From 9397b9480a7698164f3efe7e7d0ddc2afa0a5834 Mon Sep 17 00:00:00 2001 From: Ian Campbell Date: Wed, 13 Sep 2017 09:44:47 +0100 Subject: [PATCH] kubernetes: populate host CNI paths by binding from kubernetes service. Kubernetes assumes (for now) that various paths are valid at the host level to be mounted into containers, including /opt/cni and /etc/cni. We cannot (easily) use symlinks here because the weave.yml mounts /opt and /etc rather than /opt/cni and /etc/cni (this seems likely to be common pattern). So if /etc/cni were a symlink to the persistent disk (under /var/lib) then it will be dangling link within the weave container. So add bind mounts to the runtime configuration of the kubernetes image. This also means we must create the target mount points in the yml. Signed-off-by: Ian Campbell --- projects/kubernetes/kube-master.yml | 4 ++++ projects/kubernetes/kube-node.yml | 4 ++++ projects/kubernetes/kubernetes/Dockerfile | 2 +- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/projects/kubernetes/kube-master.yml b/projects/kubernetes/kube-master.yml index 3745a89c1..d1e007f9b 100644 --- a/projects/kubernetes/kube-master.yml +++ b/projects/kubernetes/kube-master.yml @@ -60,6 +60,10 @@ services: - name: kubelet image: linuxkitprojects/kubernetes:c4a6ae5121df50471ad244b9fc153ff5eb674fb2 files: + - path: /opt/cni + directory: true + - path: /etc/cni + directory: true - path: root/.ssh/authorized_keys source: ~/.ssh/id_rsa.pub mode: "0600" diff --git a/projects/kubernetes/kube-node.yml b/projects/kubernetes/kube-node.yml index 655314d8a..9ae19f239 100644 --- a/projects/kubernetes/kube-node.yml +++ b/projects/kubernetes/kube-node.yml @@ -58,6 +58,10 @@ services: - name: kubelet image: linuxkitprojects/kubernetes:c4a6ae5121df50471ad244b9fc153ff5eb674fb2 files: + - path: /opt/cni + directory: true + - path: /etc/cni + directory: true - path: root/.ssh/authorized_keys source: ~/.ssh/id_rsa.pub mode: "0600" diff --git a/projects/kubernetes/kubernetes/Dockerfile b/projects/kubernetes/kubernetes/Dockerfile index 689b7b632..2fff3e89b 100644 --- a/projects/kubernetes/kubernetes/Dockerfile +++ b/projects/kubernetes/kubernetes/Dockerfile @@ -45,4 +45,4 @@ WORKDIR / ENTRYPOINT ["/usr/bin/kubelet.sh"] COPY --from=build /out / ENV KUBECONFIG "/etc/kubernetes/admin.conf" -LABEL org.mobyproject.config='{"binds": ["/dev:/dev", "/etc/resolv.conf:/etc/resolv.conf", "/run:/run", "/var:/var:rshared,rbind", "/var/lib/kubeadm:/etc/kubernetes"], "mounts": [{"type": "cgroup", "options": ["rw","nosuid","noexec","nodev","relatime"]}], "capabilities": ["all"], "rootfsPropagation": "shared", "pid": "host", "runtime": {"mkdir": ["/var/lib/kubeadm", "/var/lib/cni/etc", "/var/lib/cni/opt"]}}' +LABEL org.mobyproject.config='{"binds": ["/dev:/dev", "/etc/resolv.conf:/etc/resolv.conf", "/run:/run", "/var:/var:rshared,rbind", "/var/lib/kubeadm:/etc/kubernetes"], "mounts": [{"type": "cgroup", "options": ["rw","nosuid","noexec","nodev","relatime"]}], "capabilities": ["all"], "rootfsPropagation": "shared", "pid": "host", "runtime": {"mkdir": ["/var/lib/kubeadm", "/var/lib/cni/etc", "/var/lib/cni/opt"], "mounts": [{"type": "bind", "source": "/var/lib/cni/opt", "destination": "/opt/cni", "options": ["rw", "bind"]}, {"type": "bind", "source": "/var/lib/cni/etc", "destination": "/etc/cni", "options": ["rw", "bind"]}]}}'