[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [atomic-devel] looking for feedback on running kubernetes in system containers
- From: Jason Brooks <jbrooks redhat com>
- To: Giuseppe Scrivano <gscrivan redhat com>
- Cc: atomic-devel <atomic-devel projectatomic io>
- Subject: Re: [atomic-devel] looking for feedback on running kubernetes in system containers
- Date: Tue, 2 May 2017 13:52:22 -0700
On Tue, May 2, 2017 at 1:06 AM, Giuseppe Scrivano <gscrivan redhat com> wrote:
> Hi,
>
> Great work Jason! We should definitely get these images into
> atomic-system-containers.
>
> Daniel Walsh <dwalsh redhat com> writes:
>
>> If these config changes should be in the standard etcd/flanneld
>> containers please open pull requests to fix this on
>> github.com:projectatomic/atomic-system-containers
>>
>> On 04/28/2017 03:08 PM, Jason Brooks wrote:
>>> On Fri, Apr 28, 2017 at 1:05 AM, Spyros Trigazis <strigazi gmail com> wrote:
>>>> Hi,
>>>>
>>>> So far, I have only tried etcd, works well but the only piece missing is
>>>> a way to pass TLS credentials which is quite important for certain
>>>> deployments like ours. My next goal is flannel. Flannel will require
>>>> TLS creds as well. To do it, I rebuilt the image to bindmount them.
>>> The ansible scripts handle this, and they put the certs in
>>> /etc/etcd/certs -- I'm bind mounting /etc/etcd to accommodate this.
>>> Where do you put your certs?
>
> I have done something similar for the openshift-ansible. I got some
> changes in that let us use the existing bind mounts:
>
> https://github.com/openshift/openshift-ansible/commit/73d91dbcbcd3f2188977ac36e06adf57803b4842
>
> What I did here is to read the configuration from
> /var/lib/etcd/etcd.etcd/etc instead of /etc/etcd when using a system
> container since that path is already bind mounted in the container.
> With this change in openshift-ansible we don't need any modification in
> the etcd image.
I've experimented w/ making more changes to the ansible like these --
adapting the scripts to the system containers rather than the reverse,
but I started thinking it'd be easier to adapt the system containers
to be more of a drop-in replacement, leaving them to be configured as
much like the regular packages as possible. So, things like making
etcd configurable by editing a conf file vs. limiting configuration to
--set commands. Do you think it's worthwhile to try and make system
containers work this way, or would we be losing out on some system
containers goodness through this?
Jason
>
>>> It's a similar situation w/ flannel, w/ certs in /etc/flanneld/certs.
>
> in this case we will probably need to modify the image, the existing
> bind mounts don't seem enough to do something similar as for etcd.
>
> Regards,
> Giuseppe
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]