Configure etcd with a config file instead of ExecStart arguments

Author: daaang

manifests/profile/kubelet.pp

@@ -54,6 +54,12 @@
       notify  => Exec["kubelet reload daemon"],
     }
 
+    file { "/etc/kubernetes/kubelet.yaml":
+      content => template("nebula/profile/kubelet/config.yaml.erb"),
+      require => Package["kubelet"],
+      notify  => Service["kubelet"],
+    }
+
     exec { 'kubelet reload daemon':
       command     => "/bin/systemctl daemon-reload",
       refreshonly => true,

manifests/profile/kubernetes/bootstrap/etcd_config.pp

@@ -17,6 +17,13 @@
     notify  => Exec['kubelet reload daemon'],
   }
 
+  $pod_manifest_path = "/etc/kubernetes/manifests"
+  file { "/etc/kubernetes/kubelet.yaml":
+    content => template("nebula/profile/kubelet/config.yaml.erb"),
+    require => Package["kubelet"],
+    notify  => Service["kubelet"],
+  }
+
   file { '/etc/systemd/system/kubelet.service.d':
     ensure => 'directory',
   }

spec/classes/profile/kubelet_spec.rb

@@ -105,18 +105,15 @@
 
       it do
         is_expected.to contain_file("/etc/systemd/system/kubelet.service.d/20-containerd-and-manifest-dir.conf")
-          .with_content(/^ExecStart=\/usr\/bin\/kubelet/)
+          .with_content(/^ExecStart=\/usr\/bin\/kubelet --config=\/etc\/kubernetes\/kubelet\.yaml$/)
       end
 
-      ["--address=127.0.0.1",
-       "--pod-manifest-path=/etc/kubernetes/manifests",
-       "--container-runtime=remote",
-       "--container-runtime-endpoint=unix:///run/containerd/containerd.sock",
-       "--cgroup-driver=systemd"].each do |param|
-        it do
-          is_expected.to contain_file("/etc/systemd/system/kubelet.service.d/20-containerd-and-manifest-dir.conf")
-            .with_content(/^ExecStart=.+ #{param}/)
-        end
+      it do
+        is_expected.to contain_file("/etc/kubernetes/kubelet.yaml")
+          .with_content(/address:.*127.0.0.1/)
+          .with_content(/staticPodPath:.*\/etc\/kubernetes\/manifests/)
+          .with_content(/cgroupDriver:.*systemd/)
+          .with_content(/containerRuntimeEndpoint:.*unix:\/\/\/run\/containerd\/containerd.sock/)
       end
 
       context "with pod_manifest_path set to /tmp/kubelet" do
@@ -126,8 +123,8 @@
         it { is_expected.to contain_file("/tmp/kubelet") }
 
         it do
-          is_expected.to contain_file("/etc/systemd/system/kubelet.service.d/20-containerd-and-manifest-dir.conf")
-            .with_content(/^ExecStart=.+ --pod-manifest-path=\/tmp\/kubelet/)
+          is_expected.to contain_file("/etc/kubernetes/kubelet.yaml")
+            .with_content(/staticPodPath:.*\/tmp\/kubelet/)
         end
       end
 

spec/classes/profile/kubernetes/bootstrap/etcd_config_spec.rb

@@ -15,12 +15,20 @@
 
       it do
         is_expected.to contain_file('/etc/systemd/system/kubelet.service.d/20-etcd-service-manager.conf')
-          .with_content(%r{^ExecStart=/usr/bin/kubelet --address=127.0.0.1 --pod-manifest-path=/etc/kubernetes/manifests --cgroup-driver=systemd --container-runtime=remote --container-runtime-endpoint=unix:///run/containerd/containerd.sock$})
+          .with_content(%r{^ExecStart=/usr/bin/kubelet --config=/etc/kubernetes/kubelet\.yaml$})
           .that_notifies('Exec[kubelet reload daemon]')
           .that_requires('Package[kubelet]')
           .that_requires('File[/etc/systemd/system/kubelet.service.d]')
       end
 
+      it do
+        is_expected.to contain_file("/etc/kubernetes/kubelet.yaml")
+          .with_content(/address:.*127.0.0.1/)
+          .with_content(/staticPodPath:.*\/etc\/kubernetes\/manifests/)
+          .with_content(/cgroupDriver:.*systemd/)
+          .with_content(/containerRuntimeEndpoint:.*unix:\/\/\/run\/containerd\/containerd.sock/)
+      end
+
       it { is_expected.to contain_file('/etc/systemd/system/kubelet.service.d').with_ensure('directory') }
 
       it do

templates/profile/kubelet/config.yaml.erb

@@ -0,0 +1,13 @@
+apiVersion: "kubelet.config.k8s.io/v1beta1"
+kind: "KubeletConfiguration"
+address: "127.0.0.1"
+staticPodPath: "<%= @pod_manifest_path %>"
+cgroupDriver: "systemd"
+containerRuntimeEndpoint: "unix:///run/containerd/containerd.sock"
+authentication:
+  anonymous:
+    enabled: true
+  webhook:
+    enabled: false
+authorization:
+  mode: "AlwaysAllow"

templates/profile/kubelet/systemd.conf.erb

@@ -1,5 +1,5 @@
 # Managed by puppet (nebula/profile/kubelet/systemd.conf.erb)
 [Service]
 ExecStart=
-ExecStart=/usr/bin/kubelet --address=127.0.0.1 --pod-manifest-path=<%= @pod_manifest_path %> --cgroup-driver=systemd --container-runtime=remote --container-runtime-endpoint=unix:///run/containerd/containerd.sock
+ExecStart=/usr/bin/kubelet --config=/etc/kubernetes/kubelet.yaml
 Restart=always

templates/profile/kubernetes/bootstrap/etcd/systemd.conf.erb

@@ -1,5 +1,5 @@
 # Managed by puppet (nebula/profile/kubernetes/bootstrap/etcd/systemd.conf.erb)
 [Service]
 ExecStart=
-ExecStart=/usr/bin/kubelet --address=127.0.0.1 --pod-manifest-path=/etc/kubernetes/manifests --cgroup-driver=systemd --container-runtime=remote --container-runtime-endpoint=unix:///run/containerd/containerd.sock
+ExecStart=/usr/bin/kubelet --config=/etc/kubernetes/kubelet.yaml
 Restart=always