Fix mountflags and kubelet config

Add missing --require-kubeconfig to the if..else stanza.
Make sure certs dirs mounted in RO.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
This commit is contained in:
Bogdan Dobrelya 2016-11-15 11:18:53 +01:00
parent e68ec257a3
commit 876c4df1b6
3 changed files with 4 additions and 1 deletions

View file

@ -21,7 +21,7 @@ KUBELET_ARGS="--cluster_dns={{ skydns_server }} --cluster_domain={{ dns_domain }
{% elif dns_setup|bool %} {% elif dns_setup|bool %}
KUBELET_ARGS="--cluster_dns={{ dns_server }} --cluster_domain={{ dns_domain }} --kubeconfig={{ kube_config_dir}}/node-kubeconfig.yaml --require-kubeconfig --pod-manifest-path={{ kube_manifest_dir }} --resolv-conf={{ kube_resolv_conf }} --pod-infra-container-image={{ pod_infra_image_repo }}:{{ pod_infra_image_tag }}" KUBELET_ARGS="--cluster_dns={{ dns_server }} --cluster_domain={{ dns_domain }} --kubeconfig={{ kube_config_dir}}/node-kubeconfig.yaml --require-kubeconfig --pod-manifest-path={{ kube_manifest_dir }} --resolv-conf={{ kube_resolv_conf }} --pod-infra-container-image={{ pod_infra_image_repo }}:{{ pod_infra_image_tag }}"
{% else %} {% else %}
KUBELET_ARGS="--kubeconfig={{ kube_config_dir}}/kubelet.kubeconfig --pod-manifest-path={{ kube_manifest_dir }} --pod-infra-container-image={{ pod_infra_image_repo }}:{{ pod_infra_image_tag }}" KUBELET_ARGS="--kubeconfig={{ kube_config_dir}}/kubelet.kubeconfig --require-kubeconfig --pod-manifest-path={{ kube_manifest_dir }} --pod-infra-container-image={{ pod_infra_image_repo }}:{{ pod_infra_image_tag }}"
{% endif %} {% endif %}
{% if kube_network_plugin is defined and kube_network_plugin in ["calico", "weave", "canal"] %} {% if kube_network_plugin is defined and kube_network_plugin in ["calico", "weave", "canal"] %}
KUBELET_NETWORK_PLUGIN="--network-plugin=cni --network-plugin-dir=/etc/cni/net.d" KUBELET_NETWORK_PLUGIN="--network-plugin=cni --network-plugin-dir=/etc/cni/net.d"

View file

@ -111,6 +111,7 @@ spec:
mountPath: "/run/flannel" mountPath: "/run/flannel"
- name: "canal-certs" - name: "canal-certs"
mountPath: "{{ canal_cert_dir }}" mountPath: "{{ canal_cert_dir }}"
readOnly: true
# Runs calico/node container on each Kubernetes node. This # Runs calico/node container on each Kubernetes node. This
# container programs network policy and local routes on each # container programs network policy and local routes on each
# host. # host.
@ -156,3 +157,4 @@ spec:
readOnly: false readOnly: false
- name: "canal-certs" - name: "canal-certs"
mountPath: "{{ canal_cert_dir }}" mountPath: "{{ canal_cert_dir }}"
readOnly: true

View file

@ -33,6 +33,7 @@
mountPath: "/run/flannel" mountPath: "/run/flannel"
- name: "etcd-certs" - name: "etcd-certs"
mountPath: "{{ etcd_cert_dir }}" mountPath: "{{ etcd_cert_dir }}"
readOnly: true
securityContext: securityContext:
privileged: true privileged: true
hostNetwork: true hostNetwork: true