diff --git a/roles/kubernetes/node/tasks/install.yml b/roles/kubernetes/node/tasks/install.yml
index b45a421943fe97b200512a47c19c6d798c52ae33..cb7a10c6534a4d1718473b53324fbb936bea11b4 100644
--- a/roles/kubernetes/node/tasks/install.yml
+++ b/roles/kubernetes/node/tasks/install.yml
@@ -1,26 +1,4 @@
---
-- name: Trust kubelet container
- command: >-
- /usr/bin/rkt trust
- --skip-fingerprint-review
- --root
- {{ item }}
- register: kubelet_rkt_trust_result
- until: kubelet_rkt_trust_result.rc == 0
- with_items:
- - "https://quay.io/aci-signing-key"
- - "https://coreos.com/dist/pubkeys/aci-pubkeys.gpg"
- retries: 4
- delay: "{{ retry_stagger | random + 3 }}"
- changed_when: false
- when: kubelet_deployment_type == "rkt"
-
-- name: create kubelet working directory
- file:
- state: directory
- path: /var/lib/kubelet
- when: kubelet_deployment_type == "rkt"
-
- name: install | Set SSL CA directories
set_fact:
ssl_ca_dirs: "[
@@ -35,11 +13,12 @@
]"
tags: facts
+- include: "install_{{ kubelet_deployment_type }}.yml"
+
- name: install | Write kubelet systemd init file
- template: "src=kubelet.{{ kubelet_deployment_type }}.service.j2 dest=/etc/systemd/system/kubelet.service backup=yes"
+ template:
+ src: "kubelet.{{ kubelet_deployment_type }}.service.j2"
+ dest: "/etc/systemd/system/kubelet.service"
+ backup: "yes"
notify: restart kubelet
-- name: install | Install kubelet launch script
- template: src=kubelet-container.j2 dest="{{ bin_dir }}/kubelet" owner=kube mode=0755 backup=yes
- notify: restart kubelet
- when: kubelet_deployment_type == "docker"
diff --git a/roles/kubernetes/node/tasks/install_docker.yml b/roles/kubernetes/node/tasks/install_docker.yml
new file mode 100644
index 0000000000000000000000000000000000000000..3a0dd87d9c4102f5041c1e57eb435a11f9a1e438
--- /dev/null
+++ b/roles/kubernetes/node/tasks/install_docker.yml
@@ -0,0 +1,9 @@
+---
+- name: install | Install kubelet launch script
+ template:
+ src: kubelet-container.j2
+ dest: "{{ bin_dir }}/kubelet"
+ owner: kube
+ mode: 0755
+ backup: yes
+ notify: restart kubelet
diff --git a/roles/kubernetes/node/tasks/install_rkt.yml b/roles/kubernetes/node/tasks/install_rkt.yml
new file mode 100644
index 0000000000000000000000000000000000000000..68e90860c1b9b923c0bb82051625fd94f75f9a44
--- /dev/null
+++ b/roles/kubernetes/node/tasks/install_rkt.yml
@@ -0,0 +1,33 @@
+---
+- name: Trust kubelet container
+ command: >-
+ /usr/bin/rkt trust
+ --skip-fingerprint-review
+ --root
+ {{ item }}
+ register: kubelet_rkt_trust_result
+ until: kubelet_rkt_trust_result.rc == 0
+ with_items:
+ - "https://quay.io/aci-signing-key"
+ - "https://coreos.com/dist/pubkeys/aci-pubkeys.gpg"
+ retries: 4
+ delay: "{{ retry_stagger | random + 3 }}"
+ changed_when: false
+
+- name: create kubelet working directory
+ file:
+ state: directory
+ path: /var/lib/kubelet
+
+- name: Create kubelet service systemd directory
+ file:
+ path: /etc/systemd/system/kubelet.service.d
+ state: directory
+
+- name: Write kubelet proxy drop-in
+ template:
+ src: http-proxy.conf.j2
+ dest: /etc/systemd/system/kubelet.service.d/http-proxy.conf
+ when: http_proxy is defined or https_proxy is defined or no_proxy is defined
+ notify: restart kubelet
+
diff --git a/roles/kubernetes/node/templates/http-proxy.conf.j2 b/roles/kubernetes/node/templates/http-proxy.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..e790477719dd30fd8c252a909de350d172844cec
--- /dev/null
+++ b/roles/kubernetes/node/templates/http-proxy.conf.j2
@@ -0,0 +1,2 @@
+[Service]
+Environment={% if http_proxy %}"HTTP_PROXY={{ http_proxy }}"{% endif %} {% if https_proxy %}"HTTPS_PROXY={{ https_proxy }}"{% endif %} {% if no_proxy %}"NO_PROXY={{ no_proxy }}"{% endif %}
diff --git a/roles/kubernetes/node/templates/kubelet.rkt.service.j2 b/roles/kubernetes/node/templates/kubelet.rkt.service.j2
index a36ce1ef98eb51cca98d7a998cfafb0f6c25cd5a..1ccccc43d77e1fd39ed4eaee9711c1ae4d8a3ecd 100644
--- a/roles/kubernetes/node/templates/kubelet.rkt.service.j2
+++ b/roles/kubernetes/node/templates/kubelet.rkt.service.j2
@@ -21,11 +21,9 @@ EnvironmentFile={{kube_config_dir}}/kubelet.env
# stage1-fly mounts /proc /sys /dev so no need to duplicate the mounts
ExecStart=/usr/bin/rkt run \
--volume dns,kind=host,source=/etc/resolv.conf \
- --volume etc-cni,kind=host,source=/etc/cni,readOnly=true \
--volume etc-kubernetes,kind=host,source={{ kube_config_dir }},readOnly=false \
--volume etc-ssl-certs,kind=host,source=/etc/ssl/certs,readOnly=true \
--volume etcd-ssl,kind=host,source={{ etcd_config_dir }},readOnly=true \
- --volume opt-cni,kind=host,source=/opt/cni,readOnly=true \
--volume run,kind=host,source=/run,readOnly=false \
{% for dir in ssl_ca_dirs -%}
--volume {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }},kind=host,source={{ dir }},readOnly=true \
@@ -33,12 +31,16 @@ ExecStart=/usr/bin/rkt run \
--volume var-lib-docker,kind=host,source={{ docker_daemon_graph }},readOnly=false \
--volume var-lib-kubelet,kind=host,source=/var/lib/kubelet,readOnly=false \
--volume var-log,kind=host,source=/var/log \
- --mount volume=dns,target=/etc/resolv.conf \
+{% if kube_network_plugin in ["calico", "weave", "canal"] %}
+ --volume etc-cni,kind=host,source=/etc/cni,readOnly=true \
+ --volume opt-cni,kind=host,source=/opt/cni,readOnly=true \
--mount volume=etc-cni,target=/etc/cni \
+ --mount volume=opt-cni,target=/opt/cni \
+{% endif %}
+ --mount volume=dns,target=/etc/resolv.conf \
--mount volume=etc-kubernetes,target={{ kube_config_dir }} \
--mount volume=etc-ssl-certs,target=/etc/ssl/certs \
--mount volume=etcd-ssl,target={{ etcd_config_dir }} \
- --mount volume=opt-cni,target=/opt/cni \
--mount volume=run,target=/run \
{% for dir in ssl_ca_dirs -%}
--mount volume={{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }},target={{ dir }} \