kubernetes/cluster/saltbase/salt/kubelet/default

{% set daemon_args = "$DAEMON_ARGS" -%}
{% if grains['os_family'] == 'RedHat' -%}
  {% set daemon_args = "" -%}
{% endif -%}

{% if grains.api_servers is defined -%}
  {% set api_servers = "--api_servers=https://" + grains.api_servers -%}
{% elif grains.apiservers is defined -%} # TODO(remove after 0.16.0): Deprecated form
  {% set api_servers = "--api_servers=https://" + grains.apiservers -%}
{% elif grains['roles'][0] == 'kubernetes-master' -%}
  {% set master_ipv4 = salt['grains.get']('fqdn_ip4')[0] -%}
  {% set api_servers = "--api_servers=https://" + master_ipv4 -%}
{% else -%}
  {% set ips = salt['mine.get']('roles:kubernetes-master', 'network.ip_addrs', 'grain').values() -%}
  {% set api_servers = "--api_servers=https://" + ips[0][0] -%}
{% endif -%}

# TODO: remove nginx for other cloud providers.
{% if grains['cloud'] is defined and grains.cloud in [ 'aws', 'gce', 'vagrant' ]  %}
  {% set api_servers_with_port = api_servers -%}
{% else -%}
  {% set api_servers_with_port = api_servers + ":6443" -%}
{% endif -%}

# Disable registration for the kubelet running on the master on AWS, GCE, Vagrant. Also disable
# the debugging handlers (/run and /exec) to prevent arbitrary code execution on
# the master.
# TODO(roberthbailey): Make this configurable via an env var in config-default.sh

{% set debugging_handlers = "--enable-debugging-handlers=true" -%}
{% if grains.cloud in ['aws', 'gce', 'vagrant'] -%}
  {% if grains['roles'][0] == 'kubernetes-master' -%}
    {% set api_servers_with_port = "" -%}
    {% set debugging_handlers = "--enable-debugging-handlers=false" -%}
  {% endif -%}
{% endif -%}

{% set cloud_provider = "" -%}
{% if grains.cloud is defined -%}
  {% set cloud_provider = "--cloud_provider=" + grains.cloud -%}
{% endif -%}

{% set config = "--config=/etc/kubernetes/manifests" -%}

{% set manifest_url = "" -%}
{% if grains['roles'][0] == 'kubernetes-master' and grains.cloud in ['gce'] -%}
  {% set manifest_url = "--manifest-url=http://metadata.google.internal/computeMetadata/v1/instance/attributes/google-container-manifest --manifest-url-header=Metadata-Flavor:Google" -%}
{% endif -%}

{% set hostname_override = "" -%}
{% if grains.hostname_override is defined -%}
  {% set hostname_override = " --hostname_override=" + grains.hostname_override -%}
{% endif -%}

{% set cluster_dns = "" %}
{% set cluster_domain = "" %}
{% if pillar.get('enable_cluster_dns', '').lower() == 'true' %}
  {% set cluster_dns = "--cluster_dns=" + pillar['dns_server'] %}
  {% set cluster_domain = "--cluster_domain=" + pillar['dns_domain'] %}
{% endif %}

{% set docker_root = "" -%}
{% if grains.docker_root is defined -%}
  {% set docker_root = " --docker_root=" + grains.docker_root -%}
{% endif -%}

{% set kubelet_root = "" -%}
{% if grains.kubelet_root is defined -%}
  {% set kubelet_root = " --root_dir=" + grains.kubelet_root -%}
{% endif -%}

{% set configure_cbr0 = "" -%}
{% if pillar['allocate_node_cidrs'] is defined -%}
  {% set configure_cbr0 = "--configure-cbr0=" + pillar['allocate_node_cidrs'] -%}
{% endif -%}

# Run containers under the root cgroup and create a system container.
{% set system_container = "" -%}
{% set cgroup_root = "" -%}
{% if grains['os_family'] == 'Debian' -%}
  {% set system_container = "--system-container=/system" -%}
  {% set cgroup_root = "--cgroup_root=/" -%}
{% endif -%}
{% if grains['oscodename'] == 'vivid' -%}
  {% set cgroup_root = "--cgroup_root=docker" -%}
{% endif -%}

{% set pod_cidr = "" %}
{% if grains['roles'][0] == 'kubernetes-master' and grains.get('cbr-cidr') %}
  {% set pod_cidr = "--pod-cidr=" + grains['cbr-cidr'] %}
{% endif %} 

DAEMON_ARGS="{{daemon_args}} {{api_servers_with_port}} {{debugging_handlers}} {{hostname_override}} {{cloud_provider}} {{config}} {{manifest_url}} --allow_privileged={{pillar['allow_privileged']}} {{pillar['log_level']}} {{cluster_dns}} {{cluster_domain}} {{docker_root}} {{kubelet_root}} {{configure_cbr0}} {{cgroup_root}} {{system_container}} {{pod_cidr}}"