diff options
author | Sarah Brofeldt <sbrofeldt@gmail.com> | 2018-06-13 14:31:11 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-06-13 14:31:11 +0200 |
commit | 2ebadc4d8798f2539510bfee475311bb4de95410 (patch) | |
tree | 06839a70c76fe45a67b5576719e13498e2bcc06f /nixos/modules/services/cluster/kubernetes/default.nix | |
parent | bffc59badd089545fb4d27bbbd9c403e31d629fd (diff) | |
parent | 8d7ea96a13ab569d69aa7feaaa99f0d896b4f97a (diff) | |
download | nixlib-2ebadc4d8798f2539510bfee475311bb4de95410.tar nixlib-2ebadc4d8798f2539510bfee475311bb4de95410.tar.gz nixlib-2ebadc4d8798f2539510bfee475311bb4de95410.tar.bz2 nixlib-2ebadc4d8798f2539510bfee475311bb4de95410.tar.lz nixlib-2ebadc4d8798f2539510bfee475311bb4de95410.tar.xz nixlib-2ebadc4d8798f2539510bfee475311bb4de95410.tar.zst nixlib-2ebadc4d8798f2539510bfee475311bb4de95410.zip |
Merge pull request #41884 from johanot/k8s-improvements
nixos/kubernetes: improvements
Diffstat (limited to 'nixos/modules/services/cluster/kubernetes/default.nix')
-rw-r--r-- | nixos/modules/services/cluster/kubernetes/default.nix | 47 |
1 files changed, 28 insertions, 19 deletions
diff --git a/nixos/modules/services/cluster/kubernetes/default.nix b/nixos/modules/services/cluster/kubernetes/default.nix index e624f41601b3..20f2308508c6 100644 --- a/nixos/modules/services/cluster/kubernetes/default.nix +++ b/nixos/modules/services/cluster/kubernetes/default.nix @@ -73,7 +73,9 @@ let mkKubeConfigOptions = prefix: { server = mkOption { description = "${prefix} kube-apiserver server address."; - default = "http://${cfg.apiserver.address}:${toString cfg.apiserver.port}"; + default = "http://${if cfg.apiserver.advertiseAddress != null + then cfg.apiserver.advertiseAddress + else "127.0.0.1"}:${toString cfg.apiserver.port}"; type = types.str; }; @@ -103,12 +105,18 @@ let keyFile = mkDefault cfg.kubeconfig.keyFile; }; - cniConfig = pkgs.buildEnv { - name = "kubernetes-cni-config"; - paths = imap (i: entry: - pkgs.writeTextDir "${toString (10+i)}-${entry.type}.conf" (builtins.toJSON entry) - ) cfg.kubelet.cni.config; - }; + cniConfig = + if cfg.kubelet.cni.config != [] && !(isNull cfg.kubelet.cni.configDir) then + throw "Verbatim CNI-config and CNI configDir cannot both be set." + else if !(isNull cfg.kubelet.cni.configDir) then + cfg.kubelet.cni.configDir + else + (pkgs.buildEnv { + name = "kubernetes-cni-config"; + paths = imap (i: entry: + pkgs.writeTextDir "${toString (10+i)}-${entry.type}.conf" (builtins.toJSON entry) + ) cfg.kubelet.cni.config; + }); manifests = pkgs.buildEnv { name = "kubernetes-manifests"; @@ -244,18 +252,13 @@ in { type = types.listOf types.str; }; - address = mkOption { - description = "Kubernetes apiserver listening address."; - default = "127.0.0.1"; - type = types.str; - }; - - publicAddress = mkOption { + bindAddress = mkOption { description = '' - Kubernetes apiserver public listening address used for read only and - secure port. + The IP address on which to listen for the --secure-port port. + The associated interface(s) must be reachable by the rest + of the cluster, and by CLI/web clients. ''; - default = cfg.apiserver.address; + default = "0.0.0.0"; type = types.str; }; @@ -670,6 +673,12 @@ in { }] ''; }; + + configDir = mkOption { + description = "Path to Kubernetes CNI configuration directory."; + type = types.nullOr types.path; + default = null; + }; }; manifests = mkOption { @@ -892,7 +901,7 @@ in { (mkIf cfg.apiserver.enable { systemd.services.kube-apiserver = { - description = "Kubernetes Kubelet Service"; + description = "Kubernetes APIServer Service"; wantedBy = [ "kubernetes.target" ]; after = [ "network.target" "docker.service" ]; serviceConfig = { @@ -906,7 +915,7 @@ in { ${optionalString (cfg.etcd.keyFile != null) "--etcd-keyfile=${cfg.etcd.keyFile}"} \ --insecure-port=${toString cfg.apiserver.port} \ - --bind-address=${toString cfg.apiserver.address} \ + --bind-address=${cfg.apiserver.bindAddress} \ ${optionalString (cfg.apiserver.advertiseAddress != null) "--advertise-address=${cfg.apiserver.advertiseAddress}"} \ --allow-privileged=${boolToString cfg.apiserver.allowPrivileged}\ |