fix: require kubelet kubeconfig before starting service
All checks were successful
Terraform Plan / Terraform Plan (push) Successful in 17s
All checks were successful
Terraform Plan / Terraform Plan (push) Successful in 17s
Inline kubelet bootstrap/kubeconfig flags in ExecStart and gate startup on /etc/kubernetes/*kubelet.conf in addition to config.yaml. This prevents kubelet entering standalone mode with webhook auth enabled when no client config is present.
This commit is contained in:
@@ -380,7 +380,6 @@ in
|
||||
after = [ "containerd.service" "network-online.target" ];
|
||||
serviceConfig = {
|
||||
Environment = [
|
||||
"KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
|
||||
"KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
|
||||
"KUBELET_KUBEADM_ARGS="
|
||||
"KUBELET_EXTRA_ARGS="
|
||||
@@ -389,12 +388,13 @@ in
|
||||
"-/var/lib/kubelet/kubeadm-flags.env"
|
||||
"-/etc/default/kubelet"
|
||||
];
|
||||
ExecStart = "${pinnedK8s}/bin/kubelet \$KUBELET_KUBECONFIG_ARGS \$KUBELET_CONFIG_ARGS \$KUBELET_KUBEADM_ARGS \$KUBELET_EXTRA_ARGS";
|
||||
ExecStart = "${pinnedK8s}/bin/kubelet --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf \$KUBELET_CONFIG_ARGS \$KUBELET_KUBEADM_ARGS \$KUBELET_EXTRA_ARGS";
|
||||
Restart = "on-failure";
|
||||
RestartSec = "10";
|
||||
};
|
||||
unitConfig = {
|
||||
ConditionPathExists = "/var/lib/kubelet/config.yaml";
|
||||
ConditionPathExistsGlob = "/etc/kubernetes/*kubelet.conf";
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
Reference in New Issue
Block a user