From c62071f80e588ef41e3d88d12ad245df5586b15e Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Mon, 29 Dec 2025 21:54:27 -0500 Subject: [PATCH] Move the kubelet yaml config into nix. --- nix/kubernetes/keys/scope.nix | 10 ++++- nix/kubernetes/roles/kubelet/default.nix | 44 ++++++++++++++++++- .../roles/kubelet/files/kubelet-config.yaml | 29 ------------ .../roles/kubelet/files/resolv.conf | 1 + 4 files changed, 53 insertions(+), 31 deletions(-) delete mode 100644 nix/kubernetes/roles/kubelet/files/kubelet-config.yaml create mode 100644 nix/kubernetes/roles/kubelet/files/resolv.conf diff --git a/nix/kubernetes/keys/scope.nix b/nix/kubernetes/keys/scope.nix index 20fd33aa..5732d9fd 100644 --- a/nix/kubernetes/keys/scope.nix +++ b/nix/kubernetes/keys/scope.nix @@ -267,7 +267,15 @@ makeScope newScope ( helm_namespace = "kube-system"; helm_path = "charts/coredns"; helm_manifest_name = "coredns.yaml"; - helm_values = { }; + helm_values = { + "service" = { + "clusterIP" = "fd00:3e42:e349::10"; + "clusterIPs" = [ + "fd00:3e42:e349::10" + "10.197.0.10" + ]; + }; + }; } )); all_keys = (callPackage ./package/k8s-keys/package.nix additional_vars); diff --git a/nix/kubernetes/roles/kubelet/default.nix b/nix/kubernetes/roles/kubelet/default.nix index cf790689..3014d18b 100644 --- a/nix/kubernetes/roles/kubelet/default.nix +++ b/nix/kubernetes/roles/kubelet/default.nix @@ -8,6 +8,48 @@ let # shellCommand = cmd: (lib.concatMapStringsSep " " lib.strings.escapeShellArg cmd); shellCommand = cmd: (builtins.concatStringsSep " " cmd); + to_yaml_file = ((import ../../../functions/to_yaml.nix) { inherit pkgs; }).to_yaml_file; + + kubelet_config = { + kind = "KubeletConfiguration"; + apiVersion = "kubelet.config.k8s.io/v1beta1"; + address = "0.0.0.0"; + authentication = { + anonymous = { + enabled = false; + }; + webhook = { + enabled = true; + }; + x509 = { + clientCAFile = "/.persist/keys/kube/ca.crt"; + }; + }; + authorization = { + mode = "Webhook"; + }; + cgroupDriver = "systemd"; + containerRuntimeEndpoint = "unix:///var/run/containerd/containerd.sock"; + enableServer = true; + failSwapOn = false; + maxPods = 16; + memorySwap = { + swapBehavior = "NoSwap"; + }; + port = 10250; + # resolvConf = "/run/systemd/resolve/resolv.conf"; + resolvConf = "${./files/resolv.conf}"; + registerNode = true; + runtimeRequestTimeout = "15m"; + tlsCertFile = "/.persist/keys/kube/kubelet.crt"; + tlsPrivateKeyFile = "/.persist/keys/kube/kubelet.key"; + # clusterDomain = "cluster.local"; + # clusterDNS = [ + # "10.197.0.10" + # "fd00:3e42:e349::10" + # ]; + }; + kubelet_config_file = (to_yaml_file "kubelet-config.yaml" kubelet_config); in { imports = [ ]; @@ -37,7 +79,7 @@ in ExecStart = ( shellCommand [ "${pkgs.kubernetes}/bin/kubelet" - "--config=${./files/kubelet-config.yaml}" + "--config=${kubelet_config_file}" "--kubeconfig=/.persist/keys/kube/kubelet.kubeconfig" "--v=2" ] diff --git a/nix/kubernetes/roles/kubelet/files/kubelet-config.yaml b/nix/kubernetes/roles/kubelet/files/kubelet-config.yaml deleted file mode 100644 index 1f5302fc..00000000 --- a/nix/kubernetes/roles/kubelet/files/kubelet-config.yaml +++ /dev/null @@ -1,29 +0,0 @@ -kind: KubeletConfiguration -apiVersion: kubelet.config.k8s.io/v1beta1 -address: "0.0.0.0" -authentication: - anonymous: - enabled: false - webhook: - enabled: true - x509: - clientCAFile: "/.persist/keys/kube/ca.crt" -authorization: - mode: Webhook -cgroupDriver: systemd -containerRuntimeEndpoint: "unix:///var/run/containerd/containerd.sock" -enableServer: true -failSwapOn: false -maxPods: 16 -memorySwap: - swapBehavior: NoSwap -port: 10250 -resolvConf: "/run/systemd/resolve/resolv.conf" -registerNode: true -runtimeRequestTimeout: "15m" -tlsCertFile: "/.persist/keys/kube/kubelet.crt" -tlsPrivateKeyFile: "/.persist/keys/kube/kubelet.key" -clusterDomain: "cluster.local" -clusterDNS: - - "10.197.0.10" - - "fd00:3e42:e349::10" diff --git a/nix/kubernetes/roles/kubelet/files/resolv.conf b/nix/kubernetes/roles/kubelet/files/resolv.conf new file mode 100644 index 00000000..5c089d65 --- /dev/null +++ b/nix/kubernetes/roles/kubelet/files/resolv.conf @@ -0,0 +1 @@ +nameserver 127.0.0.53