"Fossies" - the Fresh Open Source Software Archive

Member "magnum-8.2.0/magnum/drivers/k8s_coreos_v1/templates/fragments/enable-kubelet-minion.yaml" (6 Dec 2019, 4070 Bytes) of package /linux/misc/openstack/magnum-8.2.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Ansible YAML source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "enable-kubelet-minion.yaml": 8.1.0_vs_8.2.0.

    1 #cloud-config
    2 write_files:
    3   - path: /etc/systemd/system/enable-kubelet.service
    4     owner: "root:root"
    5     permissions: "0644"
    6     content: |
    7       [Unit]
    8       Description=Enable Kubelet
    9 
   10       [Service]
   11       Type=oneshot
   12       EnvironmentFile=/etc/sysconfig/heat-params
   13       ExecStart=/etc/sysconfig/enable-kubelet-minion.sh
   14 
   15       [Install]
   16       WantedBy=multi-user.target
   17 
   18   - path: /etc/sysconfig/enable-kubelet-minion.sh
   19     owner: "root:root"
   20     permissions: "0755"
   21     content: |
   22       #!/bin/sh
   23 
   24       if [ -z "${KUBE_NODE_IP}" ]; then
   25         KUBE_NODE_IP=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)
   26       fi
   27 
   28       if [ -n "${INSECURE_REGISTRY_URL}" ]; then
   29           INSECURE_REGISTRY_ARGS="--pod-infra-container-image=${INSECURE_REGISTRY_URL}/google_containers/pause\:3.0"
   30       else
   31           INSECURE_REGISTRY_ARGS=""
   32       fi
   33 
   34       TLS_CERT_FILE=${KUBE_CERTS_PATH}/worker.pem
   35       TLS_PRIVATE_KEY_FILE=${KUBE_CERTS_PATH}/worker-key.pem
   36       KUBE_PROTOCOL="https"
   37       KUBE_CONFIG="/etc/kubernetes/config/worker-kubeconfig.yaml"
   38       if [ "$TLS_DISABLED" == "True" ]; then
   39         TLS_CERT_FILE=
   40         TLS_PRIVATE_KEY_FILE=
   41         KUBE_PROTOCOL="http"
   42         KUBE_CONFIG=
   43       fi
   44       KUBE_MASTER_URI="$KUBE_PROTOCOL://$KUBE_MASTER_IP:$KUBE_API_PORT"
   45 
   46       uuid_file="/var/run/kubelet-pod.uuid"
   47       CONF_FILE=/etc/systemd/system/kubelet.service
   48       cat > $CONF_FILE <<EOF
   49       [Service]
   50       EnvironmentFile=/etc/environment
   51       Environment=KUBELET_VERSION=${KUBE_VERSION}
   52       Environment=KUBELET_ACI=${HYPERKUBE_IMAGE_REPO}
   53       Environment="RKT_OPTS=--uuid-file-save=${uuid_file} \
   54         --volume dns,kind=host,source=/etc/resolv.conf \
   55         --mount volume=dns,target=/etc/resolv.conf \
   56         --volume rkt,kind=host,source=/opt/bin/host-rkt \
   57         --mount volume=rkt,target=/usr/bin/rkt \
   58         --volume var-lib-rkt,kind=host,source=/var/lib/rkt \
   59         --mount volume=var-lib-rkt,target=/var/lib/rkt \
   60         --volume stage,kind=host,source=/tmp \
   61         --mount volume=stage,target=/tmp \
   62         --volume var-log,kind=host,source=/var/log \
   63         --mount volume=var-log,target=/var/log"
   64       ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/manifests
   65       ExecStartPre=/usr/bin/mkdir -p /opt/cni/bin
   66       ExecStartPre=/usr/bin/mkdir -p /var/log/containers
   67       ExecStartPre=-/usr/bin/rkt rm --uuid-file=${uuid_file}
   68       ExecStart=/usr/lib/coreos/kubelet-wrapper \
   69         --cni-conf-dir=/etc/kubernetes/cni/net.d \
   70         --network-plugin=cni \
   71         --hostname-override=${INSTANCE_NAME} \
   72         --container-runtime=${CONTAINER_RUNTIME} \
   73         --allow-privileged=true \
   74         --pod-manifest-path=/etc/kubernetes/manifests \
   75         --logtostderr=true \
   76         --v=0 \
   77         --cadvisor-port=4194 \
   78         --kubeconfig=${KUBE_CONFIG} \
   79         --tls-cert-file=${TLS_CERT_FILE} \
   80         --tls-private-key-file=${TLS_PRIVATE_KEY_FILE} \
   81         --cluster_dns=${DNS_SERVICE_IP} \
   82         --cluster_domain=${DNS_CLUSTER_DOMAIN} \
   83         ${INSECURE_REGISTRY_ARGS}
   84       Restart=always
   85       RestartSec=10
   86       ExecStop=-/usr/bin/rkt stop --uuid-file=${uuid_file}
   87       [Install]
   88       WantedBy=multi-user.target
   89       EOF
   90 
   91       TEMPLATE=/opt/bin/host-rkt
   92       mkdir -p $(dirname $TEMPLATE)
   93       cat << EOF > $TEMPLATE
   94       #!/bin/sh
   95       # This is bind mounted into the kubelet rootfs and all rkt shell-outs go
   96       # through this rkt wrapper. It essentially enters the host mount namespace
   97       # (which it is already in) only for the purpose of breaking out of the chroot
   98       # before calling rkt. It makes things like rkt gc work and avoids bind mounting
   99       # in certain rkt filesystem dependancies into the kubelet rootfs. This can
  100       # eventually be obviated when the write-api stuff gets upstream and rkt gc is
  101       # through the api-server. Related issue:
  102       # https://github.com/coreos/rkt/issues/2878
  103       exec nsenter -m -u -i -n -p -t 1 -- /usr/bin/rkt "\$@"
  104       EOF
  105 
  106       systemctl enable kubelet
  107       systemctl --no-block start kubelet