Move certificate and private-key away from /var/run

It is cleared out at reboot. It appears that only the file-name part of --tls-cert-file / --tls-private-key-file is used and that the path is taken from --cert-dir (which defaults to /var/run/kubernetes) so to make the path stick we also add a --cert-dir
2025-07-27 14:13:53 +03:00 · 2017-04-11 06:46:38 +02:00
parent c32977f361
commit d81abdbcf1
1 changed files with 3 additions and 2 deletions
--- a/docs/06-kubernetes-worker.md
+++ b/docs/06-kubernetes-worker.md
@@ -183,8 +183,9 @@ ExecStart=/usr/bin/kubelet \\
  --kubeconfig=/var/lib/kubelet/kubeconfig \\
  --serialize-image-pulls=false \\
  --register-node=true \\
-  --tls-cert-file=/var/run/kubernetes/kubelet-client.crt \\
-  --tls-private-key-file=/var/run/kubernetes/kubelet-client.key \\
+  --tls-cert-file=/var/lib/kubelet/kubelet-client.crt \\
+  --tls-private-key-file=/var/lib/kubelet/kubelet-client.key \\
+  --cert-dir=/var/lib/kubelet \\
  --v=2
 Restart=on-failure
 RestartSec=5