| rec { |
| domain = ".hswaw.net"; |
| k8sapi = "k0.hswaw.net"; |
| acmeEmail = "q3k@hackerspace.pl"; |
| |
| nodes = [ |
| { |
| fqdn = "bc01n01.hswaw.net"; |
| ipAddr = "185.236.240.35"; |
| podNet = "10.10.16.0/24"; |
| diskBoot = "/dev/sdb"; |
| mgmtIf = "eno1"; |
| } |
| { |
| fqdn = "bc01n02.hswaw.net"; |
| ipAddr = "185.236.240.36"; |
| podNet = "10.10.17.0/24"; |
| diskBoot = "/dev/sdb"; |
| mgmtIf = "eno1"; |
| } |
| { |
| fqdn = "bc01n03.hswaw.net"; |
| ipAddr = "185.236.240.37"; |
| podNet = "10.10.18.0/24"; |
| diskBoot = "/dev/sdb"; |
| mgmtIf = "eno1"; |
| } |
| { |
| fqdn = "dcr01s22.hswaw.net"; |
| ipAddr = "185.236.240.39"; |
| podNet = "10.10.19.0/24"; |
| diskBoot = "/dev/sda"; |
| mgmtIf = "enp130s0f0"; |
| } |
| { |
| fqdn = "dcr01s24.hswaw.net"; |
| ipAddr = "185.236.240.40"; |
| podNet = "10.10.20.0/24"; |
| diskBoot = "/dev/sda"; |
| mgmtIf = "enp130s0f0"; |
| } |
| ]; |
| |
| pki = rec { |
| root = /opt/hscloud; |
| |
| make = (radix: name: rec { |
| ca = root + "/${radix}-ca.crt"; |
| cert = root + "/${radix}-${name}.crt"; |
| key = root + "/${radix}-${name}.key"; |
| |
| json = (builtins.toJSON { |
| ca = (builtins.toString ca); |
| cert = (builtins.toString cert); |
| key = (builtins.toString key); |
| }); |
| }); |
| |
| etcdPeer = (make "etcdpeer" "server"); |
| |
| etcd = { |
| server = (make "etcd" "server"); |
| kube = (make "etcd" "kube"); |
| }; |
| |
| makeKube = (name: (make "kube" name) // { |
| config = { |
| server = "https://${k8sapi}:${toString ports.k8sAPIServerSecure}"; |
| certFile = (make "kube" name).cert; |
| keyFile = (make "kube" name).key; |
| }; |
| }); |
| |
| kube = rec { |
| ca = apiserver.ca; |
| |
| # Used to identify apiserver. |
| apiserver = (makeKube "apiserver"); |
| |
| # Used to identify controller-manager. |
| controllermanager = (makeKube "controller-manager"); |
| |
| # Used to identify scheduler. |
| scheduler = (makeKube "scheduler"); |
| |
| # Used to identify kube-proxy. |
| proxy = (makeKube "proxy"); |
| |
| # Used to identify kubelet. |
| kubelet = (makeKube "node"); |
| |
| # Used to encrypt service accounts. |
| serviceaccounts = (makeKube "serviceaccounts"); |
| }; |
| |
| kubeFront = { |
| apiserver = (make "kubeFront" "apiserver"); |
| }; |
| }; |
| |
| ports = { |
| k8sAPIServerPlain = 4000; |
| k8sAPIServerSecure = 4001; |
| k8sControllerManagerPlain = 0; # 4002; do not serve plain http |
| k8sControllerManagerSecure = 4003; |
| }; |
| } |