| { config, pkgs, lib, machines, ... }: |
| |
| with lib; |
| |
| let |
| # Pin for kubelet and proxy. |
| k8spkgs = import (fetchGit { |
| # Now at 1.16.5 |
| name = "nixos-unstable-2020-01-22"; |
| url = https://github.com/nixos/nixpkgs-channels/; |
| rev = "a96ed5d70427bdc2fbb9e805784e1b9621157a98"; |
| }) {}; |
| |
| cfg = config.hscloud.kube.data; |
| |
| # All control plane nodes. |
| controlNodes = let |
| list = mapAttrsToList (_: v: v) machines; |
| filtered = filter (m: (m.config ? hscloud.kube.control) && (m.config.hscloud.kube.control.enable)) list; |
| sorted = sort (a: b: a.config.hscloud.base.fqdn < b.config.hscloud.base.fqdn) filtered; |
| in sorted; |
| |
| fqdn = config.hscloud.base.fqdn; |
| |
| pki = config.hscloud.kube.pki; |
| |
| in { |
| options.hscloud.kube.data = { |
| enable = mkEnableOption "kubernetes data plane"; |
| podNet = mkOption { |
| type = types.str; |
| description = "Subnet in which this node will run pods. Must be exclusive with podNets of other nodes."; |
| }; |
| }; |
| |
| imports = [ |
| ./kube-common.nix |
| ]; |
| |
| config = mkIf cfg.enable { |
| # If we're not running the control plane, render a hostsfile that points at |
| # all other control plane nodes. Otherwise, the control plane module will |
| # make this hostsfile contain the node itself. |
| networking.extraHosts = mkIf (!config.hscloud.kube.control.enable) (concatStringsSep "\n" (map |
| (n: '' |
| ${n.config.hscloud.base.mgmtIf} ${n.config.hscloud.base.fqdn} |
| '') |
| controlNodes)); |
| |
| networking.firewall.enable = false; |
| |
| # this seems to depend on flannel |
| # TODO(q3k): file issue |
| systemd.services.kubelet-online = { |
| script = pkgs.lib.mkForce "sleep 1"; |
| }; |
| |
| services.kubernetes = { |
| # The kubelet wants to mkfs.ext4 when mounting pvcs. |
| path = [ pkgs.e2fsprogs ]; |
| |
| proxy = { |
| enable = true; |
| kubeconfig = pki.kube.proxy.config; |
| extraOpts = '' |
| --hostname-override=${fqdn}\ |
| --proxy-mode=iptables |
| ''; |
| }; |
| |
| kubelet = { |
| enable = true; |
| unschedulable = false; |
| hostname = fqdn; |
| tlsCertFile = pki.kube.kubelet.cert; |
| tlsKeyFile = pki.kube.kubelet.key; |
| clientCaFile = pki.kube.kubelet.ca; |
| nodeIp = config.hscloud.base.ipAddr; |
| networkPlugin = "cni"; |
| clusterDns = "10.10.12.254"; |
| kubeconfig = pki.kube.kubelet.config; |
| extraOpts = '' |
| --read-only-port=0 |
| ''; |
| package = config.hscloud.kube.packageKubelet; |
| }; |
| }; |
| }; |
| } |