Re: [atomic-devel] looking for feedback on running kubernetes in system containers

[Giuseppe Scrivano <gscrivan redhat com>]

Hi,

Great work Jason!  We should definitely get these images into
atomic-system-containers.

Daniel Walsh <dwalsh redhat com> writes:

> If these config changes should be in the standard etcd/flanneld
> containers please open pull requests to fix this on
> github.com:projectatomic/atomic-system-containers
>
> On 04/28/2017 03:08 PM, Jason Brooks wrote:
>> On Fri, Apr 28, 2017 at 1:05 AM, Spyros Trigazis <strigazi gmail com> wrote:
>>> Hi,
>>>
>>> So far, I have only tried etcd, works well but the only piece missing is
>>> a way to pass TLS credentials which is quite important for certain
>>> deployments like ours. My next goal is flannel. Flannel will require
>>> TLS creds as well. To do it, I rebuilt the image to bindmount them.
>> The ansible scripts handle this, and they put the certs in
>> /etc/etcd/certs -- I'm bind mounting /etc/etcd to accommodate this.
>> Where do you put your certs?

I have done something similar for the openshift-ansible.  I got some
changes in that let us use the existing bind mounts:

https://github.com/openshift/openshift-ansible/commit/73d91dbcbcd3f2188977ac36e06adf57803b4842

What I did here is to read the configuration from
/var/lib/etcd/etcd.etcd/etc instead of /etc/etcd when using a system
container since that path is already bind mounted in the container.
With this change in openshift-ansible we don't need any modification in
the etcd image.

>> It's a similar situation w/ flannel, w/ certs in /etc/flanneld/certs.

in this case we will probably need to modify the image, the existing
bind mounts don't seem enough to do something similar as for etcd.

Regards,
Giuseppe