talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix launching of containers.

Browse Source
This commit is contained in:
Tom Alexander 2025-12-19 22:49:32 -05:00 committed by Tom Alexander
parent d9c290f8b1
commit 8e58c3ffbd
Signed by: talexander
GPG Key ID: 36C99E8B3C39D85F
5 changed files with 97 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
nix/kubernetes/bootstrap/initial_clusterrole.yaml Normal file
View File

@ -0,0 +1,33 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: system:kube-apiserver-to-kubelet
rules:
- apiGroups:
- ""
resources:
- nodes/proxy
- nodes/stats
- nodes/log
- nodes/spec
- nodes/metrics
verbs:
- "*"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:kube-apiserver
namespace: ""
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:kube-apiserver-to-kubelet
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: kubernetes

42
nix/kubernetes/hosts/worker0/vm_disk.nix
View File

@ -11,15 +11,15 @@
config = {
# Mount the local disk
fileSystems = lib.mkIf config.me.mountPersistence {
# "/.disk" = lib.mkForce {
# device = "/dev/nvme0n1p1";
# fsType = "ext4";
# options = [
# "noatime"
# "discard"
# ];
# neededForBoot = true;
# };
"/.disk" = lib.mkForce {
device = "/dev/nvme0n1p1";
fsType = "ext4";
options = [
"noatime"
"discard"
];
neededForBoot = true;
};
"/.persist" = lib.mkForce {
device = "bind9p";
@ -77,18 +77,18 @@
neededForBoot = true;
};
# "/disk" = {
# fsType = "none";
# device = "/.disk/persist";
# options = [
# "bind"
# "rw"
# ];
# depends = [
# "/.disk/persist"
# ];
# neededForBoot = true;
# };
"/disk" = {
fsType = "none";
device = "/.disk/persist";
options = [
"bind"
"rw"
];
depends = [
"/.disk/persist"
];
neededForBoot = true;
};
};
};
}

42
nix/kubernetes/hosts/worker1/vm_disk.nix
View File

@ -11,15 +11,15 @@
config = {
# Mount the local disk
fileSystems = lib.mkIf config.me.mountPersistence {
# "/.disk" = lib.mkForce {
# device = "/dev/nvme0n1p1";
# fsType = "ext4";
# options = [
# "noatime"
# "discard"
# ];
# neededForBoot = true;
# };
"/.disk" = lib.mkForce {
device = "/dev/nvme0n1p1";
fsType = "ext4";
options = [
"noatime"
"discard"
];
neededForBoot = true;
};
"/.persist" = lib.mkForce {
device = "bind9p";
@ -77,18 +77,18 @@
neededForBoot = true;
};
# "/disk" = {
# fsType = "none";
# device = "/.disk/persist";
# options = [
# "bind"
# "rw"
# ];
# depends = [
# "/.disk/persist"
# ];
# neededForBoot = true;
# };
"/disk" = {
fsType = "none";
device = "/.disk/persist";
options = [
"bind"
"rw"
];
depends = [
"/.disk/persist"
];
neededForBoot = true;
};
};
};
}

42
nix/kubernetes/hosts/worker2/vm_disk.nix
View File

@ -11,15 +11,15 @@
config = {
# Mount the local disk
fileSystems = lib.mkIf config.me.mountPersistence {
# "/.disk" = lib.mkForce {
# device = "/dev/nvme0n1p1";
# fsType = "ext4";
# options = [
# "noatime"
# "discard"
# ];
# neededForBoot = true;
# };
"/.disk" = lib.mkForce {
device = "/dev/nvme0n1p1";
fsType = "ext4";
options = [
"noatime"
"discard"
];
neededForBoot = true;
};
"/.persist" = lib.mkForce {
device = "bind9p";
@ -77,18 +77,18 @@
neededForBoot = true;
};
# "/disk" = {
# fsType = "none";
# device = "/.disk/persist";
# options = [
# "bind"
# "rw"
# ];
# depends = [
# "/.disk/persist"
# ];
# neededForBoot = true;
# };
"/disk" = {
fsType = "none";
device = "/.disk/persist";
options = [
"bind"
"rw"
];
depends = [
"/.disk/persist"
];
neededForBoot = true;
};
};
};
}

2
nix/kubernetes/roles/containerd/default.nix
View File

@ -62,7 +62,7 @@ in
echo "Copied CNI plugins/config."
'';
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
environment.persistence."/disk" = lib.mkIf (config.me.mountPersistence) {
hideMounts = lib.mkForce false;
directories = [
"/var/lib/containerd"