talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Move the kubelet yaml config into nix.

Browse Source
This commit is contained in:
Tom Alexander 2025-12-29 21:54:27 -05:00 committed by Tom Alexander
parent 29608e3376
commit c62071f80e
Signed by: talexander
GPG Key ID: 36C99E8B3C39D85F
4 changed files with 53 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
nix/kubernetes/keys/scope.nix
View File

@ -267,7 +267,15 @@ makeScope newScope (
helm_namespace = "kube-system"; helm_namespace = "kube-system";
helm_path = "charts/coredns"; helm_path = "charts/coredns";
helm_manifest_name = "coredns.yaml"; helm_manifest_name = "coredns.yaml";
helm_values = { }; helm_values = {
"service" = {
"clusterIP" = "fd00:3e42:e349::10";
"clusterIPs" = [
"fd00:3e42:e349::10"
"10.197.0.10"
];
};
};
} }
)); ));
all_keys = (callPackage ./package/k8s-keys/package.nix additional_vars); all_keys = (callPackage ./package/k8s-keys/package.nix additional_vars);

44
nix/kubernetes/roles/kubelet/default.nix
View File

@ -8,6 +8,48 @@
let let
# shellCommand = cmd: (lib.concatMapStringsSep " " lib.strings.escapeShellArg cmd); # shellCommand = cmd: (lib.concatMapStringsSep " " lib.strings.escapeShellArg cmd);
shellCommand = cmd: (builtins.concatStringsSep " " cmd); shellCommand = cmd: (builtins.concatStringsSep " " cmd);
to_yaml_file = ((import ../../../functions/to_yaml.nix) { inherit pkgs; }).to_yaml_file;
kubelet_config = {
kind = "KubeletConfiguration";
apiVersion = "kubelet.config.k8s.io/v1beta1";
address = "0.0.0.0";
authentication = {
anonymous = {
enabled = false;
};
webhook = {
enabled = true;
};
x509 = {
clientCAFile = "/.persist/keys/kube/ca.crt";
};
};
authorization = {
mode = "Webhook";
};
cgroupDriver = "systemd";
containerRuntimeEndpoint = "unix:///var/run/containerd/containerd.sock";
enableServer = true;
failSwapOn = false;
maxPods = 16;
memorySwap = {
swapBehavior = "NoSwap";
};
port = 10250;
# resolvConf = "/run/systemd/resolve/resolv.conf";
resolvConf = "${./files/resolv.conf}";
registerNode = true;
runtimeRequestTimeout = "15m";
tlsCertFile = "/.persist/keys/kube/kubelet.crt";
tlsPrivateKeyFile = "/.persist/keys/kube/kubelet.key";
# clusterDomain = "cluster.local";
# clusterDNS = [
# "10.197.0.10"
# "fd00:3e42:e349::10"
# ];
};
kubelet_config_file = (to_yaml_file "kubelet-config.yaml" kubelet_config);
in in
{ {
imports = [ ]; imports = [ ];
@ -37,7 +79,7 @@ in
ExecStart = ( ExecStart = (
shellCommand [ shellCommand [
"${pkgs.kubernetes}/bin/kubelet" "${pkgs.kubernetes}/bin/kubelet"
"--config=${./files/kubelet-config.yaml}" "--config=${kubelet_config_file}"
"--kubeconfig=/.persist/keys/kube/kubelet.kubeconfig" "--kubeconfig=/.persist/keys/kube/kubelet.kubeconfig"
"--v=2" "--v=2"
] ]

29
nix/kubernetes/roles/kubelet/files/kubelet-config.yaml
View File

@ -1,29 +0,0 @@
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
address: "0.0.0.0"
authentication:
anonymous:
enabled: false
webhook:
enabled: true
x509:
clientCAFile: "/.persist/keys/kube/ca.crt"
authorization:
mode: Webhook
cgroupDriver: systemd
containerRuntimeEndpoint: "unix:///var/run/containerd/containerd.sock"
enableServer: true
failSwapOn: false
maxPods: 16
memorySwap:
swapBehavior: NoSwap
port: 10250
resolvConf: "/run/systemd/resolve/resolv.conf"
registerNode: true
runtimeRequestTimeout: "15m"
tlsCertFile: "/.persist/keys/kube/kubelet.crt"
tlsPrivateKeyFile: "/.persist/keys/kube/kubelet.key"
clusterDomain: "cluster.local"
clusterDNS:
- "10.197.0.10"
- "fd00:3e42:e349::10"

1
nix/kubernetes/roles/kubelet/files/resolv.conf Normal file
View File

@ -0,0 +1 @@
nameserver 127.0.0.53