From fcd78eb1f79d4daad46f056eccd0434496e10305 Mon Sep 17 00:00:00 2001
From: Greg Althaus <galthaus@austin.rr.com>
Date: Thu, 9 Feb 2017 09:56:12 -0600
Subject: [PATCH] Due to the nsenter and other reworks, it appears that kubelet
 lost the ability to load kernel modules.  This puts that back by adding the
 lib/modules mount to kubelet.

The new variable kubelet_load_modules can be set to true
to enable this item.  It is OFF by default.
---
 docs/vars.md                                         | 4 ++++
 inventory/group_vars/all.yml                         | 8 ++++++++
 roles/kubernetes/node/templates/kubelet-container.j2 | 3 +++
 3 files changed, 15 insertions(+)

diff --git a/docs/vars.md b/docs/vars.md
index c904e9336..2f19d1348 100644
--- a/docs/vars.md
+++ b/docs/vars.md
@@ -92,6 +92,10 @@ Stack](https://github.com/kubernetes-incubator/kargo/blob/master/docs/dns-stack.
   ``--insecure-registry=myregistry.mydomain:5000``
 * *http_proxy/https_proxy/no_proxy* - Proxy variables for deploying behind a
   proxy
+* *kubelet_load_modules* - For some things, kubelet needs to load kernel modules.  For example,
+  dynamic kernel services are needed for mounting persistent volumes into containers.  These may not be
+  loaded by preinstall kubernetes processes.  For example, ceph and rbd backed volumes.  Set this variable to
+  true to let kubelet load kernel modules.
 
 #### User accounts
 
diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index cc26d5847..50a14ee8a 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -48,6 +48,14 @@ kube_log_level: 2
 # 1.5 default behavior. The flag is actually only added if the used kubernetes version is >= 1.5
 kube_api_anonymous_auth: false
 
+#
+# For some things, kubelet needs to load kernel modules.  For example, dynamic kernel services are needed
+# for mounting persistent volumes into containers.  These may not be loaded by preinstall kubernetes
+# processes.  For example, ceph and rbd backed volumes.  Uncomment to allow kubelet to load kernel
+# modules.
+#
+#kubelet_load_modules: true
+
 # Users to create for basic auth in Kubernetes API via HTTP
 kube_api_pwd: "changeme"
 kube_users:
diff --git a/roles/kubernetes/node/templates/kubelet-container.j2 b/roles/kubernetes/node/templates/kubelet-container.j2
index 1e2e13a93..388fab3c7 100644
--- a/roles/kubernetes/node/templates/kubelet-container.j2
+++ b/roles/kubernetes/node/templates/kubelet-container.j2
@@ -14,6 +14,9 @@
   {% for dir in ssl_ca_dirs -%}
   -v {{ dir }}:{{ dir }}:ro \
   {% endfor -%}
+  {% if kubelet_load_modules is defined and kubelet_load_modules == true -%}
+  -v /lib/modules:/lib/modules:ro \
+  {% endif -%}
   -v /sys:/sys:ro \
   -v {{ docker_daemon_graph }}:/var/lib/docker:rw \
   -v /var/lib/kubelet:/var/lib/kubelet:shared \
-- 
GitLab