From 9397b9480a7698164f3efe7e7d0ddc2afa0a5834 Mon Sep 17 00:00:00 2001
From: Ian Campbell <ijc@docker.com>
Date: Wed, 13 Sep 2017 09:44:47 +0100
Subject: [PATCH] kubernetes: populate host CNI paths by binding from
 kubernetes service.

Kubernetes assumes (for now) that various paths are valid at the host level to
be mounted into containers, including /opt/cni and /etc/cni.

We cannot (easily) use symlinks here because the weave.yml mounts /opt and /etc
rather than /opt/cni and /etc/cni (this seems likely to be common pattern). So
if /etc/cni were a symlink to the persistent disk (under /var/lib) then it will
be dangling link within the weave container.

So add bind mounts to the runtime configuration of the kubernetes image. This
also means we must create the target mount points in the yml.

Signed-off-by: Ian Campbell <ijc@docker.com>
---
 projects/kubernetes/kube-master.yml       | 4 ++++
 projects/kubernetes/kube-node.yml         | 4 ++++
 projects/kubernetes/kubernetes/Dockerfile | 2 +-
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/projects/kubernetes/kube-master.yml b/projects/kubernetes/kube-master.yml
index 3745a89c1..d1e007f9b 100644
--- a/projects/kubernetes/kube-master.yml
+++ b/projects/kubernetes/kube-master.yml
@@ -60,6 +60,10 @@ services:
   - name: kubelet
     image: linuxkitprojects/kubernetes:c4a6ae5121df50471ad244b9fc153ff5eb674fb2
 files:
+  - path: /opt/cni
+    directory: true
+  - path: /etc/cni
+    directory: true
   - path: root/.ssh/authorized_keys
     source: ~/.ssh/id_rsa.pub
     mode: "0600"
diff --git a/projects/kubernetes/kube-node.yml b/projects/kubernetes/kube-node.yml
index 655314d8a..9ae19f239 100644
--- a/projects/kubernetes/kube-node.yml
+++ b/projects/kubernetes/kube-node.yml
@@ -58,6 +58,10 @@ services:
   - name: kubelet
     image: linuxkitprojects/kubernetes:c4a6ae5121df50471ad244b9fc153ff5eb674fb2
 files:
+  - path: /opt/cni
+    directory: true
+  - path: /etc/cni
+    directory: true
   - path: root/.ssh/authorized_keys
     source: ~/.ssh/id_rsa.pub
     mode: "0600"
diff --git a/projects/kubernetes/kubernetes/Dockerfile b/projects/kubernetes/kubernetes/Dockerfile
index 689b7b632..2fff3e89b 100644
--- a/projects/kubernetes/kubernetes/Dockerfile
+++ b/projects/kubernetes/kubernetes/Dockerfile
@@ -45,4 +45,4 @@ WORKDIR /
 ENTRYPOINT ["/usr/bin/kubelet.sh"]
 COPY --from=build /out /
 ENV KUBECONFIG "/etc/kubernetes/admin.conf"
-LABEL org.mobyproject.config='{"binds": ["/dev:/dev", "/etc/resolv.conf:/etc/resolv.conf", "/run:/run", "/var:/var:rshared,rbind", "/var/lib/kubeadm:/etc/kubernetes"], "mounts": [{"type": "cgroup", "options": ["rw","nosuid","noexec","nodev","relatime"]}], "capabilities": ["all"], "rootfsPropagation": "shared", "pid": "host", "runtime": {"mkdir": ["/var/lib/kubeadm", "/var/lib/cni/etc", "/var/lib/cni/opt"]}}'
+LABEL org.mobyproject.config='{"binds": ["/dev:/dev", "/etc/resolv.conf:/etc/resolv.conf", "/run:/run", "/var:/var:rshared,rbind", "/var/lib/kubeadm:/etc/kubernetes"], "mounts": [{"type": "cgroup", "options": ["rw","nosuid","noexec","nodev","relatime"]}], "capabilities": ["all"], "rootfsPropagation": "shared", "pid": "host", "runtime": {"mkdir": ["/var/lib/kubeadm", "/var/lib/cni/etc", "/var/lib/cni/opt"], "mounts": [{"type": "bind", "source": "/var/lib/cni/opt", "destination": "/opt/cni", "options": ["rw", "bind"]}, {"type": "bind", "source": "/var/lib/cni/etc", "destination": "/etc/cni", "options": ["rw", "bind"]}]}}'