From 23cf15b8a9b844e0ca523b4d1339d7d69c50a05e Mon Sep 17 00:00:00 2001
From: Nemo <me@captnemo.in>
Date: Mon, 28 Jan 2019 02:01:46 +0530
Subject: [PATCH] minor fixes
---
modules/bootkube/main.tf | 10 ++++++----
modules/kubelet/main.tf | 36 ++++++++++++++++++++++++++----------
2 files changed, 27 insertions(+), 19 deletions(-)
diff --git a/modules/bootkube/main.tf b/modules/bootkube/main.tf
index d26ca7f..654da70 100644
--- a/modules/bootkube/main.tf
+++ a/modules/bootkube/main.tf
@@ -38,23 +38,23 @@
# Cluster Networking
upload {
content = "${file("${var.asset-dir}/manifests-networking/cluster-role-binding.yaml")}"
- file = "/home/.bootkube/manifests-networking/cluster-role-binding.yaml"
+ file = "/home/.bootkube/manifests/networking-cluster-role-binding.yaml"
}
upload {
content = "${file("${var.asset-dir}/manifests-networking/cluster-role.yaml")}"
- file = "/home/.bootkube/manifests-networking/cluster-role.yaml"
+ file = "/home/.bootkube/manifests/networking-cluster-role.yaml"
}
upload {
content = "${file("${var.asset-dir}/manifests-networking/config.yaml")}"
- file = "/home/.bootkube/manifests-networking/config.yaml"
+ file = "/home/.bootkube/manifests/networking-config.yaml"
}
upload {
content = "${file("${var.asset-dir}/manifests-networking/daemonset.yaml")}"
- file = "/home/.bootkube/manifests-networking/daemonset.yaml"
+ file = "/home/.bootkube/manifests/networking-daemonset.yaml"
}
upload {
content = "${file("${var.asset-dir}/manifests-networking/service-account.yaml")}"
- file = "/home/.bootkube/manifests-networking/service-account.yaml"
+ file = "/home/.bootkube/manifests/networking-service-account.yaml"
}
# TLS
upload {
diff --git a/modules/kubelet/main.tf b/modules/kubelet/main.tf
index 62cc7af..34d2399 100644
--- a/modules/kubelet/main.tf
+++ a/modules/kubelet/main.tf
@@ -26,59 +26,69 @@
}
volumes {
+ container_path = "/sys"
+ host_path = "/sys"
+ read_only = true
+ }
+
+ volumes {
+ container_path = "/dev"
+ host_path = "/dev"
+ }
+
+ # volumes {
+ # container_path = "/usr"
+ # host_path = "/usr"
+ # }
+
+ # volumes {
+ # container_path = "/lib64"
+ # host_path = "/lib64"
+ # }
+ volumes {
container_path = "/usr/share/ca-certificates"
host_path = "/usr/share/ca-certificates"
read_only = true
}
-
volumes {
container_path = "/var/lib/docker"
host_path = "/var/lib/docker"
}
-
volumes {
container_path = "/etc/kubernetes"
host_path = "/etc/kubernetes"
}
-
volumes {
container_path = "/var/lib/kubelet"
host_path = "/var/lib/kubelet"
}
-
volumes {
container_path = "/var/log"
host_path = "/var/log"
}
-
volumes {
container_path = "/run"
host_path = "/run"
}
-
volumes {
container_path = "/lib/modules"
host_path = "/lib/modules"
read_only = true
}
-
volumes {
container_path = "/etc/os-release"
host_path = "/usr/lib/os-release"
read_only = true
}
-
volumes {
container_path = "/etc/machine-id"
host_path = "/etc/machine-id"
read_only = true
}
-
volumes {
container_path = "/rootfs"
host_path = "/"
read_only = true
- read_only = true
}
// Deviates from kubelet-wrapper
@@ -89,7 +99,7 @@
}
volumes {
container_path = "/etc/cni/net.d"
- host_path = "/etc/cni/net.d"
+ host_path = "/etc/kubernetes/cni/net.d"
}
#
# "There is no war within the container. Here we are safe. Here we are free."
@@ -101,10 +111,8 @@
"--anonymous-auth=false",
"--authentication-token-webhook",
"--authorization-mode=Webhook",
-
- # "--cert-dir=/var/lib/kubelet/pki",
+ "--cert-dir=/var/lib/kubelet/pki",
"--client-ca-file=/etc/kubernetes/ca.crt",
-
"--cluster_dns=${var.dns_ip}",
"--cluster_domain=${var.k8s_host}",
--
rgit 0.1.5