cluster/{machines,certs}: add dcr03s16.hswaw.net Also make dataplane-only nodes actually work: - make kubeproxy use the same package as kubelet - disable firewall Change-Id: I7babbb749656e6f75151c8eda6e3f09f3c6bff5f Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1686 Reviewed-by: q3k <q3k@hackerspace.pl>

commit: 9a88f28805fc74a7c710aa7ddc56e99badabb964 [log] [tgz]
author: Bartosz Stebel <implr@hackerspace.pl> Sun Oct 08 22:26:20 2023 +0200
committer: implr <implr@hackerspace.pl> Mon Oct 09 19:02:18 2023 +0000
tree: 4a8d9afb81aa2b6d8665c0c176e57416fc8ed4c2
parent: d9567b3b999bbdf3e22280815d5ee0e3963357da [diff] [blame]
diff --git a/cluster/machines/modules/vendor/proxy.nix b/cluster/machines/modules/vendor/proxy.nix
index 84eabec..a1b1a35 100644
--- a/cluster/machines/modules/vendor/proxy.nix
+++ b/cluster/machines/modules/vendor/proxy.nix

@@ -1,6 +1,9 @@
 # Vendored from nixpkgs git 44ad80ab1036c5cc83ada4bfa451dac9939f2a10
 # Copyright (c) 2003-2023 Eelco Dolstra and the Nixpkgs/NixOS contributors
 # SPDX-License-Identifier: MIT
+#
+# Same as upstream proxy.nix module from nixpkgs, but with one change:
+#   - use the package from top.kubelet.package instead of top.package
 
 { config, lib, pkgs, ... }:
 
@@ -66,7 +69,8 @@
       path = with pkgs; [ iptables conntrack_tools ];
       serviceConfig = {
         Slice = "kubernetes.slice";
-        ExecStart = ''${top.package}/bin/kube-proxy \
+        # hscloud change: use kubelet pkg
+        ExecStart = ''${top.kubelet.package}/bin/kube-proxy \
           --bind-address=${cfg.bindAddress} \
           ${optionalString (top.clusterCidr!=null)
             "--cluster-cidr=${top.clusterCidr}"} \
commit	9a88f28805fc74a7c710aa7ddc56e99badabb964	[log] [tgz]
author	Bartosz Stebel <implr@hackerspace.pl>	Sun Oct 08 22:26:20 2023 +0200
committer	implr <implr@hackerspace.pl>	Mon Oct 09 19:02:18 2023 +0000
tree	4a8d9afb81aa2b6d8665c0c176e57416fc8ed4c2
parent	d9567b3b999bbdf3e22280815d5ee0e3963357da [diff] [blame]