Address standalone kubelet config case

Also place in global vars and do not repeat the kube_*_config_dir
and kube_namespace vars for better code maintainability and UX.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>

roles/kubernetes/node/defaults/main.yml

@@ -1,15 +1,6 @@
-# This is where all the cert scripts and certs will be located
-kube_cert_dir: "{{ kube_config_dir }}/ssl"
-
 # change to 0.0.0.0 to enable insecure access from anywhere (not recommended)
 kube_apiserver_insecure_bind_address: 127.0.0.1
 
-# This is where you can drop yaml/json files and the kubelet will run those
-# pods on startup
-kube_manifest_dir: "{{ kube_config_dir }}/manifests"
-
-dns_domain: "{{ cluster_name }}"
-
 # resolv.conf to base dns config
 kube_resolv_conf: "/etc/resolv.conf"
 
@@ -22,16 +13,5 @@ kube_proxy_masquerade_all: true
 #   - extensions/v1beta1/daemonsets=true
 #   - extensions/v1beta1/deployments=true
 
-# Logging directory (sysvinit systems)
-kube_log_dir: "/var/log/kubernetes"
-
-# This directory is where all the additional config stuff goes
-# the kubernetes normally puts in /srv/kubernets.
-# This puts them in a sane location.
-# Editting this value will almost surely break something. Don't
-# change it. Things like the systemd scripts are hard coded to
-# look in here. Don't do it.
-kube_config_dir: /etc/kubernetes
-
 nginx_image_repo: nginx
 nginx_image_tag: 1.11.4-alpine

roles/kubernetes/node/tasks/main.yml

@@ -1,4 +1,9 @@
 ---
+- set_fact:
+    standalone_kubelet: >-
+      {%- if inventory_hostname in groups['kube-master'] and inventory_hostname not in groups['kube-node'] -%}true{%- else -%}false{%- endif -%}
+  tags: facts
+
 - include: install.yml
   tags: kubelet
 

roles/kubernetes/node/tasks/nginx-proxy.yml

@@ -1,6 +1,6 @@
 ---
 - name: nginx-proxy | Write static pod
-  template: src=manifests/nginx-proxy.manifest.j2 dest=/etc/kubernetes/manifests/nginx-proxy.yml
+  template: src=manifests/nginx-proxy.manifest.j2 dest={{kube_manifest_dir}}/nginx-proxy.yml
 
 - name: nginx-proxy | Make nginx directory
   file: path=/etc/nginx state=directory mode=0700 owner=root

roles/kubernetes/node/templates/deb-kubelet.initd.j2

@@ -27,7 +27,7 @@ DAEMON_USER=root
 [ -x "$DAEMON" ] || exit 0
 
 # Read configuration variable file if it is present
-[ -r /etc/kubernetes/$NAME.env ] && . /etc/kubernetes/$NAME.env
+[ -r {{kube_config_dir}}/$NAME.env ] && . {{kube_config_dir}}/$NAME.env
 
 # Define LSB log_* functions.
 # Depend on lsb-base (>= 3.2-14) to ensure that this file is present

roles/kubernetes/node/templates/kubelet-container.j2

@@ -3,7 +3,7 @@
 --net=host --pid=host --name=kubelet --restart=on-failure:5 \
 -v /etc/cni:/etc/cni:ro \
 -v /opt/cni:/opt/cni:ro \
--v /etc/kubernetes:/etc/kubernetes \
+-v {{kube_config_dir}}:{{kube_config_dir}} \
 -v /sys:/sys \
 -v /dev:/dev \
 -v {{ docker_daemon_graph }}:/var/lib/docker \

roles/kubernetes/node/templates/kubelet.j2

@@ -12,17 +12,21 @@ KUBELET_ADDRESS="--address={{ ip | default("0.0.0.0") }}"
 # KUBELET_PORT="--port=10250"
 # You may leave this blank to use the actual hostname
 KUBELET_HOSTNAME="--hostname-override={{ ansible_hostname }}"
-{% if inventory_hostname in groups['kube-master'] and inventory_hostname not in groups['kube-node'] %}
-KUBELET_REGISTER_NODE="--register-node=false"
-{% endif %}
 # location of the api-server
+{% set kubelet_args_base %}--pod-manifest-path={{ kube_manifest_dir }} --pod-infra-container-image={{ pod_infra_image_repo }}:{{ pod_infra_image_tag }}{% endset %}
 {% if dns_setup|bool and skip_dnsmasq|bool %}
-KUBELET_ARGS="--cluster_dns={{ skydns_server }} --cluster_domain={{ dns_domain }} --kubeconfig={{ kube_config_dir}}/node-kubeconfig.yaml --require-kubeconfig --pod-manifest-path={{ kube_manifest_dir }} --resolv-conf={{ kube_resolv_conf }} --pod-infra-container-image={{ pod_infra_image_repo }}:{{ pod_infra_image_tag }}"
+{% set kubelet_args_dns %}--cluster_dns={{ skydns_server }} --cluster_domain={{ dns_domain }} --resolv-conf={{ kube_resolv_conf }} {{ kubelet_args_base }}{% endset %}
 {% elif dns_setup|bool %}
-KUBELET_ARGS="--cluster_dns={{ dns_server }} --cluster_domain={{ dns_domain }} --kubeconfig={{ kube_config_dir}}/node-kubeconfig.yaml --require-kubeconfig --pod-manifest-path={{ kube_manifest_dir }} --resolv-conf={{ kube_resolv_conf }} --pod-infra-container-image={{ pod_infra_image_repo }}:{{ pod_infra_image_tag }}"
+{% set kubelet_args_dns %}--cluster_dns={{ dns_server }} --cluster_domain={{ dns_domain }} --resolv-conf={{ kube_resolv_conf }} {{ kubelet_args_base }}{% endset %}
 {% else %}
-KUBELET_ARGS="--kubeconfig={{ kube_config_dir}}/kubelet.kubeconfig --require-kubeconfig --pod-manifest-path={{ kube_manifest_dir }} --pod-infra-container-image={{ pod_infra_image_repo }}:{{ pod_infra_image_tag }}"
+{% set kubelet_args_dns = kubelet_args_base %}
 {% endif %}
+{% if not standalone_kubelet|bool %}
+{% set kubelet_args %}--kubeconfig={{ kube_config_dir}}/node-kubeconfig.yaml --require-kubeconfig {{ kubelet_args_dns }}{% endset %}
+{% else %}
+{% set kubelet_args = kubelet_args_dns %}
+{% endif %}
+KUBELET_ARGS="{{ kubelet_args }}"
 {% if kube_network_plugin is defined and kube_network_plugin in ["calico", "weave", "canal"] %}
 KUBELET_NETWORK_PLUGIN="--network-plugin=cni --network-plugin-dir=/etc/cni/net.d"
 {% elif kube_network_plugin is defined and kube_network_plugin == "weave" %}

roles/kubernetes/node/templates/kubelet.service.j2

@@ -10,7 +10,7 @@ Wants=docker.socket
 {% endif %}
 
 [Service]
-EnvironmentFile=/etc/kubernetes/kubelet.env
+EnvironmentFile={{kube_config_dir}}/kubelet.env
 ExecStart={{ bin_dir }}/kubelet \
 		$KUBE_LOGTOSTDERR \
 		$KUBE_LOG_LEVEL \

roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2

@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Pod
 metadata:
   name: kube-proxy
-  namespace: kube-system
+  namespace: {{system_namespace}}
   labels:
     k8s-app: kube-proxy
 spec:
@@ -17,7 +17,7 @@ spec:
     - --v={{ kube_log_level }}
     - --master={{ kube_apiserver_endpoint }}
 {% if not is_kube_master %}
-    - --kubeconfig=/etc/kubernetes/node-kubeconfig.yaml
+    - --kubeconfig={{kube_config_dir}}/node-kubeconfig.yaml
 {% endif %}
     - --bind-address={{ ip | default(ansible_default_ipv4.address) }}
     - --cluster-cidr={{ kube_pods_subnet }}
@@ -31,10 +31,10 @@ spec:
     - mountPath: /etc/ssl/certs
       name: ssl-certs-host
       readOnly: true
-    - mountPath: /etc/kubernetes/node-kubeconfig.yaml
+    - mountPath: {{kube_config_dir}}/node-kubeconfig.yaml
       name: "kubeconfig"
       readOnly: true
-    - mountPath: /etc/kubernetes/ssl
+    - mountPath: {{kube_config_dir}}/ssl
       name: "etc-kube-ssl"
       readOnly: true
     - mountPath: /var/run/dbus
@@ -46,10 +46,10 @@ spec:
       path: /usr/share/ca-certificates
   - name: "kubeconfig"
     hostPath:
-      path: "/etc/kubernetes/node-kubeconfig.yaml"
+      path: "{{kube_config_dir}}/node-kubeconfig.yaml"
   - name: "etc-kube-ssl"
     hostPath:
-      path: "/etc/kubernetes/ssl"
+      path: "{{kube_config_dir}}/ssl"
   - name: "var-run-dbus"
     hostPath:
       path: "/var/run/dbus"

roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2

@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Pod
 metadata:
   name: nginx-proxy
-  namespace: kube-system
+  namespace: {{system_namespace}}
   labels:
     k8s-app: kube-nginx
 spec:

roles/kubernetes/node/templates/rh-kubelet.initd.j2

@@ -27,7 +27,7 @@ pidfile="/var/run/$prog.pid"
 lockfile="/var/lock/subsys/$prog"
 logfile="/var/log/$prog"
 
-[ -e /etc/kubernetes/$prog.env ] && . /etc/kubernetes/$prog.env
+[ -e {{kube_config_dir}}/$prog.env ] && . {{kube_config_dir}}/$prog.env
 
 start() {
     if [ ! -x $exec ]; then
@@ -35,7 +35,7 @@ start() {
         echo "Docker executable $exec not found"
       else
         echo "You do not have permission to execute the Docker executable $exec"
-      fi	      
+      fi
       exit 5
     fi