Puppet Class: k8s::kubelet

Defined in:
modules/k8s/manifests/kubelet.pp

Overview

Class that sets up and configures kubelet

Parameters:

  • kubeconfig (String)
  • pod_infra_container_image (String)
  • listen_address (String)
  • cni (Boolean)
  • docker_kubernetes_user_password (Optional[String]) (defaults to: undef)
  • listen_port (Optional[Stdlib::Port]) (defaults to: undef)
  • cluster_domain (String) (defaults to: 'kube')
  • cluster_dns (Optional[String]) (defaults to: undef)
  • tls_cert (String) (defaults to: '/var/lib/kubernetes/ssl/certs/cert.pem')
  • tls_key (String) (defaults to: '/var/lib/kubernetes/ssl/private_keys/server.key')
  • cni_bin_dir (String) (defaults to: '/opt/cni/bin')
  • cni_conf_dir (String) (defaults to: '/etc/cni/net.d')
  • fqdn_as_hostname (Boolean) (defaults to: true)
  • logtostderr (Boolean) (defaults to: true)
  • v_log_level (Integer) (defaults to: 0)
  • packages_from_future (Boolean) (defaults to: false)
  • kubelet_ipv6 (Boolean) (defaults to: false)
  • node_labels (Optional[Array[String]]) (defaults to: [])
  • node_taints (Optional[Array[String]]) (defaults to: [])
  • extra_params (Optional[Array[String]]) (defaults to: undef)


2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
# File 'modules/k8s/manifests/kubelet.pp', line 2

class k8s::kubelet(
    String $kubeconfig,
    String $pod_infra_container_image,
    String $listen_address,
    Boolean $cni,
    Optional[String] $docker_kubernetes_user_password = undef,
    Optional[Stdlib::Port] $listen_port = undef,
    String $cluster_domain = 'kube',
    Optional[String] $cluster_dns = undef,
    String $tls_cert = '/var/lib/kubernetes/ssl/certs/cert.pem',
    String $tls_key = '/var/lib/kubernetes/ssl/private_keys/server.key',
    String $cni_bin_dir = '/opt/cni/bin',
    String $cni_conf_dir = '/etc/cni/net.d',
    Boolean $fqdn_as_hostname = true,
    Boolean $logtostderr = true,
    Integer $v_log_level = 0,
    Boolean $packages_from_future=false,
    Boolean $kubelet_ipv6=false,
    Optional[Array[String]] $node_labels = [],
    Optional[Array[String]] $node_taints = [],
    Optional[Array[String]] $extra_params = undef,
) {
    if $packages_from_future {
        apt::package_from_component { 'kubelet-kubernetes-future':
            component => 'component/kubernetes-future',
            packages  => ['kubernetes-node'],
        }
        # apparmor is needed for PodSecurityPolicy to be able to enforce profiles
        ensure_packages('apparmor')
    } else {
        ensure_packages('kubernetes-node')
        # Old kubernetes nodes can't create containers when apparmor is installed (due to missing profiles)
        # Bug: T273563
        # TODO: Remove this after all clusters have been upgraded to kubernetes >=1.16
        package {'apparmor': ensure => purged}
    }

    # socat is needed on k8s nodes for kubectl proxying to work
    ensure_packages('socat')

    file { '/etc/default/kubelet':
        ensure  => file,
        owner   => 'root',
        group   => 'root',
        mode    => '0644',
        content => template('k8s/kubelet.default.erb'),
        notify  => Service['kubelet'],
    }

    file { [
        '/var/run/kubernetes',
        '/var/lib/kubelet',
    ] :
        ensure => directory,
        owner  => 'root',
        group  => 'root',
        mode   => '0700',
    }

    if $docker_kubernetes_user_password {
        # TODO: pass the docker registry to this class as a variable.
        docker::credentials { '/var/lib/kubelet/config.json':
            owner             => 'root',
            group             => 'root',
            registry          => 'docker-registry.discovery.wmnet',
            registry_username => 'kubernetes',
            registry_password => $docker_kubernetes_user_password,
        }
    }

    service { 'kubelet':
        ensure    => running,
        enable    => true,
        subscribe => [
            File[$kubeconfig],
            File['/etc/default/kubelet'],
        ],
    }

}