diff --git a/nixos/modules/services/cluster/kubernetes/addon-manager.nix b/nixos/modules/services/cluster/kubernetes/addon-manager.nix index 9159d5915eb77..b677d900ff50a 100644 --- a/nixos/modules/services/cluster/kubernetes/addon-manager.nix +++ b/nixos/modules/services/cluster/kubernetes/addon-manager.nix @@ -167,4 +167,5 @@ in }; }; + meta.buildDocsInSandbox = false; } diff --git a/nixos/modules/services/cluster/kubernetes/addons/dns.nix b/nixos/modules/services/cluster/kubernetes/addons/dns.nix index 10f45db7883f4..7bd4991f43f7b 100644 --- a/nixos/modules/services/cluster/kubernetes/addons/dns.nix +++ b/nixos/modules/services/cluster/kubernetes/addons/dns.nix @@ -363,4 +363,6 @@ in { services.kubernetes.kubelet.clusterDns = mkDefault cfg.clusterIp; }; + + meta.buildDocsInSandbox = false; } diff --git a/nixos/modules/services/cluster/kubernetes/apiserver.nix b/nixos/modules/services/cluster/kubernetes/apiserver.nix index 5b97c571d7639..a192e93badc23 100644 --- a/nixos/modules/services/cluster/kubernetes/apiserver.nix +++ b/nixos/modules/services/cluster/kubernetes/apiserver.nix @@ -496,4 +496,5 @@ in ]; + meta.buildDocsInSandbox = false; } diff --git a/nixos/modules/services/cluster/kubernetes/controller-manager.nix b/nixos/modules/services/cluster/kubernetes/controller-manager.nix index 6d54659720cb0..7c317e94deebf 100644 --- a/nixos/modules/services/cluster/kubernetes/controller-manager.nix +++ b/nixos/modules/services/cluster/kubernetes/controller-manager.nix @@ -6,7 +6,6 @@ let top = config.services.kubernetes; otop = options.services.kubernetes; cfg = top.controllerManager; - klib = options.services.kubernetes.lib.default; in { imports = [ @@ -57,7 +56,7 @@ in type = int; }; - kubeconfig = klib.mkKubeConfigOptions "Kubernetes controller manager"; + kubeconfig = top.lib.mkKubeConfigOptions "Kubernetes controller manager"; leaderElect = mkOption { description = "Whether to start leader election before executing main loop."; @@ -130,7 +129,7 @@ in "--cluster-cidr=${cfg.clusterCidr}"} \ ${optionalString (cfg.featureGates != []) "--feature-gates=${concatMapStringsSep "," (feature: "${feature}=true") cfg.featureGates}"} \ - --kubeconfig=${klib.mkKubeConfig "kube-controller-manager" cfg.kubeconfig} \ + --kubeconfig=${top.lib.mkKubeConfig "kube-controller-manager" cfg.kubeconfig} \ --leader-elect=${boolToString cfg.leaderElect} \ ${optionalString (cfg.rootCaFile!=null) "--root-ca-file=${cfg.rootCaFile}"} \ @@ -157,7 +156,7 @@ in path = top.path; }; - services.kubernetes.pki.certs = with klib; { + services.kubernetes.pki.certs = with top.lib; { controllerManager = mkCert { name = "kube-controller-manager"; CN = "kube-controller-manager"; @@ -172,4 +171,6 @@ in services.kubernetes.controllerManager.kubeconfig.server = mkDefault top.apiserverAddress; }; + + meta.buildDocsInSandbox = false; } diff --git a/nixos/modules/services/cluster/kubernetes/default.nix b/nixos/modules/services/cluster/kubernetes/default.nix index 715c88ad88c7f..ae10657202d9c 100644 --- a/nixos/modules/services/cluster/kubernetes/default.nix +++ b/nixos/modules/services/cluster/kubernetes/default.nix @@ -193,8 +193,6 @@ in { inherit mkKubeConfigOptions; }; type = types.attrs; - readOnly = true; - internal = true; }; secretsPath = mkOption { @@ -315,4 +313,6 @@ in { else "${cfg.masterAddress}:${toString cfg.apiserver.securePort}"}"); }) ]; + + meta.buildDocsInSandbox = false; } diff --git a/nixos/modules/services/cluster/kubernetes/flannel.nix b/nixos/modules/services/cluster/kubernetes/flannel.nix index fecea7a15f3db..cb81eaaf01609 100644 --- a/nixos/modules/services/cluster/kubernetes/flannel.nix +++ b/nixos/modules/services/cluster/kubernetes/flannel.nix @@ -95,4 +95,6 @@ in }; }; + + meta.buildDocsInSandbox = false; } diff --git a/nixos/modules/services/cluster/kubernetes/kubelet.nix b/nixos/modules/services/cluster/kubernetes/kubelet.nix index 2d58547ce4cee..253355c20cb2f 100644 --- a/nixos/modules/services/cluster/kubernetes/kubelet.nix +++ b/nixos/modules/services/cluster/kubernetes/kubelet.nix @@ -6,7 +6,6 @@ let top = config.services.kubernetes; otop = options.services.kubernetes; cfg = top.kubelet; - klib = options.services.kubernetes.lib.default; cniConfig = if cfg.cni.config != [] && cfg.cni.configDir != null then @@ -28,7 +27,7 @@ let config.Cmd = ["/bin/pause"]; }; - kubeconfig = klib.mkKubeConfig "kubelet" cfg.kubeconfig; + kubeconfig = top.lib.mkKubeConfig "kubelet" cfg.kubeconfig; manifestPath = "kubernetes/manifests"; @@ -178,7 +177,7 @@ in type = str; }; - kubeconfig = klib.mkKubeConfigOptions "Kubelet"; + kubeconfig = top.lib.mkKubeConfigOptions "Kubelet"; manifests = mkOption { description = "List of manifests to bootstrap with kubelet (only pods can be created as manifest entry)"; @@ -359,7 +358,7 @@ in services.kubernetes.kubelet.hostname = with config.networking; mkDefault (hostName + optionalString (domain != null) ".${domain}"); - services.kubernetes.pki.certs = with klib; { + services.kubernetes.pki.certs = with top.lib; { kubelet = mkCert { name = "kubelet"; CN = top.kubelet.hostname; @@ -396,4 +395,6 @@ in }) ]; + + meta.buildDocsInSandbox = false; } diff --git a/nixos/modules/services/cluster/kubernetes/pki.nix b/nixos/modules/services/cluster/kubernetes/pki.nix index 00d572a509888..88bde4e915576 100644 --- a/nixos/modules/services/cluster/kubernetes/pki.nix +++ b/nixos/modules/services/cluster/kubernetes/pki.nix @@ -1,11 +1,10 @@ -{ config, options, lib, pkgs, ... }: +{ config, lib, pkgs, ... }: with lib; let top = config.services.kubernetes; cfg = top.pki; - klib = options.services.kubernetes.lib; csrCA = pkgs.writeText "kube-pki-cacert-csr.json" (builtins.toJSON { key = { @@ -30,7 +29,7 @@ let cfsslAPITokenLength = 32; clusterAdminKubeconfig = with cfg.certs.clusterAdmin; - klib.mkKubeConfig "cluster-admin" { + top.lib.mkKubeConfig "cluster-admin" { server = top.apiserverAddress; certFile = cert; keyFile = key; @@ -251,7 +250,7 @@ in # - it would be better with a more Nix-oriented way of managing addons systemd.services.kube-addon-manager = mkIf top.addonManager.enable (mkMerge [{ environment.KUBECONFIG = with cfg.certs.addonManager; - klib.mkKubeConfig "addon-manager" { + top.lib.mkKubeConfig "addon-manager" { server = top.apiserverAddress; certFile = cert; keyFile = key; @@ -344,7 +343,7 @@ in ''; services.flannel = with cfg.certs.flannelClient; { - kubeconfig = klib.mkKubeConfig "flannel" { + kubeconfig = top.lib.mkKubeConfig "flannel" { server = top.apiserverAddress; certFile = cert; keyFile = key; @@ -402,4 +401,6 @@ in }; }; }); + + meta.buildDocsInSandbox = false; } diff --git a/nixos/modules/services/cluster/kubernetes/proxy.nix b/nixos/modules/services/cluster/kubernetes/proxy.nix index 986301f6bd951..0fd98d1c15761 100644 --- a/nixos/modules/services/cluster/kubernetes/proxy.nix +++ b/nixos/modules/services/cluster/kubernetes/proxy.nix @@ -6,7 +6,6 @@ let top = config.services.kubernetes; otop = options.services.kubernetes; cfg = top.proxy; - klib = options.services.kubernetes.lib.default; in { imports = [ @@ -44,7 +43,7 @@ in type = str; }; - kubeconfig = klib.mkKubeConfigOptions "Kubernetes proxy"; + kubeconfig = top.lib.mkKubeConfigOptions "Kubernetes proxy"; verbosity = mkOption { description = '' @@ -73,7 +72,7 @@ in ${optionalString (cfg.featureGates != []) "--feature-gates=${concatMapStringsSep "," (feature: "${feature}=true") cfg.featureGates}"} \ --hostname-override=${cfg.hostname} \ - --kubeconfig=${klib.mkKubeConfig "kube-proxy" cfg.kubeconfig} \ + --kubeconfig=${top.lib.mkKubeConfig "kube-proxy" cfg.kubeconfig} \ ${optionalString (cfg.verbosity != null) "--v=${toString cfg.verbosity}"} \ ${cfg.extraOpts} ''; @@ -89,7 +88,7 @@ in services.kubernetes.proxy.hostname = with config.networking; mkDefault hostName; services.kubernetes.pki.certs = { - kubeProxyClient = klib.mkCert { + kubeProxyClient = top.lib.mkCert { name = "kube-proxy-client"; CN = "system:kube-proxy"; action = "systemctl restart kube-proxy.service"; @@ -98,4 +97,6 @@ in services.kubernetes.proxy.kubeconfig.server = mkDefault top.apiserverAddress; }; + + meta.buildDocsInSandbox = false; } diff --git a/nixos/modules/services/cluster/kubernetes/scheduler.nix b/nixos/modules/services/cluster/kubernetes/scheduler.nix index 442e3fe3a69f4..2a522f1db89ce 100644 --- a/nixos/modules/services/cluster/kubernetes/scheduler.nix +++ b/nixos/modules/services/cluster/kubernetes/scheduler.nix @@ -6,7 +6,6 @@ let top = config.services.kubernetes; otop = options.services.kubernetes; cfg = top.scheduler; - klib = options.services.kubernetes.lib.default; in { ###### interface @@ -33,7 +32,7 @@ in type = listOf str; }; - kubeconfig = klib.mkKubeConfigOptions "Kubernetes scheduler"; + kubeconfig = top.lib.mkKubeConfigOptions "Kubernetes scheduler"; leaderElect = mkOption { description = "Whether to start leader election before executing main loop."; @@ -70,7 +69,7 @@ in --address=${cfg.address} \ ${optionalString (cfg.featureGates != []) "--feature-gates=${concatMapStringsSep "," (feature: "${feature}=true") cfg.featureGates}"} \ - --kubeconfig=${klib.mkKubeConfig "kube-scheduler" cfg.kubeconfig} \ + --kubeconfig=${top.lib.mkKubeConfig "kube-scheduler" cfg.kubeconfig} \ --leader-elect=${boolToString cfg.leaderElect} \ --port=${toString cfg.port} \ ${optionalString (cfg.verbosity != null) "--v=${toString cfg.verbosity}"} \ @@ -88,7 +87,7 @@ in }; services.kubernetes.pki.certs = { - schedulerClient = klib.mkCert { + schedulerClient = top.lib.mkCert { name = "kube-scheduler-client"; CN = "system:kube-scheduler"; action = "systemctl restart kube-scheduler.service"; @@ -97,4 +96,6 @@ in services.kubernetes.scheduler.kubeconfig.server = mkDefault top.apiserverAddress; }; + + meta.buildDocsInSandbox = false; }