From db8173da289f893d1fe6c52481d90b5a4295d301 Mon Sep 17 00:00:00 2001
From: Brad Beam <brad.beam@b-rad.info>
Date: Mon, 9 Jan 2017 22:54:01 -0600
Subject: [PATCH] Adding /opt/cni /etc/cni to rkt run kubelet

---
 roles/kubernetes/node/defaults/main.yml            |  2 ++
 .../node/templates/kubelet.rkt.service.j2          | 14 ++++++++++----
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml
index 99ed2bdae..a74e52b77 100644
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@@ -27,3 +27,5 @@ nginx_cpu_requests: 50m
 
 nginx_image_repo: nginx
 nginx_image_tag: 1.11.4-alpine
+
+etcd_config_dir: /etc/ssl/etcd
diff --git a/roles/kubernetes/node/templates/kubelet.rkt.service.j2 b/roles/kubernetes/node/templates/kubelet.rkt.service.j2
index 89a9f01dc..12ce01c75 100644
--- a/roles/kubernetes/node/templates/kubelet.rkt.service.j2
+++ b/roles/kubernetes/node/templates/kubelet.rkt.service.j2
@@ -20,22 +20,28 @@ ExecStartPre=-/bin/mkdir -p /var/lib/kubelet
 EnvironmentFile={{kube_config_dir}}/kubelet.env
 # stage1-fly mounts /proc /sys /dev so no need to duplicate the mounts
 ExecStart=/usr/bin/rkt run \
-        --volume var-log,kind=host,source=/var/log \
         --volume dns,kind=host,source=/etc/resolv.conf \
+        --volume etc-cni,kind=host,source=/etc/cni,readOnly=true \
         --volume etc-kubernetes,kind=host,source={{ kube_config_dir }},readOnly=false \
         --volume etc-ssl-certs,kind=host,source=/etc/ssl/certs,readOnly=true \
+        --volume etcd-ssl,kind=host,source={{ etcd_config_dir }},readOnly=true \
+        --volume opt-cni,kind=host,source=/opt/cni,readOnly=true \
+        --volume run,kind=host,source=/run,readOnly=false \
         --volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \
         --volume var-lib-docker,kind=host,source={{ docker_daemon_graph }},readOnly=false \
 	--volume var-lib-kubelet,kind=host,source=/var/lib/kubelet,readOnly=false \
-        --volume run,kind=host,source=/run,readOnly=false \
-        --mount volume=var-log,target=/var/log \
+        --volume var-log,kind=host,source=/var/log \
         --mount volume=dns,target=/etc/resolv.conf \
+        --mount volume=etc-cni,target=/etc/cni \
         --mount volume=etc-kubernetes,target={{ kube_config_dir }} \
         --mount volume=etc-ssl-certs,target=/etc/ssl/certs \
+        --mount volume=etcd-ssl,target={{ etcd_config_dir }} \
+        --mount volume=opt-cni,target=/opt/cni \
+        --mount volume=run,target=/run \
         --mount volume=usr-share-certs,target=/usr/share/ca-certificates \
         --mount volume=var-lib-docker,target=/var/lib/docker \
         --mount volume=var-lib-kubelet,target=/var/lib/kubelet \
-        --mount volume=run,target=/run \
+        --mount volume=var-log,target=/var/log \
         --stage1-from-dir=stage1-fly.aci \
         {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} \
         --uuid-file-save=/var/run/kubelet.uuid \
-- 
GitLab