Fix launching of containers.

2025-12-19 22:49:32 -05:00 · 2025-12-19 22:49:32 -05:00 · 8e58c3ffbd
commit 8e58c3ffbd
parent d9c290f8b1
5 changed files with 97 additions and 64 deletions
--- a/nix/kubernetes/bootstrap/initial_clusterrole.yaml
+++ b/nix/kubernetes/bootstrap/initial_clusterrole.yaml
@ -0,0 +1,33 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
  name: system:kube-apiserver-to-kubelet
 rules:
  - apiGroups:
      - ""
    resources:
      - nodes/proxy
      - nodes/stats
      - nodes/log
      - nodes/spec
      - nodes/metrics
    verbs:
      - "*"
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: system:kube-apiserver
  namespace: ""
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:kube-apiserver-to-kubelet
 subjects:
  - apiGroup: rbac.authorization.k8s.io
    kind: User
    name: kubernetes
--- a/nix/kubernetes/hosts/worker0/vm_disk.nix
+++ b/nix/kubernetes/hosts/worker0/vm_disk.nix
@ -11,15 +11,15 @@
  config = {
    # Mount the local disk
    fileSystems = lib.mkIf config.me.mountPersistence {
-      # "/.disk" = lib.mkForce {
+      "/.disk" = lib.mkForce {
-      #   device = "/dev/nvme0n1p1";
+        device = "/dev/nvme0n1p1";
-      #   fsType = "ext4";
+        fsType = "ext4";
-      #   options = [
+        options = [
-      #     "noatime"
+          "noatime"
-      #     "discard"
+          "discard"
-      #   ];
+        ];
-      #   neededForBoot = true;
+        neededForBoot = true;
-      # };
+      };
      "/.persist" = lib.mkForce {
        device = "bind9p";
@ -77,18 +77,18 @@
        neededForBoot = true;
      };
-      # "/disk" = {
+      "/disk" = {
-      #   fsType = "none";
+        fsType = "none";
-      #   device = "/.disk/persist";
+        device = "/.disk/persist";
-      #   options = [
+        options = [
-      #     "bind"
+          "bind"
-      #     "rw"
+          "rw"
-      #   ];
+        ];
-      #   depends = [
+        depends = [
-      #     "/.disk/persist"
+          "/.disk/persist"
-      #   ];
+        ];
-      #   neededForBoot = true;
+        neededForBoot = true;
-      # };
+      };
    };
  };
 }
--- a/nix/kubernetes/hosts/worker1/vm_disk.nix
+++ b/nix/kubernetes/hosts/worker1/vm_disk.nix
@ -11,15 +11,15 @@
  config = {
    # Mount the local disk
    fileSystems = lib.mkIf config.me.mountPersistence {
-      # "/.disk" = lib.mkForce {
+      "/.disk" = lib.mkForce {
-      #   device = "/dev/nvme0n1p1";
+        device = "/dev/nvme0n1p1";
-      #   fsType = "ext4";
+        fsType = "ext4";
-      #   options = [
+        options = [
-      #     "noatime"
+          "noatime"
-      #     "discard"
+          "discard"
-      #   ];
+        ];
-      #   neededForBoot = true;
+        neededForBoot = true;
-      # };
+      };
      "/.persist" = lib.mkForce {
        device = "bind9p";
@ -77,18 +77,18 @@
        neededForBoot = true;
      };
-      # "/disk" = {
+      "/disk" = {
-      #   fsType = "none";
+        fsType = "none";
-      #   device = "/.disk/persist";
+        device = "/.disk/persist";
-      #   options = [
+        options = [
-      #     "bind"
+          "bind"
-      #     "rw"
+          "rw"
-      #   ];
+        ];
-      #   depends = [
+        depends = [
-      #     "/.disk/persist"
+          "/.disk/persist"
-      #   ];
+        ];
-      #   neededForBoot = true;
+        neededForBoot = true;
-      # };
+      };
    };
  };
 }
--- a/nix/kubernetes/hosts/worker2/vm_disk.nix
+++ b/nix/kubernetes/hosts/worker2/vm_disk.nix
@ -11,15 +11,15 @@
  config = {
    # Mount the local disk
    fileSystems = lib.mkIf config.me.mountPersistence {
-      # "/.disk" = lib.mkForce {
+      "/.disk" = lib.mkForce {
-      #   device = "/dev/nvme0n1p1";
+        device = "/dev/nvme0n1p1";
-      #   fsType = "ext4";
+        fsType = "ext4";
-      #   options = [
+        options = [
-      #     "noatime"
+          "noatime"
-      #     "discard"
+          "discard"
-      #   ];
+        ];
-      #   neededForBoot = true;
+        neededForBoot = true;
-      # };
+      };
      "/.persist" = lib.mkForce {
        device = "bind9p";
@ -77,18 +77,18 @@
        neededForBoot = true;
      };
-      # "/disk" = {
+      "/disk" = {
-      #   fsType = "none";
+        fsType = "none";
-      #   device = "/.disk/persist";
+        device = "/.disk/persist";
-      #   options = [
+        options = [
-      #     "bind"
+          "bind"
-      #     "rw"
+          "rw"
-      #   ];
+        ];
-      #   depends = [
+        depends = [
-      #     "/.disk/persist"
+          "/.disk/persist"
-      #   ];
+        ];
-      #   neededForBoot = true;
+        neededForBoot = true;
-      # };
+      };
    };
  };
 }
--- a/nix/kubernetes/roles/containerd/default.nix
+++ b/nix/kubernetes/roles/containerd/default.nix
@ -62,7 +62,7 @@ in
      echo "Copied CNI plugins/config."
    '';
-    environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
+    environment.persistence."/disk" = lib.mkIf (config.me.mountPersistence) {
      hideMounts = lib.mkForce false;
      directories = [
        "/var/lib/containerd"