Serge Bazanski | ef3aab6 | 2022-11-18 14:39:45 +0000 | [diff] [blame] | 1 | # Vendored from nixpkgs git 44ad80ab1036c5cc83ada4bfa451dac9939f2a10 |
| 2 | # Copyright (c) 2003-2023 Eelco Dolstra and the Nixpkgs/NixOS contributors |
| 3 | # SPDX-License-Identifier: MIT |
| 4 | |
| 5 | { config, lib, pkgs, ... }: |
| 6 | |
| 7 | with lib; |
| 8 | |
| 9 | let |
| 10 | top = config.services.kubernetes; |
| 11 | cfg = top.proxy; |
| 12 | in |
| 13 | { |
| 14 | imports = [ |
| 15 | (mkRenamedOptionModule [ "services" "kubernetes" "proxy" "address" ] ["services" "kubernetes" "proxy" "bindAddress"]) |
| 16 | ]; |
| 17 | |
| 18 | ###### interface |
| 19 | options.services.kubernetes.proxy = with lib.types; { |
| 20 | |
| 21 | bindAddress = mkOption { |
| 22 | description = "Kubernetes proxy listening address."; |
| 23 | default = "0.0.0.0"; |
| 24 | type = str; |
| 25 | }; |
| 26 | |
| 27 | enable = mkEnableOption "Kubernetes proxy"; |
| 28 | |
| 29 | extraOpts = mkOption { |
| 30 | description = "Kubernetes proxy extra command line options."; |
| 31 | default = ""; |
| 32 | type = str; |
| 33 | }; |
| 34 | |
| 35 | featureGates = mkOption { |
| 36 | description = "List set of feature gates"; |
| 37 | default = top.featureGates; |
| 38 | type = listOf str; |
| 39 | }; |
| 40 | |
| 41 | hostname = mkOption { |
| 42 | description = "Kubernetes proxy hostname override."; |
| 43 | default = config.networking.hostName; |
| 44 | type = str; |
| 45 | }; |
| 46 | |
| 47 | kubeconfig = top.lib.mkKubeConfigOptions "Kubernetes proxy"; |
| 48 | |
| 49 | verbosity = mkOption { |
| 50 | description = '' |
| 51 | Optional glog verbosity level for logging statements. See |
| 52 | <link xlink:href="https://github.com/kubernetes/community/blob/master/contributors/devel/logging.md"/> |
| 53 | ''; |
| 54 | default = null; |
| 55 | type = nullOr int; |
| 56 | }; |
| 57 | |
| 58 | }; |
| 59 | |
| 60 | ###### implementation |
| 61 | config = mkIf cfg.enable { |
| 62 | systemd.services.kube-proxy = { |
| 63 | description = "Kubernetes Proxy Service"; |
| 64 | wantedBy = [ "kubernetes.target" ]; |
| 65 | after = [ "kube-apiserver.service" ]; |
| 66 | path = with pkgs; [ iptables conntrack_tools ]; |
| 67 | serviceConfig = { |
| 68 | Slice = "kubernetes.slice"; |
| 69 | ExecStart = ''${top.package}/bin/kube-proxy \ |
| 70 | --bind-address=${cfg.bindAddress} \ |
| 71 | ${optionalString (top.clusterCidr!=null) |
| 72 | "--cluster-cidr=${top.clusterCidr}"} \ |
| 73 | ${optionalString (cfg.featureGates != []) |
| 74 | "--feature-gates=${concatMapStringsSep "," (feature: "${feature}=true") cfg.featureGates}"} \ |
| 75 | --hostname-override=${cfg.hostname} \ |
| 76 | --kubeconfig=${top.lib.mkKubeConfig "kube-proxy" cfg.kubeconfig} \ |
| 77 | ${optionalString (cfg.verbosity != null) "--v=${toString cfg.verbosity}"} \ |
| 78 | ${cfg.extraOpts} |
| 79 | ''; |
| 80 | WorkingDirectory = top.dataDir; |
| 81 | Restart = "on-failure"; |
| 82 | RestartSec = 5; |
| 83 | }; |
| 84 | }; |
| 85 | |
| 86 | services.kubernetes.proxy.hostname = with config.networking; mkDefault hostName; |
| 87 | |
| 88 | services.kubernetes.pki.certs = { |
| 89 | kubeProxyClient = top.lib.mkCert { |
| 90 | name = "kube-proxy-client"; |
| 91 | CN = "system:kube-proxy"; |
| 92 | action = "systemctl restart kube-proxy.service"; |
| 93 | }; |
| 94 | }; |
| 95 | |
| 96 | services.kubernetes.proxy.kubeconfig.server = mkDefault top.apiserverAddress; |
| 97 | }; |
| 98 | } |