diff --git a/cluster/juju/layers/kubernetes-worker/reactive/kubernetes_worker.py b/cluster/juju/layers/kubernetes-worker/reactive/kubernetes_worker.py index d2af6f58e40..eb814e08730 100644 --- a/cluster/juju/layers/kubernetes-worker/reactive/kubernetes_worker.py +++ b/cluster/juju/layers/kubernetes-worker/reactive/kubernetes_worker.py @@ -21,6 +21,7 @@ import random import shutil import subprocess import time +import yaml from charms.leadership import leader_get, leader_set @@ -684,29 +685,10 @@ def configure_kubelet(dns, ingress_ip): kubelet_opts['kubeconfig'] = kubeconfig_path kubelet_opts['network-plugin'] = 'cni' kubelet_opts['v'] = '0' - kubelet_opts['address'] = '0.0.0.0' - kubelet_opts['port'] = '10250' - kubelet_opts['cluster-domain'] = dns['domain'] - kubelet_opts['anonymous-auth'] = 'false' - kubelet_opts['client-ca-file'] = ca_cert_path - kubelet_opts['tls-cert-file'] = server_cert_path - kubelet_opts['tls-private-key-file'] = server_key_path kubelet_opts['logtostderr'] = 'true' - kubelet_opts['fail-swap-on'] = 'false' kubelet_opts['node-ip'] = ingress_ip - - if (dns['enable-kube-dns']): - kubelet_opts['cluster-dns'] = dns['sdn-ip'] - - # set --allow-privileged flag for kubelet kubelet_opts['allow-privileged'] = set_privileged() - if is_state('kubernetes-worker.gpu.enabled'): - hookenv.log('Adding ' - '--feature-gates=DevicePlugins=true ' - 'to kubelet') - kubelet_opts['feature-gates'] = 'DevicePlugins=true' - if is_state('endpoint.aws.ready'): kubelet_opts['cloud-provider'] = 'aws' elif is_state('endpoint.gcp.ready'): @@ -718,6 +700,55 @@ def configure_kubelet(dns, ingress_ip): kubelet_opts['cloud-provider'] = 'openstack' kubelet_opts['cloud-config'] = str(cloud_config_path) + if get_version('kubelet') >= (1, 10): + # Put together the KubeletConfiguration data + kubelet_config = { + 'apiVersion': 'kubelet.config.k8s.io/v1beta1', + 'kind': 'KubeletConfiguration', + 'address': '0.0.0.0', + 'authentication': { + 'anonymous': { + 'enabled': False + }, + 'x509': { + 'clientCAFile': ca_cert_path + } + }, + 'clusterDomain': dns['domain'], + 'failSwapOn': False, + 'port': 10250, + 'tlsCertFile': server_cert_path, + 'tlsPrivateKeyFile': server_key_path + } + if dns['enable-kube-dns']: + kubelet_config['clusterDNS'] = [dns['sdn-ip']] + if is_state('kubernetes-worker.gpu.enabled'): + kubelet_config['featureGates'] = { + 'DevicePlugins': True + } + + # Render the file and configure Kubelet to use it + os.makedirs('/root/cdk/kubelet', exist_ok=True) + with open('/root/cdk/kubelet/config.yaml', 'w') as f: + f.write('# Generated by kubernetes-worker charm, do not edit\n') + yaml.dump(kubelet_config, f) + kubelet_opts['config'] = '/root/cdk/kubelet/config.yaml' + else: + # NOTE: This is for 1.9. Once we've dropped 1.9 support, we can remove + # this whole block and the parent if statement. + kubelet_opts['address'] = '0.0.0.0' + kubelet_opts['anonymous-auth'] = 'false' + kubelet_opts['client-ca-file'] = ca_cert_path + kubelet_opts['cluster-domain'] = dns['domain'] + kubelet_opts['fail-swap-on'] = 'false' + kubelet_opts['port'] = '10250' + kubelet_opts['tls-cert-file'] = server_cert_path + kubelet_opts['tls-private-key-file'] = server_key_path + if dns['enable-kube-dns']: + kubelet_opts['cluster-dns'] = dns['sdn-ip'] + if is_state('kubernetes-worker.gpu.enabled'): + kubelet_opts['feature-gates'] = 'DevicePlugins=true' + configure_kubernetes_service('kubelet', kubelet_opts, 'kubelet-extra-args')