easzlab
/
kubeasz
mirror of https://github.com/easzlab/kubeasz.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

添加kubelet根目录

pull/317/head
lusyoe 2018-08-29 22:16:50 +08:00 committed by jmgao
parent 36d1034600
commit 2b4d92a07a
2 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
roles/kube-node/defaults/main.yml
View File

@ -1,3 +1,5 @@
# 默认使用kube-proxy的 'iptables' 模式,可选 'ipvs' 模式(experimental) # 默认使用kube-proxy的 'iptables' 模式,可选 'ipvs' 模式(experimental)
PROXY_MODE: "iptables" PROXY_MODE: "iptables"
# Kubelet 根目录
KUBELET_ROOT_DIR: "/var/lib/kubelet"

1
roles/kube-node/templates/kubelet.service.j2
View File

@ -25,6 +25,7 @@ ExecStart={{ bin_dir }}/kubelet \
--fail-swap-on=false \ --fail-swap-on=false \
--anonymous-auth=false \ --anonymous-auth=false \
--logtostderr=true \ --logtostderr=true \
--root-dir={{ KUBELET_ROOT_DIR }} \
--v=2 --v=2
#kubelet cAdvisor 默认在所有接口监听 4194 端口的请求, 以下iptables限制内网访问 #kubelet cAdvisor 默认在所有接口监听 4194 端口的请求, 以下iptables限制内网访问
ExecStartPost=/sbin/iptables -A INPUT -s 10.0.0.0/8 -p tcp --dport 4194 -j ACCEPT ExecStartPost=/sbin/iptables -A INPUT -s 10.0.0.0/8 -p tcp --dport 4194 -j ACCEPT