Browse Source

dependencies for kubelet.service (#11297)

Signed-off-by: serge Hartmann <serge.hartmann@gmail.com>
pull/11258/head
Serge Hartmann 4 months ago
committed by GitHub
parent
commit
db316a566d
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
3 changed files with 12 additions and 0 deletions
  1. 4
      docs/ansible/vars.md
  2. 3
      roles/kubernetes/node/defaults/main.yml
  3. 5
      roles/kubernetes/node/templates/kubelet.service.j2

4
docs/ansible/vars.md

@ -245,6 +245,10 @@ kubelet_cpu_manager_policy_options:
By default the `kubelet_secure_addresses` is set with the `10.0.0.110` the ansible control host uses `eth0` to connect to the machine. In case you want to use `eth1` as the outgoing interface on which `kube-apiserver` connects to the `kubelet`s, you should override the variable in this way: `kubelet_secure_addresses: "192.168.1.110"`. By default the `kubelet_secure_addresses` is set with the `10.0.0.110` the ansible control host uses `eth0` to connect to the machine. In case you want to use `eth1` as the outgoing interface on which `kube-apiserver` connects to the `kubelet`s, you should override the variable in this way: `kubelet_secure_addresses: "192.168.1.110"`.
* *kubelet_systemd_wants_dependencies* - List of kubelet service dependencies, other than container runtime.
If you use nfs dynamically mounted volumes, sometimes rpc-statd does not start within the kubelet. You can fix it with this parameter : `kubelet_systemd_wants_dependencies: ["rpc-statd.service"]` This will add `Wants=rpc-statd.service` in `[Unit]` section of /etc/systemd/system/kubelet.service
* *node_labels* - Labels applied to nodes via `kubectl label node`. * *node_labels* - Labels applied to nodes via `kubectl label node`.
For example, labels can be set in the inventory as variables or more widely in group_vars. For example, labels can be set in the inventory as variables or more widely in group_vars.
*node_labels* can only be defined as a dict: *node_labels* can only be defined as a dict:

3
roles/kubernetes/node/defaults/main.yml

@ -23,6 +23,9 @@ kubelet_kubelet_cgroups_cgroupfs: "/system.slice/kubelet.service"
# Set systemd service hardening features # Set systemd service hardening features
kubelet_systemd_hardening: false kubelet_systemd_hardening: false
# Kubelet service dependencies other than container runtime
kubelet_systemd_wants_dependencies: []
# List of secure IPs for kubelet # List of secure IPs for kubelet
kube_node_addresses: >- kube_node_addresses: >-
{%- for host in (groups['kube_control_plane'] + groups['kube_node'] + groups['etcd']) | unique -%} {%- for host in (groups['kube_control_plane'] + groups['kube_node'] + groups['etcd']) | unique -%}

5
roles/kubernetes/node/templates/kubelet.service.j2

@ -7,6 +7,11 @@ Wants=docker.socket
{% else %} {% else %}
Wants={{ container_manager }}.service Wants={{ container_manager }}.service
{% endif %} {% endif %}
{% for kubelet_dependency in kubelet_systemd_wants_dependencies|default([]) %}
{% if kubelet_dependency|length > 0 %}
Wants={{ kubelet_dependency }}
{% endif %}
{% endfor %}
[Service] [Service]
EnvironmentFile=-{{ kube_config_dir }}/kubelet.env EnvironmentFile=-{{ kube_config_dir }}/kubelet.env

Loading…
Cancel
Save