[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [atomic-devel] looking for feedback on running kubernetes in system containers

On Tue, May 2, 2017 at 1:06 AM, Giuseppe Scrivano <gscrivan redhat com> wrote:
> Hi,
> Great work Jason!  We should definitely get these images into
> atomic-system-containers.
> Daniel Walsh <dwalsh redhat com> writes:
>> If these config changes should be in the standard etcd/flanneld
>> containers please open pull requests to fix this on
>> github.com:projectatomic/atomic-system-containers
>> On 04/28/2017 03:08 PM, Jason Brooks wrote:
>>> On Fri, Apr 28, 2017 at 1:05 AM, Spyros Trigazis <strigazi gmail com> wrote:
>>>> Hi,
>>>> So far, I have only tried etcd, works well but the only piece missing is
>>>> a way to pass TLS credentials which is quite important for certain
>>>> deployments like ours. My next goal is flannel. Flannel will require
>>>> TLS creds as well. To do it, I rebuilt the image to bindmount them.
>>> The ansible scripts handle this, and they put the certs in
>>> /etc/etcd/certs -- I'm bind mounting /etc/etcd to accommodate this.
>>> Where do you put your certs?
> I have done something similar for the openshift-ansible.  I got some
> changes in that let us use the existing bind mounts:
> https://github.com/openshift/openshift-ansible/commit/73d91dbcbcd3f2188977ac36e06adf57803b4842
> What I did here is to read the configuration from
> /var/lib/etcd/etcd.etcd/etc instead of /etc/etcd when using a system
> container since that path is already bind mounted in the container.
> With this change in openshift-ansible we don't need any modification in
> the etcd image.

I've experimented w/ making more changes to the ansible like these --
adapting the scripts to the system containers rather than the reverse,
but I started thinking it'd be easier to adapt the system containers
to be more of a drop-in replacement, leaving them to be configured as
much like the regular packages as possible. So, things like making
etcd configurable by editing a conf file vs. limiting configuration to
--set commands. Do you think it's worthwhile to try and make system
containers work this way, or would we be losing out on some system
containers goodness through this?


>>> It's a similar situation w/ flannel, w/ certs in /etc/flanneld/certs.
> in this case we will probably need to modify the image, the existing
> bind mounts don't seem enough to do something similar as for etcd.
> Regards,
> Giuseppe

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]