Update kubelet based openshift/node

Mount /sys/ as in node to avoid kubelet log: Failed to get system container stats for "/systemd/system.slice": failed to get cgroup stats for "/systemd/system.slice": failed to get container info for "/systemd/system.slice": unknown container "/systemd/system.slice". Mount /etc/pki to use the ca from the host. Mount /var/run/secrets needed for f27 which doesn't have kube installed and it is required by kubelet to manage kubernetes secrets. Mount tmp as tmpfs. Mount cni dirs.
projectatomic · Feb 8, 2018 · da74c71 · da74c71
1 parent bba75ca
commit da74c71
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 20 deletions.
diff --git a/kubernetes-kubelet/Dockerfile b/kubernetes-kubelet/Dockerfile
@@ -18,7 +18,7 @@ LABEL RUN /usr/bin/docker run -d --privileged --net=host --pid=host -v /:/rootfs
 
 COPY launch.sh /usr/bin/kubelet-docker.sh
 
-COPY service.template config.json.template /exports/
+COPY tmpfiles.template service.template config.json.template /exports/
 
 RUN mkdir -p /exports/hostfs/etc/kubernetes && cp /etc/kubernetes/{config,kubelet} /exports/hostfs/etc/kubernetes
 

diff --git a/kubernetes-kubelet/config.json.template b/kubernetes-kubelet/config.json.template
@@ -266,26 +266,24 @@
             ]
         },
         {
+            "type": "rbind",
+            "source": "/sys",
             "destination": "/sys",
-            "type": "sysfs",
-            "source": "sysfs",
             "options": [
-                "nosuid",
-                "noexec",
-                "nodev"
+                "rbind",
+                "rw"
             ]
         },
         {
-            "destination": "/sys/fs/cgroup",
-            "type": "cgroup",
-            "source": "cgroup",
-            "options": [
-                "nosuid",
-                "noexec",
-                "nodev",
-                "relatime",
-                "ro"
-            ]
+          "type": "bind",
+          "source": "/etc/cni/net.d",
+          "destination": "/etc/cni/net.d",
+          "options": [
+              "bind",
+              "slave",
+              "rw",
+              "mode=777"
+          ]
         },
         {
             "type": "bind",
@@ -297,14 +295,31 @@
                 "rprivate"
             ]
          },
+         {
+           "type": "bind",
+           "source": "/etc/localtime",
+           "destination": "/etc/localtime",
+           "options": [
+               "rbind",
+               "ro"
+           ]
+         },
+	 {
+	    "type": "bind",
+	    "source": "/etc/pki",
+	    "destination": "/etc/pki",
+	    "options": [
+		"bind",
+		"ro"
+	    ]
+	 },
          {
             "destination": "/etc/resolv.conf",
             "type": "bind",
             "source": "/etc/resolv.conf",
             "options": [
                 "ro",
-                "rbind",
-                "rprivate"
+                "bind"
              ]
           },
           {
@@ -319,8 +334,8 @@
           },
           {
             "type": "bind",
-            "source": "/var/run/",
-            "destination": "/var/run/",
+            "source": "/var/run/secrets",
+            "destination": "/var/run/secrets",
             "options": [
                 "rbind",
                 "rw",
@@ -367,6 +382,15 @@
                 "rw",
                 "mode=755"
              ]
+          },
+          {
+            "destination": "/tmp",
+       	    "type": "tmpfs",
+       	    "source": "tmpfs",
+       	    "options": [
+                "mode=755",
+                "size=65536k"
+            ]
           }
     ],
     "linux": {

diff --git a/kubernetes-kubelet/tmpfiles.template b/kubernetes-kubelet/tmpfiles.template
@@ -0,0 +1,3 @@
+d   /etc/cni/net.d - - - - -
+d   /var/lib/cni - - - - -
+d   /var/run/secrets - - - - -