[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [atomic-devel] looking for feedback on running kubernetes in system containers

If these config changes should be in the standard etcd/flanneld containers please open pull requests to fix this on github.com:projectatomic/atomic-system-containers

On 04/28/2017 03:08 PM, Jason Brooks wrote:
On Fri, Apr 28, 2017 at 1:05 AM, Spyros Trigazis <strigazi gmail com> wrote:

So far, I have only tried etcd, works well but the only piece missing is
a way to pass TLS credentials which is quite important for certain
deployments like ours. My next goal is flannel. Flannel will require
TLS creds as well. To do it, I rebuilt the image to bindmount them.
The ansible scripts handle this, and they put the certs in
/etc/etcd/certs -- I'm bind mounting /etc/etcd to accommodate this.
Where do you put your certs?

It's a similar situation w/ flannel, w/ certs in /etc/flanneld/certs.

To be honest, I didn't try kube components because the version isn't
newer than the one in fedora-atomic and since we don't use ansible
we need some modifications. If kube was newer I would be more
motivated :).
Good idea. I just built rawhide versions of these containers that you
can check out by swapping the tag fc25 for rawhide. They have kube
1.6.1. I haven't tested them yet, though.



On 27 April 2017 at 18:59, Jason Brooks <jbrooks redhat com> wrote:
I've been working on running kubernetes, flannel and etcd in system
containers, and setting up a cluster using the ansible scripts at

I wrote a blog post about it here:


These are my system containers:


and my ansible branch:

I've changed the etcd and flannel containers to bind mount config dirs
in /etc, so that the ansible can config them using the same operations
it'd use for non-system containers. I'm using tmpfiles.d to put a link
to the etcdctl from the container into /usr/local/bin/etcd because
ansible expects and needs etcdctl to be on the host to set up the
flannel network, and linking to the etcdctl from the container again
lets us reuse the same ansible operations as for non system container

The kube containers are based on the ones I'm maintaining in the
fedora and centos container registries, and they also get configs from
bind mounted /etc/kubernetes. Like with the etcd container, I'm
creating a link from the kube-apiserver container's kubectl to
/usr/local/bin/kubectl on the host, because the kube-addons service
expects kubectl to be on the host.

I've been using f25-based containers, but this should work with centos
containers, too.

Anyway, if you're interested in this topic, I'd appreciate it if you
gave my post / github forks a look and let me know what you think /
what I'm doing terribly wrong / etc. :)

Thanks, Jason

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]