run kube controllers in a separate process

roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2

@@ -22,12 +22,39 @@ ExecStart=/usr/bin/docker run --rm --privileged --net=host \
   {% if l_bind_docker_reg_auth | default(False) %} -v {{ oreg_auth_credentials_path }}:/root/.docker:ro{% endif %}\
   {{ osm_image }}:${IMAGE_VERSION} start master controllers \
   --config=${CONFIG_FILE} $OPTIONS
+ExecStartPre=-/usr/bin/docker rm -f {{ openshift_service_type}}-master-kube-controllers
+ExecStart=/usr/bin/docker run --rm --privileged --net=host \
+  --name {{ openshift_service_type }}-master-kube-controllers \
+  --env-file=/etc/sysconfig/{{ openshift_service_type }}-master-kube-controllers \
+  -v {{ r_openshift_master_data_dir }}:{{ r_openshift_master_data_dir }} \
+  -v /var/run/docker.sock:/var/run/docker.sock \
+  -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} \
+  {% if openshift_cloudprovider_kind | default('') != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} \
+  -v /etc/pki:/etc/pki:ro \
+  {% if l_bind_docker_reg_auth | default(False) %} -v {{ oreg_auth_credentials_path }}:/root/.docker:ro{% endif %}\
+  {{ osm_image }}:${IMAGE_VERSION} start master controllers \
+  --controllers="*" --controllers=-ttl --controllers=-bootstrapsigner --controllers=-tokencleaner --controllers=-horizontalpodautoscaling --controllers=-serviceaccount-token \
+  --service-account-private-key-file=openshift.local.config/master/serviceaccounts.private.key \
+  --root-ca-file=openshift.local.config/master/ca-bundle.crt \
+  --kubeconfig=openshift.local.config/master/openshift-master.kubeconfig \
+  --pod-eviction-timeout=5m \
+  --enable-dynamic-provisioning=true \
+  --port=-1 \
+  --use-service-account-credentials=true \
+  --cluster-signing-cert-file="" \
+  --cluster-signing-key-file="" \
+  --leader-elect \
+  --leader-elect-retry-period=3s \
+  --leader-elect-resource-lock=configmaps \
+  --openshift-config=${CONFIG_FILE}
 ExecStartPost=/usr/bin/sleep 10
 ExecStop=/usr/bin/docker stop {{ openshift_service_type }}-master-controllers
+ExecStop=/usr/bin/docker stop {{ openshift_service_type }}-master-kube-controllers
 LimitNOFILE=131072
 LimitCORE=infinity
 WorkingDirectory={{ r_openshift_master_data_dir }}
 SyslogIdentifier={{ openshift_service_type }}-master-controllers
+SyslogIdentifier={{ openshift_service_type }}-master-kube-controllers
 Restart=always
 RestartSec=5s
 

roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2

@@ -11,6 +11,21 @@ Type=notify
 EnvironmentFile=/etc/sysconfig/{{ openshift_service_type }}-master-controllers
 Environment=GOTRACEBACK=crash
 ExecStart=/usr/bin/openshift start master controllers --config=${CONFIG_FILE} $OPTIONS
+ExecStart=/usr/bin/hyperkube kube-controller-manager \
+  --controllers="*" --controllers=-ttl --controllers=-bootstrapsigner --controllers=-tokencleaner --controllers=-horizontalpodautoscaling --controllers=-serviceaccount-token \
+  --service-account-private-key-file=openshift.local.config/master/serviceaccounts.private.key \
+  --root-ca-file=openshift.local.config/master/ca-bundle.crt \
+  --kubeconfig=openshift.local.config/master/openshift-master.kubeconfig \
+  --pod-eviction-timeout=5m \
+  --enable-dynamic-provisioning=true \
+  --port=-1 \
+  --use-service-account-credentials=true \
+  --cluster-signing-cert-file="" \
+  --cluster-signing-key-file="" \
+  --leader-elect \
+  --leader-elect-retry-period=3s \
+  --leader-elect-resource-lock=configmaps \
+  --openshift-config=${CONFIG_FILE}
 LimitNOFILE=131072
 LimitCORE=infinity
 WorkingDirectory={{ r_openshift_master_data_dir }}
@@ -20,3 +35,5 @@ RestartSec=5s
 
 [Install]
 WantedBy=multi-user.target
+
+