Secrets with containerized single-node kubernetes cluster

It is well known that secrets don’t work with containerized kubernetes cluster ((https://github.com/kubernetes/kubernetes/blob/master/docs/getting-started-guides/docker.md). There are several bugs logged for this (For instance: https://github.com/kubernetes/kubernetes/issues/18239).

However, with Docker 1.10 allowing shared/slave propagation, this issue is supposed to have technically resolved. However, I am having trouble getting this to work.

  • Java in python3-onbuild docker
  • docker: why are images per machine?
  • no json module when running python script in docker container
  • How to connect to Cassandra in Docker
  • How do I install Docker on an NVIDIA Tegra Jetson TK1 with a 32 bit ARM processor running Ubuntu 14.04?
  • How to install zless in alpine linux?
  • I tried changing the single node docker command like so:

    docker run \
     --restart=always \
     --volume=/:/rootfs:ro \
     --volume=/sys:/sys:ro \
     --volume=/dev:/dev \
     --volume=/var/lib/docker/:/var/lib/docker:shared \
     --volume=/var/lib/kubelet/:/var/lib/kubelet:shared \
     --volume=/var/run:/var/run:shared \
     --net=host \
     --pid=host \
     --privileged=true \
     -d \
     gcr.io/google_containers/hyperkube-amd64:v${K8S_VERSION} \
     /hyperkube kubelet \
      --containerized \
      --hostname-override="127.0.0.1" \
      --address="0.0.0.0" \
      --api-servers=http://localhost:8080 \
      --config=/etc/kubernetes/manifests \
      --cluster-dns=10.0.0.10 \
      --cluster-domain=cluster.local \
      --allow-privileged=true \
      --v=10
    

    Please note the shared mount propagation setting. When I do this, i get the error:

    docker: Error response from daemon: Cannot start container
    f7a5ae3d3e88b02ba42544ec768050717c942bc62889175171e6ebb3f89a1a6c: Path
    /var/run is mounted on /run but it is not a shared mount..

    I am trying to do this on a Unbutu trusty on a vagrant box. I am using docker version 1.10.0 and containerized hyperkuber version v1.2.0-alpha.7.

    What am I missing here? If I roll back the shared setting with the original rw, I get the error: Unable to mount volumes for pod with the IsLikelyNotMountPoint error.

    UPDATE

    Hey Guys, I think I figured it out (at least for the single node containerized kubernetes environment). The steps I followed was:

    mkdir -p /var/lib/kubelet
    mount -o bind /var/lib/kubelet /var/lib/kubelet
    mount --make-shared /var/lib/kubelet

    and the the actual command

    docker run \
    --restart=always \
    --volume=/:/rootfs:ro \
    --volume=/sys:/sys:ro \
    --volume=/dev:/dev \
    --volume=/var/lib/docker/:/var/lib/docker:rw \
    --volume=/var/lib/kubelet/:/var/lib/kubelet:shared \
    --volume=/var/run:/var/run:rw \
    --net=host \
    --pid=host \
    --privileged=true \
    -d \
    gcr.io/google_containers/hyperkube-amd64:v${K8S_VERSION} \
    /hyperkube kubelet \
    --hostname-override="127.0.0.1" \
    --address="0.0.0.0" \
    --api-servers=http://localhost:8080 \
    --config=/etc/kubernetes/manifests \
    --cluster-dns=10.0.0.10 \
    --cluster-domain=cluster.local \
    --allow-privileged=true --v=10

    I am using kubernetes version v1.2.0.alpha.7. Also please note that in the main command, I added the shared mount and removed the “containerized” parameter. Also, I am using the latest version of Docker (1.10)

  • How to dynamically modify the startup parameters of a running container?
  • MS Edge running in guest machine does not store cookies from site hosted in another guest
  • Viewing mounted docker container in browser
  • Edit configuration file for running Docker instance of Kong
  • install java successfully using the dockerfile however its says java command not found
  • Using Docker-Compose, how to execute multiple commands
  • Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.