2016-12-21 07:00:46 +08:00
|
|
|
[Unit]
|
|
|
|
Description=Kubernetes Kubelet Server
|
|
|
|
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
|
|
|
|
Wants=network.target
|
|
|
|
|
|
|
|
[Service]
|
2018-03-27 16:13:52 +08:00
|
|
|
User=root
|
2016-12-21 07:00:46 +08:00
|
|
|
Restart=on-failure
|
|
|
|
RestartSec=10s
|
|
|
|
TimeoutStartSec=0
|
|
|
|
LimitNOFILE=40000
|
|
|
|
|
|
|
|
ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/run/kubelet.uuid
|
|
|
|
ExecStartPre=-/bin/mkdir -p /var/lib/kubelet
|
2018-01-06 00:56:36 +08:00
|
|
|
ExecStartPre=-/bin/mkdir -p {{ kubelet_flexvolumes_plugins_dir }}
|
|
|
|
|
2016-12-21 07:00:46 +08:00
|
|
|
EnvironmentFile={{kube_config_dir}}/kubelet.env
|
|
|
|
# stage1-fly mounts /proc /sys /dev so no need to duplicate the mounts
|
|
|
|
ExecStart=/usr/bin/rkt run \
|
2017-11-13 22:04:13 +08:00
|
|
|
{% if kubelet_load_modules == true %}
|
|
|
|
--volume lib-modules,kind=host,source=/lib/modules \
|
|
|
|
{% endif %}
|
2017-05-02 02:51:40 +08:00
|
|
|
--volume os-release,kind=host,source=/etc/os-release,readOnly=true \
|
2017-10-06 23:17:34 +08:00
|
|
|
--volume hosts,kind=host,source=/etc/hosts,readOnly=true \
|
2016-12-21 07:00:46 +08:00
|
|
|
--volume dns,kind=host,source=/etc/resolv.conf \
|
|
|
|
--volume etc-kubernetes,kind=host,source={{ kube_config_dir }},readOnly=false \
|
|
|
|
--volume etc-ssl-certs,kind=host,source=/etc/ssl/certs,readOnly=true \
|
2017-01-10 12:54:01 +08:00
|
|
|
--volume etcd-ssl,kind=host,source={{ etcd_config_dir }},readOnly=true \
|
|
|
|
--volume run,kind=host,source=/run,readOnly=false \
|
2017-02-10 19:50:26 +08:00
|
|
|
{% for dir in ssl_ca_dirs -%}
|
|
|
|
--volume {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }},kind=host,source={{ dir }},readOnly=true \
|
|
|
|
{% endfor -%}
|
2016-12-21 07:00:46 +08:00
|
|
|
--volume var-lib-docker,kind=host,source={{ docker_daemon_graph }},readOnly=false \
|
2017-07-12 22:28:54 +08:00
|
|
|
--volume var-lib-kubelet,kind=host,source=/var/lib/kubelet,readOnly=false,recursive=true \
|
2017-01-10 12:54:01 +08:00
|
|
|
--volume var-log,kind=host,source=/var/log \
|
2018-10-16 22:15:05 +08:00
|
|
|
{% if kube_network_plugin in ["calico", "weave", "canal", "flannel", "contiv", "cilium", "kube-router"] %}
|
2017-02-10 13:34:43 +08:00
|
|
|
--volume etc-cni,kind=host,source=/etc/cni,readOnly=true \
|
|
|
|
--volume opt-cni,kind=host,source=/opt/cni,readOnly=true \
|
2017-04-03 21:50:17 +08:00
|
|
|
--volume var-lib-cni,kind=host,source=/var/lib/cni,readOnly=false \
|
2018-08-23 22:17:18 +08:00
|
|
|
{% endif %}
|
|
|
|
{% if kube_network_plugin in ["calico", "canal"] %}
|
|
|
|
--volume var-lib-calico,kind=host,source=/var/lib/calico,readOnly=false \
|
|
|
|
{% endif %}
|
2018-04-10 22:19:25 +08:00
|
|
|
{# we can run into issues with double mounting /var/lib/kubelet #}
|
|
|
|
{# surely there's a better way to do this #}
|
|
|
|
{% if '/var/lib/kubelet' not in kubelet_flexvolumes_plugins_dir %}
|
2018-01-06 00:56:36 +08:00
|
|
|
--volume flexvolumes,kind=host,source={{ kubelet_flexvolumes_plugins_dir }},readOnly=false \
|
2018-04-25 01:32:08 +08:00
|
|
|
{% endif -%}
|
2018-04-13 03:55:13 +08:00
|
|
|
{% if local_volume_provisioner_enabled %}
|
2018-10-05 20:52:25 +08:00
|
|
|
{% for class in local_volume_provisioner_storage_classes %}
|
|
|
|
--volume local-volume-provisioner-base-dir,kind=host,source={{ class.host_dir }},readOnly=false \
|
2018-04-13 03:55:13 +08:00
|
|
|
{# Not pretty, but needed to avoid double mount #}
|
2018-10-05 20:52:25 +08:00
|
|
|
{% if class.host_dir not in class.mount_dir and class.mount_dir not in class.host_dir %}
|
|
|
|
--volume local-volume-provisioner-mount-dir,kind=host,source={{ class.mount_dir }},readOnly=false \
|
2018-04-13 03:55:13 +08:00
|
|
|
{% endif %}
|
2018-10-05 20:52:25 +08:00
|
|
|
{% endfor %}
|
2018-04-13 03:55:13 +08:00
|
|
|
{% endif %}
|
2017-11-13 22:04:13 +08:00
|
|
|
{% if kubelet_load_modules == true %}
|
|
|
|
--mount volume=lib-modules,target=/lib/modules \
|
|
|
|
{% endif %}
|
2017-01-10 12:54:01 +08:00
|
|
|
--mount volume=etc-cni,target=/etc/cni \
|
2017-02-10 13:34:43 +08:00
|
|
|
--mount volume=opt-cni,target=/opt/cni \
|
2017-04-03 21:50:17 +08:00
|
|
|
--mount volume=var-lib-cni,target=/var/lib/cni \
|
2018-08-23 22:17:18 +08:00
|
|
|
{% if kube_network_plugin in ["calico", "canal"] %}
|
|
|
|
--mount volume=var-lib-calico,target=/var/lib/calico \
|
2017-02-10 13:34:43 +08:00
|
|
|
{% endif %}
|
2017-04-29 05:45:10 +08:00
|
|
|
--mount volume=os-release,target=/etc/os-release \
|
2017-02-10 13:34:43 +08:00
|
|
|
--mount volume=dns,target=/etc/resolv.conf \
|
2016-12-21 07:00:46 +08:00
|
|
|
--mount volume=etc-kubernetes,target={{ kube_config_dir }} \
|
|
|
|
--mount volume=etc-ssl-certs,target=/etc/ssl/certs \
|
2017-01-10 12:54:01 +08:00
|
|
|
--mount volume=etcd-ssl,target={{ etcd_config_dir }} \
|
|
|
|
--mount volume=run,target=/run \
|
2017-02-10 19:50:26 +08:00
|
|
|
{% for dir in ssl_ca_dirs -%}
|
|
|
|
--mount volume={{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }},target={{ dir }} \
|
|
|
|
{% endfor -%}
|
2016-12-21 07:00:46 +08:00
|
|
|
--mount volume=var-lib-docker,target=/var/lib/docker \
|
|
|
|
--mount volume=var-lib-kubelet,target=/var/lib/kubelet \
|
2017-01-10 12:54:01 +08:00
|
|
|
--mount volume=var-log,target=/var/log \
|
2017-10-06 23:17:34 +08:00
|
|
|
--mount volume=hosts,target=/etc/hosts \
|
2018-04-10 22:19:25 +08:00
|
|
|
{# we can run into issues with double mounting /var/lib/kubelet #}
|
|
|
|
{# surely there's a better way to do this #}
|
|
|
|
{% if '/var/lib/kubelet' not in kubelet_flexvolumes_plugins_dir %}
|
2018-01-06 00:56:36 +08:00
|
|
|
--mount volume=flexvolumes,target={{ kubelet_flexvolumes_plugins_dir }} \
|
2018-04-25 01:32:08 +08:00
|
|
|
{% endif -%}
|
2018-04-13 03:55:13 +08:00
|
|
|
{% if local_volume_provisioner_enabled %}
|
2018-10-05 20:52:25 +08:00
|
|
|
{% for class in local_volume_provisioner_storage_classes %}
|
|
|
|
--mount volume=local-volume-provisioner-base-dir,target={{ class.host_dir }} \
|
2018-04-13 03:55:13 +08:00
|
|
|
{# Not pretty, but needed to avoid double mount #}
|
2018-10-05 20:52:25 +08:00
|
|
|
{% if class.host_dir not in class.mount_dir and class.mount_dir not in class.host_dir %}
|
|
|
|
--mount volume=local-volume-provisioner-mount-dir,target={{ class.mount_dir }} \
|
2018-09-06 17:58:44 +08:00
|
|
|
{% endif %}
|
2018-10-05 20:52:25 +08:00
|
|
|
{% endfor %}
|
2018-04-13 03:55:13 +08:00
|
|
|
{% endif %}
|
2016-12-21 07:00:46 +08:00
|
|
|
--stage1-from-dir=stage1-fly.aci \
|
2017-02-23 04:14:21 +08:00
|
|
|
{% if kube_hyperkube_image_repo == "docker" %}
|
|
|
|
--insecure-options=image \
|
|
|
|
docker://{{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} \
|
|
|
|
{% else %}
|
2016-12-21 07:00:46 +08:00
|
|
|
{{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} \
|
2017-02-23 04:14:21 +08:00
|
|
|
{% endif %}
|
2016-12-21 07:00:46 +08:00
|
|
|
--uuid-file-save=/var/run/kubelet.uuid \
|
|
|
|
--debug --exec=/kubelet -- \
|
|
|
|
$KUBE_LOGTOSTDERR \
|
|
|
|
$KUBE_LOG_LEVEL \
|
|
|
|
$KUBELET_API_SERVER \
|
|
|
|
$KUBELET_ADDRESS \
|
|
|
|
$KUBELET_PORT \
|
|
|
|
$KUBELET_HOSTNAME \
|
|
|
|
$KUBE_ALLOW_PRIV \
|
|
|
|
$KUBELET_ARGS \
|
|
|
|
$DOCKER_SOCKET \
|
|
|
|
$KUBELET_REGISTER_NODE \
|
2017-02-24 03:32:48 +08:00
|
|
|
$KUBELET_NETWORK_PLUGIN \
|
2018-01-06 00:56:36 +08:00
|
|
|
$KUBELET_VOLUME_PLUGIN \
|
2017-02-24 03:32:48 +08:00
|
|
|
$KUBELET_CLOUDPROVIDER
|
2016-12-21 07:00:46 +08:00
|
|
|
|
|
|
|
ExecStop=-/usr/bin/rkt stop --uuid-file=/var/run/kubelet.uuid
|
|
|
|
|
|
|
|
[Install]
|
|
|
|
WantedBy=multi-user.target
|