Secrets with containerized single-node kubernetes cluster

It is well known that secrets don’t work with containerized kubernetes cluster ((https://github.com/kubernetes/kubernetes/blob/master/docs/getting-started-guides/docker.md). There are several bugs logged for this (For instance: https://github.com/kubernetes/kubernetes/issues/18239).

However, with Docker 1.10 allowing shared/slave propagation, this issue is supposed to have technically resolved. However, I am having trouble getting this to work.

  • docker-compose use extra_hosts with container id
  • Specify the env file docker compose uses
  • Docker WordPress Nginx Folder Structure?
  • how to choose pxe setup in deploying OPNFV ARNO via Fuel (master node)?
  • Cron job can't connect to Docker daemon
  • How to solve `Building CXX object src/CMakeFiles/qpidcommon.dir/qpid/sys/posix/Condition.cpp.o` while compiling qpid-cpp within Docker Alpine?
  • I tried changing the single node docker command like so:

    docker run \
     --restart=always \
     --volume=/:/rootfs:ro \
     --volume=/sys:/sys:ro \
     --volume=/dev:/dev \
     --volume=/var/lib/docker/:/var/lib/docker:shared \
     --volume=/var/lib/kubelet/:/var/lib/kubelet:shared \
     --volume=/var/run:/var/run:shared \
     --net=host \
     --pid=host \
     --privileged=true \
     -d \
     gcr.io/google_containers/hyperkube-amd64:v${K8S_VERSION} \
     /hyperkube kubelet \
      --containerized \
      --hostname-override="127.0.0.1" \
      --address="0.0.0.0" \
      --api-servers=http://localhost:8080 \
      --config=/etc/kubernetes/manifests \
      --cluster-dns=10.0.0.10 \
      --cluster-domain=cluster.local \
      --allow-privileged=true \
      --v=10
    

    Please note the shared mount propagation setting. When I do this, i get the error:

    docker: Error response from daemon: Cannot start container
    f7a5ae3d3e88b02ba42544ec768050717c942bc62889175171e6ebb3f89a1a6c: Path
    /var/run is mounted on /run but it is not a shared mount..

    I am trying to do this on a Unbutu trusty on a vagrant box. I am using docker version 1.10.0 and containerized hyperkuber version v1.2.0-alpha.7.

    What am I missing here? If I roll back the shared setting with the original rw, I get the error: Unable to mount volumes for pod with the IsLikelyNotMountPoint error.

    UPDATE

    Hey Guys, I think I figured it out (at least for the single node containerized kubernetes environment). The steps I followed was:

    mkdir -p /var/lib/kubelet
    mount -o bind /var/lib/kubelet /var/lib/kubelet
    mount --make-shared /var/lib/kubelet

    and the the actual command

    docker run \
    --restart=always \
    --volume=/:/rootfs:ro \
    --volume=/sys:/sys:ro \
    --volume=/dev:/dev \
    --volume=/var/lib/docker/:/var/lib/docker:rw \
    --volume=/var/lib/kubelet/:/var/lib/kubelet:shared \
    --volume=/var/run:/var/run:rw \
    --net=host \
    --pid=host \
    --privileged=true \
    -d \
    gcr.io/google_containers/hyperkube-amd64:v${K8S_VERSION} \
    /hyperkube kubelet \
    --hostname-override="127.0.0.1" \
    --address="0.0.0.0" \
    --api-servers=http://localhost:8080 \
    --config=/etc/kubernetes/manifests \
    --cluster-dns=10.0.0.10 \
    --cluster-domain=cluster.local \
    --allow-privileged=true --v=10

    I am using kubernetes version v1.2.0.alpha.7. Also please note that in the main command, I added the shared mount and removed the “containerized” parameter. Also, I am using the latest version of Docker (1.10)

  • How do I set up a simple dockerized RabbitMQ cluster?
  • Run jhipster-registry in production
  • Docker - how to set iface name when creating a new network
  • Configure Dockerfile to use impdp command when the container is created
  • Which Amazon AMI for a Rails app in a Docker image?
  • Docker container with it's own IP on a root server
  • Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.