kelseyhightower
commented
4 years ago These are good suggestions but I would really like to avoid change dir structure unless it really contributes to the over all learning experience.
Closed SudoBrendan closed 4 years ago
kelseyhightower
commented
4 years ago These are good suggestions but I would really like to avoid change dir structure unless it really contributes to the over all learning experience.
Hi everyone,
First, I seriously enjoyed the guide and gained a much better understanding of Kubernetes by following along and standing up my own cluster from scratch - TYVM for the assist and for continuing to keep this guide up to date!!
Nitpicking here (or trying to get a better understanding) for the decision to put all .pem, .kubeconfig, and several k8s component .yaml configuration files in /var/lib/ (steps 8/9, then referenced in later steps as well when configuring services in flags) - what was the rationale there? The Linux Filesystem Hierarchy Standard argues that no file in /var/lib should need to be modified to reconfigure a package's operation. I feel like etcd should be the only thing touching /var in this walkthrough via it's state files aside from systemd's additions to /var/log/syslog.
In my walkthrough, I migrated all these files to /etc/kubernetes without issue (in addition to updating how they are referenced in the systemd configs) in various forms on my master/worker nodes:
...though in reality, all this stuff could just be thrown in a flat /etc/kubernetes/ dir for simplicity. What do ya'll think about a change to the walkthrough to put configuration data (all certificates, kubeconfigs, and YAML configuration files) in /etc/kubernetes/, with no "kubernetes" directories at all in /var? ...or am I missing something - maybe bootstrapper tools like kubeadm also put those files there, so it's written this way for consistency?
In a related vein, I wasn't a fan of copying the same certificate files to /etc/etcd/ that also exist in /var/lib/kubernetes - I think this calls for a symlink so we don't forget to update one cert and not the other when it expires :)
I can submit a PR if this is seen as an improvement, if not, close this out - LMK.
Thanks again, really appreciated this guide!