Get cluster up and running
This commit is contained in:
parent
23cf15b8a9
commit
86f2edc112
|
@ -13,12 +13,6 @@ resource "docker_container" "kubelet" {
|
|||
content = "${var.assets["ca_cert"]}"
|
||||
}
|
||||
|
||||
# Make sure that the manifests directory exists
|
||||
upload {
|
||||
file = "/etc/kubernetes/manifests/.empty"
|
||||
content = ""
|
||||
}
|
||||
|
||||
volumes {
|
||||
container_path = "/etc/ssl/certs"
|
||||
host_path = "/etc/ssl/certs"
|
||||
|
@ -36,55 +30,72 @@ resource "docker_container" "kubelet" {
|
|||
host_path = "/dev"
|
||||
}
|
||||
|
||||
# volumes {
|
||||
# container_path = "/usr"
|
||||
# host_path = "/usr"
|
||||
# }
|
||||
|
||||
# volumes {
|
||||
# container_path = "/lib64"
|
||||
# host_path = "/lib64"
|
||||
# }
|
||||
volumes {
|
||||
container_path = "/usr/share/ca-certificates"
|
||||
host_path = "/usr/share/ca-certificates"
|
||||
read_only = true
|
||||
}
|
||||
|
||||
volumes {
|
||||
container_path = "/var/lib/docker"
|
||||
host_path = "/var/lib/docker"
|
||||
}
|
||||
|
||||
// TODO: Test with this
|
||||
// It technically only needs the /etc/kubernetes/manifests
|
||||
// Make sure that the manifests directory exists
|
||||
upload {
|
||||
file = "/etc/kubernetes/manifests/.empty"
|
||||
content = ""
|
||||
}
|
||||
|
||||
volumes {
|
||||
container_path = "/etc/kubernetes"
|
||||
host_path = "/etc/kubernetes"
|
||||
}
|
||||
|
||||
// See https://github.com/kubernetes/kubernetes/issues/4869#issuecomment-193316593
|
||||
volumes {
|
||||
container_path = "/var/lib/kubelet"
|
||||
host_path = "/var/lib/kubelet"
|
||||
shared = true
|
||||
}
|
||||
|
||||
volumes {
|
||||
container_path = "/var/log"
|
||||
host_path = "/var/log"
|
||||
}
|
||||
|
||||
volumes {
|
||||
container_path = "/run"
|
||||
host_path = "/run"
|
||||
}
|
||||
|
||||
volumes {
|
||||
container_path = "/var/run"
|
||||
host_path = "/var/run"
|
||||
}
|
||||
|
||||
volumes {
|
||||
container_path = "/lib/modules"
|
||||
host_path = "/lib/modules"
|
||||
read_only = true
|
||||
}
|
||||
|
||||
volumes {
|
||||
container_path = "/etc/os-release"
|
||||
host_path = "/usr/lib/os-release"
|
||||
read_only = true
|
||||
}
|
||||
|
||||
volumes {
|
||||
container_path = "/etc/machine-id"
|
||||
host_path = "/etc/machine-id"
|
||||
read_only = true
|
||||
}
|
||||
|
||||
// Don't think this is needed anymore
|
||||
|
||||
volumes {
|
||||
container_path = "/rootfs"
|
||||
host_path = "/"
|
||||
|
@ -103,10 +114,11 @@ resource "docker_container" "kubelet" {
|
|||
}
|
||||
#
|
||||
# "There is no war within the container. Here we are safe. Here we are free."
|
||||
# - Docker Li agent brainwashing Nemo
|
||||
# - Docker Li agent brainwashing the author
|
||||
#
|
||||
command = [
|
||||
"kubelet",
|
||||
"--address=${var.host_ip}",
|
||||
"--allow-privileged",
|
||||
"--anonymous-auth=false",
|
||||
"--authentication-token-webhook",
|
||||
|
@ -115,10 +127,7 @@ resource "docker_container" "kubelet" {
|
|||
"--client-ca-file=/etc/kubernetes/ca.crt",
|
||||
"--cluster_dns=${var.dns_ip}",
|
||||
"--cluster_domain=${var.k8s_host}",
|
||||
|
||||
# "--containerized",
|
||||
"--exit-on-lock-contention=true",
|
||||
|
||||
"--hostname-override=${var.host_ip}",
|
||||
"--kubeconfig=/etc/kubernetes/kubeconfig",
|
||||
"--lock-file=/var/run/lock/kubelet.lock",
|
||||
|
@ -135,15 +144,11 @@ resource "docker_container" "kubelet" {
|
|||
host = "${var.k8s_host}"
|
||||
ip = "${var.host_ip}"
|
||||
}
|
||||
|
||||
# TODO
|
||||
|
||||
network_mode = "host"
|
||||
pid_mode = "host"
|
||||
privileged = true
|
||||
restart = "no"
|
||||
must_run = false
|
||||
|
||||
# max_retry_count = 1
|
||||
}
|
||||
|
||||
data "docker_registry_image" "image" {
|
||||
|
|
Loading…
Reference in New Issue