Get cluster up and running
This commit is contained in:
parent
23cf15b8a9
commit
86f2edc112
|
|
@ -13,12 +13,6 @@ resource "docker_container" "kubelet" {
|
||||||
content = "${var.assets["ca_cert"]}"
|
content = "${var.assets["ca_cert"]}"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Make sure that the manifests directory exists
|
|
||||||
upload {
|
|
||||||
file = "/etc/kubernetes/manifests/.empty"
|
|
||||||
content = ""
|
|
||||||
}
|
|
||||||
|
|
||||||
volumes {
|
volumes {
|
||||||
container_path = "/etc/ssl/certs"
|
container_path = "/etc/ssl/certs"
|
||||||
host_path = "/etc/ssl/certs"
|
host_path = "/etc/ssl/certs"
|
||||||
|
|
@ -36,55 +30,72 @@ resource "docker_container" "kubelet" {
|
||||||
host_path = "/dev"
|
host_path = "/dev"
|
||||||
}
|
}
|
||||||
|
|
||||||
# volumes {
|
|
||||||
# container_path = "/usr"
|
|
||||||
# host_path = "/usr"
|
|
||||||
# }
|
|
||||||
|
|
||||||
# volumes {
|
|
||||||
# container_path = "/lib64"
|
|
||||||
# host_path = "/lib64"
|
|
||||||
# }
|
|
||||||
volumes {
|
volumes {
|
||||||
container_path = "/usr/share/ca-certificates"
|
container_path = "/usr/share/ca-certificates"
|
||||||
host_path = "/usr/share/ca-certificates"
|
host_path = "/usr/share/ca-certificates"
|
||||||
read_only = true
|
read_only = true
|
||||||
}
|
}
|
||||||
|
|
||||||
volumes {
|
volumes {
|
||||||
container_path = "/var/lib/docker"
|
container_path = "/var/lib/docker"
|
||||||
host_path = "/var/lib/docker"
|
host_path = "/var/lib/docker"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TODO: Test with this
|
||||||
|
// It technically only needs the /etc/kubernetes/manifests
|
||||||
|
// Make sure that the manifests directory exists
|
||||||
|
upload {
|
||||||
|
file = "/etc/kubernetes/manifests/.empty"
|
||||||
|
content = ""
|
||||||
|
}
|
||||||
|
|
||||||
volumes {
|
volumes {
|
||||||
container_path = "/etc/kubernetes"
|
container_path = "/etc/kubernetes"
|
||||||
host_path = "/etc/kubernetes"
|
host_path = "/etc/kubernetes"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// See https://github.com/kubernetes/kubernetes/issues/4869#issuecomment-193316593
|
||||||
volumes {
|
volumes {
|
||||||
container_path = "/var/lib/kubelet"
|
container_path = "/var/lib/kubelet"
|
||||||
host_path = "/var/lib/kubelet"
|
host_path = "/var/lib/kubelet"
|
||||||
|
shared = true
|
||||||
}
|
}
|
||||||
|
|
||||||
volumes {
|
volumes {
|
||||||
container_path = "/var/log"
|
container_path = "/var/log"
|
||||||
host_path = "/var/log"
|
host_path = "/var/log"
|
||||||
}
|
}
|
||||||
|
|
||||||
volumes {
|
volumes {
|
||||||
container_path = "/run"
|
container_path = "/run"
|
||||||
host_path = "/run"
|
host_path = "/run"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
volumes {
|
||||||
|
container_path = "/var/run"
|
||||||
|
host_path = "/var/run"
|
||||||
|
}
|
||||||
|
|
||||||
volumes {
|
volumes {
|
||||||
container_path = "/lib/modules"
|
container_path = "/lib/modules"
|
||||||
host_path = "/lib/modules"
|
host_path = "/lib/modules"
|
||||||
read_only = true
|
read_only = true
|
||||||
}
|
}
|
||||||
|
|
||||||
volumes {
|
volumes {
|
||||||
container_path = "/etc/os-release"
|
container_path = "/etc/os-release"
|
||||||
host_path = "/usr/lib/os-release"
|
host_path = "/usr/lib/os-release"
|
||||||
read_only = true
|
read_only = true
|
||||||
}
|
}
|
||||||
|
|
||||||
volumes {
|
volumes {
|
||||||
container_path = "/etc/machine-id"
|
container_path = "/etc/machine-id"
|
||||||
host_path = "/etc/machine-id"
|
host_path = "/etc/machine-id"
|
||||||
read_only = true
|
read_only = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Don't think this is needed anymore
|
||||||
|
|
||||||
volumes {
|
volumes {
|
||||||
container_path = "/rootfs"
|
container_path = "/rootfs"
|
||||||
host_path = "/"
|
host_path = "/"
|
||||||
|
|
@ -103,10 +114,11 @@ resource "docker_container" "kubelet" {
|
||||||
}
|
}
|
||||||
#
|
#
|
||||||
# "There is no war within the container. Here we are safe. Here we are free."
|
# "There is no war within the container. Here we are safe. Here we are free."
|
||||||
# - Docker Li agent brainwashing Nemo
|
# - Docker Li agent brainwashing the author
|
||||||
#
|
#
|
||||||
command = [
|
command = [
|
||||||
"kubelet",
|
"kubelet",
|
||||||
|
"--address=${var.host_ip}",
|
||||||
"--allow-privileged",
|
"--allow-privileged",
|
||||||
"--anonymous-auth=false",
|
"--anonymous-auth=false",
|
||||||
"--authentication-token-webhook",
|
"--authentication-token-webhook",
|
||||||
|
|
@ -115,10 +127,7 @@ resource "docker_container" "kubelet" {
|
||||||
"--client-ca-file=/etc/kubernetes/ca.crt",
|
"--client-ca-file=/etc/kubernetes/ca.crt",
|
||||||
"--cluster_dns=${var.dns_ip}",
|
"--cluster_dns=${var.dns_ip}",
|
||||||
"--cluster_domain=${var.k8s_host}",
|
"--cluster_domain=${var.k8s_host}",
|
||||||
|
|
||||||
# "--containerized",
|
|
||||||
"--exit-on-lock-contention=true",
|
"--exit-on-lock-contention=true",
|
||||||
|
|
||||||
"--hostname-override=${var.host_ip}",
|
"--hostname-override=${var.host_ip}",
|
||||||
"--kubeconfig=/etc/kubernetes/kubeconfig",
|
"--kubeconfig=/etc/kubernetes/kubeconfig",
|
||||||
"--lock-file=/var/run/lock/kubelet.lock",
|
"--lock-file=/var/run/lock/kubelet.lock",
|
||||||
|
|
@ -135,15 +144,11 @@ resource "docker_container" "kubelet" {
|
||||||
host = "${var.k8s_host}"
|
host = "${var.k8s_host}"
|
||||||
ip = "${var.host_ip}"
|
ip = "${var.host_ip}"
|
||||||
}
|
}
|
||||||
|
|
||||||
# TODO
|
|
||||||
|
|
||||||
network_mode = "host"
|
network_mode = "host"
|
||||||
|
pid_mode = "host"
|
||||||
privileged = true
|
privileged = true
|
||||||
restart = "no"
|
restart = "no"
|
||||||
must_run = false
|
must_run = false
|
||||||
|
|
||||||
# max_retry_count = 1
|
|
||||||
}
|
}
|
||||||
|
|
||||||
data "docker_registry_image" "image" {
|
data "docker_registry_image" "image" {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue