github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-26 21:17:23 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #97868 from mtaufen/pki-tmpfs

Browse Source 
Mount /var/lib/kubelet/pki on tmpfs
This commit is contained in:
Kubernetes Prow Robot 2021-01-14 10:47:04 -08:00 committed by GitHub
commit 9da11e294f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
cluster/gce/gci/configure-helper.sh
View File

@ -1515,9 +1515,6 @@ EOF
function start-kubelet { function start-kubelet {
echo "Start kubelet" echo "Start kubelet"
# TODO(#60123): The kubelet should create the cert-dir directory if it doesn't exist
mkdir -p /var/lib/kubelet/pki/
local kubelet_bin="${KUBE_HOME}/bin/kubelet" local kubelet_bin="${KUBE_HOME}/bin/kubelet"
local -r version="$("${kubelet_bin}" --version=true | cut -f2 -d " ")" local -r version="$("${kubelet_bin}" --version=true | cut -f2 -d " ")"
local -r builtin_kubelet="/usr/bin/kubelet" local -r builtin_kubelet="/usr/bin/kubelet"
@ -2765,6 +2762,16 @@ function setup-kubelet-dir {
echo "Making /var/lib/kubelet executable for kubelet" echo "Making /var/lib/kubelet executable for kubelet"
mount -B /var/lib/kubelet /var/lib/kubelet/ mount -B /var/lib/kubelet /var/lib/kubelet/
mount -B -o remount,exec,suid,dev /var/lib/kubelet mount -B -o remount,exec,suid,dev /var/lib/kubelet
# TODO(#60123): The kubelet should create the cert-dir directory if it doesn't exist
mkdir -p /var/lib/kubelet/pki/
# Mount /var/lib/kubelet/pki on a tmpfs so it doesn't persist across
# reboots. This can help avoid some rare instances of corrupt cert files
# (e.g. created but not written during a shutdown). Kubelet crash-loops
# in these cases. Do this after above mount calls so it isn't overwritten.
echo "Mounting /var/lib/kubelet/pki on tmpfs"
mount -t tmpfs tmpfs /var/lib/kubelet/pki
} }
# Override for GKE custom master setup scripts (no-op outside of GKE). # Override for GKE custom master setup scripts (no-op outside of GKE).