🏡 index : github.com/captn3m0/nebula.git

23cf15b8a9b844e0ca523b4d1339d7d69c50a05e [patch]

45173c4f906141d9857eb239ae7921e49aacfbb3

ff8efd3139c893f845bce7e4b1a5158aac6b3bbd

23cf15b8a9b844e0ca523b4d1339d7d69c50a05e.tar.gz

minor fixes

Diff

 modules/bootkube/main.tf | 10 ++++++----
 modules/kubelet/main.tf  | 36 ++++++++++++++++++++++++++----------
 2 files changed, 27 insertions(+), 19 deletions(-)

diff --git a/modules/bootkube/main.tf b/modules/bootkube/main.tf
index d26ca7f..654da70 100644
--- a/modules/bootkube/main.tf
+++ a/modules/bootkube/main.tf
@@ -38,23 +38,23 @@
  # Cluster Networking
  upload {

    content = "${file("${var.asset-dir}/manifests-networking/cluster-role-binding.yaml")}"
    file    = "/home/.bootkube/manifests-networking/cluster-role-binding.yaml"
    file    = "/home/.bootkube/manifests/networking-cluster-role-binding.yaml"
  }
  upload {

    content = "${file("${var.asset-dir}/manifests-networking/cluster-role.yaml")}"
    file    = "/home/.bootkube/manifests-networking/cluster-role.yaml"
    file    = "/home/.bootkube/manifests/networking-cluster-role.yaml"
  }
  upload {

    content = "${file("${var.asset-dir}/manifests-networking/config.yaml")}"
    file    = "/home/.bootkube/manifests-networking/config.yaml"
    file    = "/home/.bootkube/manifests/networking-config.yaml"
  }
  upload {

    content = "${file("${var.asset-dir}/manifests-networking/daemonset.yaml")}"
    file    = "/home/.bootkube/manifests-networking/daemonset.yaml"
    file    = "/home/.bootkube/manifests/networking-daemonset.yaml"
  }
  upload {

    content = "${file("${var.asset-dir}/manifests-networking/service-account.yaml")}"
    file    = "/home/.bootkube/manifests-networking/service-account.yaml"
    file    = "/home/.bootkube/manifests/networking-service-account.yaml"
  }
  # TLS
  upload {

diff --git a/modules/kubelet/main.tf b/modules/kubelet/main.tf
index 62cc7af..34d2399 100644
--- a/modules/kubelet/main.tf
+++ a/modules/kubelet/main.tf
@@ -26,59 +26,69 @@
  }

  volumes {

    container_path = "/sys"
    host_path      = "/sys"
    read_only      = true
  }

  volumes {

    container_path = "/dev"
    host_path      = "/dev"
  }

  # volumes {
  #   container_path = "/usr"
  #   host_path      = "/usr"
  # }

  # volumes {
  #   container_path = "/lib64"
  #   host_path      = "/lib64"
  # }
  volumes {

    container_path = "/usr/share/ca-certificates"
    host_path      = "/usr/share/ca-certificates"
    read_only      = true
  }

  volumes {

    container_path = "/var/lib/docker"
    host_path      = "/var/lib/docker"
  }

  volumes {

    container_path = "/etc/kubernetes"
    host_path      = "/etc/kubernetes"
  }

  volumes {

    container_path = "/var/lib/kubelet"
    host_path      = "/var/lib/kubelet"
  }

  volumes {

    container_path = "/var/log"
    host_path      = "/var/log"
  }

  volumes {

    container_path = "/run"
    host_path      = "/run"
  }

  volumes {

    container_path = "/lib/modules"
    host_path      = "/lib/modules"
    read_only      = true
  }

  volumes {

    container_path = "/etc/os-release"
    host_path      = "/usr/lib/os-release"
    read_only      = true
  }

  volumes {

    container_path = "/etc/machine-id"
    host_path      = "/etc/machine-id"
    read_only      = true
  }

  volumes {

    container_path = "/rootfs"
    host_path      = "/"
    read_only      = true
    read_only      = true
  }

  // Deviates from kubelet-wrapper
@@ -89,7 +99,7 @@
  }
  volumes {

    container_path = "/etc/cni/net.d"
    host_path      = "/etc/cni/net.d"
    host_path      = "/etc/kubernetes/cni/net.d"
  }
  #
  # "There is no war within the container. Here we are safe. Here we are free."
@@ -101,10 +111,8 @@
    "--anonymous-auth=false",
    "--authentication-token-webhook",
    "--authorization-mode=Webhook",

    # "--cert-dir=/var/lib/kubelet/pki",
    "--cert-dir=/var/lib/kubelet/pki",
    "--client-ca-file=/etc/kubernetes/ca.crt",

    "--cluster_dns=${var.dns_ip}",
    "--cluster_domain=${var.k8s_host}",