Secrets with containerized single-node kubernetes cluster

It is well known that secrets don’t work with containerized kubernetes cluster ((https://github.com/kubernetes/kubernetes/blob/master/docs/getting-started-guides/docker.md). There are several bugs logged for this (For instance: https://github.com/kubernetes/kubernetes/issues/18239).

However, with Docker 1.10 allowing shared/slave propagation, this issue is supposed to have technically resolved. However, I am having trouble getting this to work.

  • connect to rethinkdb running in docker kitematic
  • Provide environment variables to elastic beanstalk docker deployment
  • Cannot connect to the Docker daemon on macOS
  • How to make docker-compose load the context from GIT to a specific directory?
  • EF Core migrations using asp.net core, SQL Server and Docker yields dotnet SDK error
  • Can't push image to Amazon ECR - fails with “no basic auth credentials”
  • I tried changing the single node docker command like so:

    docker run \
     --restart=always \
     --volume=/:/rootfs:ro \
     --volume=/sys:/sys:ro \
     --volume=/dev:/dev \
     --volume=/var/lib/docker/:/var/lib/docker:shared \
     --volume=/var/lib/kubelet/:/var/lib/kubelet:shared \
     --volume=/var/run:/var/run:shared \
     --net=host \
     --pid=host \
     --privileged=true \
     -d \
     gcr.io/google_containers/hyperkube-amd64:v${K8S_VERSION} \
     /hyperkube kubelet \
      --containerized \
      --hostname-override="127.0.0.1" \
      --address="0.0.0.0" \
      --api-servers=http://localhost:8080 \
      --config=/etc/kubernetes/manifests \
      --cluster-dns=10.0.0.10 \
      --cluster-domain=cluster.local \
      --allow-privileged=true \
      --v=10
    

    Please note the shared mount propagation setting. When I do this, i get the error:

    docker: Error response from daemon: Cannot start container
    f7a5ae3d3e88b02ba42544ec768050717c942bc62889175171e6ebb3f89a1a6c: Path
    /var/run is mounted on /run but it is not a shared mount..

    I am trying to do this on a Unbutu trusty on a vagrant box. I am using docker version 1.10.0 and containerized hyperkuber version v1.2.0-alpha.7.

    What am I missing here? If I roll back the shared setting with the original rw, I get the error: Unable to mount volumes for pod with the IsLikelyNotMountPoint error.

    UPDATE

    Hey Guys, I think I figured it out (at least for the single node containerized kubernetes environment). The steps I followed was:

    mkdir -p /var/lib/kubelet
    mount -o bind /var/lib/kubelet /var/lib/kubelet
    mount --make-shared /var/lib/kubelet

    and the the actual command

    docker run \
    --restart=always \
    --volume=/:/rootfs:ro \
    --volume=/sys:/sys:ro \
    --volume=/dev:/dev \
    --volume=/var/lib/docker/:/var/lib/docker:rw \
    --volume=/var/lib/kubelet/:/var/lib/kubelet:shared \
    --volume=/var/run:/var/run:rw \
    --net=host \
    --pid=host \
    --privileged=true \
    -d \
    gcr.io/google_containers/hyperkube-amd64:v${K8S_VERSION} \
    /hyperkube kubelet \
    --hostname-override="127.0.0.1" \
    --address="0.0.0.0" \
    --api-servers=http://localhost:8080 \
    --config=/etc/kubernetes/manifests \
    --cluster-dns=10.0.0.10 \
    --cluster-domain=cluster.local \
    --allow-privileged=true --v=10

    I am using kubernetes version v1.2.0.alpha.7. Also please note that in the main command, I added the shared mount and removed the “containerized” parameter. Also, I am using the latest version of Docker (1.10)

  • SSH into a DC/OS created public agent node to deploy a Docker container?
  • How to connect to a dockerized PostgreSQL from (an undockerized) Python app
  • “no such file or directory” when running Docker image
  • Is it possible to run match servers on Kubernetes for a Real Time Multiplayer game?
  • From inside of a Docker container, how do I connect to the localhost of the machine?
  • Use domains instead of ports for multiple Docker containers
  • Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.