home

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE

commit 5aa1c788df2b1db6f94dce9aeb69d3e44d5cd303
parent fe0cefda744b2248756a83d0cb8c6e9fb086f6a4
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Fri,  3 Sep 2021 10:42:07 +0200

systems: updates k8s hosts

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:
Msystems/hosts/k8sn1.nix | 2++
Msystems/hosts/k8sn2.nix | 9++++++++-
Msystems/hosts/k8sn3.nix | 9++++++++-
Msystems/modules/profiles/kubernetes.nix | 14++++++++++----
4 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/systems/hosts/k8sn1.nix b/systems/hosts/k8sn1.nix @@ -31,6 +31,8 @@ in networking = { hostName = hostname; + domain = "home"; + firewall.enable = false; }; profiles = { diff --git a/systems/hosts/k8sn2.nix b/systems/hosts/k8sn2.nix @@ -7,6 +7,11 @@ in { imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> + (import ../../nix).home-manager-stable + ../../systems/modules + # FIXME Need to refactor vincent user as.. it's adding way to much by default... + # (import ../../users).vincent + (import ../../users).root ]; fileSystems."/" = { @@ -22,6 +27,8 @@ in networking = { hostName = hostname; + domain = "home"; + firewall.enable = false; }; profiles = { @@ -31,7 +38,7 @@ in kubernetes = { enable = true; master = { - enable = true; + enable = false; ip = kubeMasterIP; }; }; diff --git a/systems/hosts/k8sn3.nix b/systems/hosts/k8sn3.nix @@ -7,6 +7,11 @@ in { imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> + (import ../../nix).home-manager-stable + ../../systems/modules + # FIXME Need to refactor vincent user as.. it's adding way to much by default... + # (import ../../users).vincent + (import ../../users).root ]; fileSystems."/" = { @@ -22,6 +27,8 @@ in networking = { hostName = hostname; + domain = "home"; + firewall.enable = false; }; profiles = { @@ -31,7 +38,7 @@ in kubernetes = { enable = true; master = { - enable = true; + enable = false; ip = kubeMasterIP; }; }; diff --git a/systems/modules/profiles/kubernetes.nix b/systems/modules/profiles/kubernetes.nix @@ -25,7 +25,12 @@ in }; }; config = mkIf cfg.enable { - networking.extraHosts = "${cfg.master.ip} ${cfg.master.hostname}"; + networking = { + firewall.allowedTCPPorts = [ 80 443 6443 ]; + extraHosts = "${cfg.master.ip} ${cfg.master.hostname}"; + }; + + boot.kernelModules = [ "ceph" ]; # packages for administration tasks environment.systemPackages = with pkgs; [ @@ -37,17 +42,18 @@ in roles = [ "node" ] ++ optionals cfg.master.enable [ "master" ]; masterAddress = cfg.master.hostname; apiserverAddress = "https://${cfg.master.hostname}:${toString cfg.master.port}"; + kubeconfig.server = "https://${cfg.master.hostname}:${toString cfg.master.port}"; easyCerts = true; - apiserver = { + apiserver = mkIf cfg.master.enable { securePort = cfg.master.port; advertiseAddress = cfg.master.ip; }; - + controllerManager.extraOpts = "--horizontal-pod-autoscaler-use-rest-clients=false"; # use coredns addons.dns.enable = true; # needed if you use swap - kubelet.extraOpts = "--fail-swap-on=false"; + kubelet.extraOpts = "--fail-swap-on=false --root-dir=/var/lib/kubelet"; }; }; }