=var-log,target=/var/log \ --mount volume=var-log,target=/var/log \

Loading…
Cancel
Save