talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Add a bootstrap role.

Browse Source
This commit is contained in:
Tom Alexander 2025-12-20 22:14:28 -05:00 committed by Tom Alexander
parent 38b2b9ebf4
commit 1753b5b4a6
Signed by: talexander
GPG Key ID: 36C99E8B3C39D85F
6 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
nix/kubernetes/hosts/worker0/default.nix
View File

@ -102,8 +102,9 @@
# nix.sshServe.enable = true; # nix.sshServe.enable = true;
# nix.sshServe.keys = [ "ssh-dss AAAAB3NzaC1k... bob@example.org" ]; # nix.sshServe.keys = [ "ssh-dss AAAAB3NzaC1k... bob@example.org" ];
me.worker_node.enable = true; me.bootstrap.enable = true;
me.dont_use_substituters.enable = true; me.dont_use_substituters.enable = true;
me.minimal_base.enable = true; me.minimal_base.enable = true;
me.worker_node.enable = true;
}; };
} }

9
nix/kubernetes/roles/bootstrap/default.nix
View File

@ -17,7 +17,7 @@
}; };
bootstrap.manifests = lib.mkOption { bootstrap.manifests = lib.mkOption {
type = lib.types.listOf lib.types.path; type = lib.types.listOf lib.types.str;
default = [ ]; default = [ ];
example = lib.literalExpression ''[ ${./files/clusterrole.yaml} ]''; example = lib.literalExpression ''[ ${./files/clusterrole.yaml} ]'';
description = "List of kubernetes manifests to load into the cluster."; description = "List of kubernetes manifests to load into the cluster.";
@ -29,8 +29,9 @@
{ {
systemd.services.kube-bootstrap = { systemd.services.kube-bootstrap = {
enable = true; enable = true;
description = "Load initial kubernetes manifests into the cluster."; description = "Load initial kubernetes manifests into the cluster";
after = [ "kubernetes.target" ]; after = [ "kubernetes.target" ];
wantedBy = [ "multi-user.target" ];
path = with pkgs; [ path = with pkgs; [
kubectl kubectl
]; ];
@ -40,13 +41,13 @@
}; };
script = script =
let let
manifests = (lib.concatMapStringsSep " " lib.escapeShellArgs config.me.bootstrap.manifests); manifests = (lib.concatMapStringsSep "," lib.escapeShellArg config.me.bootstrap.manifests);
in in
'' ''
set -o pipefail set -o pipefail
IFS=$'\n\t' IFS=$'\n\t'
kubectl apply --server-side --force-conflicts -f ${manifests} kubectl --kubeconfig=/.persist/keys/kube/kubelet.kubeconfig apply --server-side --force-conflicts -f ${manifests}
''; '';
}; };
}; };

0
nix/kubernetes/bootstrap/cilium.yaml → nix/kubernetes/roles/bootstrap/files/cilium.yaml
View File

0
nix/kubernetes/bootstrap/initial_clusterrole.yaml → nix/kubernetes/roles/bootstrap/files/initial_clusterrole.yaml
View File

2
nix/kubernetes/roles/containerd/default.nix
View File

@ -10,7 +10,7 @@ let
name = "my-cni-plugins"; name = "my-cni-plugins";
paths = with pkgs; [ paths = with pkgs; [
cni-plugins cni-plugins
cni-plugin-flannel # cni-plugin-flannel
]; ];
}; };
my-cni-configs = pkgs.callPackage ./package/cni_conf/package.nix { }; my-cni-configs = pkgs.callPackage ./package/cni_conf/package.nix { };

4
nix/kubernetes/roles/worker_node/default.nix
View File

@ -18,6 +18,10 @@
}; };
config = lib.mkIf config.me.worker_node.enable { config = lib.mkIf config.me.worker_node.enable {
me.bootstrap.manifests = [
"${../bootstrap/files/initial_clusterrole.yaml}"
"${../bootstrap/files/cilium.yaml}"
];
me.cilium.enable = true; me.cilium.enable = true;
me.containerd.enable = true; me.containerd.enable = true;
me.firewall.enable = true; me.firewall.enable = true;