kubernetes-sigs · ant31 · Mar 18, 2025 · Mar 18, 2025
diff --git a/.gitlab-ci/packet.yml b/.gitlab-ci/packet.yml
@@ -80,6 +80,9 @@ packet_ubuntu20-crio:
 packet_ubuntu22-calico-all-in-one:
   extends: .packet_pr
 
+packet_debian12-kubelet_root:
+  extends: .packet_pr
+
 packet_ubuntu22-calico-all-in-one-upgrade:
   extends: .packet_pr
   variables:

diff --git a/roles/kubernetes/preinstall/defaults/main.yml b/roles/kubernetes/preinstall/defaults/main.yml
@@ -148,3 +148,4 @@ systemd_resolved_disable_stub_listener: "{{ ansible_os_family in ['Flatcar', 'Fl
 # Used to disable File Access Policy Daemon service.
 # If service is enabled, the CNI plugin installation will fail
 disable_fapolicyd: true
+kubelet_root_dir: /var/lib/kubelet
diff --git a/roles/kubernetes/preinstall/tasks/0200-kubeletroot.yml b/roles/kubernetes/preinstall/tasks/0200-kubeletroot.yml
@@ -0,0 +1,43 @@
+---
+# mount bind the kubelet root to the default location.
+# many csi and software in the ecosystem have this location hardcoded
+
+- name: "Make sure /var/lib/kubelet exists"
+  ansible.builtin.file:
+    path: "/var/lib/kubelet"
+    state: directory
+    mode: '0750'
+  when:
+    - kubelet_root_dir != '/var/lib/kubelet'
+
+- name: "Make sure kubelet_root_dir exists"
+  ansible.builtin.file:
+    path: "{{kubelet_root_dir}}"
+    state: directory
+    mode: '0750'
+  when:
+    - kubelet_root_dir != '/var/lib/kubelet'
+
+- name: "Synchronize old /var/lib/kubelet to new location before mounting"
+  ansible.posix.synchronize:
+    src: /var/lib/kubelet/
+    dest: "{{kubelet_root_dir}}"
+    archive: true
+    rsync_opts:
+      - "--ignore-existing"
+    set_remote_user: false
+  delegate_to: "{{inventory_hostname}}"
+  when:
+    - kubelet_root_dir != '/var/lib/kubelet'
+
+
+- name: "Mount bind kubelet-root to /var/lib/kubelet and add it to fstab"
+  ansible.posix.mount:
+    path: /var/lib/kubelet
+    src: "{{kubelet_root_dir}}"
+    opts: bind,nofail
+    state: mounted
+    boot: true
+    fstype: none
+  when:
+    - kubelet_root_dir != '/var/lib/kubelet'
diff --git a/roles/kubernetes/preinstall/tasks/main.yml b/roles/kubernetes/preinstall/tasks/main.yml
@@ -137,3 +137,12 @@
   when:
     - kube_network_plugin == 'calico'
     - not ignore_assert_errors
+
+
+- name: Configure alternative kubelet root
+  import_tasks: 0200-kubeletroot.yml
+  tags:
+    - bootstrap-os
+    - kubelet-root
+  when:
+    - kubelet_root_dir != '/var/lib/kubelet'
diff --git a/roles/kubespray-defaults/defaults/main/main.yml b/roles/kubespray-defaults/defaults/main/main.yml
@@ -569,6 +569,7 @@ kubelet_rotate_server_certificates: false
 # If set to true, kubelet errors if any of kernel tunables is different than kubelet defaults
 kubelet_protect_kernel_defaults: true
 
+kubelet_root_dir: /var/lib/kubelet
 # Set additional sysctl variables to modify Linux kernel variables, for example:
 # additional_sysctl:
 #  - { name: kernel.pid_max, value: 131072 }

diff --git a/tests/files/packet_debian12-kubelet_root.yml b/tests/files/packet_debian12-kubelet_root.yml
@@ -0,0 +1,8 @@
+---
+# Instance settings
+cloud_image: debian-12
+mode: default
+
+# Kubespray settings
+
+kubelet_root_dir: /data/kubelet