digital-ocean: Add kubelet hostname-override flag

* Kubelets should register nodes via their private IPv4 address,
as provided by the metadata service from Digital Ocean
* By default, Kubelet exec's hostname to determine the name it should
use when registering with the apiserver. On Digital Ocean, the hostname
is not routeable by other instances. Digital Ocean does not run an
internal DNS service.
* Fixes issue where the apiserver can't reach the worker nodes. This
prevented kubectl logs and exec commands from working
This commit is contained in:
Dalton Hubble 2017-07-29 13:26:57 -07:00
parent efff7497eb
commit 097dcdf47e
2 changed files with 8 additions and 0 deletions

View File

@ -23,8 +23,11 @@ systemd:
contents: | contents: |
[Unit] [Unit]
Description=Kubelet via Hyperkube ACI Description=Kubelet via Hyperkube ACI
Requires=coreos-metadata.service
After=coreos-metadata.service
[Service] [Service]
EnvironmentFile=/etc/kubernetes/kubelet.env EnvironmentFile=/etc/kubernetes/kubelet.env
EnvironmentFile=/run/metadata/coreos
Environment="RKT_RUN_ARGS=--uuid-file-save=/var/run/kubelet-pod.uuid \ Environment="RKT_RUN_ARGS=--uuid-file-save=/var/run/kubelet-pod.uuid \
--volume=resolv,kind=host,source=/etc/resolv.conf \ --volume=resolv,kind=host,source=/etc/resolv.conf \
--mount volume=resolv,target=/etc/resolv.conf \ --mount volume=resolv,target=/etc/resolv.conf \
@ -48,6 +51,7 @@ systemd:
--network-plugin=cni \ --network-plugin=cni \
--lock-file=/var/run/lock/kubelet.lock \ --lock-file=/var/run/lock/kubelet.lock \
--exit-on-lock-contention \ --exit-on-lock-contention \
--hostname-override=$${COREOS_DIGITALOCEAN_IPV4_PRIVATE_0} \
--pod-manifest-path=/etc/kubernetes/manifests \ --pod-manifest-path=/etc/kubernetes/manifests \
--allow-privileged \ --allow-privileged \
--node-labels=node-role.kubernetes.io/master \ --node-labels=node-role.kubernetes.io/master \

View File

@ -23,8 +23,11 @@ systemd:
contents: | contents: |
[Unit] [Unit]
Description=Kubelet via Hyperkube ACI Description=Kubelet via Hyperkube ACI
Requires=coreos-metadata.service
After=coreos-metadata.service
[Service] [Service]
EnvironmentFile=/etc/kubernetes/kubelet.env EnvironmentFile=/etc/kubernetes/kubelet.env
EnvironmentFile=/run/metadata/coreos
Environment="RKT_RUN_ARGS=--uuid-file-save=/var/run/kubelet-pod.uuid \ Environment="RKT_RUN_ARGS=--uuid-file-save=/var/run/kubelet-pod.uuid \
--volume=resolv,kind=host,source=/etc/resolv.conf \ --volume=resolv,kind=host,source=/etc/resolv.conf \
--mount volume=resolv,target=/etc/resolv.conf \ --mount volume=resolv,target=/etc/resolv.conf \
@ -48,6 +51,7 @@ systemd:
--network-plugin=cni \ --network-plugin=cni \
--lock-file=/var/run/lock/kubelet.lock \ --lock-file=/var/run/lock/kubelet.lock \
--exit-on-lock-contention \ --exit-on-lock-contention \
--hostname-override=$${COREOS_DIGITALOCEAN_IPV4_PRIVATE_0} \
--pod-manifest-path=/etc/kubernetes/manifests \ --pod-manifest-path=/etc/kubernetes/manifests \
--allow-privileged \ --allow-privileged \
--node-labels=node-role.kubernetes.io/node \ --node-labels=node-role.kubernetes.io/node \