K
Q

How to pass gRPC unix socket to Kubernetes api-server

5/10/2019

I have implemented a KMS Plugin gRPC server. However, my api-server is not able to connect to Unix socket at path "/opt/mysocket.sock".

If I bind my socket to "/etc/ssl/certs/" directory. "api-server" is able to access it and interact with my gRPC server over Unix socket and plugin is working as expected.

How I can pass my unix socket to api-server without getting restricted to only "/etc/ssl/certs/" directory.

I want to use other standard directories like "/opt" or "/var" etc.

I have followed below guide from Google to implement KMS plugin. https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/

-- Neeraj Kukreti
google-kubernetes-engine
kube-apiserver
kubernetes
kubernetes-apiserver
kubernetes-pod

Similar Questions

How can I connect to my mysql pod or node of mysql in k8s?
What is a rollout in Kubernetes?
Installing kafka and zookeeper cluster using kubernetes
DNS in Kubernetes deployment not working as expected
Helm Chart - Range for Files.Get function to get content from file and put them in ConfigMap
Unable to open Istio ingress-gateway for gRPC

1 Answer

5/14/2019

For "api-server" pod to access any directory from the host system, we need to add mount path in "kube-apiserver.yaml" file.

Path to yaml file "/etc/kubernetes/manifests/kube-apiserver.yaml" file.

Add mount point as shown below (keep correct indentation).

=====
volumeMounts:
   - mountPath: /etc/my_dir
       name: my-kms
       readOnly: true
...
...
volumes:
   - hostPath:
       path: /etc/my_dir
       type: DirectoryOrCreate
====
-- Neeraj Kukreti
Source: StackOverflow