From e375678674793722eda2beb01c2988e5e54ad7d0 Mon Sep 17 00:00:00 2001
From: avoidik <avoidik@gmail.com>
Date: Tue, 27 Mar 2018 11:13:52 +0300
Subject: [PATCH] Set exact user for Kubelet services

---
 roles/kubernetes/node/templates/kubelet.docker.service.j2 | 1 +
 roles/kubernetes/node/templates/kubelet.host.service.j2   | 1 +
 roles/kubernetes/node/templates/kubelet.rkt.service.j2    | 1 +
 3 files changed, 3 insertions(+)

diff --git a/roles/kubernetes/node/templates/kubelet.docker.service.j2 b/roles/kubernetes/node/templates/kubelet.docker.service.j2
index fdbdb8969..bba1a5fc4 100644
--- a/roles/kubernetes/node/templates/kubelet.docker.service.j2
+++ b/roles/kubernetes/node/templates/kubelet.docker.service.j2
@@ -5,6 +5,7 @@ After=docker.service
 Wants=docker.socket
 
 [Service]
+User=root
 EnvironmentFile={{kube_config_dir}}/kubelet.env
 ExecStart={{ bin_dir }}/kubelet \
 		$KUBE_LOGTOSTDERR \
diff --git a/roles/kubernetes/node/templates/kubelet.host.service.j2 b/roles/kubernetes/node/templates/kubelet.host.service.j2
index 78ba51f70..c7dad4e29 100644
--- a/roles/kubernetes/node/templates/kubelet.host.service.j2
+++ b/roles/kubernetes/node/templates/kubelet.host.service.j2
@@ -5,6 +5,7 @@ After=docker.service
 Wants=docker.socket
 
 [Service]
+User=root
 EnvironmentFile=-{{kube_config_dir}}/kubelet.env
 {% if kubelet_flexvolumes_plugins_dir is defined %}
 ExecStartPre=-/bin/mkdir -p {{ kubelet_flexvolumes_plugins_dir }}
diff --git a/roles/kubernetes/node/templates/kubelet.rkt.service.j2 b/roles/kubernetes/node/templates/kubelet.rkt.service.j2
index 7e0c2f942..4286d9470 100644
--- a/roles/kubernetes/node/templates/kubelet.rkt.service.j2
+++ b/roles/kubernetes/node/templates/kubelet.rkt.service.j2
@@ -4,6 +4,7 @@ Documentation=https://github.com/GoogleCloudPlatform/kubernetes
 Wants=network.target
 
 [Service]
+User=root
 Restart=on-failure
 RestartSec=10s
 TimeoutStartSec=0
-- 
GitLab