diff options
author | Jaka Hudoklin <jakahudoklin@gmail.com> | 2015-08-19 23:52:19 +0200 |
---|---|---|
committer | Jaka Hudoklin <jakahudoklin@gmail.com> | 2015-08-19 23:52:19 +0200 |
commit | c33d2822781fd5449e19083c60123a3b5b93b698 (patch) | |
tree | 45635c6ab4a3b36bd75169253bbe94bbeac0f2bc /nixos/modules/services/cluster | |
parent | 559e2ab9512a938691076a23fba744ff115cd260 (diff) | |
download | nixlib-c33d2822781fd5449e19083c60123a3b5b93b698.tar nixlib-c33d2822781fd5449e19083c60123a3b5b93b698.tar.gz nixlib-c33d2822781fd5449e19083c60123a3b5b93b698.tar.bz2 nixlib-c33d2822781fd5449e19083c60123a3b5b93b698.tar.lz nixlib-c33d2822781fd5449e19083c60123a3b5b93b698.tar.xz nixlib-c33d2822781fd5449e19083c60123a3b5b93b698.tar.zst nixlib-c33d2822781fd5449e19083c60123a3b5b93b698.zip |
kubernetes service: fix for 1.0.3
Diffstat (limited to 'nixos/modules/services/cluster')
-rw-r--r-- | nixos/modules/services/cluster/kubernetes.nix | 66 |
1 files changed, 47 insertions, 19 deletions
diff --git a/nixos/modules/services/cluster/kubernetes.nix b/nixos/modules/services/cluster/kubernetes.nix index d00c1aaa1055..0abef29dd19c 100644 --- a/nixos/modules/services/cluster/kubernetes.nix +++ b/nixos/modules/services/cluster/kubernetes.nix @@ -78,12 +78,6 @@ in { type = types.int; }; - readOnlyPort = mkOption { - description = "Kubernets apiserver read-only port."; - default = 7080; - type = types.int; - }; - securePort = mkOption { description = "Kubernetes apiserver secure port."; default = 6443; @@ -102,6 +96,12 @@ in { type = types.str; }; + clientCaFile = mkOption { + description = "Kubernetes apiserver CA file for client auth."; + default = ""; + type = types.str; + }; + tokenAuth = mkOption { description = '' Kubernetes apiserver token authentication file. See @@ -158,6 +158,19 @@ in { type = types.str; }; + runtimeConfig = mkOption { + description = "Api runtime configuration"; + default = ""; + example = "api/all=false,api/v1=true"; + type = types.str; + }; + + admissionControl = mkOption { + description = "Kubernetes admission control plugins to use."; + default = ["AlwaysAdmit"]; + type = types.listOf types.str; + }; + extraOpts = mkOption { description = "Kubernetes apiserver extra command line options."; default = ""; @@ -222,12 +235,6 @@ in { type = types.str; }; - machines = mkOption { - description = "Kubernetes controller list of machines to schedule to schedule onto"; - default = []; - type = types.listOf types.str; - }; - extraOpts = mkOption { description = "Kubernetes controller extra command line options."; default = ""; @@ -260,6 +267,20 @@ in { type = types.int; }; + healthz = { + bind = mkOption { + description = "Kubernetes kubelet healthz listening address."; + default = "127.0.0.1"; + type = types.str; + }; + + port = mkOption { + description = "Kubernetes kubelet healthz port."; + default = 10248; + type = types.int; + }; + }; + hostname = mkOption { description = "Kubernetes kubelet hostname override"; default = config.networking.hostName; @@ -374,7 +395,6 @@ in { --etcd-servers=${concatMapStringsSep "," (f: "http://${f}") cfg.etcdServers} \ --insecure-bind-address=${cfg.apiserver.address} \ --insecure-port=${toString cfg.apiserver.port} \ - --read-only-port=${toString cfg.apiserver.readOnlyPort} \ --bind-address=${cfg.apiserver.publicAddress} \ --allow-privileged=${if cfg.apiserver.allowPrivileged then "true" else "false"} \ ${optionalString (cfg.apiserver.tlsCertFile!="") @@ -383,11 +403,16 @@ in { "--tls-private-key-file=${cfg.apiserver.tlsPrivateKeyFile}"} \ ${optionalString (cfg.apiserver.tokenAuth!=[]) "--token-auth-file=${tokenAuthFile}"} \ + ${optionalString (cfg.apiserver.clientCaFile!="") + "--client-ca-file=${cfg.apiserver.clientCaFile}"} \ --authorization-mode=${cfg.apiserver.authorizationMode} \ ${optionalString (cfg.apiserver.authorizationMode == "ABAC") "--authorization-policy-file=${authorizationPolicyFile}"} \ --secure-port=${toString cfg.apiserver.securePort} \ --service-cluster-ip-range=${cfg.apiserver.portalNet} \ + ${optionalString (cfg.apiserver.runtimeConfig!="") + "--runtime-config=${cfg.apiserver.runtimeConfig}"} \ + --admission_control=${cfg.apiserver.admissionControl} \ --logtostderr=true \ ${optionalString cfg.verbose "--v=6 --log-flush-frequency=1s"} \ ${cfg.apiserver.extraOpts} @@ -431,7 +456,6 @@ in { --address=${cfg.controllerManager.address} \ --port=${toString cfg.controllerManager.port} \ --master=${cfg.controllerManager.master} \ - --machines=${concatStringsSep "," cfg.controllerManager.machines} \ --logtostderr=true \ ${optionalString cfg.verbose "--v=6 --log-flush-frequency=1s"} \ ${cfg.controllerManager.extraOpts} @@ -454,6 +478,8 @@ in { --register-node=${if cfg.kubelet.registerNode then "true" else "false"} \ --address=${cfg.kubelet.address} \ --port=${toString cfg.kubelet.port} \ + --healthz-bind-address=${cfg.kubelet.healthz.bind} \ + --healthz-port=${toString cfg.kubelet.healthz.port} \ --hostname-override=${cfg.kubelet.hostname} \ --allow-privileged=${if cfg.kubelet.allowPrivileged then "true" else "false"} \ --root-dir=${cfg.dataDir} \ @@ -504,9 +530,6 @@ in { User = "kubernetes"; }; }; - - services.skydns.enable = mkDefault true; - services.skydns.domain = mkDefault cfg.kubelet.clusterDomain; }) (mkIf (any (el: el == "master") cfg.roles) { @@ -524,6 +547,9 @@ in { (mkIf (any (el: el == "node" || el == "master") cfg.roles) { services.etcd.enable = mkDefault true; + + services.skydns.enable = mkDefault true; + services.skydns.domain = mkDefault cfg.kubelet.clusterDomain; }) (mkIf ( @@ -538,8 +564,10 @@ in { serviceConfig.Type = "oneshot"; script = '' mkdir -p /var/run/kubernetes - chown kubernetes /var/run/kubernetes - ln -fs ${pkgs.writeText "kubernetes-dockercfg" cfg.dockerCfg} /var/run/kubernetes/.dockercfg + chown kubernetes /var/lib/kubernetes + + rm ${cfg.dataDir}/.dockercfg || true + ln -fs ${pkgs.writeText "kubernetes-dockercfg" cfg.dockerCfg} ${cfg.dataDir}/.dockercfg ''; }; |