From 1da6250301600b424920c0759a3457305ca60b67 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Thu, 18 Dec 2025 00:27:18 -0500 Subject: [PATCH] Installing the cni plugins. --- nix/kubernetes/roles/containerd/default.nix | 25 ++++++++--------- .../package/cni_conf/files/10-bridge.conf | 15 +++++++++++ .../package/cni_conf/files/99-loopback.conf | 5 ++++ .../containerd/package/cni_conf/package.nix | 27 +++++++++++++++++++ 4 files changed, 60 insertions(+), 12 deletions(-) create mode 100644 nix/kubernetes/roles/containerd/package/cni_conf/files/10-bridge.conf create mode 100644 nix/kubernetes/roles/containerd/package/cni_conf/files/99-loopback.conf create mode 100644 nix/kubernetes/roles/containerd/package/cni_conf/package.nix diff --git a/nix/kubernetes/roles/containerd/default.nix b/nix/kubernetes/roles/containerd/default.nix index 88b1a073..e2c8d682 100644 --- a/nix/kubernetes/roles/containerd/default.nix +++ b/nix/kubernetes/roles/containerd/default.nix @@ -20,22 +20,23 @@ config = lib.mkIf config.me.containerd.enable { virtualisation.containerd.enable = true; virtualisation.containerd.settings = - # let - # my-cni-plugins = pkgs.buildEnv { - # name = "my-cni-plugins"; - # paths = with pkgs; [ - # cni-plugins - # cni-plugin-flannel - # ]; - # }; - # in + let + my-cni-plugins = pkgs.buildEnv { + name = "my-cni-plugins"; + paths = with pkgs; [ + cni-plugins + cni-plugin-flannel + ]; + }; + in { "plugins" = { "io.containerd.grpc.v1.cri" = { "cni" = { - "bin_dir" = "/opt/cni/bin"; - # "bin_dir" = "${my-cni-plugins}/bin"; - "conf_dir" = "/etc/cni/net.d"; + # "bin_dir" = "/opt/cni/bin"; + "bin_dir" = "${my-cni-plugins}/bin"; + # "conf_dir" = "/etc/cni/net.d"; + "conf_dir" = "${pkgs.callPackage ./package/cni_conf/package.nix { }}"; }; "containerd" = { "default_runtime_name" = "runc"; diff --git a/nix/kubernetes/roles/containerd/package/cni_conf/files/10-bridge.conf b/nix/kubernetes/roles/containerd/package/cni_conf/files/10-bridge.conf new file mode 100644 index 00000000..e9a3bff7 --- /dev/null +++ b/nix/kubernetes/roles/containerd/package/cni_conf/files/10-bridge.conf @@ -0,0 +1,15 @@ +{ + "cniVersion": "1.0.0", + "name": "bridge", + "type": "bridge", + "bridge": "cni0", + "isGateway": true, + "ipMasq": true, + "ipam": { + "type": "host-local", + "ranges": [ + [{"subnet": "SUBNET"}] + ], + "routes": [{"dst": "0.0.0.0/0"}] + } +} \ No newline at end of file diff --git a/nix/kubernetes/roles/containerd/package/cni_conf/files/99-loopback.conf b/nix/kubernetes/roles/containerd/package/cni_conf/files/99-loopback.conf new file mode 100644 index 00000000..98d6dc1e --- /dev/null +++ b/nix/kubernetes/roles/containerd/package/cni_conf/files/99-loopback.conf @@ -0,0 +1,5 @@ +{ + "cniVersion": "1.1.0", + "name": "lo", + "type": "loopback" +} \ No newline at end of file diff --git a/nix/kubernetes/roles/containerd/package/cni_conf/package.nix b/nix/kubernetes/roles/containerd/package/cni_conf/package.nix new file mode 100644 index 00000000..6476c943 --- /dev/null +++ b/nix/kubernetes/roles/containerd/package/cni_conf/package.nix @@ -0,0 +1,27 @@ +# unpackPhase +# patchPhase +# configurePhase +# buildPhase +# checkPhase +# installPhase +# fixupPhase +# installCheckPhase +# distPhase +{ + stdenv, + openssl, + ... +}: +stdenv.mkDerivation (finalAttrs: { + name = "cni-conf"; + nativeBuildInputs = [ openssl ]; + buildInputs = [ ]; + + unpackPhase = "true"; + + installPhase = '' + mkdir -p "$out" + cd "$out" + install ${./files/10-bridge.conf} ${./files/99-loopback.conf} $out/ + ''; +})