Run a network agent on cells #65
Conversation
| @@ -2,7 +2,7 @@ | |||
|
|
|||
| # Defaults. | |||
| IMAGE="alpine.qcow2" | |||
| IMAGE_SIZE="1G" | |||
| IMAGE_SIZE="2G" | |||
There was a problem hiding this comment.
Not a problem, just a question: so our image went over the 1GB limit?
There was a problem hiding this comment.
Yup, barely, but it's now above 1GB.
| return nil | ||
| } | ||
| if kubeconfig == "" { | ||
| glog.Errorf("no kubeconfig found") |
There was a problem hiding this comment.
Should this be a Warningf instead of an Errorf? It seems like it's OK to run kiyot without specifying a kubeconfig or token on the command line.
Do we want to require one or the other or is running without a kubeconfig only permissable for backwards compatibility?
There was a problem hiding this comment.
This is a kubeconfig file we create specifically for the network agent. For backwards compatbility, it's okay to run kiyot without providing a network agent serviceaccount token (from which a kubeconfig is created).
If itzo can't find the network agent kubeconfig (which kiyot should have deployed as a package), then it won't start the network agent.
The --kubeconfig parameter for kiyot is only used to provide a kubeconfig for kiyot itself (we used to use this before containerizing kiyot+milpa).
Run a network agent (kube-router for now) on cells that does service proxying and enforces network policies. I changed PodParameters to send over the kubernetes node name instead of the old milpa clustername and namespace. Since we don't do our own SD anymore, I also removed the code that updates the search list in resolv.conf for SD.