From 8e58c3ffbda6f7ab6676a02f182271c58dd0e33a Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Fri, 19 Dec 2025 22:49:32 -0500 Subject: [PATCH] Fix launching of containers. --- .../bootstrap/initial_clusterrole.yaml | 33 +++++++++++++++ nix/kubernetes/hosts/worker0/vm_disk.nix | 42 +++++++++---------- nix/kubernetes/hosts/worker1/vm_disk.nix | 42 +++++++++---------- nix/kubernetes/hosts/worker2/vm_disk.nix | 42 +++++++++---------- nix/kubernetes/roles/containerd/default.nix | 2 +- 5 files changed, 97 insertions(+), 64 deletions(-) create mode 100644 nix/kubernetes/bootstrap/initial_clusterrole.yaml diff --git a/nix/kubernetes/bootstrap/initial_clusterrole.yaml b/nix/kubernetes/bootstrap/initial_clusterrole.yaml new file mode 100644 index 00000000..e56770a7 --- /dev/null +++ b/nix/kubernetes/bootstrap/initial_clusterrole.yaml @@ -0,0 +1,33 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + rbac.authorization.kubernetes.io/autoupdate: "true" + labels: + kubernetes.io/bootstrapping: rbac-defaults + name: system:kube-apiserver-to-kubelet +rules: + - apiGroups: + - "" + resources: + - nodes/proxy + - nodes/stats + - nodes/log + - nodes/spec + - nodes/metrics + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: system:kube-apiserver + namespace: "" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:kube-apiserver-to-kubelet +subjects: + - apiGroup: rbac.authorization.k8s.io + kind: User + name: kubernetes \ No newline at end of file diff --git a/nix/kubernetes/hosts/worker0/vm_disk.nix b/nix/kubernetes/hosts/worker0/vm_disk.nix index 751f4bad..83683f83 100644 --- a/nix/kubernetes/hosts/worker0/vm_disk.nix +++ b/nix/kubernetes/hosts/worker0/vm_disk.nix @@ -11,15 +11,15 @@ config = { # Mount the local disk fileSystems = lib.mkIf config.me.mountPersistence { - # "/.disk" = lib.mkForce { - # device = "/dev/nvme0n1p1"; - # fsType = "ext4"; - # options = [ - # "noatime" - # "discard" - # ]; - # neededForBoot = true; - # }; + "/.disk" = lib.mkForce { + device = "/dev/nvme0n1p1"; + fsType = "ext4"; + options = [ + "noatime" + "discard" + ]; + neededForBoot = true; + }; "/.persist" = lib.mkForce { device = "bind9p"; @@ -77,18 +77,18 @@ neededForBoot = true; }; - # "/disk" = { - # fsType = "none"; - # device = "/.disk/persist"; - # options = [ - # "bind" - # "rw" - # ]; - # depends = [ - # "/.disk/persist" - # ]; - # neededForBoot = true; - # }; + "/disk" = { + fsType = "none"; + device = "/.disk/persist"; + options = [ + "bind" + "rw" + ]; + depends = [ + "/.disk/persist" + ]; + neededForBoot = true; + }; }; }; } diff --git a/nix/kubernetes/hosts/worker1/vm_disk.nix b/nix/kubernetes/hosts/worker1/vm_disk.nix index 751f4bad..83683f83 100644 --- a/nix/kubernetes/hosts/worker1/vm_disk.nix +++ b/nix/kubernetes/hosts/worker1/vm_disk.nix @@ -11,15 +11,15 @@ config = { # Mount the local disk fileSystems = lib.mkIf config.me.mountPersistence { - # "/.disk" = lib.mkForce { - # device = "/dev/nvme0n1p1"; - # fsType = "ext4"; - # options = [ - # "noatime" - # "discard" - # ]; - # neededForBoot = true; - # }; + "/.disk" = lib.mkForce { + device = "/dev/nvme0n1p1"; + fsType = "ext4"; + options = [ + "noatime" + "discard" + ]; + neededForBoot = true; + }; "/.persist" = lib.mkForce { device = "bind9p"; @@ -77,18 +77,18 @@ neededForBoot = true; }; - # "/disk" = { - # fsType = "none"; - # device = "/.disk/persist"; - # options = [ - # "bind" - # "rw" - # ]; - # depends = [ - # "/.disk/persist" - # ]; - # neededForBoot = true; - # }; + "/disk" = { + fsType = "none"; + device = "/.disk/persist"; + options = [ + "bind" + "rw" + ]; + depends = [ + "/.disk/persist" + ]; + neededForBoot = true; + }; }; }; } diff --git a/nix/kubernetes/hosts/worker2/vm_disk.nix b/nix/kubernetes/hosts/worker2/vm_disk.nix index 751f4bad..83683f83 100644 --- a/nix/kubernetes/hosts/worker2/vm_disk.nix +++ b/nix/kubernetes/hosts/worker2/vm_disk.nix @@ -11,15 +11,15 @@ config = { # Mount the local disk fileSystems = lib.mkIf config.me.mountPersistence { - # "/.disk" = lib.mkForce { - # device = "/dev/nvme0n1p1"; - # fsType = "ext4"; - # options = [ - # "noatime" - # "discard" - # ]; - # neededForBoot = true; - # }; + "/.disk" = lib.mkForce { + device = "/dev/nvme0n1p1"; + fsType = "ext4"; + options = [ + "noatime" + "discard" + ]; + neededForBoot = true; + }; "/.persist" = lib.mkForce { device = "bind9p"; @@ -77,18 +77,18 @@ neededForBoot = true; }; - # "/disk" = { - # fsType = "none"; - # device = "/.disk/persist"; - # options = [ - # "bind" - # "rw" - # ]; - # depends = [ - # "/.disk/persist" - # ]; - # neededForBoot = true; - # }; + "/disk" = { + fsType = "none"; + device = "/.disk/persist"; + options = [ + "bind" + "rw" + ]; + depends = [ + "/.disk/persist" + ]; + neededForBoot = true; + }; }; }; } diff --git a/nix/kubernetes/roles/containerd/default.nix b/nix/kubernetes/roles/containerd/default.nix index 17085d17..e3b61d3a 100644 --- a/nix/kubernetes/roles/containerd/default.nix +++ b/nix/kubernetes/roles/containerd/default.nix @@ -62,7 +62,7 @@ in echo "Copied CNI plugins/config." ''; - environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) { + environment.persistence."/disk" = lib.mkIf (config.me.mountPersistence) { hideMounts = lib.mkForce false; directories = [ "/var/lib/containerd"