diff --git a/cluster/gce/trusty/master.yaml b/cluster/gce/trusty/master.yaml index 12b4922daf5..0cfe0d30aaf 100644 --- a/cluster/gce/trusty/master.yaml +++ b/cluster/gce/trusty/master.yaml @@ -154,6 +154,8 @@ script --configure-cbr0=${ALLOCATE_NODE_CIDRS} \ --cgroup-root=/ \ --system-container=/system \ + --runtime-container=/docker-daemon \ + --resource-container=/kubelet \ --nosystemd=true \ ${ARGS} end script diff --git a/cluster/gce/trusty/node.yaml b/cluster/gce/trusty/node.yaml index cb0078af3bb..2cc301b3cc2 100644 --- a/cluster/gce/trusty/node.yaml +++ b/cluster/gce/trusty/node.yaml @@ -139,6 +139,8 @@ script --configure-cbr0=true \ --cgroup-root=/ \ --system-container=/system \ + --runtime-container=/docker-daemon \ + --resource-container=/kubelet \ --nosystemd=true \ ${ARGS} end script diff --git a/cluster/saltbase/salt/kubelet/default b/cluster/saltbase/salt/kubelet/default index 3e37fe6b8c8..50b8802b932 100644 --- a/cluster/saltbase/salt/kubelet/default +++ b/cluster/saltbase/salt/kubelet/default @@ -102,15 +102,19 @@ {% set experimental_flannel_overlay = "--experimental-flannel-overlay=true" %} {% endif -%} -# Run containers under the root cgroup and create a system container. -{% set system_container = "" -%} +# Setup cgroups hierarchies. {% set cgroup_root = "" -%} -{% if grains['os_family'] == 'Debian' -%} - {% set system_container = "--system-container=/system" -%} +{% set system_container = "" -%} +{% set kubelet_container = "" -%} +{% set runtime_container = "" -%} +{% if grains['os_family'] == 'Debian' -%} {% if pillar.get('is_systemd') %} {% set cgroup_root = "--cgroup-root=docker" -%} {% else %} {% set cgroup_root = "--cgroup-root=/" -%} + {% set system_container = "--system-container=/system" -%} + {% set runtime_container = "--runtime-container=/docker-daemon" -%} + {% set kubelet_container= "--resource-container=/kubelet" -%} {% endif %} {% endif -%} {% if grains['oscodename'] == 'vivid' -%} diff --git a/cmd/kubelet/app/options/options.go b/cmd/kubelet/app/options/options.go index 9e18ab5ab06..d417fe1641c 100644 --- a/cmd/kubelet/app/options/options.go +++ b/cmd/kubelet/app/options/options.go @@ -111,11 +111,11 @@ func NewKubeletServer() *KubeletServer { RegisterSchedulable: true, RegistryBurst: 10, RegistryPullQPS: 5.0, - ResourceContainer: "/kubelet", + ResourceContainer: "", RktPath: "", RktStage1Image: "", RootDirectory: defaultRootDir, - RuntimeContainer: "/docker-daemon", + RuntimeContainer: "", SerializeImagePulls: true, StreamingConnectionIdleTimeout: unversioned.Duration{4 * time.Hour}, SyncFrequency: unversioned.Duration{1 * time.Minute}, @@ -191,7 +191,7 @@ func (s *KubeletServer) AddFlags(fs *pflag.FlagSet) { fs.StringVar(&s.VolumePluginDir, "volume-plugin-dir", s.VolumePluginDir, " The full path of the directory in which to search for additional third party volume plugins") fs.StringVar(&s.CloudProvider, "cloud-provider", s.CloudProvider, "The provider for cloud services. Empty string for no provider.") fs.StringVar(&s.CloudConfigFile, "cloud-config", s.CloudConfigFile, "The path to the cloud provider configuration file. Empty string for no configuration file.") - fs.StringVar(&s.ResourceContainer, "resource-container", s.ResourceContainer, "Absolute name of the resource-only container to create and run the Kubelet in (Default: /kubelet).") + fs.StringVar(&s.ResourceContainer, "resource-container", s.ResourceContainer, "Optional absolute name of the resource-only container to create and run the Kubelet in.") fs.StringVar(&s.CgroupRoot, "cgroup-root", s.CgroupRoot, "Optional root cgroup to use for pods. This is handled by the container runtime on a best effort basis. Default: '', which means use the container runtime default.") fs.StringVar(&s.ContainerRuntime, "container-runtime", s.ContainerRuntime, "The container runtime to use. Possible values: 'docker', 'rkt'. Default: 'docker'.") fs.StringVar(&s.LockFilePath, "lock-file", s.LockFilePath, " The path to file for kubelet to use as a lock file.") @@ -222,5 +222,5 @@ func (s *KubeletServer) AddFlags(fs *pflag.FlagSet) { fs.DurationVar(&s.OutOfDiskTransitionFrequency.Duration, "outofdisk-transition-frequency", s.OutOfDiskTransitionFrequency.Duration, "Duration for which the kubelet has to wait before transitioning out of out-of-disk node condition status. Default: 5m0s") fs.StringVar(&s.NodeIP, "node-ip", s.NodeIP, "IP address of the node. If set, kubelet will use this IP address for the node") fs.BoolVar(&s.EnableCustomMetrics, "enable-custom-metrics", s.EnableCustomMetrics, "Support for gathering custom metrics.") - fs.StringVar(&s.RuntimeContainer, "runtime-container", s.RuntimeContainer, "Absolute name of the cgroups to create (if required) and run the runtime in (Default: /docker-daemon).") + fs.StringVar(&s.RuntimeContainer, "runtime-container", s.RuntimeContainer, "Optional absolute name of cgroups to create and run the runtime in.") } diff --git a/cmd/kubelet/app/server.go b/cmd/kubelet/app/server.go index d60adfaa74e..db75bb35adf 100644 --- a/cmd/kubelet/app/server.go +++ b/cmd/kubelet/app/server.go @@ -510,7 +510,7 @@ func SimpleKubelet(client *clientset.Clientset, CPUCFSQuota: true, DiskSpacePolicy: diskSpacePolicy, DockerClient: dockerClient, - RuntimeContainer: "/docker-daemon", + RuntimeContainer: "", DockerExecHandler: &dockertools.NativeExecHandler{}, EnableCustomMetrics: false, EnableDebuggingHandlers: true, diff --git a/docs/admin/kubelet.md b/docs/admin/kubelet.md index cbe8d63b8de..5dedc2dadc8 100644 --- a/docs/admin/kubelet.md +++ b/docs/admin/kubelet.md @@ -134,12 +134,12 @@ kubelet --registry-burst=10: Maximum size of a bursty pulls, temporarily allows pulls to burst to this number, while still not exceeding registry-qps. Only used if --registry-qps > 0 --registry-qps=5: If > 0, limit registry pull QPS to this value. If 0, unlimited. [default=5.0] --resolv-conf="/etc/resolv.conf": Resolver configuration file used as the basis for the container DNS resolution configuration. - --resource-container="/kubelet": Absolute name of the resource-only container to create and run the Kubelet in (Default: /kubelet). + --resource-container="": Optional absolute name of the resource-only container to create and run the Kubelet in. --rkt-path="": Path of rkt binary. Leave empty to use the first rkt in $PATH. Only used if --container-runtime='rkt' --rkt-stage1-image="": image to use as stage1. Local paths and http/https URLs are supported. If empty, the 'stage1.aci' in the same directory as '--rkt-path' will be used --root-dir="/var/lib/kubelet": Directory path for managing kubelet files (volume mounts,etc). --runonce[=false]: If true, exit after spawning pods from local manifests or remote urls. Exclusive with --api-servers, and --enable-server - --runtime-container="/docker-daemon": Absolute name of the cgroups to create (if required) and run the runtime in (Default: /docker-daemon). + --runtime-container="": Optional absolute name of the cgroups to create and run the runtime in. --serialize-image-pulls[=true]: Pull images one at a time. We recommend *not* changing the default value on nodes that run docker daemon with version < 1.9 or an Aufs storage backend. Issue #10959 has more details. [default=true] --streaming-connection-idle-timeout=4h0m0s: Maximum time a streaming connection can be idle before the connection is automatically closed. 0 indicates no timeout. Example: '5m' --sync-frequency=1m0s: Max period between synchronizing running containers and config