From 278802c6c1832ea2908c809cf71f236f501b8ec1 Mon Sep 17 00:00:00 2001 From: Cristian Falcas Date: Mon, 13 Jun 2016 14:22:23 +0300 Subject: [PATCH] add support to use forward-journald. This should fix SIGPIPE's sent to the daemon --- README.md | 41 +++++++++++---- manifests/master/apiserver.pp | 45 ++++++++++++++--- manifests/master/controller_manager.pp | 50 ++++++++++++++++--- manifests/master/params.pp | 4 ++ manifests/master/scheduler.pp | 41 +++++++++++++-- manifests/node/kube_proxy.pp | 25 ++++++++++ manifests/node/kubelet.pp | 37 ++++++++++++-- manifests/node/params.pp | 2 + metadata.json | 2 +- templates/etc/kubernetes/apiserver.erb | 1 + templates/systemd/apiserver_journald.conf.erb | 17 +++++++ .../controller_manager_journald.conf.erb | 9 ++++ templates/systemd/kubelet_journald.conf.erb | 13 +++++ templates/systemd/kubeproxy_journald.conf.erb | 9 ++++ templates/systemd/scheduler_journald.conf.erb | 9 ++++ 15 files changed, 270 insertions(+), 35 deletions(-) create mode 100644 templates/systemd/apiserver_journald.conf.erb create mode 100644 templates/systemd/controller_manager_journald.conf.erb create mode 100644 templates/systemd/kubelet_journald.conf.erb create mode 100644 templates/systemd/kubeproxy_journald.conf.erb create mode 100644 templates/systemd/scheduler_journald.conf.erb diff --git a/README.md b/README.md index c7a49ec..d42b025 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,13 @@ This module installs and configures a kubernetes clutser. -The main class kubernetes it only populates the /etc/kubernetes/config file. +The main class kubernetes doesn't do anything and is kept for historical reasons. + +The class kubernetes::client only populates the /etc/kubernetes/config file: it empties all variables. + +The class kubernetes::node only manages the kubernetes-node package. + +The class kubernetes::master only manages the kubernetes-master packages. Because of this, it needs to be forced to execute after the master or node has installed any programs (the file is created by both master or node). This is accomplished by forcing @@ -12,17 +18,30 @@ this in the node and master class. The class kubernetes::client doesn't do anything now. +## Journald forward: + +The class support a parameter called journald_forward_enable. + +This was added because of the PIPE signal that is sent to go programs when systemd-journald dies. + +For more information read here: https://github.com/projectatomic/forward-journald + +### Usage: + + include ::forward_journald + Class['forward_journald'] -> Class['kubernetes::master'] + -Usage: +## Usage: - include kubernetes + include kubernetes::client include kubernetes::master include kubernetes::node include kubernetes::node::kubelet include kubernetes::node::kube_proxy class { 'kubernetes::master::apiserver': - admission_control => [ + admission_control => [ 'NamespaceLifecycle', 'NamespaceExists', 'LimitRanger', @@ -31,15 +50,15 @@ Usage: ], } -If you want to use you existing network infrastructure, then wou will have to allocate +If you want to use you existing network infrastructure, then you will have to allocate to nodes a subnet from the same ip class. You can self register a node with this information by giving kubelet_register_node = > true and the desired subnet in kubelet_pod_cidr: class { 'kubernetes::node::kubelet': - ensure => 'latest', - address => '0.0.0.0', - api_servers => 'http://k-api.company.net:8080', - configure_cbr0 => true, - register_node => true, - pod_cidr => '10.100.5.0/24', + ensure => 'latest', + address => '0.0.0.0', + api_servers => 'http://k-api.company.net:8080', + configure_cbr0 => true, + register_node => true, + pod_cidr => '10.100.5.0/24', } diff --git a/manifests/master/apiserver.pp b/manifests/master/apiserver.pp index da4b42e..44430d4 100644 --- a/manifests/master/apiserver.pp +++ b/manifests/master/apiserver.pp @@ -4,6 +4,10 @@ # Whether you want the apiserver daemon to start up # Defaults to running # +# [*journald_forward_enable*] +# Fix for SIGPIPE sent to registry daemon during journald restart +# Defaults to false +# # [*enable*] # Whether you want the apiserver daemon to start up at boot # Defaults to true @@ -24,6 +28,10 @@ # If true, allow privileged containers. # Defaults to false. # +# [*apiserver_count*] +# The number of apiservers running in the cluster +# Defaults to 1. +# # [*authorization_mode*] # Ordered list of plug-ins to do authorization on secure port. Comma-delimited list of: AlwaysAllow,AlwaysDeny,ABAC # Default AlwaysAllow. @@ -188,8 +196,7 @@ # Default undef # # [*token_auth_file*] -# If set, the file that will be used to secure the secure port of the API server via token -# authentication. +# If set, the file that will be used to secure the secure port of the API server via token authentication. # Default undef # # [*watch_cache*] @@ -197,11 +204,13 @@ # Default true # # [*watch_cache_sizes*] -# List of watch cache sizes for every resource (pods, nodes, etc.), comma separated. The individual override format: resource#size, where size is a number. It takes effect when watch-cache is enabled. +# List of watch cache sizes for every resource (pods, nodes, etc.), comma separated. The individual override format: resource#size, +# where size is a number. It takes effect when watch-cache is enabled. # Default undef # # [*repair_malformed_updates*] -# If true, server will do its best to fix the update request to pass the validation, e.g., setting empty UID in update request to its existing value. This flag can be turned off after we fix all the clients that send malformed updates. +# If true, server will do its best to fix the update request to pass the validation, e.g., setting empty UID in update request +# to its existing value. This flag can be turned off after we fix all the clients that send malformed updates. # Default true # # [*delete_collection_workers*] @@ -209,11 +218,13 @@ # Default 1 # # [*kubernetes_service_node_port*] -# If non-zero, the Kubernetes master service (which apiserver creates/maintains) will be of type NodePort, using this as the value of the port. If zero, the Kubernetes master service will be of type ClusterIP. +# If non-zero, the Kubernetes master service (which apiserver creates/maintains) will be of type NodePort, using this as +# the value of the port. If zero, the Kubernetes master service will be of type ClusterIP. # Default 0 # # [*authorization_webhook_config*] -# File with webhook configuration in kubeconfig format, used with --authorization-mode=Webhook. The API server will query the remote service to determine access on the API server's secure port. +# File with webhook configuration in kubeconfig format, used with --authorization-mode=Webhook. The API server will query +# the remote service to determine access on the API server's secure port. # Default undef # # [*ir_hawkular*] @@ -228,10 +239,12 @@ class kubernetes::master::apiserver ( $service_cluster_ip_range, $ensure = $kubernetes::master::params::kube_api_service_ensure, + $journald_forward_enable = $kubernetes::master::params::kube_api_journald_forward_enable, $enable = $kubernetes::master::params::kube_api_service_enable, $admission_control = $kubernetes::master::params::kube_api_admission_control, $advertise_address = $kubernetes::master::params::kube_api_advertise_address, $allow_privileged = $kubernetes::master::params::kube_api_allow_privileged, + $apiserver_count = $kubernetes::master::params::kube_apiserver_count, $authorization_mode = $kubernetes::master::params::kube_api_authorization_mode, $bind_address = $kubernetes::master::params::kube_api_bind_address, $cert_dir = $kubernetes::master::params::kube_api_cert_dir, @@ -291,6 +304,26 @@ } ~> Service['kube-apiserver'] } + if $journald_forward_enable { + file { '/etc/systemd/system/kube-apiserver.service.d': + ensure => 'directory', + owner => 'root', + group => 'root', + mode => '0755', + } + file { '/etc/systemd/system/kube-apiserver.service.d/journald.conf': + ensure => file, + owner => 'root', + group => 'root', + mode => '0644', + content => template("${module_name}/systemd/apiserver_journald.conf.erb"), + } ~> + exec { 'reload systemctl daemon for kube-apiserver': + command => '/bin/systemctl daemon-reload', + refreshonly => true, + } ~> Service['kube-apiserver'] + } + file { '/etc/kubernetes/apiserver': ensure => 'file', force => true, diff --git a/manifests/master/controller_manager.pp b/manifests/master/controller_manager.pp index 9e6fea2..55921fc 100644 --- a/manifests/master/controller_manager.pp +++ b/manifests/master/controller_manager.pp @@ -5,6 +5,10 @@ # Whether you want the controller-manager daemon to start up # Defaults to running # +# [*journald_forward_enable*] +# Fix for SIGPIPE sent to registry daemon during journald restart +# Defaults to false +# # [*enable*] # Whether you want the controller-manager daemon to start up at boot # Defaults to true @@ -126,19 +130,23 @@ # Defaults to 0 # # [*concurrent_deployment_syncs*] -# The number of deployment objects that are allowed to sync concurrently. Larger number = more responsive deployments, but more CPU (and network) load +# The number of deployment objects that are allowed to sync concurrently. Larger number = more responsive deployments, +# but more CPU (and network) load # Default 5 # # [*concurrent_namespace_syncs*] -# The number of namespace objects that are allowed to sync concurrently. Larger number = more responsive namespace termination, but more CPU (and network) load +# The number of namespace objects that are allowed to sync concurrently. Larger number = more responsive namespace +# termination, but more CPU (and network) load # Default 2 # # [*concurrent_replicaset_syncs*] -# The number of replica sets that are allowed to sync concurrently. Larger number = more responsive replica management, but more CPU (and network) load +# The number of replica sets that are allowed to sync concurrently. Larger number = more responsive replica management, +# but more CPU (and network) load # Default 5 # # [*concurrent_resource_quota_syncs*] -# The number of resource quotas that are allowed to sync concurrently. Larger number = more responsive quota management, but more CPU (and network) load +# The number of resource quotas that are allowed to sync concurrently. Larger number = more responsive quota management, +# but more CPU (and network) load # Default 5 # # [*daemonset_lookup_cache_size*] @@ -154,19 +162,24 @@ # Default 20 # # [*leader_elect*] -# Start a leader election client and gain leadership before executing the main loop. Enable this when running replicated components for high availability. +# Start a leader election client and gain leadership before executing the main loop. Enable this when running replicated +# components for high availability. # Default undef # # [*leader_elect_lease_duration*] -# The duration that non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate. This is only applicable if leader election is enabled. +# The duration that non-leader candidates will wait after observing a leadership renewal until attempting to acquire +# leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped +# before it is replaced by another candidate. This is only applicable if leader election is enabled. # Default '15s' # # [*leader_elect_renew_deadline*] -# The interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. This is only applicable if leader election is enabled. +# The interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less +# than or equal to the lease duration. This is only applicable if leader election is enabled. # Default '10s' # # [*leader_elect_retry_period*] -# The duration the clients should wait between attempting acquisition and renewal of a leadership. This is only applicable if leader election is enabled. +# The duration the clients should wait between attempting acquisition and renewal of a leadership. This is only applicable if +# leader election is enabled. # Default '2s' # # [*replicaset_lookup_cache_size*] @@ -180,6 +193,7 @@ # class kubernetes::master::controller_manager ( $ensure = $kubernetes::master::params::kube_controller_service_ensure, + $journald_forward_enable = $kubernetes::master::params::kube_controller_journald_forward_enable, $enable = $kubernetes::master::params::kube_controller_service_enable, $address = $kubernetes::master::params::kube_controller_address, $allocate_node_cidrs = $kubernetes::master::params::kube_controller_allocate_node_cidrs, @@ -230,6 +244,26 @@ validate_bool($allocate_node_cidrs) + if $journald_forward_enable { + file { '/etc/systemd/system/kube-controller-manager.service.d': + ensure => 'directory', + owner => 'root', + group => 'root', + mode => '0755', + } + file { '/etc/systemd/system/kube-controller-manager.service.d/journald.conf': + ensure => file, + owner => 'root', + group => 'root', + mode => '0644', + content => template("${module_name}/systemd/controller_manager_journald.conf.erb"), + } ~> + exec { 'reload systemctl daemon for kube-controller-manager': + command => '/bin/systemctl daemon-reload', + refreshonly => true, + } ~> Service['kube-controller-manager'] + } + file { '/etc/kubernetes/controller-manager': ensure => 'file', force => true, diff --git a/manifests/master/params.pp b/manifests/master/params.pp index 0a49ccd..d43b840 100644 --- a/manifests/master/params.pp +++ b/manifests/master/params.pp @@ -4,6 +4,7 @@ # api server config # http://kubernetes.io/v1.1/docs/admin/kube-apiserver.html $kube_api_service_ensure = running + $kube_api_journald_forward_enable = false $kube_api_service_enable = true $kube_api_admission_control = [ 'NamespaceLifecycle', @@ -15,6 +16,7 @@ ] $kube_api_advertise_address = undef $kube_api_allow_privileged = false + $kube_apiserver_count = 1 $kube_api_authorization_mode = 'AlwaysAllow' $kube_api_bind_address = '0.0.0.0' $kube_api_cert_dir = '/var/run/kubernetes' @@ -64,6 +66,7 @@ # controller manager config # http://kubernetes.io/v1.1/docs/admin/kube-controller-manager.html $kube_controller_service_ensure = running + $kube_controller_journald_forward_enable = false $kube_controller_service_enable = true $kube_controller_address = '127.0.0.1' $kube_controller_allocate_node_cidrs = false @@ -110,6 +113,7 @@ # scheduler config # http://kubernetes.io/v1.1/docs/admin/kube-scheduler.html $kube_scheduler_service_ensure = running + $kube_scheduler_journald_forward_enable = false $kube_scheduler_service_enable = true $kube_scheduler_address = '127.0.0.1' $kube_scheduler_bind_pods_burst = 100 diff --git a/manifests/master/scheduler.pp b/manifests/master/scheduler.pp index e21140b..8ec48d6 100644 --- a/manifests/master/scheduler.pp +++ b/manifests/master/scheduler.pp @@ -4,6 +4,10 @@ # Whether you want the scheduler daemon to start up # Defaults to running # +# [*journald_forward_enable*] +# Fix for SIGPIPE sent to registry daemon during journald restart +# Defaults to false +# # [*enable*] # Whether you want the scheduler daemon to start up at boot # Defaults to true @@ -41,23 +45,29 @@ # Defaults to 10251 # # [*leader_elect*] -# Start a leader election client and gain leadership before executing the main loop. Enable this when running replicated components for high availability. +# Start a leader election client and gain leadership before executing the main loop. Enable this when running +# replicated components for high availability. # Defaults to undef # # [*leader_elect_lease_duration*] -# The duration that non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate. This is only applicable if leader election is enabled. +# The duration that non-leader candidates will wait after observing a leadership renewal until attempting to +# acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be +# stopped before it is replaced by another candidate. This is only applicable if leader election is enabled. # Defaults to '15s' # # [*leader_elect_renew_deadline*] -# The interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. This is only applicable if leader election is enabled. +# The interval between attempts by the acting master to renew a leadership slot before it stops leading. This must +# be less than or equal to the lease duration. This is only applicable if leader election is enabled. # Defaults to '10s' # # [*leader_elect_retry_period*] -# The duration the clients should wait between attempting acquisition and renewal of a leadership. This is only applicable if leader election is enabled. +# The duration the clients should wait between attempting acquisition and renewal of a leadership. This is only applicable +# if leader election is enabled. # Defaults to '2s" # # [*scheduler_name*] -# Name of the scheduler, used to select which pods will be processed by this scheduler, based on pod's annotation with key 'scheduler.alpha.kubernetes.io/name' +# Name of the scheduler, used to select which pods will be processed by this scheduler, based on pod's annotation with +# key 'scheduler.alpha.kubernetes.io/name' # Defaults to undef # # [*minimum_version*] @@ -67,6 +77,7 @@ # class kubernetes::master::scheduler ( $ensure = $kubernetes::master::params::kube_scheduler_service_ensure, + $journald_forward_enable = $kubernetes::master::params::kube_scheduler_journald_forward_enable, $enable = $kubernetes::master::params::kube_scheduler_service_enable, $address = $kubernetes::master::params::kube_scheduler_address, $bind_pods_burst = $kubernetes::master::params::kube_scheduler_bind_pods_burst, @@ -89,6 +100,26 @@ include ::kubernetes::master + if $journald_forward_enable { + file { '/etc/systemd/system/kube-scheduler.service.d': + ensure => 'directory', + owner => 'root', + group => 'root', + mode => '0755', + } + file { '/etc/systemd/system/kube-scheduler.service.d/journald.conf': + ensure => file, + owner => 'root', + group => 'root', + mode => '0644', + content => template("${module_name}/systemd/scheduler_journald.conf.erb"), + } ~> + exec { 'reload systemctl daemon for kube-scheduler': + command => '/bin/systemctl daemon-reload', + refreshonly => true, + } ~> Service['kube-scheduler'] + } + file { '/etc/kubernetes/scheduler': ensure => 'file', force => true, diff --git a/manifests/node/kube_proxy.pp b/manifests/node/kube_proxy.pp index ebd5154..e0d39f1 100644 --- a/manifests/node/kube_proxy.pp +++ b/manifests/node/kube_proxy.pp @@ -8,6 +8,10 @@ # Whether you want to kube_proxy daemon to start up # Defaults to running # +# [*journald_forward_enable*] +# Fix for SIGPIPE sent to registry daemon during journald restart +# Defaults to false +# # [*enable*] # Whether you want to kube_proxy daemon to start up at boot # Defaults to true @@ -117,6 +121,7 @@ # class kubernetes::node::kube_proxy ( $ensure = $kubernetes::node::params::kube_proxy_service_ensure, + $journald_forward_enable = $kubernetes::node::params::kube_proxy_journald_forward_enable, $enable = $kubernetes::node::params::kube_proxy_service_enable, $bind_address = $kubernetes::node::params::kube_proxy_bind_address, $cleanup_iptables = $kubernetes::node::params::kube_proxy_cleanup_iptables, @@ -151,6 +156,26 @@ validate_bool($cleanup_iptables, $masquerade_all) validate_integer([$healthz_port, $oom_score_adj,]) + if $journald_forward_enable { + file { '/etc/systemd/system/kube-proxy.service.d': + ensure => 'directory', + owner => 'root', + group => 'root', + mode => '0755', + } + file { '/etc/systemd/system/kube-proxy.service.d/journald.conf': + ensure => file, + owner => 'root', + group => 'root', + mode => '0644', + content => template("${module_name}/systemd/kubeproxy_journald.conf.erb"), + } ~> + exec { 'reload systemctl daemon for kube-proxy': + command => '/bin/systemctl daemon-reload', + refreshonly => true, + } ~> Service['kube-proxy'] + } + file { '/etc/kubernetes/proxy': ensure => 'file', content => template("${module_name}/etc/kubernetes/proxy.erb"), diff --git a/manifests/node/kubelet.pp b/manifests/node/kubelet.pp index 6ca95e4..6731c1d 100644 --- a/manifests/node/kubelet.pp +++ b/manifests/node/kubelet.pp @@ -8,6 +8,10 @@ # Whether you want to kubelet daemon to start up # Defaults to running # +# [*journald_forward_enable*] +# Fix for SIGPIPE sent to registry daemon during journald restart +# Defaults to false +# # [*enable*] # Whether you want to kubelet daemon to start up at boot # Defaults to true @@ -163,7 +167,8 @@ # Default undef # # [*hairpin_mode*] -# How should the kubelet setup hairpin NAT. This allows endpoints of a Service to loadbalance back to themselves if they should try to access their own Service. Valid values are "promiscuous-bridge", "hairpin-veth" and "none". +# How should the kubelet setup hairpin NAT. This allows endpoints of a Service to loadbalance back to themselves if they should +# try to access their own Service. Valid values are "promiscuous-bridge", "hairpin-veth" and "none". # Default undef # # [*housekeeping_interval*] @@ -179,7 +184,8 @@ # Default undef # # [*kube_reserved*] -# A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) pairs that describe resources reserved for kubernetes system components. Currently only cpu and memory are supported. +# A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) pairs that describe resources reserved for +# kubernetes system components. Currently only cpu and memory are supported. # Default undef # # [*kubelet_cgroups*] @@ -215,11 +221,13 @@ # Default undef # # [*system_cgroups*] -# Optional absolute name of cgroups in which to place all non-kernel processes that are not already inside a cgroup under `/`. Empty for no container. Rolling back the flag requires a reboot. +# Optional absolute name of cgroups in which to place all non-kernel processes that are not already inside a +# cgroup under `/`. Empty for no container. Rolling back the flag requires a reboot. # Default undef # # [*system_reserved*] -# A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) pairs that describe resources reserved for non-kubernetes components. Currently only cpu and memory are supported. +# A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) pairs that describe resources reserved for non-kubernetes +# components. Currently only cpu and memory are supported. # Default undef # # [*non_masquerade_cidr*] @@ -236,6 +244,7 @@ # class kubernetes::node::kubelet ( $ensure = $kubernetes::node::params::kubelet_service_ensure, + $journald_forward_enable = $kubernetes::node::params::kubelet_journald_forward_enable, $enable = $kubernetes::node::params::kubelet_service_enable, $api_servers = $kubernetes::node::params::kubelet_api_servers, $address = $kubernetes::node::params::kubelet_address, @@ -319,6 +328,26 @@ } ~> Service['docker'] } + if $journald_forward_enable { + file { '/etc/systemd/system/kubelet.service.d': + ensure => 'directory', + owner => 'root', + group => 'root', + mode => '0755', + } + file { '/etc/systemd/system/kubelet.service.d/journald.conf': + ensure => file, + owner => 'root', + group => 'root', + mode => '0644', + content => template("${module_name}/systemd/kubelet_journald.conf.erb"), + } ~> + exec { 'reload systemctl daemon for kubelet': + command => '/bin/systemctl daemon-reload', + refreshonly => true, + } ~> Service['kubelet'] + } + file { '/etc/kubernetes/kubelet': ensure => 'file', content => template("${module_name}/etc/kubernetes/kubelet.erb"), diff --git a/manifests/node/params.pp b/manifests/node/params.pp index 1e325e2..dd40344 100644 --- a/manifests/node/params.pp +++ b/manifests/node/params.pp @@ -6,6 +6,7 @@ # kubelet options # http://kubernetes.io/v1.1/docs/admin/kubelet.html $kubelet_service_ensure = 'running' + $kubelet_journald_forward_enable = false $kubelet_service_enable = true $kubelet_address = '0.0.0.0' $kubelet_api_servers = ['http://127.0.0.1:8080'] @@ -65,6 +66,7 @@ # proxy options # http://kubernetes.io/v1.1/docs/admin/kube-proxy.html $kube_proxy_service_ensure = 'running' + $kube_proxy_journald_forward_enable = false $kube_proxy_service_enable = true $kube_proxy_bind_address = '127.0.0.1' $kube_proxy_cleanup_iptables = false diff --git a/metadata.json b/metadata.json index 51762fd..b465a90 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "cristifalcas-kubernetes", - "version": "1.2.0", + "version": "1.3.0", "author": "Cristian Falcas", "license": "Apache-2.0", "summary": "Configuring and installing kubernetes", diff --git a/templates/etc/kubernetes/apiserver.erb b/templates/etc/kubernetes/apiserver.erb index 2372c51..0ffcd78 100644 --- a/templates/etc/kubernetes/apiserver.erb +++ b/templates/etc/kubernetes/apiserver.erb @@ -25,6 +25,7 @@ KUBE_API_ARGS="<% -%> --etcd-config=/etc/kubernetes/etcd_config.json<% -%> <% end -%> <% if @minimum_version.to_f >= 1.2 then -%> + --apiserver-count=<%= scope['kubernetes::master::apiserver::apiserver_count'] -%> --etcd-servers=<%= Array(scope['kubernetes::master::apiserver::etcd_servers']).join(',') -%> <% if @etcd_certfile and @etcd_keyfile and @etcd_cacertfiles and not Array(@etcd_cacertfiles).flatten.empty? -%> --etcd-certfile=<%= scope['kubernetes::master::apiserver::etcd_certfile'] -%> diff --git a/templates/systemd/apiserver_journald.conf.erb b/templates/systemd/apiserver_journald.conf.erb new file mode 100644 index 0000000..9c9061e --- /dev/null +++ b/templates/systemd/apiserver_journald.conf.erb @@ -0,0 +1,17 @@ +[Service] +NotifyAccess=all +Type=notify +ExecStart= +ExecStart=-/bin/sh -c "/usr/bin/kube-apiserver \ + $KUBE_LOGTOSTDERR \ + $KUBE_LOG_LEVEL \ + $KUBE_ETCD_SERVERS \ + $KUBE_API_ADDRESS \ + $KUBE_API_PORT \ + $KUBELET_PORT \ + $KUBE_ALLOW_PRIV \ + $KUBE_SERVICE_ADDRESSES \ + $KUBE_ADMISSION_CONTROL \ + $KUBE_API_ARGS 2>&1 | /usr/bin/forward-journald -tag kube-apiserver" +StandardOutput=null +StandardError=null diff --git a/templates/systemd/controller_manager_journald.conf.erb b/templates/systemd/controller_manager_journald.conf.erb new file mode 100644 index 0000000..dc618b2 --- /dev/null +++ b/templates/systemd/controller_manager_journald.conf.erb @@ -0,0 +1,9 @@ +[Service] +ExecStart= +ExecStart=-/bin/sh -c "/usr/bin/kube-controller-manager \ + $KUBE_LOGTOSTDERR \ + $KUBE_LOG_LEVEL \ + $KUBE_MASTER \ + $KUBE_CONTROLLER_MANAGER_ARGS 2>&1 | /usr/bin/forward-journald -tag kube-controller-manager" +StandardOutput=null +StandardError=null diff --git a/templates/systemd/kubelet_journald.conf.erb b/templates/systemd/kubelet_journald.conf.erb new file mode 100644 index 0000000..d849cc1 --- /dev/null +++ b/templates/systemd/kubelet_journald.conf.erb @@ -0,0 +1,13 @@ +[Service] +ExecStart= +ExecStart=-/bin/sh -c "/usr/bin/kubelet \ + $KUBE_LOGTOSTDERR \ + $KUBE_LOG_LEVEL \ + $KUBELET_API_SERVER \ + $KUBELET_ADDRESS \ + $KUBELET_PORT \ + $KUBELET_HOSTNAME \ + $KUBE_ALLOW_PRIV \ + $KUBELET_ARGS 2>&1 | /usr/bin/forward-journald -tag kubelet" +StandardOutput=null +StandardError=null diff --git a/templates/systemd/kubeproxy_journald.conf.erb b/templates/systemd/kubeproxy_journald.conf.erb new file mode 100644 index 0000000..4407fec --- /dev/null +++ b/templates/systemd/kubeproxy_journald.conf.erb @@ -0,0 +1,9 @@ +[Service] +ExecStart= +ExecStart=-/bin/sh -c "/usr/bin/kube-proxy \ + $KUBE_LOGTOSTDERR \ + $KUBE_LOG_LEVEL \ + $KUBE_MASTER \ + $KUBE_PROXY_ARGS 2>&1 | /usr/bin/forward-journald -tag kube-proxy" +StandardOutput=null +StandardError=null diff --git a/templates/systemd/scheduler_journald.conf.erb b/templates/systemd/scheduler_journald.conf.erb new file mode 100644 index 0000000..d7764b1 --- /dev/null +++ b/templates/systemd/scheduler_journald.conf.erb @@ -0,0 +1,9 @@ +[Service] +ExecStart= +ExecStart=-/bin/sh -c "/usr/bin/kube-scheduler \ + $KUBE_LOGTOSTDERR \ + $KUBE_LOG_LEVEL \ + $KUBE_MASTER \ + $KUBE_SCHEDULER_ARGS 2>&1 | /usr/bin/forward-journald -tag kube-scheduler" +StandardOutput=null +StandardError=null