From db316a566d1829c2175d1b6f99c7222ba0b52d18 Mon Sep 17 00:00:00 2001
From: Serge Hartmann <serge.hartmann@gmail.com>
Date: Wed, 26 Jun 2024 11:30:34 +0200
Subject: [PATCH] dependencies for kubelet.service (#11297)

Signed-off-by: serge Hartmann <serge.hartmann@gmail.com>
---
 docs/ansible/vars.md                               | 4 ++++
 roles/kubernetes/node/defaults/main.yml            | 3 +++
 roles/kubernetes/node/templates/kubelet.service.j2 | 5 +++++
 3 files changed, 12 insertions(+)

diff --git a/docs/ansible/vars.md b/docs/ansible/vars.md
index 7af04c9e7..b172f4ada 100644
--- a/docs/ansible/vars.md
+++ b/docs/ansible/vars.md
@@ -245,6 +245,10 @@ kubelet_cpu_manager_policy_options:
 
     By default the `kubelet_secure_addresses` is set with the `10.0.0.110` the ansible control host uses `eth0` to  connect to the machine. In case you want to use `eth1` as the outgoing interface on which `kube-apiserver` connects to the `kubelet`s, you should override the variable in this way: `kubelet_secure_addresses: "192.168.1.110"`.
 
+* *kubelet_systemd_wants_dependencies* - List of kubelet service dependencies, other than container runtime.
+
+  If you use nfs dynamically mounted volumes, sometimes rpc-statd does not start within the kubelet. You can fix it with this parameter : `kubelet_systemd_wants_dependencies: ["rpc-statd.service"]` This will add `Wants=rpc-statd.service` in `[Unit]` section of /etc/systemd/system/kubelet.service
+
 * *node_labels* - Labels applied to nodes via `kubectl label node`.
   For example, labels can be set in the inventory as variables or more widely in group_vars.
   *node_labels* can only be defined as a dict:
diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml
index 35b52a676..7c2078a4b 100644
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@@ -23,6 +23,9 @@ kubelet_kubelet_cgroups_cgroupfs: "/system.slice/kubelet.service"
 # Set systemd service hardening features
 kubelet_systemd_hardening: false
 
+# Kubelet service dependencies other than container runtime
+kubelet_systemd_wants_dependencies: []
+
 # List of secure IPs for kubelet
 kube_node_addresses: >-
   {%- for host in (groups['kube_control_plane'] + groups['kube_node'] + groups['etcd']) | unique -%}
diff --git a/roles/kubernetes/node/templates/kubelet.service.j2 b/roles/kubernetes/node/templates/kubelet.service.j2
index 9df98e09e..7b072bbe4 100644
--- a/roles/kubernetes/node/templates/kubelet.service.j2
+++ b/roles/kubernetes/node/templates/kubelet.service.j2
@@ -7,6 +7,11 @@ Wants=docker.socket
 {% else %}
 Wants={{ container_manager }}.service
 {% endif %}
+{% for kubelet_dependency in kubelet_systemd_wants_dependencies|default([]) %}
+{% if kubelet_dependency|length > 0 %}
+Wants={{ kubelet_dependency }}
+{% endif %}
+{% endfor %}
 
 [Service]
 EnvironmentFile=-{{ kube_config_dir }}/kubelet.env
-- 
GitLab