Get cluster up and running

2019-02-02 22:55:55 +05:30 · 2019-02-02 22:55:55 +05:30 · 86f2edc112
parent 23cf15b8a9
commit 86f2edc112
1 changed files with 29 additions and 24 deletions
--- a/modules/kubelet/main.tf
+++ b/modules/kubelet/main.tf
@ -13,12 +13,6 @@ resource "docker_container" "kubelet" {
    content = "${var.assets["ca_cert"]}"
  }

-  # Make sure that the manifests directory exists
-  upload {
-    file    = "/etc/kubernetes/manifests/.empty"
-    content = ""
-  }
-
  volumes {
    container_path = "/etc/ssl/certs"
    host_path      = "/etc/ssl/certs"
@ -36,55 +30,72 @@ resource "docker_container" "kubelet" {
    host_path      = "/dev"
  }

-  # volumes {
-  #   container_path = "/usr"
-  #   host_path      = "/usr"
-  # }
-
-  # volumes {
-  #   container_path = "/lib64"
-  #   host_path      = "/lib64"
-  # }
  volumes {
    container_path = "/usr/share/ca-certificates"
    host_path      = "/usr/share/ca-certificates"
    read_only      = true
  }
+
  volumes {
    container_path = "/var/lib/docker"
    host_path      = "/var/lib/docker"
  }
+
+  // TODO: Test with this
+  // It technically only needs the /etc/kubernetes/manifests
+  // Make sure that the manifests directory exists
+  upload {
+    file    = "/etc/kubernetes/manifests/.empty"
+    content = ""
+  }
+
  volumes {
    container_path = "/etc/kubernetes"
    host_path      = "/etc/kubernetes"
  }
+
+  // See https://github.com/kubernetes/kubernetes/issues/4869#issuecomment-193316593
  volumes {
    container_path = "/var/lib/kubelet"
    host_path      = "/var/lib/kubelet"
+    shared         = true
  }
+
  volumes {
    container_path = "/var/log"
    host_path      = "/var/log"
  }
+
  volumes {
    container_path = "/run"
    host_path      = "/run"
  }
+
+  volumes {
+    container_path = "/var/run"
+    host_path      = "/var/run"
+  }
+
  volumes {
    container_path = "/lib/modules"
    host_path      = "/lib/modules"
    read_only      = true
  }
+
  volumes {
    container_path = "/etc/os-release"
    host_path      = "/usr/lib/os-release"
    read_only      = true
  }
+
  volumes {
    container_path = "/etc/machine-id"
    host_path      = "/etc/machine-id"
    read_only      = true
  }
+
+  // Don't think this is needed anymore
+
  volumes {
    container_path = "/rootfs"
    host_path      = "/"
@ -103,10 +114,11 @@ resource "docker_container" "kubelet" {
  }
  #
  # "There is no war within the container. Here we are safe. Here we are free."
-  # - Docker Li agent brainwashing Nemo
+  # - Docker Li agent brainwashing the author
  #
  command = [
    "kubelet",
+    "--address=${var.host_ip}",
    "--allow-privileged",
    "--anonymous-auth=false",
    "--authentication-token-webhook",
@ -115,10 +127,7 @@ resource "docker_container" "kubelet" {
    "--client-ca-file=/etc/kubernetes/ca.crt",
    "--cluster_dns=${var.dns_ip}",
    "--cluster_domain=${var.k8s_host}",
-
-    # "--containerized",
    "--exit-on-lock-contention=true",
-
    "--hostname-override=${var.host_ip}",
    "--kubeconfig=/etc/kubernetes/kubeconfig",
    "--lock-file=/var/run/lock/kubelet.lock",
@ -135,15 +144,11 @@ resource "docker_container" "kubelet" {
    host = "${var.k8s_host}"
    ip   = "${var.host_ip}"
  }
-
-  # TODO
-
  network_mode = "host"
+  pid_mode     = "host"
  privileged   = true
  restart      = "no"
  must_run     = false
-
-  # max_retry_count = 1
 }

 data "docker_registry_image" "image" {