manifests: keep private key between restarts

This commit ensures that the WireGuard private key is re-used between container restarts. The result of this is that external peers can keep using their configuration and don't need to be re-configured just because the Kilo container restarted.
2019-05-10 22:21:52 +02:00
parent bbbfc0548f
commit e4ad7c29ec
4 changed files with 29 additions and 21 deletions
--- a/manifests/kilo-bootkube.yaml
+++ b/manifests/kilo-bootkube.yaml
@@ -100,14 +100,13 @@ spec:
        securityContext:
          privileged: true
        volumeMounts:
+        - name: cni-conf-dir
+          mountPath: /etc/cni/net.d
+        - name: kilo-dir
+          mountPath: /var/lib/kilo
        - name: kubeconfig
          mountPath: /etc/kubernetes/kubeconfig
          readOnly: true
-      tolerations:
-      - effect: NoSchedule
-        operator: Exists
-      - effect: NoExecute
-        operator: Exists
      initContainers:
      - name: install-cni
        image: squat/kilo
@@ -139,12 +138,15 @@ spec:
      - effect: NoExecute
        operator: Exists
      volumes:
-      - name: kubeconfig
-        hostPath:
-          path: /etc/kubernetes/kubeconfig
      - name: cni-bin-dir
        hostPath:
          path: /opt/cni/bin
      - name: cni-conf-dir
        hostPath:
          path: /etc/kubernetes/cni/net.d
+      - name: kilo-dir
+        hostPath:
+          path: /var/lib/kilo
+      - name: kubeconfig
+        hostPath:
+          path: /etc/kubernetes/kubeconfig
--- a/manifests/kilo-kubeadm.yaml
+++ b/manifests/kilo-kubeadm.yaml
@@ -102,6 +102,8 @@ spec:
        volumeMounts:
        - name: cni-conf-dir
          mountPath: /etc/cni/net.d
+        - name: kilo-dir
+          mountPath: /var/lib/kilo
        - name: kubeconfig
          mountPath: /etc/kubernetes
          readOnly: true
@@ -136,15 +138,18 @@ spec:
      - effect: NoExecute
        operator: Exists
      volumes:
-      - name: kubeconfig
-        configMap:
-          name: kube-proxy
-          items:
-          - key: kubeconfig.conf
-            path: kubeconfig
      - name: cni-bin-dir
        hostPath:
          path: /opt/cni/bin
      - name: cni-conf-dir
        hostPath:
          path: /etc/kubernetes/cni/net.d
+      - name: kilo-dir
+        hostPath:
+          path: /var/lib/kilo
+      - name: kubeconfig
+        configMap:
+          name: kube-proxy
+          items:
+          - key: kubeconfig.conf
+            path: kubeconfig
--- a/manifests/kilo-typhoon.yaml
+++ b/manifests/kilo-typhoon.yaml
@@ -102,6 +102,8 @@ spec:
        volumeMounts:
        - name: cni-conf-dir
          mountPath: /etc/cni/net.d
+        - name: kilo-dir
+          mountPath: /var/lib/kilo
        - name: kubeconfig
          mountPath: /etc/kubernetes
          readOnly: true
@@ -136,12 +138,15 @@ spec:
      - effect: NoExecute
        operator: Exists
      volumes:
-      - name: kubeconfig
-        configMap:
-          name: kubeconfig-in-cluster
      - name: cni-bin-dir
        hostPath:
          path: /opt/cni/bin
      - name: cni-conf-dir
        hostPath:
          path: /etc/kubernetes/cni/net.d
+      - name: kilo-dir
+        hostPath:
+          path: /var/lib/kilo
+      - name: kubeconfig
+        configMap:
+          name: kubeconfig-in-cluster