AIO multinode: Add root user directive to Kubelet

Systemd units run as the root user by default; however, environment variables in spawned processes are not populated for the root user unless "User=root" is specified for a particular unit [0]. This change adds the "User=root" declaration to the Kubelet systemd unit so that Kubelet will look in the root user's home directory for Docker configuration information. Without this change, Docker configuration information, such as authentication keys for private repositories, are ignored by Kubelet even though the Docker daemon honors them. [0] https://www.freedesktop.org/software/systemd/man/systemd.exec.html#Environment%20variables%20in%20spawned%20processes Change-Id: I209de0f4f04c078d39b1e8bf18195e51e965cbf3 Signed-off-by: Drew Walters <andrew.walters@att.com>
2019-08-12 15:48:03 +00:00 · 2019-08-12 15:48:03 +00:00 · 354d53c4c3
commit 354d53c4c3
parent 9b9309fe31
1 changed files with 1 additions and 0 deletions
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/10-kubeadm.conf.j2
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/10-kubeadm.conf.j2
@ -1,4 +1,5 @@
 [Service]
+User=root
 Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
 Environment="KUBELET_SYSTEM_PODS_ARGS=--pod-manifest-path=/etc/kubernetes/manifests --allow-privileged=true --cgroup-driver={{ kubelet_cgroup_driver }}"
 Environment="KUBELET_NETWORK_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin --node-ip={% if kubelet.bind_addr is defined %}{{ kubelet.bind_addr }}{% else %}{% if kubelet.bind_device is defined %}{{ hostvars[inventory_hostname]['ansible_'+kubelet.bind_device].ipv4.address }}{% else %}{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}{% endif %}{% endif %} --hostname-override={{ kubelet_node_hostname }}"