diff options
Diffstat (limited to 'nixos/modules/services')
-rw-r--r-- | nixos/modules/services/cluster/kubernetes.nix | 106 | ||||
-rw-r--r-- | nixos/modules/services/misc/mwlib.nix | 2 |
2 files changed, 76 insertions, 32 deletions
diff --git a/nixos/modules/services/cluster/kubernetes.nix b/nixos/modules/services/cluster/kubernetes.nix index 6a775bb159fc..a7f4ec7b008b 100644 --- a/nixos/modules/services/cluster/kubernetes.nix +++ b/nixos/modules/services/cluster/kubernetes.nix @@ -286,7 +286,7 @@ in { clusterDomain = mkOption { description = "Use alternative domain."; - default = ""; + default = "kubernetes.io"; type = types.str; }; @@ -322,13 +322,35 @@ in { type = types.str; }; }; + + kube2sky = { + enable = mkEnableOption "Whether to enable kube2sky dns service."; + + domain = mkOption { + description = "Kuberntes kube2sky domain under which all DNS names will be hosted."; + default = cfg.kubelet.clusterDomain; + type = types.str; + }; + + master = mkOption { + description = "Kubernetes apiserver address"; + default = "${cfg.apiserver.address}:${toString cfg.apiserver.port}"; + type = types.str; + }; + + extraOpts = mkOption { + description = "Kubernetes kube2sky extra command line options."; + default = ""; + type = types.str; + }; + }; }; ###### implementation config = mkMerge [ (mkIf cfg.apiserver.enable { - systemd.services.kubernetes-apiserver = { + systemd.services.kube-apiserver = { description = "Kubernetes Api Server"; wantedBy = [ "multi-user.target" ]; requires = ["kubernetes-setup.service"]; @@ -343,26 +365,25 @@ in { (concatImapStringsSep "\n" (i: v: v + "," + (toString i)) (mapAttrsToList (name: token: token + "," + name) cfg.apiserver.tokenAuth)); in ''${cfg.package}/bin/kube-apiserver \ - --etcd_servers=${concatMapStringsSep "," (f: "http://${f}") cfg.etcdServers} \ - --address=${cfg.apiserver.address} \ - --port=${toString cfg.apiserver.port} \ - --read_only_port=${toString cfg.apiserver.readOnlyPort} \ - --public_address_override=${cfg.apiserver.publicAddress} \ - --allow_privileged=${if cfg.apiserver.allowPrivileged then "true" else "false"} \ + --etcd-servers=${concatMapStringsSep "," (f: "http://${f}") cfg.etcdServers} \ + --insecure-bind-address=${cfg.apiserver.address} \ + --insecure-port=${toString cfg.apiserver.port} \ + --read-only-port=${toString cfg.apiserver.readOnlyPort} \ + --bind-address=${cfg.apiserver.publicAddress} \ + --allow-privileged=${if cfg.apiserver.allowPrivileged then "true" else "false"} \ ${optionalString (cfg.apiserver.tlsCertFile!="") - "--tls_cert_file=${cfg.apiserver.tlsCertFile}"} \ + "--tls-cert-file=${cfg.apiserver.tlsCertFile}"} \ ${optionalString (cfg.apiserver.tlsPrivateKeyFile!="") - "--tls_private_key_file=${cfg.apiserver.tlsPrivateKeyFile}"} \ + "--tls-private-key-file=${cfg.apiserver.tlsPrivateKeyFile}"} \ ${optionalString (cfg.apiserver.tokenAuth!=[]) - "--token_auth_file=${tokenAuthFile}"} \ - --authorization_mode=${cfg.apiserver.authorizationMode} \ + "--token-auth-file=${tokenAuthFile}"} \ + --authorization-mode=${cfg.apiserver.authorizationMode} \ ${optionalString (cfg.apiserver.authorizationMode == "ABAC") - "--authorization_policy_file=${authorizationPolicyFile}"} \ - --secure_port=${toString cfg.apiserver.securePort} \ - --portal_net=${cfg.apiserver.portalNet} \ + "--authorization-policy-file=${authorizationPolicyFile}"} \ + --secure-port=${toString cfg.apiserver.securePort} \ + --service-cluster-ip-range=${cfg.apiserver.portalNet} \ --logtostderr=true \ - --runtime_config=api/v1beta3 \ - ${optionalString cfg.verbose "--v=6 --log_flush_frequency=1s"} \ + ${optionalString cfg.verbose "--v=6 --log-flush-frequency=1s"} \ ${cfg.apiserver.extraOpts} ''; User = "kubernetes"; @@ -376,7 +397,7 @@ in { }) (mkIf cfg.scheduler.enable { - systemd.services.kubernetes-scheduler = { + systemd.services.kube-scheduler = { description = "Kubernetes Scheduler Service"; wantedBy = [ "multi-user.target" ]; after = [ "network-interfaces.target" "kubernetes-apiserver.service" ]; @@ -386,7 +407,7 @@ in { --port=${toString cfg.scheduler.port} \ --master=${cfg.scheduler.master} \ --logtostderr=true \ - ${optionalString cfg.verbose "--v=6 --log_flush_frequency=1s"} \ + ${optionalString cfg.verbose "--v=6 --log-flush-frequency=1s"} \ ${cfg.scheduler.extraOpts} ''; User = "kubernetes"; @@ -395,7 +416,7 @@ in { }) (mkIf cfg.controllerManager.enable { - systemd.services.kubernetes-controller-manager = { + systemd.services.kube-controller-manager = { description = "Kubernetes Controller Manager Service"; wantedBy = [ "multi-user.target" ]; after = [ "network-interfaces.target" "kubernetes-apiserver.service" ]; @@ -406,7 +427,7 @@ in { --master=${cfg.controllerManager.master} \ --machines=${concatStringsSep "," cfg.controllerManager.machines} \ --logtostderr=true \ - ${optionalString cfg.verbose "--v=6 --log_flush_frequency=1s"} \ + ${optionalString cfg.verbose "--v=6 --log-flush-frequency=1s"} \ ${cfg.controllerManager.extraOpts} ''; User = "kubernetes"; @@ -415,7 +436,7 @@ in { }) (mkIf cfg.kubelet.enable { - systemd.services.kubernetes-kubelet = { + systemd.services.kubelet = { description = "Kubernetes Kubelet Service"; wantedBy = [ "multi-user.target" ]; requires = ["kubernetes-setup.service"]; @@ -423,17 +444,17 @@ in { script = '' export PATH="/bin:/sbin:/usr/bin:/usr/sbin:$PATH" exec ${cfg.package}/bin/kubelet \ - --api_servers=${concatMapStringsSep "," (f: "http://${f}") cfg.kubelet.apiServers} \ + --api-servers=${concatMapStringsSep "," (f: "http://${f}") cfg.kubelet.apiServers} \ --address=${cfg.kubelet.address} \ --port=${toString cfg.kubelet.port} \ - --hostname_override=${cfg.kubelet.hostname} \ - --allow_privileged=${if cfg.kubelet.allowPrivileged then "true" else "false"} \ - --root_dir=${cfg.dataDir} \ + --hostname-override=${cfg.kubelet.hostname} \ + --allow-privileged=${if cfg.kubelet.allowPrivileged then "true" else "false"} \ + --root-dir=${cfg.dataDir} \ --cadvisor_port=${toString cfg.kubelet.cadvisorPort} \ ${optionalString (cfg.kubelet.clusterDns != "") - ''--cluster_dns=${cfg.kubelet.clusterDns}''} \ + ''--cluster-dns=${cfg.kubelet.clusterDns}''} \ ${optionalString (cfg.kubelet.clusterDomain != "") - ''--cluster_domain=${cfg.kubelet.clusterDomain}''} \ + ''--cluster-domain=${cfg.kubelet.clusterDomain}''} \ --logtostderr=true \ ${optionalString cfg.verbose "--v=6 --log_flush_frequency=1s"} \ ${cfg.kubelet.extraOpts} @@ -443,26 +464,49 @@ in { }) (mkIf cfg.proxy.enable { - systemd.services.kubernetes-proxy = { + systemd.services.kube-proxy = { description = "Kubernetes Proxy Service"; wantedBy = [ "multi-user.target" ]; after = [ "network-interfaces.target" "etcd.service" ]; serviceConfig = { ExecStart = ''${cfg.package}/bin/kube-proxy \ --master=${cfg.proxy.master} \ - --bind_address=${cfg.proxy.address} \ + --bind-address=${cfg.proxy.address} \ --logtostderr=true \ - ${optionalString cfg.verbose "--v=6 --log_flush_frequency=1s"} \ + ${optionalString cfg.verbose "--v=6 --log-flush-frequency=1s"} \ ${cfg.proxy.extraOpts} ''; }; }; }) + (mkIf cfg.kube2sky.enable { + systemd.services.kube2sky = { + description = "Kubernetes Dns Bridge Service"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "skydns.service" "etcd.service" "kubernetes-apiserver.service" ]; + serviceConfig = { + ExecStart = ''${cfg.package}/bin/kube2sky \ + -etcd-server=http://${head cfg.etcdServers} \ + -domain=${cfg.kube2sky.domain} \ + -kube_master_url=http://${cfg.kube2sky.master} \ + -logtostderr=true \ + ${optionalString cfg.verbose "--v=6 --log-flush-frequency=1s"} \ + ${cfg.kube2sky.extraOpts} + ''; + User = "kubernetes"; + }; + }; + + services.skydns.enable = mkDefault true; + services.skydns.domain = mkDefault cfg.kubelet.clusterDomain; + }) + (mkIf (any (el: el == "master") cfg.roles) { services.kubernetes.apiserver.enable = mkDefault true; services.kubernetes.scheduler.enable = mkDefault true; services.kubernetes.controllerManager.enable = mkDefault true; + services.kubernetes.kube2sky.enable = mkDefault true; }) (mkIf (any (el: el == "node") cfg.roles) { diff --git a/nixos/modules/services/misc/mwlib.nix b/nixos/modules/services/misc/mwlib.nix index d02e1e021a70..a8edecff2a1e 100644 --- a/nixos/modules/services/misc/mwlib.nix +++ b/nixos/modules/services/misc/mwlib.nix @@ -226,7 +226,7 @@ in chmod -Rc u=rwX,go= '${cfg.nslave.cachedir}' ''; - path = with pkgs; [ imagemagick ]; + path = with pkgs; [ imagemagick pdftk ]; environment = { PYTHONPATH = concatMapStringsSep ":" (m: "${pypkgs.${m}}/lib/${python.libPrefix}/site-packages") |