| Serge Bazanski | 55a486a | 2022-06-11 18:27:01 +0000 | [diff] [blame] | 1 | { config, pkgs, lib, machines, ... }: |
| 2 | |
| 3 | with lib; |
| 4 | |
| 5 | let |
| 6 | # Pin for kubelet and proxy. |
| 7 | k8spkgs = import (fetchGit { |
| 8 | # Now at 1.16.5 |
| 9 | name = "nixos-unstable-2020-01-22"; |
| 10 | url = https://github.com/nixos/nixpkgs-channels/; |
| 11 | rev = "a96ed5d70427bdc2fbb9e805784e1b9621157a98"; |
| 12 | }) {}; |
| 13 | |
| 14 | cfg = config.hscloud.kube.data; |
| 15 | |
| 16 | # All control plane nodes. |
| 17 | controlNodes = let |
| 18 | list = mapAttrsToList (_: v: v) machines; |
| 19 | filtered = filter (m: (m.config ? hscloud.kube.control) && (m.config.hscloud.kube.control.enable)) list; |
| 20 | sorted = sort (a: b: a.config.hscloud.base.fqdn < b.config.hscloud.base.fqdn) filtered; |
| 21 | in sorted; |
| 22 | |
| 23 | fqdn = config.hscloud.base.fqdn; |
| 24 | |
| 25 | pki = config.hscloud.kube.pki; |
| 26 | |
| 27 | in { |
| 28 | options.hscloud.kube.data = { |
| 29 | enable = mkEnableOption "kubernetes data plane"; |
| 30 | podNet = mkOption { |
| 31 | type = types.str; |
| 32 | description = "Subnet in which this node will run pods. Must be exclusive with podNets of other nodes."; |
| 33 | }; |
| 34 | }; |
| 35 | |
| 36 | # Disable kubelet service and bring in our own override. |
| 37 | # Also nuke flannel from the orbit. |
| 38 | disabledModules = [ |
| 39 | "services/cluster/kubernetes/kubelet.nix" |
| 40 | "services/cluster/kubernetes/flannel.nix" |
| 41 | ]; |
| 42 | |
| 43 | imports = [ |
| 44 | ./kubelet.nix |
| 45 | ./kube-common.nix |
| 46 | ]; |
| 47 | |
| 48 | |
| 49 | config = mkIf cfg.enable { |
| 50 | # If we're not running the control plane, render a hostsfile that points at |
| 51 | # all other control plane nodes. Otherwise, the control plane module will |
| 52 | # make this hostsfile contain the node itself. |
| 53 | networking.extraHosts = mkIf (!config.hscloud.kube.control.enable) (concatStringsSep "\n" (map |
| 54 | (n: '' |
| 55 | ${n.config.hscloud.base.mgmtIf} ${n.config.hscloud.base.fqdn} |
| 56 | '') |
| 57 | controlNodes)); |
| 58 | |
| 59 | # this seems to depend on flannel |
| 60 | # TODO(q3k): file issue |
| 61 | systemd.services.kubelet-online = { |
| 62 | script = pkgs.lib.mkForce "sleep 1"; |
| 63 | }; |
| 64 | |
| 65 | services.kubernetes = { |
| 66 | # The kubelet wants to mkfs.ext4 when mounting pvcs. |
| 67 | path = [ pkgs.e2fsprogs ]; |
| 68 | |
| 69 | proxy = { |
| 70 | enable = true; |
| 71 | kubeconfig = pki.kube.proxy.config; |
| 72 | extraOpts = '' |
| 73 | --hostname-override=${fqdn}\ |
| 74 | --proxy-mode=iptables |
| 75 | ''; |
| 76 | }; |
| 77 | |
| 78 | kubelet = { |
| 79 | enable = true; |
| 80 | unschedulable = false; |
| 81 | hostname = fqdn; |
| 82 | tlsCertFile = pki.kube.kubelet.cert; |
| 83 | tlsKeyFile = pki.kube.kubelet.key; |
| 84 | clientCaFile = pki.kube.kubelet.ca; |
| 85 | nodeIp = config.hscloud.base.ipAddr; |
| 86 | networkPlugin = "cni"; |
| 87 | clusterDns = "10.10.12.254"; |
| 88 | kubeconfig = pki.kube.kubelet.config; |
| 89 | extraOpts = '' |
| 90 | --read-only-port=0 |
| 91 | ''; |
| 92 | package = config.hscloud.kube.packageKubelet; |
| 93 | }; |
| 94 | }; |
| 95 | }; |
| 96 | } |