From e375678674793722eda2beb01c2988e5e54ad7d0 Mon Sep 17 00:00:00 2001 From: avoidik Date: Tue, 27 Mar 2018 11:13:52 +0300 Subject: [PATCH] Set exact user for Kubelet services --- roles/kubernetes/node/templates/kubelet.docker.service.j2 | 1 + roles/kubernetes/node/templates/kubelet.host.service.j2 | 1 + roles/kubernetes/node/templates/kubelet.rkt.service.j2 | 1 + 3 files changed, 3 insertions(+) diff --git a/roles/kubernetes/node/templates/kubelet.docker.service.j2 b/roles/kubernetes/node/templates/kubelet.docker.service.j2 index fdbdb8969..bba1a5fc4 100644 --- a/roles/kubernetes/node/templates/kubelet.docker.service.j2 +++ b/roles/kubernetes/node/templates/kubelet.docker.service.j2 @@ -5,6 +5,7 @@ After=docker.service Wants=docker.socket [Service] +User=root EnvironmentFile={{kube_config_dir}}/kubelet.env ExecStart={{ bin_dir }}/kubelet \ $KUBE_LOGTOSTDERR \ diff --git a/roles/kubernetes/node/templates/kubelet.host.service.j2 b/roles/kubernetes/node/templates/kubelet.host.service.j2 index 78ba51f70..c7dad4e29 100644 --- a/roles/kubernetes/node/templates/kubelet.host.service.j2 +++ b/roles/kubernetes/node/templates/kubelet.host.service.j2 @@ -5,6 +5,7 @@ After=docker.service Wants=docker.socket [Service] +User=root EnvironmentFile=-{{kube_config_dir}}/kubelet.env {% if kubelet_flexvolumes_plugins_dir is defined %} ExecStartPre=-/bin/mkdir -p {{ kubelet_flexvolumes_plugins_dir }} diff --git a/roles/kubernetes/node/templates/kubelet.rkt.service.j2 b/roles/kubernetes/node/templates/kubelet.rkt.service.j2 index 7e0c2f942..4286d9470 100644 --- a/roles/kubernetes/node/templates/kubelet.rkt.service.j2 +++ b/roles/kubernetes/node/templates/kubelet.rkt.service.j2 @@ -4,6 +4,7 @@ Documentation=https://github.com/GoogleCloudPlatform/kubernetes Wants=network.target [Service] +User=root Restart=on-failure RestartSec=10s TimeoutStartSec=0