From b4d06ff8dda9e3d65b25be1bef393a4030f495ea Mon Sep 17 00:00:00 2001
From: Matthew Mosesohn <mmosesohn@mirantis.com>
Date: Mon, 3 Apr 2017 16:50:17 +0300
Subject: [PATCH] Add /var/lib/cni to kubelet

Necessary to persist this directory for host-local IPAM used by Canal
Add pre-upgrade task to copy /var/lib/cni out of old kubelet.
---
 roles/kubernetes/node/tasks/main.yml                   | 3 +++
 roles/kubernetes/node/tasks/pre_upgrade.yml            | 6 ++++++
 roles/kubernetes/node/templates/kubelet-container.j2   | 1 +
 roles/kubernetes/node/templates/kubelet.rkt.service.j2 | 2 ++
 4 files changed, 12 insertions(+)
 create mode 100644 roles/kubernetes/node/tasks/pre_upgrade.yml

diff --git a/roles/kubernetes/node/tasks/main.yml b/roles/kubernetes/node/tasks/main.yml
index a6a9c16f2..324e38867 100644
--- a/roles/kubernetes/node/tasks/main.yml
+++ b/roles/kubernetes/node/tasks/main.yml
@@ -4,6 +4,9 @@
       {%- if inventory_hostname in groups['kube-master'] and inventory_hostname not in groups['kube-node'] -%}true{%- else -%}false{%- endif -%}
   tags: facts
 
+- include: pre_upgrade.yml
+  tags: kubelet
+
 - include: install.yml
   tags: kubelet
 
diff --git a/roles/kubernetes/node/tasks/pre_upgrade.yml b/roles/kubernetes/node/tasks/pre_upgrade.yml
new file mode 100644
index 000000000..612dd3e6f
--- /dev/null
+++ b/roles/kubernetes/node/tasks/pre_upgrade.yml
@@ -0,0 +1,6 @@
+---
+- name: "Pre-upgrade | copy /var/lib/cni from kubelet"
+  command: docker cp kubelet:/var/lib/cni /var/lib/cni
+  args:
+    creates: "/var/lib/cni"
+  failed_when: false
diff --git a/roles/kubernetes/node/templates/kubelet-container.j2 b/roles/kubernetes/node/templates/kubelet-container.j2
index ffea01cec..70c317b78 100644
--- a/roles/kubernetes/node/templates/kubelet-container.j2
+++ b/roles/kubernetes/node/templates/kubelet-container.j2
@@ -21,6 +21,7 @@
   -v {{ docker_daemon_graph }}:/var/lib/docker:rw \
   -v /var/log:/var/log:rw \
   -v /var/lib/kubelet:/var/lib/kubelet:shared \
+  -v /var/lib/cni:/var/lib/cni:shared \
   -v /var/run:/var/run:rw \
   -v {{kube_config_dir}}:{{kube_config_dir}}:ro \
   {{ hyperkube_image_repo }}:{{ hyperkube_image_tag}} \
diff --git a/roles/kubernetes/node/templates/kubelet.rkt.service.j2 b/roles/kubernetes/node/templates/kubelet.rkt.service.j2
index cc5af31ec..be8a13dbf 100644
--- a/roles/kubernetes/node/templates/kubelet.rkt.service.j2
+++ b/roles/kubernetes/node/templates/kubelet.rkt.service.j2
@@ -34,8 +34,10 @@ ExecStart=/usr/bin/rkt run \
 {% if kube_network_plugin in ["calico", "weave", "canal"] %}
         --volume etc-cni,kind=host,source=/etc/cni,readOnly=true \
         --volume opt-cni,kind=host,source=/opt/cni,readOnly=true \
+        --volume var-lib-cni,kind=host,source=/var/lib/cni,readOnly=false \
         --mount volume=etc-cni,target=/etc/cni \
         --mount volume=opt-cni,target=/opt/cni \
+        --mount volume=var-lib-cni,target=/var/lib/cni \
 {% endif %}
         --mount volume=dns,target=/etc/resolv.conf \
         --mount volume=etc-kubernetes,target={{ kube_config_dir }} \
-- 
GitLab