Expose Kubelet configuration

* Adds a new configuration document to manage Kubelet configuration * Exposes arbitrary configuration * Specifically exposes the pause image Change-Id: I8cc268f984c8a1fe44b18d1a910406b8153f93a2
2017-11-16 08:44:26 -06:00 · 2017-11-16 08:44:26 -06:00 · 9246fb519a
parent 39270cb6cc
commit 9246fb519a
7 changed files with 136 additions and 12 deletions
--- a/docs/source/configuration/index.rst
+++ b/docs/source/configuration/index.rst
@ -14,6 +14,7 @@ Details about Promenade-specific documents can be found here:
    docker
    genesis
    host-system
+    kubelet
    kubernetes-network
    kubernetes-node

--- a/docs/source/configuration/kubelet.rst
+++ b/docs/source/configuration/kubelet.rst
@ -0,0 +1,35 @@
+Kubelet
+=======
+
+Configuration for the Kubernetes worker daemon (the Kubelet).  This document
+contains two keys: ``arguments`` and ``images``.  The ``arguments`` are
+appended directly to the ``kubelet`` command line, along with arguments that
+are controlled by Promenade more directly.
+
+The only image that is configurable is for the ``pause`` container.
+
+
+Sample Document
+---------------
+
+Here is a sample document:
+
+.. code-block:: yaml
+
+    schema: promenade/Kubelet/v1
+    metadata:
+      schema: metadata/Document/v1
+      name: kubelet
+      layeringDefinition:
+        abstract: false
+        layer: site
+    data:
+      arguments:
+        - --cni-bin-dir=/opt/cni/bin
+        - --cni-conf-dir=/etc/cni/net.d
+        - --eviction-max-pod-grace-period=-1
+        - --network-plugin=cni
+        - --node-status-update-frequency=5s
+        - --v=5
+      images:
+        pause: gcr.io/google_containers/pause-amd64:3.0
--- a/examples/basic/Kubelet.yaml
+++ b/examples/basic/Kubelet.yaml
@ -0,0 +1,19 @@
+---
+schema: promenade/Kubelet/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubelet
+  layeringDefinition:
+    abstract: false
+    layer: site
+data:
+  arguments:
+    - --cni-bin-dir=/opt/cni/bin
+    - --cni-conf-dir=/etc/cni/net.d
+    - --eviction-max-pod-grace-period=-1
+    - --network-plugin=cni
+    - --node-status-update-frequency=5s
+    - --v=5
+  images:
+    pause: gcr.io/google_containers/pause-amd64:3.0
+...
--- a/examples/complete/Kubelet.yaml
+++ b/examples/complete/Kubelet.yaml
@ -0,0 +1,19 @@
+---
+schema: promenade/Kubelet/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubelet
+  layeringDefinition:
+    abstract: false
+    layer: site
+data:
+  arguments:
+    - --cni-bin-dir=/opt/cni/bin
+    - --cni-conf-dir=/etc/cni/net.d
+    - --eviction-max-pod-grace-period=-1
+    - --network-plugin=cni
+    - --node-status-update-frequency=5s
+    - --v=5
+  images:
+    pause: gcr.io/google_containers/pause-amd64:3.0
+...
--- a/promenade/schemas/Kubelet.yaml
+++ b/promenade/schemas/Kubelet.yaml
@ -0,0 +1,32 @@
+---
+schema: deckhand/DataSchema/v1
+metadata:
+  schema: metadata/Control/v1
+  name: promenade/Kubelet/v1
+  labels:
+    application: promenade
+data:
+  $schema: http://json-schema.org/schema#
+  type: object
+  definitions:
+    image:
+      type: string
+      # XXX add regex
+
+  properties:
+    images:
+      type: object
+      properties:
+        pause:
+          $ref: '#/definitions/image'
+      required:
+        - pause
+      additionalProperties: false
+    arguments:
+      type: array
+      items:
+        type: string
+  required:
+    - images
+  additionalProperties: false
+...
--- a/promenade/templates/roles/common/etc/systemd/system/kubelet.service
+++ b/promenade/templates/roles/common/etc/systemd/system/kubelet.service
@ -6,26 +6,26 @@ After=network-online.target
 [Service]
 ExecStart=/opt/kubernetes/bin/kubelet \
    --allow-privileged=true \
-    --cluster-domain={{ config['KubernetesNetwork:dns.cluster_domain'] }} \
+    --client-ca-file=/etc/kubernetes/pki/cluster-ca.pem \
    --cluster-dns={{ config['KubernetesNetwork:dns.service_ip'] }} \
-    --cni-bin-dir=/opt/cni/bin \
-    --cni-conf-dir=/etc/cni/net.d \
-    --eviction-max-pod-grace-period -1 \
-    --node-status-update-frequency 5s \
-    --kubeconfig=/etc/kubernetes/kubeconfig \
+    --cluster-domain={{ config['KubernetesNetwork:dns.cluster_domain'] }} \
    --hostname-override={{ config.get_first('Genesis:hostname', 'KubernetesNode:hostname') }} \
-    --network-plugin=cni \
+    --kubeconfig=/etc/kubernetes/kubeconfig \
    --node-ip={{ config.get_first('Genesis:ip', 'KubernetesNode:ip') }} \
+    --pod-manifest-path=/etc/kubernetes/manifests \
+    --tls-cert-file=/etc/kubernetes/pki/kubelet.pem \
+    --tls-private-key-file=/etc/kubernetes/pki/kubelet-key.pem \
    {%- if config['Genesis:labels.static'] is defined %}
    --node-labels={{ config['Genesis:labels.static'] | join(',') }} \
    {%- elif config['KubernetesNode:labels.static'] is defined %}
    --node-labels={{ config['KubernetesNode:labels.static'] | join(',') }} \
    {%- endif %}
-    --pod-manifest-path=/etc/kubernetes/manifests \
-    --client-ca-file=/etc/kubernetes/pki/cluster-ca.pem \
-    --tls-cert-file=/etc/kubernetes/pki/kubelet.pem \
-    --tls-private-key-file=/etc/kubernetes/pki/kubelet-key.pem \
-    --v=5
+    {%- if config['Kubelet:arguments'] is defined %}
+    {%- for argument in config['Kubelet:arguments'] %}
+    - {{ argument }} \
+    {%- endfor %}
+    {%- endif %}
+    --pod-infra-container-image={{ config['Kubelet:images.pause'] }}

 Restart=always
 StartLimitInterval=0
--- a/tools/gate/config-templates/site-config.yaml
+++ b/tools/gate/config-templates/site-config.yaml
@ -98,4 +98,22 @@ data:
    required:
      docker: docker-engine=1.13.1-0~ubuntu-xenial
      socat: socat=1.7.3.1-1
+---
+schema: promenade/Kubelet/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubelet
+  layeringDefinition:
+    abstract: false
+    layer: site
+data:
+  arguments:
+    - --cni-bin-dir=/opt/cni/bin
+    - --cni-conf-dir=/etc/cni/net.d
+    - --eviction-max-pod-grace-period=-1
+    - --network-plugin=cni
+    - --node-status-update-frequency=5s
+    - --v=5
+  images:
+    pause: gcr.io/google_containers/pause-amd64:3.0
 ...