Migrate most Kubelet flags to KubeletConfiguration file
* Add a KubeletConfiguration file to replace most Kubelet flags, to prepare for upcoming changes * Pass Kubelet the --config flag to specify the location of the KubeletConfiguration * Remove flsgs / configuration where it matches the defaults * Remove --cgroups-per-qos, defaults to true * Remove --container-runtime, defaults to remote * Remove enforce-node-allocatable=pods, defaults to pods Rel: * https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/ * https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/
This commit is contained in:
Dalton Hubble
parent
a31dbceac6
commit
3fb59a3289
|
|
@ -85,28 +85,13 @@ systemd:
|
||||||
--volume /var/run/lock:/var/run/lock:z \
|
--volume /var/run/lock:/var/run/lock:z \
|
||||||
--volume /opt/cni/bin:/opt/cni/bin:z \
|
--volume /opt/cni/bin:/opt/cni/bin:z \
|
||||||
$${KUBELET_IMAGE} \
|
$${KUBELET_IMAGE} \
|
||||||
--anonymous-auth=false \
|
|
||||||
--authentication-token-webhook \
|
|
||||||
--authorization-mode=Webhook \
|
|
||||||
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
||||||
--cgroup-driver=systemd \
|
--config=/etc/kubernetes/kubelet.yaml \
|
||||||
--cgroups-per-qos=true \
|
|
||||||
--container-runtime=remote \
|
|
||||||
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
||||||
--enforce-node-allocatable=pods \
|
|
||||||
--client-ca-file=/etc/kubernetes/ca.crt \
|
|
||||||
--cluster_dns=${cluster_dns_service_ip} \
|
|
||||||
--cluster_domain=${cluster_domain_suffix} \
|
|
||||||
--healthz-port=0 \
|
|
||||||
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
||||||
--node-labels=node.kubernetes.io/controller="true" \
|
--node-labels=node.kubernetes.io/controller="true" \
|
||||||
--pod-manifest-path=/etc/kubernetes/manifests \
|
|
||||||
--provider-id=aws:///$${AFTERBURN_AWS_AVAILABILITY_ZONE}/$${AFTERBURN_AWS_INSTANCE_ID} \
|
--provider-id=aws:///$${AFTERBURN_AWS_AVAILABILITY_ZONE}/$${AFTERBURN_AWS_INSTANCE_ID} \
|
||||||
--read-only-port=0 \
|
--register-with-taints=node-role.kubernetes.io/controller=:NoSchedule
|
||||||
--resolv-conf=/run/systemd/resolve/resolv.conf \
|
|
||||||
--register-with-taints=node-role.kubernetes.io/controller=:NoSchedule \
|
|
||||||
--rotate-certificates \
|
|
||||||
--volume-plugin-dir=/var/lib/kubelet/volumeplugins
|
|
||||||
ExecStop=-/usr/bin/podman stop kubelet
|
ExecStop=-/usr/bin/podman stop kubelet
|
||||||
Delegate=yes
|
Delegate=yes
|
||||||
Restart=always
|
Restart=always
|
||||||
|
|
@ -144,6 +129,31 @@ storage:
|
||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
${kubeconfig}
|
${kubeconfig}
|
||||||
|
- path: /etc/kubernetes/kubelet.yaml
|
||||||
|
mode: 0644
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
apiVersion: kubelet.config.k8s.io/v1beta1
|
||||||
|
kind: KubeletConfiguration
|
||||||
|
authentication:
|
||||||
|
anonymous:
|
||||||
|
enabled: false
|
||||||
|
webhook:
|
||||||
|
enabled: true
|
||||||
|
x509:
|
||||||
|
clientCAFile: /etc/kubernetes/ca.crt
|
||||||
|
authorization:
|
||||||
|
mode: Webhook
|
||||||
|
cgroupDriver: systemd
|
||||||
|
clusterDNS:
|
||||||
|
- ${cluster_dns_service_ip}
|
||||||
|
clusterDomain: ${cluster_domain_suffix}
|
||||||
|
healthzPort: 0
|
||||||
|
rotateCertificates: true
|
||||||
|
staticPodPath: /etc/kubernetes/manifests
|
||||||
|
readOnlyPort: 0
|
||||||
|
resolvConf: /run/systemd/resolve/resolv.conf
|
||||||
|
volumePluginDir: /var/lib/kubelet/volumeplugins
|
||||||
- path: /opt/bootstrap/layout
|
- path: /opt/bootstrap/layout
|
||||||
mode: 0544
|
mode: 0544
|
||||||
contents:
|
contents:
|
||||||
|
|
|
||||||
|
|
@ -58,19 +58,9 @@ systemd:
|
||||||
--volume /var/run/lock:/var/run/lock:z \
|
--volume /var/run/lock:/var/run/lock:z \
|
||||||
--volume /opt/cni/bin:/opt/cni/bin:z \
|
--volume /opt/cni/bin:/opt/cni/bin:z \
|
||||||
$${KUBELET_IMAGE} \
|
$${KUBELET_IMAGE} \
|
||||||
--anonymous-auth=false \
|
|
||||||
--authentication-token-webhook \
|
|
||||||
--authorization-mode=Webhook \
|
|
||||||
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
||||||
--cgroup-driver=systemd \
|
--config=/etc/kubernetes/kubelet.yaml \
|
||||||
--cgroups-per-qos=true \
|
|
||||||
--container-runtime=remote \
|
|
||||||
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
||||||
--enforce-node-allocatable=pods \
|
|
||||||
--client-ca-file=/etc/kubernetes/ca.crt \
|
|
||||||
--cluster_dns=${cluster_dns_service_ip} \
|
|
||||||
--cluster_domain=${cluster_domain_suffix} \
|
|
||||||
--healthz-port=0 \
|
|
||||||
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
||||||
--node-labels=node.kubernetes.io/node \
|
--node-labels=node.kubernetes.io/node \
|
||||||
%{~ for label in split(",", node_labels) ~}
|
%{~ for label in split(",", node_labels) ~}
|
||||||
|
|
@ -79,12 +69,7 @@ systemd:
|
||||||
%{~ for taint in split(",", node_taints) ~}
|
%{~ for taint in split(",", node_taints) ~}
|
||||||
--register-with-taints=${taint} \
|
--register-with-taints=${taint} \
|
||||||
%{~ endfor ~}
|
%{~ endfor ~}
|
||||||
--pod-manifest-path=/etc/kubernetes/manifests \
|
--provider-id=aws:///$${AFTERBURN_AWS_AVAILABILITY_ZONE}/$${AFTERBURN_AWS_INSTANCE_ID}
|
||||||
--provider-id=aws:///$${AFTERBURN_AWS_AVAILABILITY_ZONE}/$${AFTERBURN_AWS_INSTANCE_ID} \
|
|
||||||
--read-only-port=0 \
|
|
||||||
--resolv-conf=/run/systemd/resolve/resolv.conf \
|
|
||||||
--rotate-certificates \
|
|
||||||
--volume-plugin-dir=/var/lib/kubelet/volumeplugins
|
|
||||||
ExecStop=-/usr/bin/podman stop kubelet
|
ExecStop=-/usr/bin/podman stop kubelet
|
||||||
Delegate=yes
|
Delegate=yes
|
||||||
Restart=always
|
Restart=always
|
||||||
|
|
@ -113,6 +98,31 @@ storage:
|
||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
${kubeconfig}
|
${kubeconfig}
|
||||||
|
- path: /etc/kubernetes/kubelet.yaml
|
||||||
|
mode: 0644
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
apiVersion: kubelet.config.k8s.io/v1beta1
|
||||||
|
kind: KubeletConfiguration
|
||||||
|
authentication:
|
||||||
|
anonymous:
|
||||||
|
enabled: false
|
||||||
|
webhook:
|
||||||
|
enabled: true
|
||||||
|
x509:
|
||||||
|
clientCAFile: /etc/kubernetes/ca.crt
|
||||||
|
authorization:
|
||||||
|
mode: Webhook
|
||||||
|
cgroupDriver: systemd
|
||||||
|
clusterDNS:
|
||||||
|
- ${cluster_dns_service_ip}
|
||||||
|
clusterDomain: ${cluster_domain_suffix}
|
||||||
|
healthzPort: 0
|
||||||
|
rotateCertificates: true
|
||||||
|
staticPodPath: /etc/kubernetes/manifests
|
||||||
|
readOnlyPort: 0
|
||||||
|
resolvConf: /run/systemd/resolve/resolv.conf
|
||||||
|
volumePluginDir: /var/lib/kubelet/volumeplugins
|
||||||
- path: /etc/sysctl.d/max-user-watches.conf
|
- path: /etc/sysctl.d/max-user-watches.conf
|
||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
|
|
|
||||||
|
|
@ -84,26 +84,13 @@ systemd:
|
||||||
-v /var/log:/var/log \
|
-v /var/log:/var/log \
|
||||||
-v /opt/cni/bin:/opt/cni/bin \
|
-v /opt/cni/bin:/opt/cni/bin \
|
||||||
$${KUBELET_IMAGE} \
|
$${KUBELET_IMAGE} \
|
||||||
--anonymous-auth=false \
|
|
||||||
--authentication-token-webhook \
|
|
||||||
--authorization-mode=Webhook \
|
|
||||||
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
||||||
--cgroup-driver=systemd \
|
--config=/etc/kubernetes/kubelet.yaml \
|
||||||
--container-runtime=remote \
|
|
||||||
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
||||||
--client-ca-file=/etc/kubernetes/ca.crt \
|
|
||||||
--cluster_dns=${cluster_dns_service_ip} \
|
|
||||||
--cluster_domain=${cluster_domain_suffix} \
|
|
||||||
--healthz-port=0 \
|
|
||||||
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
||||||
--node-labels=node.kubernetes.io/controller="true" \
|
--node-labels=node.kubernetes.io/controller="true" \
|
||||||
--pod-manifest-path=/etc/kubernetes/manifests \
|
|
||||||
--provider-id=aws:///$${COREOS_EC2_AVAILABILITY_ZONE}/$${COREOS_EC2_INSTANCE_ID} \
|
--provider-id=aws:///$${COREOS_EC2_AVAILABILITY_ZONE}/$${COREOS_EC2_INSTANCE_ID} \
|
||||||
--read-only-port=0 \
|
--register-with-taints=node-role.kubernetes.io/controller=:NoSchedule
|
||||||
--resolv-conf=/run/systemd/resolve/resolv.conf \
|
|
||||||
--register-with-taints=node-role.kubernetes.io/controller=:NoSchedule \
|
|
||||||
--rotate-certificates \
|
|
||||||
--volume-plugin-dir=/var/lib/kubelet/volumeplugins
|
|
||||||
ExecStart=docker logs -f kubelet
|
ExecStart=docker logs -f kubelet
|
||||||
ExecStop=docker stop kubelet
|
ExecStop=docker stop kubelet
|
||||||
ExecStopPost=docker rm kubelet
|
ExecStopPost=docker rm kubelet
|
||||||
|
|
@ -143,6 +130,31 @@ storage:
|
||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
${kubeconfig}
|
${kubeconfig}
|
||||||
|
- path: /etc/kubernetes/kubelet.yaml
|
||||||
|
mode: 0644
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
apiVersion: kubelet.config.k8s.io/v1beta1
|
||||||
|
kind: KubeletConfiguration
|
||||||
|
authentication:
|
||||||
|
anonymous:
|
||||||
|
enabled: false
|
||||||
|
webhook:
|
||||||
|
enabled: true
|
||||||
|
x509:
|
||||||
|
clientCAFile: /etc/kubernetes/ca.crt
|
||||||
|
authorization:
|
||||||
|
mode: Webhook
|
||||||
|
cgroupDriver: systemd
|
||||||
|
clusterDNS:
|
||||||
|
- ${cluster_dns_service_ip}
|
||||||
|
clusterDomain: ${cluster_domain_suffix}
|
||||||
|
healthzPort: 0
|
||||||
|
rotateCertificates: true
|
||||||
|
staticPodPath: /etc/kubernetes/manifests
|
||||||
|
readOnlyPort: 0
|
||||||
|
resolvConf: /run/systemd/resolve/resolv.conf
|
||||||
|
volumePluginDir: /var/lib/kubelet/volumeplugins
|
||||||
- path: /opt/bootstrap/layout
|
- path: /opt/bootstrap/layout
|
||||||
mode: 0544
|
mode: 0544
|
||||||
contents:
|
contents:
|
||||||
|
|
|
||||||
|
|
@ -59,17 +59,9 @@ systemd:
|
||||||
-v /var/log:/var/log \
|
-v /var/log:/var/log \
|
||||||
-v /opt/cni/bin:/opt/cni/bin \
|
-v /opt/cni/bin:/opt/cni/bin \
|
||||||
$${KUBELET_IMAGE} \
|
$${KUBELET_IMAGE} \
|
||||||
--anonymous-auth=false \
|
|
||||||
--authentication-token-webhook \
|
|
||||||
--authorization-mode=Webhook \
|
|
||||||
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
||||||
--cgroup-driver=systemd \
|
--config=/etc/kubernetes/kubelet.yaml \
|
||||||
--container-runtime=remote \
|
|
||||||
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
||||||
--client-ca-file=/etc/kubernetes/ca.crt \
|
|
||||||
--cluster_dns=${cluster_dns_service_ip} \
|
|
||||||
--cluster_domain=${cluster_domain_suffix} \
|
|
||||||
--healthz-port=0 \
|
|
||||||
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
||||||
--node-labels=node.kubernetes.io/node \
|
--node-labels=node.kubernetes.io/node \
|
||||||
%{~ for label in split(",", node_labels) ~}
|
%{~ for label in split(",", node_labels) ~}
|
||||||
|
|
@ -78,12 +70,7 @@ systemd:
|
||||||
%{~ for taint in split(",", node_taints) ~}
|
%{~ for taint in split(",", node_taints) ~}
|
||||||
--register-with-taints=${taint} \
|
--register-with-taints=${taint} \
|
||||||
%{~ endfor ~}
|
%{~ endfor ~}
|
||||||
--pod-manifest-path=/etc/kubernetes/manifests \
|
--provider-id=aws:///$${COREOS_EC2_AVAILABILITY_ZONE}/$${COREOS_EC2_INSTANCE_ID}
|
||||||
--provider-id=aws:///$${COREOS_EC2_AVAILABILITY_ZONE}/$${COREOS_EC2_INSTANCE_ID} \
|
|
||||||
--read-only-port=0 \
|
|
||||||
--resolv-conf=/run/systemd/resolve/resolv.conf \
|
|
||||||
--rotate-certificates \
|
|
||||||
--volume-plugin-dir=/var/lib/kubelet/volumeplugins
|
|
||||||
ExecStart=docker logs -f kubelet
|
ExecStart=docker logs -f kubelet
|
||||||
ExecStop=docker stop kubelet
|
ExecStop=docker stop kubelet
|
||||||
ExecStopPost=docker rm kubelet
|
ExecStopPost=docker rm kubelet
|
||||||
|
|
@ -111,6 +98,31 @@ storage:
|
||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
${kubeconfig}
|
${kubeconfig}
|
||||||
|
- path: /etc/kubernetes/kubelet.yaml
|
||||||
|
mode: 0644
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
apiVersion: kubelet.config.k8s.io/v1beta1
|
||||||
|
kind: KubeletConfiguration
|
||||||
|
authentication:
|
||||||
|
anonymous:
|
||||||
|
enabled: false
|
||||||
|
webhook:
|
||||||
|
enabled: true
|
||||||
|
x509:
|
||||||
|
clientCAFile: /etc/kubernetes/ca.crt
|
||||||
|
authorization:
|
||||||
|
mode: Webhook
|
||||||
|
cgroupDriver: systemd
|
||||||
|
clusterDNS:
|
||||||
|
- ${cluster_dns_service_ip}
|
||||||
|
clusterDomain: ${cluster_domain_suffix}
|
||||||
|
healthzPort: 0
|
||||||
|
rotateCertificates: true
|
||||||
|
staticPodPath: /etc/kubernetes/manifests
|
||||||
|
readOnlyPort: 0
|
||||||
|
resolvConf: /run/systemd/resolve/resolv.conf
|
||||||
|
volumePluginDir: /var/lib/kubelet/volumeplugins
|
||||||
- path: /etc/sysctl.d/max-user-watches.conf
|
- path: /etc/sysctl.d/max-user-watches.conf
|
||||||
mode: 0644
|
mode: 0644
|
||||||
contents:
|
contents:
|
||||||
|
|
|
||||||
|
|
@ -81,27 +81,12 @@ systemd:
|
||||||
--volume /var/run/lock:/var/run/lock:z \
|
--volume /var/run/lock:/var/run/lock:z \
|
||||||
--volume /opt/cni/bin:/opt/cni/bin:z \
|
--volume /opt/cni/bin:/opt/cni/bin:z \
|
||||||
$${KUBELET_IMAGE} \
|
$${KUBELET_IMAGE} \
|
||||||
--anonymous-auth=false \
|
|
||||||
--authentication-token-webhook \
|
|
||||||
--authorization-mode=Webhook \
|
|
||||||
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
||||||
--cgroup-driver=systemd \
|
--config=/etc/kubernetes/kubelet.yaml \
|
||||||
--cgroups-per-qos=true \
|
|
||||||
--container-runtime=remote \
|
|
||||||
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
||||||
--enforce-node-allocatable=pods \
|
|
||||||
--client-ca-file=/etc/kubernetes/ca.crt \
|
|
||||||
--cluster_dns=${cluster_dns_service_ip} \
|
|
||||||
--cluster_domain=${cluster_domain_suffix} \
|
|
||||||
--healthz-port=0 \
|
|
||||||
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
||||||
--node-labels=node.kubernetes.io/controller="true" \
|
--node-labels=node.kubernetes.io/controller="true" \
|
||||||
--pod-manifest-path=/etc/kubernetes/manifests \
|
--register-with-taints=node-role.kubernetes.io/controller=:NoSchedule
|
||||||
--read-only-port=0 \
|
|
||||||
--resolv-conf=/run/systemd/resolve/resolv.conf \
|
|
||||||
--register-with-taints=node-role.kubernetes.io/controller=:NoSchedule \
|
|
||||||
--rotate-certificates \
|
|
||||||
--volume-plugin-dir=/var/lib/kubelet/volumeplugins
|
|
||||||
ExecStop=-/usr/bin/podman stop kubelet
|
ExecStop=-/usr/bin/podman stop kubelet
|
||||||
Delegate=yes
|
Delegate=yes
|
||||||
Restart=always
|
Restart=always
|
||||||
|
|
@ -139,6 +124,31 @@ storage:
|
||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
${kubeconfig}
|
${kubeconfig}
|
||||||
|
- path: /etc/kubernetes/kubelet.yaml
|
||||||
|
mode: 0644
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
apiVersion: kubelet.config.k8s.io/v1beta1
|
||||||
|
kind: KubeletConfiguration
|
||||||
|
authentication:
|
||||||
|
anonymous:
|
||||||
|
enabled: false
|
||||||
|
webhook:
|
||||||
|
enabled: true
|
||||||
|
x509:
|
||||||
|
clientCAFile: /etc/kubernetes/ca.crt
|
||||||
|
authorization:
|
||||||
|
mode: Webhook
|
||||||
|
cgroupDriver: systemd
|
||||||
|
clusterDNS:
|
||||||
|
- ${cluster_dns_service_ip}
|
||||||
|
clusterDomain: ${cluster_domain_suffix}
|
||||||
|
healthzPort: 0
|
||||||
|
rotateCertificates: true
|
||||||
|
staticPodPath: /etc/kubernetes/manifests
|
||||||
|
readOnlyPort: 0
|
||||||
|
resolvConf: /run/systemd/resolve/resolv.conf
|
||||||
|
volumePluginDir: /var/lib/kubelet/volumeplugins
|
||||||
- path: /opt/bootstrap/layout
|
- path: /opt/bootstrap/layout
|
||||||
mode: 0544
|
mode: 0544
|
||||||
contents:
|
contents:
|
||||||
|
|
|
||||||
|
|
@ -54,32 +54,17 @@ systemd:
|
||||||
--volume /var/run/lock:/var/run/lock:z \
|
--volume /var/run/lock:/var/run/lock:z \
|
||||||
--volume /opt/cni/bin:/opt/cni/bin:z \
|
--volume /opt/cni/bin:/opt/cni/bin:z \
|
||||||
$${KUBELET_IMAGE} \
|
$${KUBELET_IMAGE} \
|
||||||
--anonymous-auth=false \
|
|
||||||
--authentication-token-webhook \
|
|
||||||
--authorization-mode=Webhook \
|
|
||||||
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
||||||
--cgroup-driver=systemd \
|
--config=/etc/kubernetes/kubelet.yaml \
|
||||||
--cgroups-per-qos=true \
|
|
||||||
--container-runtime=remote \
|
|
||||||
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
||||||
--enforce-node-allocatable=pods \
|
|
||||||
--client-ca-file=/etc/kubernetes/ca.crt \
|
|
||||||
--cluster_dns=${cluster_dns_service_ip} \
|
|
||||||
--cluster_domain=${cluster_domain_suffix} \
|
|
||||||
--healthz-port=0 \
|
|
||||||
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
||||||
--node-labels=node.kubernetes.io/node \
|
|
||||||
%{~ for label in split(",", node_labels) ~}
|
%{~ for label in split(",", node_labels) ~}
|
||||||
--node-labels=${label} \
|
--node-labels=${label} \
|
||||||
%{~ endfor ~}
|
%{~ endfor ~}
|
||||||
%{~ for taint in split(",", node_taints) ~}
|
%{~ for taint in split(",", node_taints) ~}
|
||||||
--register-with-taints=${taint} \
|
--register-with-taints=${taint} \
|
||||||
%{~ endfor ~}
|
%{~ endfor ~}
|
||||||
--pod-manifest-path=/etc/kubernetes/manifests \
|
--node-labels=node.kubernetes.io/node
|
||||||
--read-only-port=0 \
|
|
||||||
--resolv-conf=/run/systemd/resolve/resolv.conf \
|
|
||||||
--rotate-certificates \
|
|
||||||
--volume-plugin-dir=/var/lib/kubelet/volumeplugins
|
|
||||||
ExecStop=-/usr/bin/podman stop kubelet
|
ExecStop=-/usr/bin/podman stop kubelet
|
||||||
Delegate=yes
|
Delegate=yes
|
||||||
Restart=always
|
Restart=always
|
||||||
|
|
@ -108,6 +93,31 @@ storage:
|
||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
${kubeconfig}
|
${kubeconfig}
|
||||||
|
- path: /etc/kubernetes/kubelet.yaml
|
||||||
|
mode: 0644
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
apiVersion: kubelet.config.k8s.io/v1beta1
|
||||||
|
kind: KubeletConfiguration
|
||||||
|
authentication:
|
||||||
|
anonymous:
|
||||||
|
enabled: false
|
||||||
|
webhook:
|
||||||
|
enabled: true
|
||||||
|
x509:
|
||||||
|
clientCAFile: /etc/kubernetes/ca.crt
|
||||||
|
authorization:
|
||||||
|
mode: Webhook
|
||||||
|
cgroupDriver: systemd
|
||||||
|
clusterDNS:
|
||||||
|
- ${cluster_dns_service_ip}
|
||||||
|
clusterDomain: ${cluster_domain_suffix}
|
||||||
|
healthzPort: 0
|
||||||
|
rotateCertificates: true
|
||||||
|
staticPodPath: /etc/kubernetes/manifests
|
||||||
|
readOnlyPort: 0
|
||||||
|
resolvConf: /run/systemd/resolve/resolv.conf
|
||||||
|
volumePluginDir: /var/lib/kubelet/volumeplugins
|
||||||
- path: /etc/sysctl.d/max-user-watches.conf
|
- path: /etc/sysctl.d/max-user-watches.conf
|
||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
|
|
|
||||||
|
|
@ -81,25 +81,12 @@ systemd:
|
||||||
-v /var/log:/var/log \
|
-v /var/log:/var/log \
|
||||||
-v /opt/cni/bin:/opt/cni/bin \
|
-v /opt/cni/bin:/opt/cni/bin \
|
||||||
$${KUBELET_IMAGE} \
|
$${KUBELET_IMAGE} \
|
||||||
--anonymous-auth=false \
|
|
||||||
--authentication-token-webhook \
|
|
||||||
--authorization-mode=Webhook \
|
|
||||||
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
||||||
--cgroup-driver=systemd \
|
--config=/etc/kubernetes/kubelet.yaml \
|
||||||
--container-runtime=remote \
|
|
||||||
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
||||||
--client-ca-file=/etc/kubernetes/ca.crt \
|
|
||||||
--cluster_dns=${cluster_dns_service_ip} \
|
|
||||||
--cluster_domain=${cluster_domain_suffix} \
|
|
||||||
--healthz-port=0 \
|
|
||||||
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
||||||
--node-labels=node.kubernetes.io/controller="true" \
|
--node-labels=node.kubernetes.io/controller="true" \
|
||||||
--pod-manifest-path=/etc/kubernetes/manifests \
|
--register-with-taints=node-role.kubernetes.io/controller=:NoSchedule
|
||||||
--read-only-port=0 \
|
|
||||||
--resolv-conf=/run/systemd/resolve/resolv.conf \
|
|
||||||
--register-with-taints=node-role.kubernetes.io/controller=:NoSchedule \
|
|
||||||
--rotate-certificates \
|
|
||||||
--volume-plugin-dir=/var/lib/kubelet/volumeplugins
|
|
||||||
ExecStart=docker logs -f kubelet
|
ExecStart=docker logs -f kubelet
|
||||||
ExecStop=docker stop kubelet
|
ExecStop=docker stop kubelet
|
||||||
ExecStopPost=docker rm kubelet
|
ExecStopPost=docker rm kubelet
|
||||||
|
|
@ -139,6 +126,31 @@ storage:
|
||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
${kubeconfig}
|
${kubeconfig}
|
||||||
|
- path: /etc/kubernetes/kubelet.yaml
|
||||||
|
mode: 0644
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
apiVersion: kubelet.config.k8s.io/v1beta1
|
||||||
|
kind: KubeletConfiguration
|
||||||
|
authentication:
|
||||||
|
anonymous:
|
||||||
|
enabled: false
|
||||||
|
webhook:
|
||||||
|
enabled: true
|
||||||
|
x509:
|
||||||
|
clientCAFile: /etc/kubernetes/ca.crt
|
||||||
|
authorization:
|
||||||
|
mode: Webhook
|
||||||
|
cgroupDriver: systemd
|
||||||
|
clusterDNS:
|
||||||
|
- ${cluster_dns_service_ip}
|
||||||
|
clusterDomain: ${cluster_domain_suffix}
|
||||||
|
healthzPort: 0
|
||||||
|
rotateCertificates: true
|
||||||
|
staticPodPath: /etc/kubernetes/manifests
|
||||||
|
readOnlyPort: 0
|
||||||
|
resolvConf: /run/systemd/resolve/resolv.conf
|
||||||
|
volumePluginDir: /var/lib/kubelet/volumeplugins
|
||||||
- path: /opt/bootstrap/layout
|
- path: /opt/bootstrap/layout
|
||||||
mode: 0544
|
mode: 0544
|
||||||
contents:
|
contents:
|
||||||
|
|
|
||||||
|
|
@ -56,30 +56,17 @@ systemd:
|
||||||
-v /var/log:/var/log \
|
-v /var/log:/var/log \
|
||||||
-v /opt/cni/bin:/opt/cni/bin \
|
-v /opt/cni/bin:/opt/cni/bin \
|
||||||
$${KUBELET_IMAGE} \
|
$${KUBELET_IMAGE} \
|
||||||
--anonymous-auth=false \
|
|
||||||
--authentication-token-webhook \
|
|
||||||
--authorization-mode=Webhook \
|
|
||||||
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
||||||
--cgroup-driver=systemd \
|
--config=/etc/kubernetes/kubelet.yaml \
|
||||||
--container-runtime=remote \
|
|
||||||
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
||||||
--client-ca-file=/etc/kubernetes/ca.crt \
|
|
||||||
--cluster_dns=${cluster_dns_service_ip} \
|
|
||||||
--cluster_domain=${cluster_domain_suffix} \
|
|
||||||
--healthz-port=0 \
|
|
||||||
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
||||||
--node-labels=node.kubernetes.io/node \
|
|
||||||
%{~ for label in split(",", node_labels) ~}
|
%{~ for label in split(",", node_labels) ~}
|
||||||
--node-labels=${label} \
|
--node-labels=${label} \
|
||||||
%{~ endfor ~}
|
%{~ endfor ~}
|
||||||
%{~ for taint in split(",", node_taints) ~}
|
%{~ for taint in split(",", node_taints) ~}
|
||||||
--register-with-taints=${taint} \
|
--register-with-taints=${taint} \
|
||||||
%{~ endfor ~}
|
%{~ endfor ~}
|
||||||
--pod-manifest-path=/etc/kubernetes/manifests \
|
--node-labels=node.kubernetes.io/node
|
||||||
--read-only-port=0 \
|
|
||||||
--resolv-conf=/run/systemd/resolve/resolv.conf \
|
|
||||||
--rotate-certificates \
|
|
||||||
--volume-plugin-dir=/var/lib/kubelet/volumeplugins
|
|
||||||
ExecStart=docker logs -f kubelet
|
ExecStart=docker logs -f kubelet
|
||||||
ExecStop=docker stop kubelet
|
ExecStop=docker stop kubelet
|
||||||
ExecStopPost=docker rm kubelet
|
ExecStopPost=docker rm kubelet
|
||||||
|
|
@ -107,6 +94,31 @@ storage:
|
||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
${kubeconfig}
|
${kubeconfig}
|
||||||
|
- path: /etc/kubernetes/kubelet.yaml
|
||||||
|
mode: 0644
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
apiVersion: kubelet.config.k8s.io/v1beta1
|
||||||
|
kind: KubeletConfiguration
|
||||||
|
authentication:
|
||||||
|
anonymous:
|
||||||
|
enabled: false
|
||||||
|
webhook:
|
||||||
|
enabled: true
|
||||||
|
x509:
|
||||||
|
clientCAFile: /etc/kubernetes/ca.crt
|
||||||
|
authorization:
|
||||||
|
mode: Webhook
|
||||||
|
cgroupDriver: systemd
|
||||||
|
clusterDNS:
|
||||||
|
- ${cluster_dns_service_ip}
|
||||||
|
clusterDomain: ${cluster_domain_suffix}
|
||||||
|
healthzPort: 0
|
||||||
|
rotateCertificates: true
|
||||||
|
staticPodPath: /etc/kubernetes/manifests
|
||||||
|
readOnlyPort: 0
|
||||||
|
resolvConf: /run/systemd/resolve/resolv.conf
|
||||||
|
volumePluginDir: /var/lib/kubelet/volumeplugins
|
||||||
- path: /etc/sysctl.d/max-user-watches.conf
|
- path: /etc/sysctl.d/max-user-watches.conf
|
||||||
mode: 0644
|
mode: 0644
|
||||||
contents:
|
contents:
|
||||||
|
|
|
||||||
|
|
@ -80,28 +80,13 @@ systemd:
|
||||||
--volume /var/run/lock:/var/run/lock:z \
|
--volume /var/run/lock:/var/run/lock:z \
|
||||||
--volume /opt/cni/bin:/opt/cni/bin:z \
|
--volume /opt/cni/bin:/opt/cni/bin:z \
|
||||||
$${KUBELET_IMAGE} \
|
$${KUBELET_IMAGE} \
|
||||||
--anonymous-auth=false \
|
|
||||||
--authentication-token-webhook \
|
|
||||||
--authorization-mode=Webhook \
|
|
||||||
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
||||||
--cgroup-driver=systemd \
|
--config=/etc/kubernetes/kubelet.yaml \
|
||||||
--cgroups-per-qos=true \
|
|
||||||
--container-runtime=remote \
|
|
||||||
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
||||||
--enforce-node-allocatable=pods \
|
|
||||||
--client-ca-file=/etc/kubernetes/ca.crt \
|
|
||||||
--cluster_dns=${cluster_dns_service_ip} \
|
|
||||||
--cluster_domain=${cluster_domain_suffix} \
|
|
||||||
--healthz-port=0 \
|
|
||||||
--hostname-override=${domain_name} \
|
--hostname-override=${domain_name} \
|
||||||
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
||||||
--node-labels=node.kubernetes.io/controller="true" \
|
--node-labels=node.kubernetes.io/controller="true" \
|
||||||
--pod-manifest-path=/etc/kubernetes/manifests \
|
--register-with-taints=node-role.kubernetes.io/controller=:NoSchedule
|
||||||
--read-only-port=0 \
|
|
||||||
--resolv-conf=/run/systemd/resolve/resolv.conf \
|
|
||||||
--register-with-taints=node-role.kubernetes.io/controller=:NoSchedule \
|
|
||||||
--rotate-certificates \
|
|
||||||
--volume-plugin-dir=/var/lib/kubelet/volumeplugins
|
|
||||||
ExecStop=-/usr/bin/podman stop kubelet
|
ExecStop=-/usr/bin/podman stop kubelet
|
||||||
Delegate=yes
|
Delegate=yes
|
||||||
Restart=always
|
Restart=always
|
||||||
|
|
@ -149,6 +134,31 @@ storage:
|
||||||
contents:
|
contents:
|
||||||
inline:
|
inline:
|
||||||
${domain_name}
|
${domain_name}
|
||||||
|
- path: /etc/kubernetes/kubelet.yaml
|
||||||
|
mode: 0644
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
apiVersion: kubelet.config.k8s.io/v1beta1
|
||||||
|
kind: KubeletConfiguration
|
||||||
|
authentication:
|
||||||
|
anonymous:
|
||||||
|
enabled: false
|
||||||
|
webhook:
|
||||||
|
enabled: true
|
||||||
|
x509:
|
||||||
|
clientCAFile: /etc/kubernetes/ca.crt
|
||||||
|
authorization:
|
||||||
|
mode: Webhook
|
||||||
|
cgroupDriver: systemd
|
||||||
|
clusterDNS:
|
||||||
|
- ${cluster_dns_service_ip}
|
||||||
|
clusterDomain: ${cluster_domain_suffix}
|
||||||
|
healthzPort: 0
|
||||||
|
rotateCertificates: true
|
||||||
|
staticPodPath: /etc/kubernetes/manifests
|
||||||
|
readOnlyPort: 0
|
||||||
|
resolvConf: /run/systemd/resolve/resolv.conf
|
||||||
|
volumePluginDir: /var/lib/kubelet/volumeplugins
|
||||||
- path: /opt/bootstrap/layout
|
- path: /opt/bootstrap/layout
|
||||||
mode: 0544
|
mode: 0544
|
||||||
contents:
|
contents:
|
||||||
|
|
|
||||||
|
|
@ -53,33 +53,18 @@ systemd:
|
||||||
--volume /var/run/lock:/var/run/lock:z \
|
--volume /var/run/lock:/var/run/lock:z \
|
||||||
--volume /opt/cni/bin:/opt/cni/bin:z \
|
--volume /opt/cni/bin:/opt/cni/bin:z \
|
||||||
$${KUBELET_IMAGE} \
|
$${KUBELET_IMAGE} \
|
||||||
--anonymous-auth=false \
|
|
||||||
--authentication-token-webhook \
|
|
||||||
--authorization-mode=Webhook \
|
|
||||||
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
||||||
--cgroup-driver=systemd \
|
--config=/etc/kubernetes/kubelet.yaml \
|
||||||
--cgroups-per-qos=true \
|
|
||||||
--container-runtime=remote \
|
|
||||||
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
||||||
--enforce-node-allocatable=pods \
|
|
||||||
--client-ca-file=/etc/kubernetes/ca.crt \
|
|
||||||
--cluster_dns=${cluster_dns_service_ip} \
|
|
||||||
--cluster_domain=${cluster_domain_suffix} \
|
|
||||||
--healthz-port=0 \
|
|
||||||
--hostname-override=${domain_name} \
|
--hostname-override=${domain_name} \
|
||||||
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
||||||
--node-labels=node.kubernetes.io/node \
|
|
||||||
%{~ for label in compact(split(",", node_labels)) ~}
|
%{~ for label in compact(split(",", node_labels)) ~}
|
||||||
--node-labels=${label} \
|
--node-labels=${label} \
|
||||||
%{~ endfor ~}
|
%{~ endfor ~}
|
||||||
%{~ for taint in compact(split(",", node_taints)) ~}
|
%{~ for taint in compact(split(",", node_taints)) ~}
|
||||||
--register-with-taints=${taint} \
|
--register-with-taints=${taint} \
|
||||||
%{~ endfor ~}
|
%{~ endfor ~}
|
||||||
--pod-manifest-path=/etc/kubernetes/manifests \
|
--node-labels=node.kubernetes.io/node
|
||||||
--read-only-port=0 \
|
|
||||||
--resolv-conf=/run/systemd/resolve/resolv.conf \
|
|
||||||
--rotate-certificates \
|
|
||||||
--volume-plugin-dir=/var/lib/kubelet/volumeplugins
|
|
||||||
ExecStop=-/usr/bin/podman stop kubelet
|
ExecStop=-/usr/bin/podman stop kubelet
|
||||||
Delegate=yes
|
Delegate=yes
|
||||||
Restart=always
|
Restart=always
|
||||||
|
|
@ -104,6 +89,31 @@ storage:
|
||||||
contents:
|
contents:
|
||||||
inline:
|
inline:
|
||||||
${domain_name}
|
${domain_name}
|
||||||
|
- path: /etc/kubernetes/kubelet.yaml
|
||||||
|
mode: 0644
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
apiVersion: kubelet.config.k8s.io/v1beta1
|
||||||
|
kind: KubeletConfiguration
|
||||||
|
authentication:
|
||||||
|
anonymous:
|
||||||
|
enabled: false
|
||||||
|
webhook:
|
||||||
|
enabled: true
|
||||||
|
x509:
|
||||||
|
clientCAFile: /etc/kubernetes/ca.crt
|
||||||
|
authorization:
|
||||||
|
mode: Webhook
|
||||||
|
cgroupDriver: systemd
|
||||||
|
clusterDNS:
|
||||||
|
- ${cluster_dns_service_ip}
|
||||||
|
clusterDomain: ${cluster_domain_suffix}
|
||||||
|
healthzPort: 0
|
||||||
|
rotateCertificates: true
|
||||||
|
staticPodPath: /etc/kubernetes/manifests
|
||||||
|
readOnlyPort: 0
|
||||||
|
resolvConf: /run/systemd/resolve/resolv.conf
|
||||||
|
volumePluginDir: /var/lib/kubelet/volumeplugins
|
||||||
- path: /etc/sysctl.d/max-user-watches.conf
|
- path: /etc/sysctl.d/max-user-watches.conf
|
||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
|
|
|
||||||
|
|
@ -89,26 +89,13 @@ systemd:
|
||||||
-v /var/log:/var/log \
|
-v /var/log:/var/log \
|
||||||
-v /opt/cni/bin:/opt/cni/bin \
|
-v /opt/cni/bin:/opt/cni/bin \
|
||||||
$${KUBELET_IMAGE} \
|
$${KUBELET_IMAGE} \
|
||||||
--anonymous-auth=false \
|
|
||||||
--authentication-token-webhook \
|
|
||||||
--authorization-mode=Webhook \
|
|
||||||
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
||||||
--cgroup-driver=systemd \
|
--config=/etc/kubernetes/kubelet.yaml \
|
||||||
--container-runtime=remote \
|
|
||||||
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
||||||
--client-ca-file=/etc/kubernetes/ca.crt \
|
|
||||||
--cluster_dns=${cluster_dns_service_ip} \
|
|
||||||
--cluster_domain=${cluster_domain_suffix} \
|
|
||||||
--healthz-port=0 \
|
|
||||||
--hostname-override=${domain_name} \
|
--hostname-override=${domain_name} \
|
||||||
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
||||||
--node-labels=node.kubernetes.io/controller="true" \
|
--node-labels=node.kubernetes.io/controller="true" \
|
||||||
--pod-manifest-path=/etc/kubernetes/manifests \
|
--register-with-taints=node-role.kubernetes.io/controller=:NoSchedule
|
||||||
--read-only-port=0 \
|
|
||||||
--resolv-conf=/run/systemd/resolve/resolv.conf \
|
|
||||||
--register-with-taints=node-role.kubernetes.io/controller=:NoSchedule \
|
|
||||||
--rotate-certificates \
|
|
||||||
--volume-plugin-dir=/var/lib/kubelet/volumeplugins
|
|
||||||
ExecStart=docker logs -f kubelet
|
ExecStart=docker logs -f kubelet
|
||||||
ExecStop=docker stop kubelet
|
ExecStop=docker stop kubelet
|
||||||
ExecStopPost=docker rm kubelet
|
ExecStopPost=docker rm kubelet
|
||||||
|
|
@ -150,6 +137,31 @@ storage:
|
||||||
contents:
|
contents:
|
||||||
inline:
|
inline:
|
||||||
${domain_name}
|
${domain_name}
|
||||||
|
- path: /etc/kubernetes/kubelet.yaml
|
||||||
|
mode: 0644
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
apiVersion: kubelet.config.k8s.io/v1beta1
|
||||||
|
kind: KubeletConfiguration
|
||||||
|
authentication:
|
||||||
|
anonymous:
|
||||||
|
enabled: false
|
||||||
|
webhook:
|
||||||
|
enabled: true
|
||||||
|
x509:
|
||||||
|
clientCAFile: /etc/kubernetes/ca.crt
|
||||||
|
authorization:
|
||||||
|
mode: Webhook
|
||||||
|
cgroupDriver: systemd
|
||||||
|
clusterDNS:
|
||||||
|
- ${cluster_dns_service_ip}
|
||||||
|
clusterDomain: ${cluster_domain_suffix}
|
||||||
|
healthzPort: 0
|
||||||
|
rotateCertificates: true
|
||||||
|
staticPodPath: /etc/kubernetes/manifests
|
||||||
|
readOnlyPort: 0
|
||||||
|
resolvConf: /run/systemd/resolve/resolv.conf
|
||||||
|
volumePluginDir: /var/lib/kubelet/volumeplugins
|
||||||
- path: /opt/bootstrap/layout
|
- path: /opt/bootstrap/layout
|
||||||
mode: 0544
|
mode: 0544
|
||||||
contents:
|
contents:
|
||||||
|
|
|
||||||
|
|
@ -64,17 +64,9 @@ systemd:
|
||||||
-v /var/log:/var/log \
|
-v /var/log:/var/log \
|
||||||
-v /opt/cni/bin:/opt/cni/bin \
|
-v /opt/cni/bin:/opt/cni/bin \
|
||||||
$${KUBELET_IMAGE} \
|
$${KUBELET_IMAGE} \
|
||||||
--anonymous-auth=false \
|
|
||||||
--authentication-token-webhook \
|
|
||||||
--authorization-mode=Webhook \
|
|
||||||
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
||||||
--cgroup-driver=systemd \
|
--config=/etc/kubernetes/kubelet.yaml \
|
||||||
--container-runtime=remote \
|
|
||||||
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
||||||
--client-ca-file=/etc/kubernetes/ca.crt \
|
|
||||||
--cluster_dns=${cluster_dns_service_ip} \
|
|
||||||
--cluster_domain=${cluster_domain_suffix} \
|
|
||||||
--healthz-port=0 \
|
|
||||||
--hostname-override=${domain_name} \
|
--hostname-override=${domain_name} \
|
||||||
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
||||||
--node-labels=node.kubernetes.io/node \
|
--node-labels=node.kubernetes.io/node \
|
||||||
|
|
@ -84,11 +76,7 @@ systemd:
|
||||||
%{~ for taint in compact(split(",", node_taints)) ~}
|
%{~ for taint in compact(split(",", node_taints)) ~}
|
||||||
--register-with-taints=${taint} \
|
--register-with-taints=${taint} \
|
||||||
%{~ endfor ~}
|
%{~ endfor ~}
|
||||||
--pod-manifest-path=/etc/kubernetes/manifests \
|
--node-labels=node.kubernetes.io/node
|
||||||
--read-only-port=0 \
|
|
||||||
--resolv-conf=/run/systemd/resolve/resolv.conf \
|
|
||||||
--rotate-certificates \
|
|
||||||
--volume-plugin-dir=/var/lib/kubelet/volumeplugins
|
|
||||||
ExecStart=docker logs -f kubelet
|
ExecStart=docker logs -f kubelet
|
||||||
ExecStop=docker stop kubelet
|
ExecStop=docker stop kubelet
|
||||||
ExecStopPost=docker rm kubelet
|
ExecStopPost=docker rm kubelet
|
||||||
|
|
@ -107,6 +95,31 @@ storage:
|
||||||
contents:
|
contents:
|
||||||
inline:
|
inline:
|
||||||
${domain_name}
|
${domain_name}
|
||||||
|
- path: /etc/kubernetes/kubelet.yaml
|
||||||
|
mode: 0644
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
apiVersion: kubelet.config.k8s.io/v1beta1
|
||||||
|
kind: KubeletConfiguration
|
||||||
|
authentication:
|
||||||
|
anonymous:
|
||||||
|
enabled: false
|
||||||
|
webhook:
|
||||||
|
enabled: true
|
||||||
|
x509:
|
||||||
|
clientCAFile: /etc/kubernetes/ca.crt
|
||||||
|
authorization:
|
||||||
|
mode: Webhook
|
||||||
|
cgroupDriver: systemd
|
||||||
|
clusterDNS:
|
||||||
|
- ${cluster_dns_service_ip}
|
||||||
|
clusterDomain: ${cluster_domain_suffix}
|
||||||
|
healthzPort: 0
|
||||||
|
rotateCertificates: true
|
||||||
|
staticPodPath: /etc/kubernetes/manifests
|
||||||
|
readOnlyPort: 0
|
||||||
|
resolvConf: /run/systemd/resolve/resolv.conf
|
||||||
|
volumePluginDir: /var/lib/kubelet/volumeplugins
|
||||||
- path: /etc/sysctl.d/max-user-watches.conf
|
- path: /etc/sysctl.d/max-user-watches.conf
|
||||||
mode: 0644
|
mode: 0644
|
||||||
contents:
|
contents:
|
||||||
|
|
|
||||||
|
|
@ -83,28 +83,13 @@ systemd:
|
||||||
--volume /var/run/lock:/var/run/lock:z \
|
--volume /var/run/lock:/var/run/lock:z \
|
||||||
--volume /opt/cni/bin:/opt/cni/bin:z \
|
--volume /opt/cni/bin:/opt/cni/bin:z \
|
||||||
$${KUBELET_IMAGE} \
|
$${KUBELET_IMAGE} \
|
||||||
--anonymous-auth=false \
|
|
||||||
--authentication-token-webhook \
|
|
||||||
--authorization-mode=Webhook \
|
|
||||||
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
||||||
--cgroup-driver=systemd \
|
--config=/etc/kubernetes/kubelet.yaml \
|
||||||
--cgroups-per-qos=true \
|
|
||||||
--container-runtime=remote \
|
|
||||||
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
||||||
--enforce-node-allocatable=pods \
|
|
||||||
--client-ca-file=/etc/kubernetes/ca.crt \
|
|
||||||
--cluster_dns=${cluster_dns_service_ip} \
|
|
||||||
--cluster_domain=${cluster_domain_suffix} \
|
|
||||||
--healthz-port=0 \
|
|
||||||
--hostname-override=$${AFTERBURN_DIGITALOCEAN_IPV4_PRIVATE_0} \
|
--hostname-override=$${AFTERBURN_DIGITALOCEAN_IPV4_PRIVATE_0} \
|
||||||
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
||||||
--node-labels=node.kubernetes.io/controller="true" \
|
--node-labels=node.kubernetes.io/controller="true" \
|
||||||
--pod-manifest-path=/etc/kubernetes/manifests \
|
--register-with-taints=node-role.kubernetes.io/controller=:NoSchedule
|
||||||
--read-only-port=0 \
|
|
||||||
--resolv-conf=/run/systemd/resolve/resolv.conf \
|
|
||||||
--register-with-taints=node-role.kubernetes.io/controller=:NoSchedule \
|
|
||||||
--rotate-certificates \
|
|
||||||
--volume-plugin-dir=/var/lib/kubelet/volumeplugins
|
|
||||||
ExecStop=-/usr/bin/podman stop kubelet
|
ExecStop=-/usr/bin/podman stop kubelet
|
||||||
Delegate=yes
|
Delegate=yes
|
||||||
Restart=always
|
Restart=always
|
||||||
|
|
@ -146,6 +131,31 @@ storage:
|
||||||
- path: /etc/kubernetes
|
- path: /etc/kubernetes
|
||||||
- path: /opt/bootstrap
|
- path: /opt/bootstrap
|
||||||
files:
|
files:
|
||||||
|
- path: /etc/kubernetes/kubelet.yaml
|
||||||
|
mode: 0644
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
apiVersion: kubelet.config.k8s.io/v1beta1
|
||||||
|
kind: KubeletConfiguration
|
||||||
|
authentication:
|
||||||
|
anonymous:
|
||||||
|
enabled: false
|
||||||
|
webhook:
|
||||||
|
enabled: true
|
||||||
|
x509:
|
||||||
|
clientCAFile: /etc/kubernetes/ca.crt
|
||||||
|
authorization:
|
||||||
|
mode: Webhook
|
||||||
|
cgroupDriver: systemd
|
||||||
|
clusterDNS:
|
||||||
|
- ${cluster_dns_service_ip}
|
||||||
|
clusterDomain: ${cluster_domain_suffix}
|
||||||
|
healthzPort: 0
|
||||||
|
rotateCertificates: true
|
||||||
|
staticPodPath: /etc/kubernetes/manifests
|
||||||
|
readOnlyPort: 0
|
||||||
|
resolvConf: /run/systemd/resolve/resolv.conf
|
||||||
|
volumePluginDir: /var/lib/kubelet/volumeplugins
|
||||||
- path: /opt/bootstrap/layout
|
- path: /opt/bootstrap/layout
|
||||||
mode: 0544
|
mode: 0544
|
||||||
contents:
|
contents:
|
||||||
|
|
|
||||||
|
|
@ -61,23 +61,11 @@ systemd:
|
||||||
--authentication-token-webhook \
|
--authentication-token-webhook \
|
||||||
--authorization-mode=Webhook \
|
--authorization-mode=Webhook \
|
||||||
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
||||||
--cgroup-driver=systemd \
|
--config=/etc/kubernetes/kubelet.yaml \
|
||||||
--cgroups-per-qos=true \
|
|
||||||
--container-runtime=remote \
|
|
||||||
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
||||||
--enforce-node-allocatable=pods \
|
|
||||||
--client-ca-file=/etc/kubernetes/ca.crt \
|
|
||||||
--cluster_dns=${cluster_dns_service_ip} \
|
|
||||||
--cluster_domain=${cluster_domain_suffix} \
|
|
||||||
--healthz-port=0 \
|
|
||||||
--hostname-override=$${AFTERBURN_DIGITALOCEAN_IPV4_PRIVATE_0} \
|
--hostname-override=$${AFTERBURN_DIGITALOCEAN_IPV4_PRIVATE_0} \
|
||||||
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
||||||
--node-labels=node.kubernetes.io/node \
|
--node-labels=node.kubernetes.io/node
|
||||||
--pod-manifest-path=/etc/kubernetes/manifests \
|
|
||||||
--read-only-port=0 \
|
|
||||||
--resolv-conf=/run/systemd/resolve/resolv.conf \
|
|
||||||
--rotate-certificates \
|
|
||||||
--volume-plugin-dir=/var/lib/kubelet/volumeplugins
|
|
||||||
ExecStop=-/usr/bin/podman stop kubelet
|
ExecStop=-/usr/bin/podman stop kubelet
|
||||||
Delegate=yes
|
Delegate=yes
|
||||||
Restart=always
|
Restart=always
|
||||||
|
|
@ -110,6 +98,31 @@ storage:
|
||||||
directories:
|
directories:
|
||||||
- path: /etc/kubernetes
|
- path: /etc/kubernetes
|
||||||
files:
|
files:
|
||||||
|
- path: /etc/kubernetes/kubelet.yaml
|
||||||
|
mode: 0644
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
apiVersion: kubelet.config.k8s.io/v1beta1
|
||||||
|
kind: KubeletConfiguration
|
||||||
|
authentication:
|
||||||
|
anonymous:
|
||||||
|
enabled: false
|
||||||
|
webhook:
|
||||||
|
enabled: true
|
||||||
|
x509:
|
||||||
|
clientCAFile: /etc/kubernetes/ca.crt
|
||||||
|
authorization:
|
||||||
|
mode: Webhook
|
||||||
|
cgroupDriver: systemd
|
||||||
|
clusterDNS:
|
||||||
|
- ${cluster_dns_service_ip}
|
||||||
|
clusterDomain: ${cluster_domain_suffix}
|
||||||
|
healthzPort: 0
|
||||||
|
rotateCertificates: true
|
||||||
|
staticPodPath: /etc/kubernetes/manifests
|
||||||
|
readOnlyPort: 0
|
||||||
|
resolvConf: /run/systemd/resolve/resolv.conf
|
||||||
|
volumePluginDir: /var/lib/kubelet/volumeplugins
|
||||||
- path: /etc/sysctl.d/max-user-watches.conf
|
- path: /etc/sysctl.d/max-user-watches.conf
|
||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
|
|
|
||||||
|
|
@ -92,26 +92,13 @@ systemd:
|
||||||
-v /var/log:/var/log \
|
-v /var/log:/var/log \
|
||||||
-v /opt/cni/bin:/opt/cni/bin \
|
-v /opt/cni/bin:/opt/cni/bin \
|
||||||
$${KUBELET_IMAGE} \
|
$${KUBELET_IMAGE} \
|
||||||
--anonymous-auth=false \
|
|
||||||
--authentication-token-webhook \
|
|
||||||
--authorization-mode=Webhook \
|
|
||||||
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
||||||
--cgroup-driver=systemd \
|
--config=/etc/kubernetes/kubelet.yaml \
|
||||||
--container-runtime=remote \
|
|
||||||
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
||||||
--client-ca-file=/etc/kubernetes/ca.crt \
|
|
||||||
--cluster_dns=${cluster_dns_service_ip} \
|
|
||||||
--cluster_domain=${cluster_domain_suffix} \
|
|
||||||
--healthz-port=0 \
|
|
||||||
--hostname-override=$${COREOS_DIGITALOCEAN_IPV4_PRIVATE_0} \
|
--hostname-override=$${COREOS_DIGITALOCEAN_IPV4_PRIVATE_0} \
|
||||||
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
||||||
--node-labels=node.kubernetes.io/controller="true" \
|
--node-labels=node.kubernetes.io/controller="true" \
|
||||||
--pod-manifest-path=/etc/kubernetes/manifests \
|
--register-with-taints=node-role.kubernetes.io/controller=:NoSchedule
|
||||||
--read-only-port=0 \
|
|
||||||
--resolv-conf=/run/systemd/resolve/resolv.conf \
|
|
||||||
--register-with-taints=node-role.kubernetes.io/controller=:NoSchedule \
|
|
||||||
--rotate-certificates \
|
|
||||||
--volume-plugin-dir=/var/lib/kubelet/volumeplugins
|
|
||||||
ExecStart=docker logs -f kubelet
|
ExecStart=docker logs -f kubelet
|
||||||
ExecStop=docker stop kubelet
|
ExecStop=docker stop kubelet
|
||||||
ExecStopPost=docker rm kubelet
|
ExecStopPost=docker rm kubelet
|
||||||
|
|
@ -148,6 +135,31 @@ storage:
|
||||||
- path: /etc/kubernetes
|
- path: /etc/kubernetes
|
||||||
mode: 0755
|
mode: 0755
|
||||||
files:
|
files:
|
||||||
|
- path: /etc/kubernetes/kubelet.yaml
|
||||||
|
mode: 0644
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
apiVersion: kubelet.config.k8s.io/v1beta1
|
||||||
|
kind: KubeletConfiguration
|
||||||
|
authentication:
|
||||||
|
anonymous:
|
||||||
|
enabled: false
|
||||||
|
webhook:
|
||||||
|
enabled: true
|
||||||
|
x509:
|
||||||
|
clientCAFile: /etc/kubernetes/ca.crt
|
||||||
|
authorization:
|
||||||
|
mode: Webhook
|
||||||
|
cgroupDriver: systemd
|
||||||
|
clusterDNS:
|
||||||
|
- ${cluster_dns_service_ip}
|
||||||
|
clusterDomain: ${cluster_domain_suffix}
|
||||||
|
healthzPort: 0
|
||||||
|
rotateCertificates: true
|
||||||
|
staticPodPath: /etc/kubernetes/manifests
|
||||||
|
readOnlyPort: 0
|
||||||
|
resolvConf: /run/systemd/resolve/resolv.conf
|
||||||
|
volumePluginDir: /var/lib/kubelet/volumeplugins
|
||||||
- path: /opt/bootstrap/layout
|
- path: /opt/bootstrap/layout
|
||||||
mode: 0544
|
mode: 0544
|
||||||
contents:
|
contents:
|
||||||
|
|
|
||||||
|
|
@ -67,25 +67,12 @@ systemd:
|
||||||
-v /var/log:/var/log \
|
-v /var/log:/var/log \
|
||||||
-v /opt/cni/bin:/opt/cni/bin \
|
-v /opt/cni/bin:/opt/cni/bin \
|
||||||
$${KUBELET_IMAGE} \
|
$${KUBELET_IMAGE} \
|
||||||
--anonymous-auth=false \
|
|
||||||
--authentication-token-webhook \
|
|
||||||
--authorization-mode=Webhook \
|
|
||||||
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
||||||
--cgroup-driver=systemd \
|
--config=/etc/kubernetes/kubelet.yaml \
|
||||||
--container-runtime=remote \
|
|
||||||
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
||||||
--client-ca-file=/etc/kubernetes/ca.crt \
|
|
||||||
--cluster_dns=${cluster_dns_service_ip} \
|
|
||||||
--cluster_domain=${cluster_domain_suffix} \
|
|
||||||
--healthz-port=0 \
|
|
||||||
--hostname-override=$${COREOS_DIGITALOCEAN_IPV4_PRIVATE_0} \
|
--hostname-override=$${COREOS_DIGITALOCEAN_IPV4_PRIVATE_0} \
|
||||||
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
||||||
--node-labels=node.kubernetes.io/node \
|
--node-labels=node.kubernetes.io/node
|
||||||
--pod-manifest-path=/etc/kubernetes/manifests \
|
|
||||||
--read-only-port=0 \
|
|
||||||
--resolv-conf=/run/systemd/resolve/resolv.conf \
|
|
||||||
--rotate-certificates \
|
|
||||||
--volume-plugin-dir=/var/lib/kubelet/volumeplugins
|
|
||||||
ExecStart=docker logs -f kubelet
|
ExecStart=docker logs -f kubelet
|
||||||
ExecStop=docker stop kubelet
|
ExecStop=docker stop kubelet
|
||||||
ExecStopPost=docker rm kubelet
|
ExecStopPost=docker rm kubelet
|
||||||
|
|
@ -111,6 +98,31 @@ storage:
|
||||||
- path: /etc/kubernetes
|
- path: /etc/kubernetes
|
||||||
mode: 0755
|
mode: 0755
|
||||||
files:
|
files:
|
||||||
|
- path: /etc/kubernetes/kubelet.yaml
|
||||||
|
mode: 0644
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
apiVersion: kubelet.config.k8s.io/v1beta1
|
||||||
|
kind: KubeletConfiguration
|
||||||
|
authentication:
|
||||||
|
anonymous:
|
||||||
|
enabled: false
|
||||||
|
webhook:
|
||||||
|
enabled: true
|
||||||
|
x509:
|
||||||
|
clientCAFile: /etc/kubernetes/ca.crt
|
||||||
|
authorization:
|
||||||
|
mode: Webhook
|
||||||
|
cgroupDriver: systemd
|
||||||
|
clusterDNS:
|
||||||
|
- ${cluster_dns_service_ip}
|
||||||
|
clusterDomain: ${cluster_domain_suffix}
|
||||||
|
healthzPort: 0
|
||||||
|
rotateCertificates: true
|
||||||
|
staticPodPath: /etc/kubernetes/manifests
|
||||||
|
readOnlyPort: 0
|
||||||
|
resolvConf: /run/systemd/resolve/resolv.conf
|
||||||
|
volumePluginDir: /var/lib/kubelet/volumeplugins
|
||||||
- path: /etc/sysctl.d/max-user-watches.conf
|
- path: /etc/sysctl.d/max-user-watches.conf
|
||||||
mode: 0644
|
mode: 0644
|
||||||
contents:
|
contents:
|
||||||
|
|
|
||||||
|
|
@ -81,27 +81,12 @@ systemd:
|
||||||
--volume /var/run/lock:/var/run/lock:z \
|
--volume /var/run/lock:/var/run/lock:z \
|
||||||
--volume /opt/cni/bin:/opt/cni/bin:z \
|
--volume /opt/cni/bin:/opt/cni/bin:z \
|
||||||
$${KUBELET_IMAGE} \
|
$${KUBELET_IMAGE} \
|
||||||
--anonymous-auth=false \
|
|
||||||
--authentication-token-webhook \
|
|
||||||
--authorization-mode=Webhook \
|
|
||||||
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
||||||
--cgroup-driver=systemd \
|
--config=/etc/kubernetes/kubelet.yaml \
|
||||||
--cgroups-per-qos=true \
|
|
||||||
--container-runtime=remote \
|
|
||||||
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
||||||
--enforce-node-allocatable=pods \
|
|
||||||
--client-ca-file=/etc/kubernetes/ca.crt \
|
|
||||||
--cluster_dns=${cluster_dns_service_ip} \
|
|
||||||
--cluster_domain=${cluster_domain_suffix} \
|
|
||||||
--healthz-port=0 \
|
|
||||||
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
||||||
--node-labels=node.kubernetes.io/controller="true" \
|
--node-labels=node.kubernetes.io/controller="true" \
|
||||||
--pod-manifest-path=/etc/kubernetes/manifests \
|
--register-with-taints=node-role.kubernetes.io/controller=:NoSchedule
|
||||||
--read-only-port=0 \
|
|
||||||
--resolv-conf=/run/systemd/resolve/resolv.conf \
|
|
||||||
--register-with-taints=node-role.kubernetes.io/controller=:NoSchedule \
|
|
||||||
--rotate-certificates \
|
|
||||||
--volume-plugin-dir=/var/lib/kubelet/volumeplugins
|
|
||||||
ExecStop=-/usr/bin/podman stop kubelet
|
ExecStop=-/usr/bin/podman stop kubelet
|
||||||
Delegate=yes
|
Delegate=yes
|
||||||
Restart=always
|
Restart=always
|
||||||
|
|
@ -139,6 +124,30 @@ storage:
|
||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
${kubeconfig}
|
${kubeconfig}
|
||||||
|
- path: /etc/kubernetes/kubelet.yaml
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
apiVersion: kubelet.config.k8s.io/v1beta1
|
||||||
|
kind: KubeletConfiguration
|
||||||
|
authentication:
|
||||||
|
anonymous:
|
||||||
|
enabled: false
|
||||||
|
webhook:
|
||||||
|
enabled: true
|
||||||
|
x509:
|
||||||
|
clientCAFile: /etc/kubernetes/ca.crt
|
||||||
|
authorization:
|
||||||
|
mode: Webhook
|
||||||
|
cgroupDriver: systemd
|
||||||
|
clusterDNS:
|
||||||
|
- ${cluster_dns_service_ip}
|
||||||
|
clusterDomain: ${cluster_domain_suffix}
|
||||||
|
healthzPort: 0
|
||||||
|
rotateCertificates: true
|
||||||
|
staticPodPath: /etc/kubernetes/manifests
|
||||||
|
readOnlyPort: 0
|
||||||
|
resolvConf: /run/systemd/resolve/resolv.conf
|
||||||
|
volumePluginDir: /var/lib/kubelet/volumeplugins
|
||||||
- path: /opt/bootstrap/layout
|
- path: /opt/bootstrap/layout
|
||||||
mode: 0544
|
mode: 0544
|
||||||
contents:
|
contents:
|
||||||
|
|
|
||||||
|
|
@ -54,32 +54,17 @@ systemd:
|
||||||
--volume /var/run/lock:/var/run/lock:z \
|
--volume /var/run/lock:/var/run/lock:z \
|
||||||
--volume /opt/cni/bin:/opt/cni/bin:z \
|
--volume /opt/cni/bin:/opt/cni/bin:z \
|
||||||
$${KUBELET_IMAGE} \
|
$${KUBELET_IMAGE} \
|
||||||
--anonymous-auth=false \
|
|
||||||
--authentication-token-webhook \
|
|
||||||
--authorization-mode=Webhook \
|
|
||||||
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
||||||
--cgroup-driver=systemd \
|
--config=/etc/kubernetes/kubelet.yaml \
|
||||||
--cgroups-per-qos=true \
|
|
||||||
--container-runtime=remote \
|
|
||||||
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
||||||
--enforce-node-allocatable=pods \
|
|
||||||
--client-ca-file=/etc/kubernetes/ca.crt \
|
|
||||||
--cluster_dns=${cluster_dns_service_ip} \
|
|
||||||
--cluster_domain=${cluster_domain_suffix} \
|
|
||||||
--healthz-port=0 \
|
|
||||||
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
||||||
--node-labels=node.kubernetes.io/node \
|
|
||||||
%{~ for label in split(",", node_labels) ~}
|
%{~ for label in split(",", node_labels) ~}
|
||||||
--node-labels=${label} \
|
--node-labels=${label} \
|
||||||
%{~ endfor ~}
|
%{~ endfor ~}
|
||||||
%{~ for taint in split(",", node_taints) ~}
|
%{~ for taint in split(",", node_taints) ~}
|
||||||
--register-with-taints=${taint} \
|
--register-with-taints=${taint} \
|
||||||
%{~ endfor ~}
|
%{~ endfor ~}
|
||||||
--pod-manifest-path=/etc/kubernetes/manifests \
|
--node-labels=node.kubernetes.io/node
|
||||||
--read-only-port=0 \
|
|
||||||
--resolv-conf=/run/systemd/resolve/resolv.conf \
|
|
||||||
--rotate-certificates \
|
|
||||||
--volume-plugin-dir=/var/lib/kubelet/volumeplugins
|
|
||||||
ExecStop=-/usr/bin/podman stop kubelet
|
ExecStop=-/usr/bin/podman stop kubelet
|
||||||
Delegate=yes
|
Delegate=yes
|
||||||
Restart=always
|
Restart=always
|
||||||
|
|
@ -108,6 +93,30 @@ storage:
|
||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
${kubeconfig}
|
${kubeconfig}
|
||||||
|
- path: /etc/kubernetes/kubelet.yaml
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
apiVersion: kubelet.config.k8s.io/v1beta1
|
||||||
|
kind: KubeletConfiguration
|
||||||
|
authentication:
|
||||||
|
anonymous:
|
||||||
|
enabled: false
|
||||||
|
webhook:
|
||||||
|
enabled: true
|
||||||
|
x509:
|
||||||
|
clientCAFile: /etc/kubernetes/ca.crt
|
||||||
|
authorization:
|
||||||
|
mode: Webhook
|
||||||
|
cgroupDriver: systemd
|
||||||
|
clusterDNS:
|
||||||
|
- ${cluster_dns_service_ip}
|
||||||
|
clusterDomain: ${cluster_domain_suffix}
|
||||||
|
healthzPort: 0
|
||||||
|
rotateCertificates: true
|
||||||
|
staticPodPath: /etc/kubernetes/manifests
|
||||||
|
readOnlyPort: 0
|
||||||
|
resolvConf: /run/systemd/resolve/resolv.conf
|
||||||
|
volumePluginDir: /var/lib/kubelet/volumeplugins
|
||||||
- path: /etc/sysctl.d/max-user-watches.conf
|
- path: /etc/sysctl.d/max-user-watches.conf
|
||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
|
|
|
||||||
|
|
@ -81,25 +81,12 @@ systemd:
|
||||||
-v /var/log:/var/log \
|
-v /var/log:/var/log \
|
||||||
-v /opt/cni/bin:/opt/cni/bin \
|
-v /opt/cni/bin:/opt/cni/bin \
|
||||||
$${KUBELET_IMAGE} \
|
$${KUBELET_IMAGE} \
|
||||||
--anonymous-auth=false \
|
|
||||||
--authentication-token-webhook \
|
|
||||||
--authorization-mode=Webhook \
|
|
||||||
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
||||||
--cgroup-driver=systemd \
|
--config=/etc/kubernetes/kubelet.yaml \
|
||||||
--container-runtime=remote \
|
|
||||||
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
||||||
--client-ca-file=/etc/kubernetes/ca.crt \
|
|
||||||
--cluster_dns=${cluster_dns_service_ip} \
|
|
||||||
--cluster_domain=${cluster_domain_suffix} \
|
|
||||||
--healthz-port=0 \
|
|
||||||
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
||||||
--node-labels=node.kubernetes.io/controller="true" \
|
--node-labels=node.kubernetes.io/controller="true" \
|
||||||
--pod-manifest-path=/etc/kubernetes/manifests \
|
--register-with-taints=node-role.kubernetes.io/controller=:NoSchedule
|
||||||
--register-with-taints=node-role.kubernetes.io/controller=:NoSchedule \
|
|
||||||
--read-only-port=0 \
|
|
||||||
--resolv-conf=/run/systemd/resolve/resolv.conf \
|
|
||||||
--rotate-certificates \
|
|
||||||
--volume-plugin-dir=/var/lib/kubelet/volumeplugins
|
|
||||||
ExecStart=docker logs -f kubelet
|
ExecStart=docker logs -f kubelet
|
||||||
ExecStop=docker stop kubelet
|
ExecStop=docker stop kubelet
|
||||||
ExecStopPost=docker rm kubelet
|
ExecStopPost=docker rm kubelet
|
||||||
|
|
@ -139,6 +126,30 @@ storage:
|
||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
${kubeconfig}
|
${kubeconfig}
|
||||||
|
- path: /etc/kubernetes/kubelet.yaml
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
apiVersion: kubelet.config.k8s.io/v1beta1
|
||||||
|
kind: KubeletConfiguration
|
||||||
|
authentication:
|
||||||
|
anonymous:
|
||||||
|
enabled: false
|
||||||
|
webhook:
|
||||||
|
enabled: true
|
||||||
|
x509:
|
||||||
|
clientCAFile: /etc/kubernetes/ca.crt
|
||||||
|
authorization:
|
||||||
|
mode: Webhook
|
||||||
|
cgroupDriver: systemd
|
||||||
|
clusterDNS:
|
||||||
|
- ${cluster_dns_service_ip}
|
||||||
|
clusterDomain: ${cluster_domain_suffix}
|
||||||
|
healthzPort: 0
|
||||||
|
rotateCertificates: true
|
||||||
|
staticPodPath: /etc/kubernetes/manifests
|
||||||
|
readOnlyPort: 0
|
||||||
|
resolvConf: /run/systemd/resolve/resolv.conf
|
||||||
|
volumePluginDir: /var/lib/kubelet/volumeplugins
|
||||||
- path: /opt/bootstrap/layout
|
- path: /opt/bootstrap/layout
|
||||||
mode: 0544
|
mode: 0544
|
||||||
contents:
|
contents:
|
||||||
|
|
|
||||||
|
|
@ -56,30 +56,17 @@ systemd:
|
||||||
-v /var/log:/var/log \
|
-v /var/log:/var/log \
|
||||||
-v /opt/cni/bin:/opt/cni/bin \
|
-v /opt/cni/bin:/opt/cni/bin \
|
||||||
$${KUBELET_IMAGE} \
|
$${KUBELET_IMAGE} \
|
||||||
--anonymous-auth=false \
|
|
||||||
--authentication-token-webhook \
|
|
||||||
--authorization-mode=Webhook \
|
|
||||||
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
|
||||||
--cgroup-driver=systemd \
|
--config=/etc/kubernetes/kubelet.yaml \
|
||||||
--container-runtime=remote \
|
|
||||||
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
--container-runtime-endpoint=unix:///run/containerd/containerd.sock \
|
||||||
--client-ca-file=/etc/kubernetes/ca.crt \
|
|
||||||
--cluster_dns=${cluster_dns_service_ip} \
|
|
||||||
--cluster_domain=${cluster_domain_suffix} \
|
|
||||||
--healthz-port=0 \
|
|
||||||
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
--kubeconfig=/var/lib/kubelet/kubeconfig \
|
||||||
--node-labels=node.kubernetes.io/node \
|
|
||||||
%{~ for label in split(",", node_labels) ~}
|
%{~ for label in split(",", node_labels) ~}
|
||||||
--node-labels=${label} \
|
--node-labels=${label} \
|
||||||
%{~ endfor ~}
|
%{~ endfor ~}
|
||||||
%{~ for taint in split(",", node_taints) ~}
|
%{~ for taint in split(",", node_taints) ~}
|
||||||
--register-with-taints=${taint} \
|
--register-with-taints=${taint} \
|
||||||
%{~ endfor ~}
|
%{~ endfor ~}
|
||||||
--pod-manifest-path=/etc/kubernetes/manifests \
|
--node-labels=node.kubernetes.io/node
|
||||||
--read-only-port=0 \
|
|
||||||
--resolv-conf=/run/systemd/resolve/resolv.conf \
|
|
||||||
--rotate-certificates \
|
|
||||||
--volume-plugin-dir=/var/lib/kubelet/volumeplugins
|
|
||||||
ExecStart=docker logs -f kubelet
|
ExecStart=docker logs -f kubelet
|
||||||
ExecStop=docker stop kubelet
|
ExecStop=docker stop kubelet
|
||||||
ExecStopPost=docker rm kubelet
|
ExecStopPost=docker rm kubelet
|
||||||
|
|
@ -107,6 +94,30 @@ storage:
|
||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
${kubeconfig}
|
${kubeconfig}
|
||||||
|
- path: /etc/kubernetes/kubelet.yaml
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
apiVersion: kubelet.config.k8s.io/v1beta1
|
||||||
|
kind: KubeletConfiguration
|
||||||
|
authentication:
|
||||||
|
anonymous:
|
||||||
|
enabled: false
|
||||||
|
webhook:
|
||||||
|
enabled: true
|
||||||
|
x509:
|
||||||
|
clientCAFile: /etc/kubernetes/ca.crt
|
||||||
|
authorization:
|
||||||
|
mode: Webhook
|
||||||
|
cgroupDriver: systemd
|
||||||
|
clusterDNS:
|
||||||
|
- ${cluster_dns_service_ip}
|
||||||
|
clusterDomain: ${cluster_domain_suffix}
|
||||||
|
healthzPort: 0
|
||||||
|
rotateCertificates: true
|
||||||
|
staticPodPath: /etc/kubernetes/manifests
|
||||||
|
readOnlyPort: 0
|
||||||
|
resolvConf: /run/systemd/resolve/resolv.conf
|
||||||
|
volumePluginDir: /var/lib/kubelet/volumeplugins
|
||||||
- path: /etc/sysctl.d/max-user-watches.conf
|
- path: /etc/sysctl.d/max-user-watches.conf
|
||||||
mode: 0644
|
mode: 0644
|
||||||
contents:
|
contents:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue