node_authorizer_systemd_unit.sh

$ systemctl cat node-authorizer | cat
# /etc/systemd/system/node-authorizer.service
[Unit]
Description=Node Authorization Client
Documentation=https://github.com/kubernetes/kops
After=docker.service
Before=kubelet.service
[Service]
Type=oneshot
RemainAfterExit=yes
EnvironmentFile=/etc/environment
ExecStartPre=/usr/bin/mkdir -p /var/lib/kubelet
ExecStartPre=/usr/bin/docker pull quay.io/gambol99/node-authorizer:v0.0.3@sha256:4404af05793411563f6e2f26e3b07fc8640852b0b1cabe5eb31a6451df66488d
ExecStartPre=/usr/bin/bash -c 'while [ ! -f /srv/kubernetes/node-authorizer/tls.pem ]; do sleep 5; done; sleep 5'
ExecStart=/usr/bin/docker run --rm \
  --net=host \
  --volume=/var/lib/kubelet:/var/lib/kubelet \
  -volume=/srv/kubernetes/node-authorizer:/config:ro 
  quay.io/gambol99/node-authorizer:v0.0.3@sha256:4404af05793411563f6e2f26e3b07fc8640852b0b1cabe5eb31a6451df66488d \
  client \
  --authorizer=aws \
  --interval=10s \
  --kubeapi-url=https://kube-api-internal.example.com \
  --kubeconfig=/var/lib/kubelet/bootstrap-kubeconfig \
  --node-url=https://node-authorizer-internal.example.com:10443 \
  --timeout=5m0s - tls-client-ca=/config/ca.pem \
  --tls-cert=/config/tls.pem \
  --tls-private-key=/config/tls-key.pem`