From 3f0c13af8a8b19f69dec5f4fc8e3eb9c7197f5a3 Mon Sep 17 00:00:00 2001
From: Greg Althaus <galthaus@austin.rr.com>
Date: Thu, 9 Feb 2017 10:25:44 -0600
Subject: [PATCH] Make kubelet_load_modules always present but false. Update
 code and docs for that assumption.

---
 inventory/group_vars/all.yml                         | 4 ++--
 roles/kubernetes/node/defaults/main.yml              | 2 ++
 roles/kubernetes/node/templates/kubelet-container.j2 | 2 +-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index 50a14ee8a..1a1e200b0 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -51,10 +51,10 @@ kube_api_anonymous_auth: false
 #
 # For some things, kubelet needs to load kernel modules.  For example, dynamic kernel services are needed
 # for mounting persistent volumes into containers.  These may not be loaded by preinstall kubernetes
-# processes.  For example, ceph and rbd backed volumes.  Uncomment to allow kubelet to load kernel
+# processes.  For example, ceph and rbd backed volumes.  Set to true to allow kubelet to load kernel
 # modules.
 #
-#kubelet_load_modules: true
+kubelet_load_modules: false
 
 # Users to create for basic auth in Kubernetes API via HTTP
 kube_api_pwd: "changeme"
diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml
index d60b76208..da1ed6d07 100644
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@@ -33,3 +33,5 @@ etcd_config_dir: /etc/ssl/etcd
 # A port range to reserve for services with NodePort visibility.
 # Inclusive at both ends of the range.
 kube_apiserver_node_port_range: "30000-32767"
+
+kubelet_load_modules: false
diff --git a/roles/kubernetes/node/templates/kubelet-container.j2 b/roles/kubernetes/node/templates/kubelet-container.j2
index 388fab3c7..5126f1b59 100644
--- a/roles/kubernetes/node/templates/kubelet-container.j2
+++ b/roles/kubernetes/node/templates/kubelet-container.j2
@@ -14,7 +14,7 @@
   {% for dir in ssl_ca_dirs -%}
   -v {{ dir }}:{{ dir }}:ro \
   {% endfor -%}
-  {% if kubelet_load_modules is defined and kubelet_load_modules == true -%}
+  {% if kubelet_load_modules -%}
   -v /lib/modules:/lib/modules:ro \
   {% endif -%}
   -v /sys:/sys:ro \
-- 
GitLab