From 6586244fa87948723ab4c4345fcc0e0c7b7d2f2c Mon Sep 17 00:00:00 2001
From: Nemo <me@captnemo.in>
Date: Sun, 27 Jan 2019 18:56:12 +0530
Subject: [PATCH] Adds etcd secrets to bootkube-start

---
 cloudflare/main.tf       |  6 +++---
 kubernetes.tf            |  2 +-
 modules/bootkube/main.tf | 18 ++++++++++++++++--
 modules/kubelet/main.tf  |  8 ++++++--
 4 files changed, 26 insertions(+), 8 deletions(-)

diff --git a/cloudflare/main.tf b/cloudflare/main.tf
index 32f3969..9fb6ab6 100644
--- a/cloudflare/main.tf
+++ b/cloudflare/main.tf
@@ -124,10 +124,10 @@ resource "cloudflare_record" "mailgun-mxb" {
   priority = 20
 }
 
-resource "cloudflare_record" "k8s-talk" {
+resource "cloudflare_record" "k8s" {
   domain = "${var.domain}"
   name   = "k8s"
-  value  = "lightsaber.captnemo.in"
-  type   = "CNAME"
+  value  = "10.8.0.1"
+  type   = "A"
   ttl    = 3600
 }
diff --git a/kubernetes.tf b/kubernetes.tf
index 5c44a68..db86c00 100644
--- a/kubernetes.tf
+++ b/kubernetes.tf
@@ -70,7 +70,7 @@ module "bootkube" {
   source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=bcbdddd8d07c99ab88b2e9ebfb662de4c104de0a"
 
   cluster_name          = "k8s.bb8.fun"
-  api_servers           = ["10.8.0.1", "k8s.bb8.fun"]
+  api_servers           = ["k8s.bb8.fun"]
   cluster_domain_suffix = "k8s.bb8.fun"
   etcd_servers          = ["etcd.bb8.fun"]
   asset_dir             = "./k8s"
diff --git a/modules/bootkube/main.tf b/modules/bootkube/main.tf
index 4e8896a..710506e 100644
--- a/modules/bootkube/main.tf
+++ b/modules/bootkube/main.tf
@@ -3,8 +3,8 @@ resource "docker_container" "bootkube" {
   name  = "bootkube"
 
   volumes {
-    container_path = "/etc/kubernetes/manifests"
-    host_path      = "/etc/kubernetes/manifests"
+    container_path = "/etc/kubernetes"
+    host_path      = "/etc/kubernetes"
   }
 
   # bootstrap manifests
@@ -21,6 +21,20 @@ resource "docker_container" "bootkube" {
     content = "${file("${var.asset-dir}/bootstrap-manifests/bootstrap-scheduler.yaml")}"
     file    = "/home/.bootkube/bootstrap-manifests/bootstrap-scheduler.yaml"
   }
+  # etcd secrets
+  #
+  upload {
+    file    = "/home/.bootkube/tls/etcd-client-ca.crt"
+    content = "${file("${var.asset-dir}/tls/etcd-client-ca.crt")}"
+  }
+  upload {
+    file    = "/home/.bootkube/tls/etcd-client.crt"
+    content = "${file("${var.asset-dir}/tls/etcd-client.crt")}"
+  }
+  upload {
+    file    = "/home/.bootkube/tls/etcd-client.key"
+    content = "${file("${var.asset-dir}/tls/etcd-client.key")}"
+  }
   # Cluster Networking
   upload {
     content = "${file("${var.asset-dir}/manifests-networking/cluster-role-binding.yaml")}"
diff --git a/modules/kubelet/main.tf b/modules/kubelet/main.tf
index 06f9e96..b85ca93 100644
--- a/modules/kubelet/main.tf
+++ b/modules/kubelet/main.tf
@@ -84,8 +84,12 @@ resource "docker_container" "kubelet" {
   // Deviates from kubelet-wrapper
 
   volumes {
-    container_path = "/var/lib/cni"
-    host_path      = "/var/lib/cni"
+    container_path = "/opt/cni/bin"
+    host_path      = "/opt/cni/bin"
+  }
+  volumes {
+    container_path = "/etc/cni/net.d"
+    host_path      = "/etc/cni/net.d"
   }
   #
   # "There is no war within the container. Here we are safe. Here we are free."