commit ea1206eed8a01e78969900287dcecaf657486dd9
parent 12a3da0bfdf80c4c8c29bcb73a55478595789d41
Author: Vincent Demeester <vincent@sbr.pm>
Date: Wed, 1 Sep 2021 17:56:00 +0200
systems: add k8sn* nodes 😶
This will be my kubernetes-nixos node. This configuration will be
deployed by morph and is also gonna be used with nixos-generators to
bootstrap inital VM images.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Diffstat:
7 files changed, 196 insertions(+), 1 deletion(-)
diff --git a/systems/hosts/k8sn1.nix b/systems/hosts/k8sn1.nix
@@ -0,0 +1,50 @@
+{ sources ? import ../../nix
+, lib ? sources.lib
+, pkgs ? sources.pkgs { }
+, ...
+}:
+
+let
+ hostname = "k8sn1";
+ kubeMasterIP = "192.168.1.130";
+in
+{
+ imports = [
+ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+ (import ../../nix).home-manager-stable
+ ../../systems/modules
+ # FIXME Need to refactor vincent user as.. it's adding way to much by default...
+ # (import ../../users).vincent
+ (import ../../users).root
+ ];
+
+ fileSystems."/" = {
+ device = "/dev/disk/by-label/nixos";
+ fsType = "ext4";
+ autoResize = true;
+ };
+
+ boot.growPartition = true;
+ boot.kernelParams = [ "console=ttyS0" ];
+ boot.loader.grub.device = "/dev/vda";
+ boot.loader.timeout = 0;
+
+ networking = {
+ hostName = hostname;
+ };
+
+ profiles = {
+ ssh.enable = true;
+ # systemd-boot doesn't with nixos-generators 🙃
+ base.systemd-boot = false;
+ kubernetes = {
+ enable = true;
+ master = {
+ enable = true;
+ ip = kubeMasterIP;
+ };
+ };
+ };
+
+ users.extraUsers.root.password = "";
+}
diff --git a/systems/hosts/k8sn2.nix b/systems/hosts/k8sn2.nix
@@ -0,0 +1,41 @@
+{ pkgs, lib, ... }:
+
+let
+ hostname = "k8sn2";
+ kubeMasterIP = "192.168.1.130";
+in
+{
+ imports = [
+ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+ ];
+
+ fileSystems."/" = {
+ device = "/dev/disk/by-label/nixos";
+ fsType = "ext4";
+ autoResize = true;
+ };
+
+ boot.growPartition = true;
+ boot.kernelParams = [ "console=ttyS0" ];
+ boot.loader.grub.device = "/dev/vda";
+ boot.loader.timeout = 0;
+
+ networking = {
+ hostName = hostname;
+ };
+
+ profiles = {
+ ssh.enable = true;
+ # systemd-boot doesn't with nixos-generators 🙃
+ base.systemd-boot = false;
+ kubernetes = {
+ enable = true;
+ master = {
+ enable = true;
+ ip = kubeMasterIP;
+ };
+ };
+ };
+
+ users.extraUsers.root.password = "";
+}
diff --git a/systems/hosts/k8sn3.nix b/systems/hosts/k8sn3.nix
@@ -0,0 +1,41 @@
+{ pkgs, lib, ... }:
+
+let
+ hostname = "k8sn3";
+ kubeMasterIP = "192.168.1.130";
+in
+{
+ imports = [
+ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+ ];
+
+ fileSystems."/" = {
+ device = "/dev/disk/by-label/nixos";
+ fsType = "ext4";
+ autoResize = true;
+ };
+
+ boot.growPartition = true;
+ boot.kernelParams = [ "console=ttyS0" ];
+ boot.loader.grub.device = "/dev/vda";
+ boot.loader.timeout = 0;
+
+ networking = {
+ hostName = hostname;
+ };
+
+ profiles = {
+ ssh.enable = true;
+ # systemd-boot doesn't with nixos-generators 🙃
+ base.systemd-boot = false;
+ kubernetes = {
+ enable = true;
+ master = {
+ enable = true;
+ ip = kubeMasterIP;
+ };
+ };
+ };
+
+ users.extraUsers.root.password = "";
+}
diff --git a/systems/modules/core/config.nix b/systems/modules/core/config.nix
@@ -5,6 +5,10 @@ let
cfg = config.profiles;
in
{
+ # This options are mainly used for user side for now
+ # aka, in users/vincent, there is a check if these are enabled, to conditionnally
+ # add something to the user environments
+ # This shouldn't prevent to have real thing behind this
options = {
profiles.kubernetes = {
enable = mkEnableOption "Enable Kubernetes profile";
diff --git a/systems/modules/profiles/base.nix b/systems/modules/profiles/base.nix
@@ -12,10 +12,15 @@ in
description = "Enable base profile";
type = types.bool;
};
+ systemd-boot = mkOption {
+ default = true;
+ description = "Enable systemd-boot for boot loading";
+ type = types.bool;
+ };
};
};
config = mkIf cfg.enable {
- boot.loader.systemd-boot.enable = true;
+ boot.loader.systemd-boot.enable = cfg.systemd-boot;
environment.pathsToLink = [
"/share/nix-direnv"
];
diff --git a/systems/modules/profiles/default.nix b/systems/modules/profiles/default.nix
@@ -12,6 +12,7 @@
./i18n.nix
./i3.nix
./ipfs.nix
+ ./kubernetes.nix
./laptop.nix
./mail.nix
./nix-auto-update.nix
diff --git a/systems/modules/profiles/kubernetes.nix b/systems/modules/profiles/kubernetes.nix
@@ -0,0 +1,53 @@
+{ config, lib, pkgs, ... }:
+
+let
+ inherit (lib) mkEnableOption mkOption mkIf mkDefault mkOverride types optionals;
+ cfg = config.profiles.kubernetes;
+in
+{
+ options.profiles.kubernetes = {
+ master = {
+ enable = mkEnableOption "Make this node a master node";
+ ip = mkOption {
+ description = "master node address";
+ type = types.str;
+ };
+ hostname = mkOption {
+ default = "api.kube";
+ description = "master node hostname";
+ type = types.str;
+ };
+ port = mkOption {
+ default = 6443;
+ description = "port the apiserver will expose";
+ type = types.int;
+ };
+ };
+ };
+ config = mkIf cfg.enable {
+ networking.extraHosts = "${cfg.master.ip} ${cfg.master.hostname}";
+
+ # packages for administration tasks
+ environment.systemPackages = with pkgs; [
+ kubectl
+ kubernetes
+ ];
+
+ services.kubernetes = {
+ roles = [ "node" ] ++ optionals cfg.master.enable [ "master" ];
+ masterAddress = cfg.master.hostname;
+ apiserverAddress = "https://${cfg.master.hostname}:${toString cfg.master.port}";
+ easyCerts = true;
+ apiserver = {
+ securePort = cfg.master.port;
+ advertiseAddress = cfg.master.ip;
+ };
+
+ # use coredns
+ addons.dns.enable = true;
+
+ # needed if you use swap
+ kubelet.extraOpts = "--fail-swap-on=false";
+ };
+ };
+}