From 23cf15b8a9b844e0ca523b4d1339d7d69c50a05e Mon Sep 17 00:00:00 2001 From: Nemo Date: Mon, 28 Jan 2019 02:01:46 +0530 Subject: [PATCH] minor fixes --- modules/bootkube/main.tf | 10 +++++----- modules/kubelet/main.tf | 38 +++++++++++++++++++++++--------------- 2 files changed, 28 insertions(+), 20 deletions(-) diff --git a/modules/bootkube/main.tf b/modules/bootkube/main.tf index d26ca7f..654da70 100644 --- a/modules/bootkube/main.tf +++ b/modules/bootkube/main.tf @@ -38,23 +38,23 @@ resource "docker_container" "bootkube" { # Cluster Networking upload { content = "${file("${var.asset-dir}/manifests-networking/cluster-role-binding.yaml")}" - file = "/home/.bootkube/manifests-networking/cluster-role-binding.yaml" + file = "/home/.bootkube/manifests/networking-cluster-role-binding.yaml" } upload { content = "${file("${var.asset-dir}/manifests-networking/cluster-role.yaml")}" - file = "/home/.bootkube/manifests-networking/cluster-role.yaml" + file = "/home/.bootkube/manifests/networking-cluster-role.yaml" } upload { content = "${file("${var.asset-dir}/manifests-networking/config.yaml")}" - file = "/home/.bootkube/manifests-networking/config.yaml" + file = "/home/.bootkube/manifests/networking-config.yaml" } upload { content = "${file("${var.asset-dir}/manifests-networking/daemonset.yaml")}" - file = "/home/.bootkube/manifests-networking/daemonset.yaml" + file = "/home/.bootkube/manifests/networking-daemonset.yaml" } upload { content = "${file("${var.asset-dir}/manifests-networking/service-account.yaml")}" - file = "/home/.bootkube/manifests-networking/service-account.yaml" + file = "/home/.bootkube/manifests/networking-service-account.yaml" } # TLS upload { diff --git a/modules/kubelet/main.tf b/modules/kubelet/main.tf index 62cc7af..34d2399 100644 --- a/modules/kubelet/main.tf +++ b/modules/kubelet/main.tf @@ -26,59 +26,69 @@ resource "docker_container" "kubelet" { } volumes { - container_path = "/usr/share/ca-certificates" - host_path = "/usr/share/ca-certificates" + container_path = "/sys" + host_path = "/sys" read_only = true } + volumes { + container_path = "/dev" + host_path = "/dev" + } + + # volumes { + # container_path = "/usr" + # host_path = "/usr" + # } + + # volumes { + # container_path = "/lib64" + # host_path = "/lib64" + # } + volumes { + container_path = "/usr/share/ca-certificates" + host_path = "/usr/share/ca-certificates" + read_only = true + } volumes { container_path = "/var/lib/docker" host_path = "/var/lib/docker" } - volumes { container_path = "/etc/kubernetes" host_path = "/etc/kubernetes" } - volumes { container_path = "/var/lib/kubelet" host_path = "/var/lib/kubelet" } - volumes { container_path = "/var/log" host_path = "/var/log" } - volumes { container_path = "/run" host_path = "/run" } - volumes { container_path = "/lib/modules" host_path = "/lib/modules" read_only = true } - volumes { container_path = "/etc/os-release" host_path = "/usr/lib/os-release" read_only = true } - volumes { container_path = "/etc/machine-id" host_path = "/etc/machine-id" read_only = true } - volumes { container_path = "/rootfs" host_path = "/" read_only = true - read_only = true } // Deviates from kubelet-wrapper @@ -89,7 +99,7 @@ resource "docker_container" "kubelet" { } volumes { container_path = "/etc/cni/net.d" - host_path = "/etc/cni/net.d" + host_path = "/etc/kubernetes/cni/net.d" } # # "There is no war within the container. Here we are safe. Here we are free." @@ -101,10 +111,8 @@ resource "docker_container" "kubelet" { "--anonymous-auth=false", "--authentication-token-webhook", "--authorization-mode=Webhook", - - # "--cert-dir=/var/lib/kubelet/pki", + "--cert-dir=/var/lib/kubelet/pki", "--client-ca-file=/etc/kubernetes/ca.crt", - "--cluster_dns=${var.dns_ip}", "--cluster_domain=${var.k8s_host}",