Hi, Great work Jason! We should definitely get these images into atomic-system-containers.
Daniel Walsh <dwa...@redhat.com> writes: > If these config changes should be in the standard etcd/flanneld > containers please open pull requests to fix this on > github.com:projectatomic/atomic-system-containers > > On 04/28/2017 03:08 PM, Jason Brooks wrote: >> On Fri, Apr 28, 2017 at 1:05 AM, Spyros Trigazis <strig...@gmail.com> wrote: >>> Hi, >>> >>> So far, I have only tried etcd, works well but the only piece missing is >>> a way to pass TLS credentials which is quite important for certain >>> deployments like ours. My next goal is flannel. Flannel will require >>> TLS creds as well. To do it, I rebuilt the image to bindmount them. >> The ansible scripts handle this, and they put the certs in >> /etc/etcd/certs -- I'm bind mounting /etc/etcd to accommodate this. >> Where do you put your certs? I have done something similar for the openshift-ansible. I got some changes in that let us use the existing bind mounts: https://github.com/openshift/openshift-ansible/commit/73d91dbcbcd3f2188977ac36e06adf57803b4842 What I did here is to read the configuration from /var/lib/etcd/etcd.etcd/etc instead of /etc/etcd when using a system container since that path is already bind mounted in the container. With this change in openshift-ansible we don't need any modification in the etcd image. >> It's a similar situation w/ flannel, w/ certs in /etc/flanneld/certs. in this case we will probably need to modify the image, the existing bind mounts don't seem enough to do something similar as for etcd. Regards, Giuseppe
