juju: Use KubeletConfiguration on Kubelet 1.10+ (#143)

cluster/juju/layers/kubernetes-worker/reactive/kubernetes_worker.py

@@ -21,6 +21,7 @@ import random
 import shutil
 import subprocess
 import time
+import yaml
 
 from charms.leadership import leader_get, leader_set
 
@@ -684,29 +685,10 @@ def configure_kubelet(dns, ingress_ip):
     kubelet_opts['kubeconfig'] = kubeconfig_path
     kubelet_opts['network-plugin'] = 'cni'
     kubelet_opts['v'] = '0'
-    kubelet_opts['address'] = '0.0.0.0'
-    kubelet_opts['port'] = '10250'
-    kubelet_opts['cluster-domain'] = dns['domain']
-    kubelet_opts['anonymous-auth'] = 'false'
-    kubelet_opts['client-ca-file'] = ca_cert_path
-    kubelet_opts['tls-cert-file'] = server_cert_path
-    kubelet_opts['tls-private-key-file'] = server_key_path
     kubelet_opts['logtostderr'] = 'true'
-    kubelet_opts['fail-swap-on'] = 'false'
     kubelet_opts['node-ip'] = ingress_ip
-
-    if (dns['enable-kube-dns']):
-        kubelet_opts['cluster-dns'] = dns['sdn-ip']
-
-    # set --allow-privileged flag for kubelet
     kubelet_opts['allow-privileged'] = set_privileged()
 
-    if is_state('kubernetes-worker.gpu.enabled'):
-        hookenv.log('Adding '
-                    '--feature-gates=DevicePlugins=true '
-                    'to kubelet')
-        kubelet_opts['feature-gates'] = 'DevicePlugins=true'
-
     if is_state('endpoint.aws.ready'):
         kubelet_opts['cloud-provider'] = 'aws'
     elif is_state('endpoint.gcp.ready'):
@@ -718,6 +700,55 @@ def configure_kubelet(dns, ingress_ip):
         kubelet_opts['cloud-provider'] = 'openstack'
         kubelet_opts['cloud-config'] = str(cloud_config_path)
 
+    if get_version('kubelet') >= (1, 10):
+        # Put together the KubeletConfiguration data
+        kubelet_config = {
+            'apiVersion': 'kubelet.config.k8s.io/v1beta1',
+            'kind': 'KubeletConfiguration',
+            'address': '0.0.0.0',
+            'authentication': {
+                'anonymous': {
+                    'enabled': False
+                },
+                'x509': {
+                    'clientCAFile': ca_cert_path
+                }
+            },
+            'clusterDomain': dns['domain'],
+            'failSwapOn': False,
+            'port': 10250,
+            'tlsCertFile': server_cert_path,
+            'tlsPrivateKeyFile': server_key_path
+        }
+        if dns['enable-kube-dns']:
+            kubelet_config['clusterDNS'] = [dns['sdn-ip']]
+        if is_state('kubernetes-worker.gpu.enabled'):
+            kubelet_config['featureGates'] = {
+                'DevicePlugins': True
+            }
+
+        # Render the file and configure Kubelet to use it
+        os.makedirs('/root/cdk/kubelet', exist_ok=True)
+        with open('/root/cdk/kubelet/config.yaml', 'w') as f:
+            f.write('# Generated by kubernetes-worker charm, do not edit\n')
+            yaml.dump(kubelet_config, f)
+        kubelet_opts['config'] = '/root/cdk/kubelet/config.yaml'
+    else:
+        # NOTE: This is for 1.9. Once we've dropped 1.9 support, we can remove
+        # this whole block and the parent if statement.
+        kubelet_opts['address'] = '0.0.0.0'
+        kubelet_opts['anonymous-auth'] = 'false'
+        kubelet_opts['client-ca-file'] = ca_cert_path
+        kubelet_opts['cluster-domain'] = dns['domain']
+        kubelet_opts['fail-swap-on'] = 'false'
+        kubelet_opts['port'] = '10250'
+        kubelet_opts['tls-cert-file'] = server_cert_path
+        kubelet_opts['tls-private-key-file'] = server_key_path
+        if dns['enable-kube-dns']:
+            kubelet_opts['cluster-dns'] = dns['sdn-ip']
+        if is_state('kubernetes-worker.gpu.enabled'):
+            kubelet_opts['feature-gates'] = 'DevicePlugins=true'
+
     configure_kubernetes_service('kubelet', kubelet_opts, 'kubelet-extra-args')