94 lines
3.5 KiB
YAML
94 lines
3.5 KiB
YAML
#cloud-config
|
|
write_files:
|
|
- path: /etc/systemd/system/enable-kubelet.service
|
|
owner: "root:root"
|
|
permissions: "0644"
|
|
content: |
|
|
[Unit]
|
|
Description=Enable Kubelet
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
EnvironmentFile=/etc/sysconfig/heat-params
|
|
ExecStart=/etc/sysconfig/enable-kubelet-master.sh
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
|
|
- path: /etc/sysconfig/enable-kubelet-master.sh
|
|
owner: "root:root"
|
|
permissions: "0755"
|
|
content: |
|
|
#!/bin/sh
|
|
|
|
if [ -z "${KUBE_NODE_IP}" ]; then
|
|
KUBE_NODE_IP=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)
|
|
fi
|
|
|
|
if [ -n "${INSECURE_REGISTRY_URL}" ]; then
|
|
INSECURE_REGISTRY_ARGS="--pod-infra-container-image=${INSECURE_REGISTRY_URL}/google_containers/pause\:3.0"
|
|
else
|
|
INSECURE_REGISTRY_ARGS=""
|
|
fi
|
|
|
|
uuid_file="/var/run/kubelet-pod.uuid"
|
|
CONF_FILE=/etc/systemd/system/kubelet.service
|
|
cat > $CONF_FILE <<EOF
|
|
[Service]
|
|
EnvironmentFile=/etc/environment
|
|
Environment=KUBELET_IMAGE_TAG=${KUBE_VERSION}
|
|
Environment=KUBELET_IMAGE_REPO=${HYPERKUBE_IMAGE_REPO}
|
|
Environment="RKT_RUN_ARGS=--uuid-file-save=${uuid_file} \
|
|
--volume dns,kind=host,source=/etc/resolv.conf \
|
|
--mount volume=dns,target=/etc/resolv.conf \
|
|
--volume rkt,kind=host,source=/opt/bin/host-rkt \
|
|
--mount volume=rkt,target=/usr/bin/rkt \
|
|
--volume var-lib-rkt,kind=host,source=/var/lib/rkt \
|
|
--mount volume=var-lib-rkt,target=/var/lib/rkt \
|
|
--volume stage,kind=host,source=/tmp \
|
|
--mount volume=stage,target=/tmp \
|
|
--volume var-log,kind=host,source=/var/log \
|
|
--mount volume=var-log,target=/var/log"
|
|
ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/manifests
|
|
ExecStartPre=/usr/bin/mkdir -p /opt/cni/bin
|
|
ExecStartPre=/usr/bin/mkdir -p /var/log/containers
|
|
ExecStartPre=-/usr/bin/rkt rm --uuid-file=${uuid_file}
|
|
ExecStart=/usr/lib/coreos/kubelet-wrapper \
|
|
--kubeconfig=/etc/kubernetes/master-kubeconfig.yaml \
|
|
--cni-conf-dir=/etc/kubernetes/cni/net.d \
|
|
--network-plugin=cni \
|
|
--hostname-override=${INSTANCE_NAME} \
|
|
--container-runtime=${CONTAINER_RUNTIME} \
|
|
--register-with-taints=node.alpha.kubernetes.io/role=master:NoSchedule \
|
|
--allow-privileged=true \
|
|
--pod-manifest-path=/etc/kubernetes/manifests \
|
|
--logtostderr=true \
|
|
--v=0 \
|
|
--cluster_dns=${DNS_SERVICE_IP} \
|
|
--cluster_domain=${DNS_CLUSTER_DOMAIN} \
|
|
${INSECURE_REGISTRY_ARGS}
|
|
ExecStop=-/usr/bin/rkt stop --uuid-file=${uuid_file}
|
|
Restart=always
|
|
RestartSec=10
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
|
|
TEMPLATE=/opt/bin/host-rkt
|
|
mkdir -p $(dirname $TEMPLATE)
|
|
cat << EOF > $TEMPLATE
|
|
#!/bin/sh
|
|
# This is bind mounted into the kubelet rootfs and all rkt shell-outs go
|
|
# through this rkt wrapper. It essentially enters the host mount namespace
|
|
# (which it is already in) only for the purpose of breaking out of the chroot
|
|
# before calling rkt. It makes things like rkt gc work and avoids bind mounting
|
|
# in certain rkt filesystem dependancies into the kubelet rootfs. This can
|
|
# eventually be obviated when the write-api stuff gets upstream and rkt gc is
|
|
# through the api-server. Related issue:
|
|
# https://github.com/coreos/rkt/issues/2878
|
|
exec nsenter -m -u -i -n -p -t 1 -- /usr/bin/rkt "\$@"
|
|
EOF
|
|
|
|
systemctl enable kubelet
|
|
systemctl --no-block start kubelet
|