🏡 index : github.com/captn3m0/nebula.git

author Nemo <me@captnemo.in> 2019-02-02 22:55:55.0 +05:30:00
committer Nemo <me@captnemo.in> 2019-02-02 22:55:55.0 +05:30:00
commit 
86f2edc11287b9344b888f08b20570371158d952 [patch]
tree 
571380a21f62ae021fbfc88fb72e1683f17127b1
parent 
23cf15b8a9b844e0ca523b4d1339d7d69c50a05e
download 
86f2edc11287b9344b888f08b20570371158d952.tar.gz

Get cluster up and running




Diff


 modules/kubelet/main.tf | 53 +++++++++++++++++++++++++++++------------------------
 1 file changed, 29 insertions(+), 24 deletions(-)

diff --git a/modules/kubelet/main.tf b/modules/kubelet/main.tf
index 34d2399..86415ff 100644
--- a/modules/kubelet/main.tf
+++ a/modules/kubelet/main.tf
@@ -13,12 +13,6 @@
    content = "${var.assets["ca_cert"]}"
  }

  # Make sure that the manifests directory exists
  upload {

    file    = "/etc/kubernetes/manifests/.empty"
    content = ""
  }

  volumes {

    container_path = "/etc/ssl/certs"
    host_path      = "/etc/ssl/certs"
@@ -36,55 +30,72 @@
    host_path      = "/dev"
  }

  # volumes {
  #   container_path = "/usr"
  #   host_path      = "/usr"
  # }

  # volumes {
  #   container_path = "/lib64"
  #   host_path      = "/lib64"
  # }
  volumes {

    container_path = "/usr/share/ca-certificates"
    host_path      = "/usr/share/ca-certificates"
    read_only      = true
  }

  volumes {

    container_path = "/var/lib/docker"
    host_path      = "/var/lib/docker"
  }

  // TODO: Test with this
  // It technically only needs the /etc/kubernetes/manifests
  // Make sure that the manifests directory exists
  upload {

    file    = "/etc/kubernetes/manifests/.empty"
    content = ""
  }

  volumes {

    container_path = "/etc/kubernetes"
    host_path      = "/etc/kubernetes"
  }

  // See https://github.com/kubernetes/kubernetes/issues/4869#issuecomment-193316593
  volumes {

    container_path = "/var/lib/kubelet"
    host_path      = "/var/lib/kubelet"
    shared         = true
  }

  volumes {

    container_path = "/var/log"
    host_path      = "/var/log"
  }

  volumes {

    container_path = "/run"
    host_path      = "/run"
  }

  volumes {

    container_path = "/var/run"
    host_path      = "/var/run"
  }

  volumes {

    container_path = "/lib/modules"
    host_path      = "/lib/modules"
    read_only      = true
  }

  volumes {

    container_path = "/etc/os-release"
    host_path      = "/usr/lib/os-release"
    read_only      = true
  }

  volumes {

    container_path = "/etc/machine-id"
    host_path      = "/etc/machine-id"
    read_only      = true
  }

  // Don't think this is needed anymore

  volumes {

    container_path = "/rootfs"
    host_path      = "/"
@@ -103,10 +114,11 @@
  }
  #
  # "There is no war within the container. Here we are safe. Here we are free."
  # - Docker Li agent brainwashing Nemo
  # - Docker Li agent brainwashing the author
  #
  command = [

    "kubelet",
    "--address=${var.host_ip}",
    "--allow-privileged",
    "--anonymous-auth=false",
    "--authentication-token-webhook",
@@ -115,10 +127,7 @@
    "--client-ca-file=/etc/kubernetes/ca.crt",
    "--cluster_dns=${var.dns_ip}",
    "--cluster_domain=${var.k8s_host}",

    # "--containerized",
    "--exit-on-lock-contention=true",

    "--hostname-override=${var.host_ip}",
    "--kubeconfig=/etc/kubernetes/kubeconfig",
    "--lock-file=/var/run/lock/kubelet.lock",
@@ -135,15 +144,11 @@
    host = "${var.k8s_host}"
    ip   = "${var.host_ip}"
  }

  # TODO

  network_mode = "host"
  pid_mode     = "host"
  privileged   = true
  restart      = "no"
  must_run     = false

  # max_retry_count = 1
}

data "docker_registry_image" "image" {