diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/cluster/kubernetes')
9 files changed, 62 insertions, 24 deletions
diff --git a/nixpkgs/nixos/modules/services/cluster/kubernetes/addon-manager.nix b/nixpkgs/nixos/modules/services/cluster/kubernetes/addon-manager.nix index 1378b5ccfb7a..821f1aa54604 100644 --- a/nixpkgs/nixos/modules/services/cluster/kubernetes/addon-manager.nix +++ b/nixpkgs/nixos/modules/services/cluster/kubernetes/addon-manager.nix @@ -84,6 +84,9 @@ in Restart = "on-failure"; RestartSec = 10; }; + unitConfig = { + StartLimitIntervalSec = 0; + }; }; services.kubernetes.addonManager.bootstrapAddons = mkIf isRBACEnabled diff --git a/nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dns.nix b/nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dns.nix index 24d86628b211..8f937a13231b 100644 --- a/nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dns.nix +++ b/nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dns.nix @@ -60,6 +60,45 @@ in { sha256 = "02r440xcdsgi137k5lmmvp0z5w5fmk8g9mysq5pnysq1wl8sj6mw"; }; }; + + corefile = mkOption { + description = '' + Custom coredns corefile configuration. + + See: <link xlink:href="https://coredns.io/manual/toc/#configuration"/>. + ''; + type = types.str; + default = '' + .:${toString ports.dns} { + errors + health :${toString ports.health} + kubernetes ${cfg.clusterDomain} in-addr.arpa ip6.arpa { + pods insecure + fallthrough in-addr.arpa ip6.arpa + } + prometheus :${toString ports.metrics} + forward . /etc/resolv.conf + cache 30 + loop + reload + loadbalance + }''; + defaultText = '' + .:${toString ports.dns} { + errors + health :${toString ports.health} + kubernetes ''${config.services.kubernetes.addons.dns.clusterDomain} in-addr.arpa ip6.arpa { + pods insecure + fallthrough in-addr.arpa ip6.arpa + } + prometheus :${toString ports.metrics} + forward . /etc/resolv.conf + cache 30 + loop + reload + loadbalance + }''; + }; }; config = mkIf cfg.enable { @@ -151,20 +190,7 @@ in { namespace = "kube-system"; }; data = { - Corefile = ".:${toString ports.dns} { - errors - health :${toString ports.health} - kubernetes ${cfg.clusterDomain} in-addr.arpa ip6.arpa { - pods insecure - fallthrough in-addr.arpa ip6.arpa - } - prometheus :${toString ports.metrics} - forward . /etc/resolv.conf - cache 30 - loop - reload - loadbalance - }"; + Corefile = cfg.corefile; }; }; diff --git a/nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix b/nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix index f1531caa7544..2c89310beb5a 100644 --- a/nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix +++ b/nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix @@ -190,12 +190,6 @@ in type = nullOr path; }; - kubeletHttps = mkOption { - description = "Whether to use https for connections to kubelet."; - default = true; - type = bool; - }; - preferredAddressTypes = mkOption { description = "List of the preferred NodeAddressTypes to use for kubelet connections."; type = nullOr str; @@ -365,7 +359,6 @@ in "--feature-gates=${concatMapStringsSep "," (feature: "${feature}=true") cfg.featureGates}"} \ ${optionalString (cfg.basicAuthFile != null) "--basic-auth-file=${cfg.basicAuthFile}"} \ - --kubelet-https=${boolToString cfg.kubeletHttps} \ ${optionalString (cfg.kubeletClientCaFile != null) "--kubelet-certificate-authority=${cfg.kubeletClientCaFile}"} \ ${optionalString (cfg.kubeletClientCertFile != null) @@ -405,6 +398,10 @@ in Restart = "on-failure"; RestartSec = 5; }; + + unitConfig = { + StartLimitIntervalSec = 0; + }; }; services.etcd = { diff --git a/nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix b/nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix index 0c81fa9ae492..7128b5f70b1a 100644 --- a/nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix +++ b/nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix @@ -146,6 +146,9 @@ in User = "kubernetes"; Group = "kubernetes"; }; + unitConfig = { + StartLimitIntervalSec = 0; + }; path = top.path; }; diff --git a/nixpkgs/nixos/modules/services/cluster/kubernetes/flannel.nix b/nixpkgs/nixos/modules/services/cluster/kubernetes/flannel.nix index 3f55719027f0..fecea7a15f3d 100644 --- a/nixpkgs/nixos/modules/services/cluster/kubernetes/flannel.nix +++ b/nixpkgs/nixos/modules/services/cluster/kubernetes/flannel.nix @@ -58,7 +58,7 @@ in services.kubernetes.addonManager.bootstrapAddons = mkIf ((storageBackend == "kubernetes") && (elem "RBAC" top.apiserver.authorizationMode)) { flannel-cr = { - apiVersion = "rbac.authorization.k8s.io/v1beta1"; + apiVersion = "rbac.authorization.k8s.io/v1"; kind = "ClusterRole"; metadata = { name = "flannel"; }; rules = [{ @@ -79,7 +79,7 @@ in }; flannel-crb = { - apiVersion = "rbac.authorization.k8s.io/v1beta1"; + apiVersion = "rbac.authorization.k8s.io/v1"; kind = "ClusterRoleBinding"; metadata = { name = "flannel"; }; roleRef = { diff --git a/nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix b/nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix index fcfcc8435477..08f5cdfdf334 100644 --- a/nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix +++ b/nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix @@ -337,6 +337,9 @@ in ''; WorkingDirectory = top.dataDir; }; + unitConfig = { + StartLimitIntervalSec = 0; + }; }; # Allways include cni plugins diff --git a/nixpkgs/nixos/modules/services/cluster/kubernetes/pki.nix b/nixpkgs/nixos/modules/services/cluster/kubernetes/pki.nix index d9311d3e3a04..faf951d81574 100644 --- a/nixpkgs/nixos/modules/services/cluster/kubernetes/pki.nix +++ b/nixpkgs/nixos/modules/services/cluster/kubernetes/pki.nix @@ -189,7 +189,7 @@ in # manually paste it in place. Just symlink. # otherwise, create the target file, ready for users to insert the token - mkdir -p $(dirname ${certmgrAPITokenPath}) + mkdir -p "$(dirname "${certmgrAPITokenPath}")" if [ -f "${cfsslAPITokenPath}" ]; then ln -fs "${cfsslAPITokenPath}" "${certmgrAPITokenPath}" else diff --git a/nixpkgs/nixos/modules/services/cluster/kubernetes/proxy.nix b/nixpkgs/nixos/modules/services/cluster/kubernetes/proxy.nix index 42729f54643b..a92043d52597 100644 --- a/nixpkgs/nixos/modules/services/cluster/kubernetes/proxy.nix +++ b/nixpkgs/nixos/modules/services/cluster/kubernetes/proxy.nix @@ -77,6 +77,9 @@ in Restart = "on-failure"; RestartSec = 5; }; + unitConfig = { + StartLimitIntervalSec = 0; + }; }; services.kubernetes.proxy.hostname = with config.networking; mkDefault hostName; diff --git a/nixpkgs/nixos/modules/services/cluster/kubernetes/scheduler.nix b/nixpkgs/nixos/modules/services/cluster/kubernetes/scheduler.nix index 454c689759df..1b0c22a11426 100644 --- a/nixpkgs/nixos/modules/services/cluster/kubernetes/scheduler.nix +++ b/nixpkgs/nixos/modules/services/cluster/kubernetes/scheduler.nix @@ -79,6 +79,9 @@ in Restart = "on-failure"; RestartSec = 5; }; + unitConfig = { + StartLimitIntervalSec = 0; + }; }; services.kubernetes.pki.certs = { |