minor fixes
This commit is contained in:
parent
ff8efd3139
commit
23cf15b8a9
|
|
@ -38,23 +38,23 @@ resource "docker_container" "bootkube" {
|
||||||
# Cluster Networking
|
# Cluster Networking
|
||||||
upload {
|
upload {
|
||||||
content = "${file("${var.asset-dir}/manifests-networking/cluster-role-binding.yaml")}"
|
content = "${file("${var.asset-dir}/manifests-networking/cluster-role-binding.yaml")}"
|
||||||
file = "/home/.bootkube/manifests-networking/cluster-role-binding.yaml"
|
file = "/home/.bootkube/manifests/networking-cluster-role-binding.yaml"
|
||||||
}
|
}
|
||||||
upload {
|
upload {
|
||||||
content = "${file("${var.asset-dir}/manifests-networking/cluster-role.yaml")}"
|
content = "${file("${var.asset-dir}/manifests-networking/cluster-role.yaml")}"
|
||||||
file = "/home/.bootkube/manifests-networking/cluster-role.yaml"
|
file = "/home/.bootkube/manifests/networking-cluster-role.yaml"
|
||||||
}
|
}
|
||||||
upload {
|
upload {
|
||||||
content = "${file("${var.asset-dir}/manifests-networking/config.yaml")}"
|
content = "${file("${var.asset-dir}/manifests-networking/config.yaml")}"
|
||||||
file = "/home/.bootkube/manifests-networking/config.yaml"
|
file = "/home/.bootkube/manifests/networking-config.yaml"
|
||||||
}
|
}
|
||||||
upload {
|
upload {
|
||||||
content = "${file("${var.asset-dir}/manifests-networking/daemonset.yaml")}"
|
content = "${file("${var.asset-dir}/manifests-networking/daemonset.yaml")}"
|
||||||
file = "/home/.bootkube/manifests-networking/daemonset.yaml"
|
file = "/home/.bootkube/manifests/networking-daemonset.yaml"
|
||||||
}
|
}
|
||||||
upload {
|
upload {
|
||||||
content = "${file("${var.asset-dir}/manifests-networking/service-account.yaml")}"
|
content = "${file("${var.asset-dir}/manifests-networking/service-account.yaml")}"
|
||||||
file = "/home/.bootkube/manifests-networking/service-account.yaml"
|
file = "/home/.bootkube/manifests/networking-service-account.yaml"
|
||||||
}
|
}
|
||||||
# TLS
|
# TLS
|
||||||
upload {
|
upload {
|
||||||
|
|
|
||||||
|
|
@ -26,59 +26,69 @@ resource "docker_container" "kubelet" {
|
||||||
}
|
}
|
||||||
|
|
||||||
volumes {
|
volumes {
|
||||||
container_path = "/usr/share/ca-certificates"
|
container_path = "/sys"
|
||||||
host_path = "/usr/share/ca-certificates"
|
host_path = "/sys"
|
||||||
read_only = true
|
read_only = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
volumes {
|
||||||
|
container_path = "/dev"
|
||||||
|
host_path = "/dev"
|
||||||
|
}
|
||||||
|
|
||||||
|
# volumes {
|
||||||
|
# container_path = "/usr"
|
||||||
|
# host_path = "/usr"
|
||||||
|
# }
|
||||||
|
|
||||||
|
# volumes {
|
||||||
|
# container_path = "/lib64"
|
||||||
|
# host_path = "/lib64"
|
||||||
|
# }
|
||||||
|
volumes {
|
||||||
|
container_path = "/usr/share/ca-certificates"
|
||||||
|
host_path = "/usr/share/ca-certificates"
|
||||||
|
read_only = true
|
||||||
|
}
|
||||||
volumes {
|
volumes {
|
||||||
container_path = "/var/lib/docker"
|
container_path = "/var/lib/docker"
|
||||||
host_path = "/var/lib/docker"
|
host_path = "/var/lib/docker"
|
||||||
}
|
}
|
||||||
|
|
||||||
volumes {
|
volumes {
|
||||||
container_path = "/etc/kubernetes"
|
container_path = "/etc/kubernetes"
|
||||||
host_path = "/etc/kubernetes"
|
host_path = "/etc/kubernetes"
|
||||||
}
|
}
|
||||||
|
|
||||||
volumes {
|
volumes {
|
||||||
container_path = "/var/lib/kubelet"
|
container_path = "/var/lib/kubelet"
|
||||||
host_path = "/var/lib/kubelet"
|
host_path = "/var/lib/kubelet"
|
||||||
}
|
}
|
||||||
|
|
||||||
volumes {
|
volumes {
|
||||||
container_path = "/var/log"
|
container_path = "/var/log"
|
||||||
host_path = "/var/log"
|
host_path = "/var/log"
|
||||||
}
|
}
|
||||||
|
|
||||||
volumes {
|
volumes {
|
||||||
container_path = "/run"
|
container_path = "/run"
|
||||||
host_path = "/run"
|
host_path = "/run"
|
||||||
}
|
}
|
||||||
|
|
||||||
volumes {
|
volumes {
|
||||||
container_path = "/lib/modules"
|
container_path = "/lib/modules"
|
||||||
host_path = "/lib/modules"
|
host_path = "/lib/modules"
|
||||||
read_only = true
|
read_only = true
|
||||||
}
|
}
|
||||||
|
|
||||||
volumes {
|
volumes {
|
||||||
container_path = "/etc/os-release"
|
container_path = "/etc/os-release"
|
||||||
host_path = "/usr/lib/os-release"
|
host_path = "/usr/lib/os-release"
|
||||||
read_only = true
|
read_only = true
|
||||||
}
|
}
|
||||||
|
|
||||||
volumes {
|
volumes {
|
||||||
container_path = "/etc/machine-id"
|
container_path = "/etc/machine-id"
|
||||||
host_path = "/etc/machine-id"
|
host_path = "/etc/machine-id"
|
||||||
read_only = true
|
read_only = true
|
||||||
}
|
}
|
||||||
|
|
||||||
volumes {
|
volumes {
|
||||||
container_path = "/rootfs"
|
container_path = "/rootfs"
|
||||||
host_path = "/"
|
host_path = "/"
|
||||||
read_only = true
|
read_only = true
|
||||||
read_only = true
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Deviates from kubelet-wrapper
|
// Deviates from kubelet-wrapper
|
||||||
|
|
@ -89,7 +99,7 @@ resource "docker_container" "kubelet" {
|
||||||
}
|
}
|
||||||
volumes {
|
volumes {
|
||||||
container_path = "/etc/cni/net.d"
|
container_path = "/etc/cni/net.d"
|
||||||
host_path = "/etc/cni/net.d"
|
host_path = "/etc/kubernetes/cni/net.d"
|
||||||
}
|
}
|
||||||
#
|
#
|
||||||
# "There is no war within the container. Here we are safe. Here we are free."
|
# "There is no war within the container. Here we are safe. Here we are free."
|
||||||
|
|
@ -101,10 +111,8 @@ resource "docker_container" "kubelet" {
|
||||||
"--anonymous-auth=false",
|
"--anonymous-auth=false",
|
||||||
"--authentication-token-webhook",
|
"--authentication-token-webhook",
|
||||||
"--authorization-mode=Webhook",
|
"--authorization-mode=Webhook",
|
||||||
|
"--cert-dir=/var/lib/kubelet/pki",
|
||||||
# "--cert-dir=/var/lib/kubelet/pki",
|
|
||||||
"--client-ca-file=/etc/kubernetes/ca.crt",
|
"--client-ca-file=/etc/kubernetes/ca.crt",
|
||||||
|
|
||||||
"--cluster_dns=${var.dns_ip}",
|
"--cluster_dns=${var.dns_ip}",
|
||||||
"--cluster_domain=${var.k8s_host}",
|
"--cluster_domain=${var.k8s_host}",
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue