executable_kubelet 3.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
  1. #!/usr/bin/env bash
  2. set -o nounset -o errexit -o pipefail
  3. . /etc/environment
  4. export LINUX_MODULE_DIRECTORY
  5. coredns_image="${KUBELET_COREDNS_IMAGE:-/nix/store/1crdy15nv25jpbvknrzyhg6khv9ikhl9-docker-image-coredns-coredns-1.7.1.tar}"
  6. pause_image="${KUBELET_PAUSE_IMAGE:-/nix/store/xjlwhyqjhx0j2sc41wfpsw1zvhn98vh5-docker-image-pause.tar.gz}"
  7. if [[ -e /dev/lvm1/hpvolumes ]]
  8. then
  9. echo "Device '/dev/lvm1/hpvolumes' exists." 2>&1
  10. else
  11. /home/oleg/.guix-profile/sbin/lvchange -ay /dev/lvm1/hpvolumes
  12. fi
  13. if [[ -e /var/lib/kubelet/.maintenance ]]
  14. then
  15. echo "File '/var/lib/kubelet/.maintenance' exists."
  16. exit 1
  17. else
  18. echo "Creating '/var/lib/kubelet/.maintenance' file, user required to remove it in case of usual reboot."
  19. cat > /var/lib/kubelet/.maintenance <<'EOF'
  20. # Remove this file and restart the 'kubelet' service.
  21. # The 'kubelet' service automatically recreates this file and proseed.
  22. EOF
  23. fi
  24. if [[ -e /proc/drbd ]]
  25. then
  26. printf "DEBUG: '/proc/drbd' file already exist.\n" 2>&1
  27. else
  28. modprobe drbd9
  29. fi
  30. if [[ $(ctr --namespace k8s.io images list) == *docker.io/coredns/coredns:1.7.1* ]]
  31. then
  32. :
  33. else
  34. cat "$coredns_image" | ctr -n k8s.io image import --all-platforms -
  35. fi
  36. if [[ $(ctr --namespace k8s.io images list) == *docker.io/library/pause:latest* ]]
  37. then
  38. :
  39. else
  40. zcat "$pause_image" | ctr -n k8s.io image import --all-platforms -
  41. fi
  42. if [[ -d /var/hpvolumes ]]
  43. then
  44. if mountpoint --quiet /var/hpvolumes
  45. then
  46. :
  47. else
  48. # Uncomment if '/var/hpvolumes' directory is on a '/' file-system.
  49. # mount --bind /var/hpvolumes /var/hpvolumes
  50. mount /dev/lvm1/hpvolumes /var/hpvolumes
  51. mount --make-shared /var/hpvolumes
  52. fi
  53. fi
  54. # Add rlimits to service file by crosbymichael · Pull Request #1846
  55. # https://github.com/containerd/containerd/pull/1846
  56. containerd_pid="$(cat /run/containerd/containerd.pid)"
  57. prlimit --pid "$containerd_pid" --nofile=1048576:1048576
  58. prlimit --pid "$containerd_pid" --nproc=unlimited
  59. kubelet \
  60. --address=192.168.0.144 \
  61. --node-ip=192.168.0.144 \
  62. --authentication-token-webhook \
  63. --authentication-token-webhook-cache-ttl=10s \
  64. --authorization-mode=Webhook \
  65. --client-ca-file=/etc/kubernetes/pki/ca.pem \
  66. --cluster-dns=10.8.255.254 \
  67. --cluster-domain=cluster.local \
  68. --hairpin-mode=hairpin-veth \
  69. --healthz-bind-address=127.0.0.1 \
  70. --healthz-port=10248 \
  71. --hostname-override=kube1 \
  72. --kubeconfig=/home/oleg/.local/share/chezmoi/dotfiles/kubernetes/kubeconfig \
  73. --pod-infra-container-image=pause \
  74. --port=10250 \
  75. --register-node=true \
  76. --register-with-taints=unschedulable=true:NoSchedule \
  77. --root-dir=/var/lib/kubelet \
  78. --tls-cert-file=/etc/kubernetes/pki/kubelet-client-kube1.pem \
  79. --tls-private-key-file=/etc/kubernetes/pki/kubelet-client-kube1-key.pem \
  80. --container-runtime=remote \
  81. --container-runtime-endpoint=unix:///run/containerd/containerd.sock \
  82. --fail-swap-on=false \
  83. --eviction-hard='nodefs.available<10Gi,nodefs.inodesFree<1000000,imagefs.available<10Gi,imagefs.inodesFree<1000000' \
  84. --image-gc-high-threshold 95 \
  85. --image-gc-low-threshold 90 \
  86. --pod-manifest-path=/etc/kubernetes/manifests