Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix kubernetes #153951

Merged
merged 2 commits into from
Jan 8, 2022
Merged

Fix kubernetes #153951

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8f5bce7
Revert "nixos/kubernetes: make lib option internal and readonly"
pennae Jan 8, 2022
7b91df1
nixos/kubernetes: move all k8s docs out of the sandbox
pennae Jan 8, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions nixos/modules/services/cluster/kubernetes/addon-manager.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -167,4 +167,5 @@ in
};
};

meta.buildDocsInSandbox = false;
}
2 changes: 2 additions & 0 deletions nixos/modules/services/cluster/kubernetes/addons/dns.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -363,4 +363,6 @@ in {

services.kubernetes.kubelet.clusterDns = mkDefault cfg.clusterIp;
};

meta.buildDocsInSandbox = false;
}
1 change: 1 addition & 0 deletions nixos/modules/services/cluster/kubernetes/apiserver.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -496,4 +496,5 @@ in

];

meta.buildDocsInSandbox = false;
}
9 changes: 5 additions & 4 deletions nixos/modules/services/cluster/kubernetes/controller-manager.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ let
top = config.services.kubernetes;
otop = options.services.kubernetes;
cfg = top.controllerManager;
klib = options.services.kubernetes.lib.default;
in
{
imports = [
Expand Down Expand Up @@ -57,7 +56,7 @@ in
type = int;
};

kubeconfig = klib.mkKubeConfigOptions "Kubernetes controller manager";
kubeconfig = top.lib.mkKubeConfigOptions "Kubernetes controller manager";

leaderElect = mkOption {
description = "Whether to start leader election before executing main loop.";
Expand Down Expand Up @@ -130,7 +129,7 @@ in
"--cluster-cidr=${cfg.clusterCidr}"} \
${optionalString (cfg.featureGates != [])
"--feature-gates=${concatMapStringsSep "," (feature: "${feature}=true") cfg.featureGates}"} \
--kubeconfig=${klib.mkKubeConfig "kube-controller-manager" cfg.kubeconfig} \
--kubeconfig=${top.lib.mkKubeConfig "kube-controller-manager" cfg.kubeconfig} \
--leader-elect=${boolToString cfg.leaderElect} \
${optionalString (cfg.rootCaFile!=null)
"--root-ca-file=${cfg.rootCaFile}"} \
Expand All @@ -157,7 +156,7 @@ in
path = top.path;
};

services.kubernetes.pki.certs = with klib; {
services.kubernetes.pki.certs = with top.lib; {
controllerManager = mkCert {
name = "kube-controller-manager";
CN = "kube-controller-manager";
Expand All @@ -172,4 +171,6 @@ in

services.kubernetes.controllerManager.kubeconfig.server = mkDefault top.apiserverAddress;
};

meta.buildDocsInSandbox = false;
}
4 changes: 2 additions & 2 deletions nixos/modules/services/cluster/kubernetes/default.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -193,8 +193,6 @@ in {
inherit mkKubeConfigOptions;
};
type = types.attrs;
readOnly = true;
internal = true;
};

secretsPath = mkOption {
Expand Down Expand Up @@ -315,4 +313,6 @@ in {
else "${cfg.masterAddress}:${toString cfg.apiserver.securePort}"}");
})
];

meta.buildDocsInSandbox = false;
}
2 changes: 2 additions & 0 deletions nixos/modules/services/cluster/kubernetes/flannel.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,4 +95,6 @@ in

};
};

meta.buildDocsInSandbox = false;
}
9 changes: 5 additions & 4 deletions nixos/modules/services/cluster/kubernetes/kubelet.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ let
top = config.services.kubernetes;
otop = options.services.kubernetes;
cfg = top.kubelet;
klib = options.services.kubernetes.lib.default;

cniConfig =
if cfg.cni.config != [] && cfg.cni.configDir != null then
Expand All @@ -28,7 +27,7 @@ let
config.Cmd = ["/bin/pause"];
};

kubeconfig = klib.mkKubeConfig "kubelet" cfg.kubeconfig;
kubeconfig = top.lib.mkKubeConfig "kubelet" cfg.kubeconfig;

manifestPath = "kubernetes/manifests";

Expand Down Expand Up @@ -178,7 +177,7 @@ in
type = str;
};

kubeconfig = klib.mkKubeConfigOptions "Kubelet";
kubeconfig = top.lib.mkKubeConfigOptions "Kubelet";

manifests = mkOption {
description = "List of manifests to bootstrap with kubelet (only pods can be created as manifest entry)";
Expand Down Expand Up @@ -359,7 +358,7 @@ in
services.kubernetes.kubelet.hostname = with config.networking;
mkDefault (hostName + optionalString (domain != null) ".${domain}");

services.kubernetes.pki.certs = with klib; {
services.kubernetes.pki.certs = with top.lib; {
kubelet = mkCert {
name = "kubelet";
CN = top.kubelet.hostname;
Expand Down Expand Up @@ -396,4 +395,6 @@ in
})

];

meta.buildDocsInSandbox = false;
}
11 changes: 6 additions & 5 deletions nixos/modules/services/cluster/kubernetes/pki.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
{ config, options, lib, pkgs, ... }:
{ config, lib, pkgs, ... }:

with lib;

let
top = config.services.kubernetes;
cfg = top.pki;
klib = options.services.kubernetes.lib;

csrCA = pkgs.writeText "kube-pki-cacert-csr.json" (builtins.toJSON {
key = {
Expand All @@ -30,7 +29,7 @@ let
cfsslAPITokenLength = 32;

clusterAdminKubeconfig = with cfg.certs.clusterAdmin;
klib.mkKubeConfig "cluster-admin" {
top.lib.mkKubeConfig "cluster-admin" {
server = top.apiserverAddress;
certFile = cert;
keyFile = key;
Expand Down Expand Up @@ -251,7 +250,7 @@ in
# - it would be better with a more Nix-oriented way of managing addons
systemd.services.kube-addon-manager = mkIf top.addonManager.enable (mkMerge [{
environment.KUBECONFIG = with cfg.certs.addonManager;
klib.mkKubeConfig "addon-manager" {
top.lib.mkKubeConfig "addon-manager" {
server = top.apiserverAddress;
certFile = cert;
keyFile = key;
Expand Down Expand Up @@ -344,7 +343,7 @@ in
'';

services.flannel = with cfg.certs.flannelClient; {
kubeconfig = klib.mkKubeConfig "flannel" {
kubeconfig = top.lib.mkKubeConfig "flannel" {
server = top.apiserverAddress;
certFile = cert;
keyFile = key;
Expand Down Expand Up @@ -402,4 +401,6 @@ in
};
};
});

meta.buildDocsInSandbox = false;
}
9 changes: 5 additions & 4 deletions nixos/modules/services/cluster/kubernetes/proxy.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ let
top = config.services.kubernetes;
otop = options.services.kubernetes;
cfg = top.proxy;
klib = options.services.kubernetes.lib.default;
in
{
imports = [
Expand Down Expand Up @@ -44,7 +43,7 @@ in
type = str;
};

kubeconfig = klib.mkKubeConfigOptions "Kubernetes proxy";
kubeconfig = top.lib.mkKubeConfigOptions "Kubernetes proxy";

verbosity = mkOption {
description = ''
Expand Down Expand Up @@ -73,7 +72,7 @@ in
${optionalString (cfg.featureGates != [])
"--feature-gates=${concatMapStringsSep "," (feature: "${feature}=true") cfg.featureGates}"} \
--hostname-override=${cfg.hostname} \
--kubeconfig=${klib.mkKubeConfig "kube-proxy" cfg.kubeconfig} \
--kubeconfig=${top.lib.mkKubeConfig "kube-proxy" cfg.kubeconfig} \
${optionalString (cfg.verbosity != null) "--v=${toString cfg.verbosity}"} \
${cfg.extraOpts}
'';
Expand All @@ -89,7 +88,7 @@ in
services.kubernetes.proxy.hostname = with config.networking; mkDefault hostName;

services.kubernetes.pki.certs = {
kubeProxyClient = klib.mkCert {
kubeProxyClient = top.lib.mkCert {
name = "kube-proxy-client";
CN = "system:kube-proxy";
action = "systemctl restart kube-proxy.service";
Expand All @@ -98,4 +97,6 @@ in

services.kubernetes.proxy.kubeconfig.server = mkDefault top.apiserverAddress;
};

meta.buildDocsInSandbox = false;
}
9 changes: 5 additions & 4 deletions nixos/modules/services/cluster/kubernetes/scheduler.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ let
top = config.services.kubernetes;
otop = options.services.kubernetes;
cfg = top.scheduler;
klib = options.services.kubernetes.lib.default;
in
{
###### interface
Expand All @@ -33,7 +32,7 @@ in
type = listOf str;
};

kubeconfig = klib.mkKubeConfigOptions "Kubernetes scheduler";
kubeconfig = top.lib.mkKubeConfigOptions "Kubernetes scheduler";

leaderElect = mkOption {
description = "Whether to start leader election before executing main loop.";
Expand Down Expand Up @@ -70,7 +69,7 @@ in
--address=${cfg.address} \
${optionalString (cfg.featureGates != [])
"--feature-gates=${concatMapStringsSep "," (feature: "${feature}=true") cfg.featureGates}"} \
--kubeconfig=${klib.mkKubeConfig "kube-scheduler" cfg.kubeconfig} \
--kubeconfig=${top.lib.mkKubeConfig "kube-scheduler" cfg.kubeconfig} \
--leader-elect=${boolToString cfg.leaderElect} \
--port=${toString cfg.port} \
${optionalString (cfg.verbosity != null) "--v=${toString cfg.verbosity}"} \
Expand All @@ -88,7 +87,7 @@ in
};

services.kubernetes.pki.certs = {
schedulerClient = klib.mkCert {
schedulerClient = top.lib.mkCert {
name = "kube-scheduler-client";
CN = "system:kube-scheduler";
action = "systemctl restart kube-scheduler.service";
Expand All @@ -97,4 +96,6 @@ in

services.kubernetes.scheduler.kubeconfig.server = mkDefault top.apiserverAddress;
};

meta.buildDocsInSandbox = false;
}