2017-05-12 22:32:37 +08:00
|
|
|
[Unit]
|
|
|
|
Description=Kubernetes Kubelet Server
|
|
|
|
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
|
2020-04-09 23:43:46 +08:00
|
|
|
After={{ container_manager }}.service
|
|
|
|
{% if container_manager == 'docker' %}
|
2017-05-12 22:32:37 +08:00
|
|
|
Wants=docker.socket
|
2020-04-09 23:43:46 +08:00
|
|
|
{% else %}
|
|
|
|
Wants={{ container_manager }}.service
|
|
|
|
{% endif %}
|
2024-06-26 17:30:34 +08:00
|
|
|
{% for kubelet_dependency in kubelet_systemd_wants_dependencies|default([]) %}
|
|
|
|
{% if kubelet_dependency|length > 0 %}
|
|
|
|
Wants={{ kubelet_dependency }}
|
|
|
|
{% endif %}
|
|
|
|
{% endfor %}
|
2017-05-12 22:32:37 +08:00
|
|
|
|
|
|
|
[Service]
|
2019-05-03 05:24:21 +08:00
|
|
|
EnvironmentFile=-{{ kube_config_dir }}/kubelet.env
|
2022-12-31 00:05:30 +08:00
|
|
|
{% if system_reserved|bool %}
|
|
|
|
ExecStartPre=/bin/mkdir -p /sys/fs/cgroup/cpu/{{ system_reserved_cgroups_for_service_slice }}
|
|
|
|
ExecStartPre=/bin/mkdir -p /sys/fs/cgroup/cpuacct/{{ system_reserved_cgroups_for_service_slice }}
|
|
|
|
ExecStartPre=/bin/mkdir -p /sys/fs/cgroup/cpuset/{{ system_reserved_cgroups_for_service_slice }}
|
|
|
|
ExecStartPre=/bin/mkdir -p /sys/fs/cgroup/hugetlb/{{ system_reserved_cgroups_for_service_slice }}
|
|
|
|
ExecStartPre=/bin/mkdir -p /sys/fs/cgroup/memory/{{ system_reserved_cgroups_for_service_slice }}
|
|
|
|
ExecStartPre=/bin/mkdir -p /sys/fs/cgroup/pids/{{ system_reserved_cgroups_for_service_slice }}
|
|
|
|
ExecStartPre=/bin/mkdir -p /sys/fs/cgroup/systemd/{{ system_reserved_cgroups_for_service_slice }}
|
|
|
|
{% endif %}
|
|
|
|
{% if kube_reserved|bool %}
|
|
|
|
ExecStartPre=/bin/mkdir -p /sys/fs/cgroup/cpu/{{ kube_reserved_cgroups_for_service_slice }}
|
|
|
|
ExecStartPre=/bin/mkdir -p /sys/fs/cgroup/cpuacct/{{ kube_reserved_cgroups_for_service_slice }}
|
|
|
|
ExecStartPre=/bin/mkdir -p /sys/fs/cgroup/cpuset/{{ kube_reserved_cgroups_for_service_slice }}
|
|
|
|
ExecStartPre=/bin/mkdir -p /sys/fs/cgroup/hugetlb/{{ kube_reserved_cgroups_for_service_slice }}
|
|
|
|
ExecStartPre=/bin/mkdir -p /sys/fs/cgroup/memory/{{ kube_reserved_cgroups_for_service_slice }}
|
|
|
|
ExecStartPre=/bin/mkdir -p /sys/fs/cgroup/pids/{{ kube_reserved_cgroups_for_service_slice }}
|
|
|
|
ExecStartPre=/bin/mkdir -p /sys/fs/cgroup/systemd/{{ kube_reserved_cgroups_for_service_slice }}
|
|
|
|
{% endif %}
|
2017-05-12 22:32:37 +08:00
|
|
|
ExecStart={{ bin_dir }}/kubelet \
|
|
|
|
$KUBE_LOGTOSTDERR \
|
|
|
|
$KUBE_LOG_LEVEL \
|
|
|
|
$KUBELET_API_SERVER \
|
|
|
|
$KUBELET_ADDRESS \
|
|
|
|
$KUBELET_PORT \
|
|
|
|
$KUBELET_HOSTNAME \
|
|
|
|
$KUBELET_ARGS \
|
|
|
|
$DOCKER_SOCKET \
|
|
|
|
$KUBELET_NETWORK_PLUGIN \
|
2018-01-06 00:56:36 +08:00
|
|
|
$KUBELET_VOLUME_PLUGIN \
|
2017-05-12 22:32:37 +08:00
|
|
|
$KUBELET_CLOUDPROVIDER
|
|
|
|
Restart=always
|
|
|
|
RestartSec=10s
|
2022-08-31 02:18:55 +08:00
|
|
|
{% if kubelet_systemd_hardening %}
|
|
|
|
# Hardening setup
|
|
|
|
IPAddressDeny=any
|
|
|
|
IPAddressAllow={{ kubelet_secure_addresses }}
|
|
|
|
{% endif %}
|
2017-05-12 22:32:37 +08:00
|
|
|
|
|
|
|
[Install]
|
|
|
|
WantedBy=multi-user.target
|