Deploy kubelet and kube-apiserver as containers

kubelet via docker
kube-apiserver as a static pod

Fixed etcd service start to be more tolerant of slow start.

Workaround for kube_version to stay in download role, but not
download an files by creating a new "nothing" download entry.

roles/kubernetes/node/meta/main.yml

@@ -1,5 +1,5 @@
 ---
 dependencies:
-  - role: download
-    file: "{{ downloads.kubernetes_kubelet }}"
+  - role: download #For kube_version
+    file: "{{ downloads.nothing }}"
   - role: kubernetes/secrets

roles/kubernetes/node/tasks/install.yml

@@ -14,7 +14,7 @@
   when: ansible_service_mgr in ["sysvinit","upstart"] and ansible_os_family == "RedHat"
   notify: restart kubelet
 
-- name: install | Install kubelet binary
-  command: rsync -piu "{{ local_release_dir }}/kubernetes/bin/kubelet" "{{ bin_dir }}/kubelet"
-  register: kubelet_copy
+- name: install | Install kubelet launch script
+  template: src=kubelet-container.j2 dest="{{ bin_dir }}/kubelet" owner=kube mode=0755 backup=yes
+  register: kubelet_launcher
   changed_when: false

roles/kubernetes/node/tasks/main.yml

@@ -26,7 +26,7 @@
 - name: Restart kubelet if binary changed
   command: /bin/true
   notify: restart kubelet
-  when: kubelet_copy.stdout_lines
+  when: kubelet_launcher.changed
 
 # reload-systemd
 - meta: flush_handlers

roles/kubernetes/node/templates/kubelet-container.j2

@@ -0,0 +1,15 @@
+#!/bin/bash
+/usr/bin/docker run --privileged --rm \
+--net=host --pid=host --name=kubelet \
+-v /etc/cni:/etc/cni:ro \
+-v /opt/cni:/opt/cni:ro \
+-v /etc/kubernetes:/etc/kubernetes \
+-v /sys:/sys \
+-v /dev:/dev \
+-v /var/lib/docker:/var/lib/docker \
+-v /var/run:/var/run \
+-v /var/lib/kubelet:/var/lib/kubelet \
+{{ hyperkube_image_repo }}:{{ hyperkube_image_tag}} \
+nsenter --target=1 --mount --wd=. -- \
+./hyperkube kubelet \
+$@

roles/kubernetes/node/templates/kubelet.j2

@@ -6,7 +6,6 @@ KUBE_LOGGING="--log-dir={{ kube_log_dir }} --logtostderr=true"
 KUBE_LOGGING="--logtostderr=true"
 {% endif %}
 KUBE_LOG_LEVEL="--v={{ kube_log_level | default('2') }}"
-KUBE_ALLOW_PRIV="--allow_privileged=true"
 {% if inventory_hostname in groups['kube-node'] %}
 KUBELET_API_SERVER="--api_servers={% for host in groups['kube-master'] %}https://{{ hostvars[host]['access_ip'] | default(hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address'])) }}:{{ kube_apiserver_port }}{% if not loop.last %},{% endif %}{% endfor %}"
 {% endif %}
@@ -15,7 +14,7 @@ KUBELET_ADDRESS="--address={{ ip | default("0.0.0.0") }}"
 # The port for the info server to serve on
 # KUBELET_PORT="--port=10250"
 # You may leave this blank to use the actual hostname
-KUBELET_HOSTNAME="--hostname_override={{ inventory_hostname }}"
+KUBELET_HOSTNAME="--hostname-override={{ inventory_hostname }}"
 {% if inventory_hostname in groups['kube-master'] and inventory_hostname not in groups['kube-node'] %}
 KUBELET_REGISTER_NODE="--register-node=false"
 {% endif %}
@@ -26,12 +25,12 @@ KUBELET_ARGS="--cluster_dns={{ dns_server }} --cluster_domain={{ dns_domain }} -
 KUBELET_ARGS="--kubeconfig={{ kube_config_dir}}/kubelet.kubeconfig --config={{ kube_manifest_dir }}"
 {% endif %}
 {% if kube_network_plugin is defined and kube_network_plugin in ["calico", "weave"] %}
-KUBELET_NETWORK_PLUGIN="--network_plugin=cni --network-plugin-dir=/etc/cni/net.d"
+KUBELET_NETWORK_PLUGIN="--network-plugin=cni --network-plugin-dir=/etc/cni/net.d"
 {% elif kube_network_plugin is defined and kube_network_plugin == "weave" %}
 DOCKER_SOCKET="--docker-endpoint=unix:/var/run/weave/weave.sock"
 {% endif %}
 # Should this cluster be allowed to run privileged docker containers
-KUBE_ALLOW_PRIV="--allow_privileged=true"
+KUBE_ALLOW_PRIV="--allow-privileged=true"
 {% if cloud_provider is defined and cloud_provider == "openstack" %}
 KUBELET_CLOUDPROVIDER="--cloud-provider={{ cloud_provider }} --cloud-config={{ kube_config_dir }}/cloud_config"
 {% else %}

roles/kubernetes/node/templates/kubelet.service.j2

@@ -22,7 +22,10 @@ ExecStart={{ bin_dir }}/kubelet \
 		$KUBELET_REGISTER_NODE \
 		$KUBELET_NETWORK_PLUGIN \
 		$KUBELET_CLOUDPROVIDER
-Restart=on-failure
+ExecStartPre=-/usr/bin/docker rm -f kubelet
+ExecReload=/usr/bin/docker restart kubelet
+Restart=always
+RestartSec=10s
 
 [Install]
 WantedBy=multi-user.target