K
Q

Secrets with containerized single-node kubernetes cluster

2/8/2016

It is well known that secrets don't work with containerized kubernetes cluster ((https://github.com/kubernetes/kubernetes/blob/master/docs/getting-started-guides/docker.md). There are several bugs logged for this (For instance: https://github.com/kubernetes/kubernetes/issues/18239).

However, with Docker 1.10 allowing shared/slave propagation, this issue is supposed to have technically resolved. However, I am having trouble getting this to work.

I tried changing the single node docker command like so:

docker run \
 --restart=always \
 --volume=/:/rootfs:ro \
 --volume=/sys:/sys:ro \
 --volume=/dev:/dev \
 --volume=/var/lib/docker/:/var/lib/docker:shared \
 --volume=/var/lib/kubelet/:/var/lib/kubelet:shared \
 --volume=/var/run:/var/run:shared \
 --net=host \
 --pid=host \
 --privileged=true \
 -d \
 gcr.io/google_containers/hyperkube-amd64:v${K8S_VERSION} \
 /hyperkube kubelet \
  --containerized \
  --hostname-override="127.0.0.1" \
  --address="0.0.0.0" \
  --api-servers=http://localhost:8080 \
  --config=/etc/kubernetes/manifests \
  --cluster-dns=10.0.0.10 \
  --cluster-domain=cluster.local \
  --allow-privileged=true \
  --v=10

Please note the shared mount propagation setting. When I do this, i get the error:

docker: Error response from daemon: Cannot start container f7a5ae3d3e88b02ba42544ec768050717c942bc62889175171e6ebb3f89a1a6c: Path /var/run is mounted on /run but it is not a shared mount..

I am trying to do this on a Unbutu trusty on a vagrant box. I am using docker version 1.10.0 and containerized hyperkuber version v1.2.0-alpha.7.

What am I missing here? If I roll back the shared setting with the original rw, I get the error: Unable to mount volumes for pod with the IsLikelyNotMountPoint error.

UPDATE

Hey Guys, I think I figured it out (at least for the single node containerized kubernetes environment). The steps I followed was:

mkdir -p /var/lib/kubelet mount -o bind /var/lib/kubelet /var/lib/kubelet mount --make-shared /var/lib/kubelet

and the the actual command

docker run \ --restart=always \ --volume=/:/rootfs:ro \ --volume=/sys:/sys:ro \ --volume=/dev:/dev \ --volume=/var/lib/docker/:/var/lib/docker:rw \ --volume=/var/lib/kubelet/:/var/lib/kubelet:shared \ --volume=/var/run:/var/run:rw \ --net=host \ --pid=host \ --privileged=true \ -d \ gcr.io/google_containers/hyperkube-amd64:v${K8S_VERSION} \ /hyperkube kubelet \ --hostname-override="127.0.0.1" \ --address="0.0.0.0" \ --api-servers=http://localhost:8080 \ --config=/etc/kubernetes/manifests \ --cluster-dns=10.0.0.10 \ --cluster-domain=cluster.local \ --allow-privileged=true --v=10

I am using kubernetes version v1.2.0.alpha.7. Also please note that in the main command, I added the shared mount and removed the "containerized" parameter. Also, I am using the latest version of Docker (1.10)

-- Gopinath Taget
docker
kubernetes

Similar Questions

How do I expose Kubernetes service to the internet?
Easily view Kubernetes pod assignment
How to list the published container images in the Google Container Registry using gcloud or another CLI
on single node kubernetes cluster i can expose a service with 'expose' cmd, but doing it via create -f <svc.json-file> fails

0 Answers