kubelet.rkt.service.j2

[Unit]
Description=Kubernetes Kubelet Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
{% if kube_network_plugin is defined and kube_network_plugin == "calico" %}
After=calico-node.service
Wants=network.target calico-node.service
{% else %}
Wants=network.target
{% endif %}

[Service]
Restart=on-failure
RestartSec=10s
TimeoutStartSec=0
LimitNOFILE=40000

ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/run/kubelet.uuid
ExecStartPre=-/bin/mkdir -p /var/lib/kubelet

EnvironmentFile={{kube_config_dir}}/kubelet.env
# stage1-fly mounts /proc /sys /dev so no need to duplicate the mounts
ExecStart=/usr/bin/rkt run \
        --volume dns,kind=host,source=/etc/resolv.conf \
        --volume etc-kubernetes,kind=host,source={{ kube_config_dir }},readOnly=false \
        --volume etc-ssl-certs,kind=host,source=/etc/ssl/certs,readOnly=true \
        --volume etcd-ssl,kind=host,source={{ etcd_config_dir }},readOnly=true \
        --volume run,kind=host,source=/run,readOnly=false \
        {% for dir in ssl_ca_dirs -%}
        --volume {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }},kind=host,source={{ dir }},readOnly=true \
        {% endfor -%}
        --volume var-lib-docker,kind=host,source={{ docker_daemon_graph }},readOnly=false \
        --volume var-lib-kubelet,kind=host,source=/var/lib/kubelet,readOnly=false \
        --volume var-log,kind=host,source=/var/log \
{% if kube_network_plugin in ["calico", "weave", "canal"] %}
        --volume etc-cni,kind=host,source=/etc/cni,readOnly=true \
        --volume opt-cni,kind=host,source=/opt/cni,readOnly=true \
        --mount volume=etc-cni,target=/etc/cni \
        --mount volume=opt-cni,target=/opt/cni \
{% endif %}
        --mount volume=dns,target=/etc/resolv.conf \
        --mount volume=etc-kubernetes,target={{ kube_config_dir }} \
        --mount volume=etc-ssl-certs,target=/etc/ssl/certs \
        --mount volume=etcd-ssl,target={{ etcd_config_dir }} \
        --mount volume=run,target=/run \
        {% for dir in ssl_ca_dirs -%}
        --mount volume={{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }},target={{ dir }} \
        {% endfor -%}
        --mount volume=var-lib-docker,target=/var/lib/docker \
        --mount volume=var-lib-kubelet,target=/var/lib/kubelet \
        --mount volume=var-log,target=/var/log \
        --stage1-from-dir=stage1-fly.aci \
        {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} \
        --uuid-file-save=/var/run/kubelet.uuid \
        --debug --exec=/kubelet -- \
                $KUBE_LOGTOSTDERR \
                $KUBE_LOG_LEVEL \
                $KUBELET_API_SERVER \
                $KUBELET_ADDRESS \
                $KUBELET_PORT \
                $KUBELET_HOSTNAME \
                $KUBE_ALLOW_PRIV \
                $KUBELET_ARGS \
                $DOCKER_SOCKET \
                $KUBELET_REGISTER_NODE \
                $KUBELET_NETWORK_PLUGIN

ExecStop=-/usr/bin/rkt stop --uuid-file=/var/run/kubelet.uuid

[Install]
WantedBy=multi-user.target