diff --git a/nix/kubernetes/configuration.nix b/nix/kubernetes/configuration.nix index 34e2f860..e6d5ef55 100644 --- a/nix/kubernetes/configuration.nix +++ b/nix/kubernetes/configuration.nix @@ -7,7 +7,6 @@ { imports = [ ./roles/boot - ./roles/bootstrap ./roles/cilium ./roles/containerd ./roles/control_plane diff --git a/nix/kubernetes/hosts/worker0/default.nix b/nix/kubernetes/hosts/worker0/default.nix index e7e954f1..59f80f37 100644 --- a/nix/kubernetes/hosts/worker0/default.nix +++ b/nix/kubernetes/hosts/worker0/default.nix @@ -102,7 +102,6 @@ # nix.sshServe.enable = true; # nix.sshServe.keys = [ "ssh-dss AAAAB3NzaC1k... bob@example.org" ]; - me.bootstrap.enable = true; me.dont_use_substituters.enable = true; me.minimal_base.enable = true; me.worker_node.enable = true; diff --git a/nix/kubernetes/keys/flake.nix b/nix/kubernetes/keys/flake.nix index af515b51..e7632098 100644 --- a/nix/kubernetes/keys/flake.nix +++ b/nix/kubernetes/keys/flake.nix @@ -20,6 +20,7 @@ { deploy_script = appliedOverlay.k8s.deploy_script; default = appliedOverlay.k8s.all_keys; + bootstrap_script = appliedOverlay.k8s.bootstrap_script; } ); overlays.default = ( diff --git a/nix/kubernetes/roles/bootstrap/files/cilium.yaml b/nix/kubernetes/keys/package/bootstrap-script/files/manifests/cilium.yaml similarity index 100% rename from nix/kubernetes/roles/bootstrap/files/cilium.yaml rename to nix/kubernetes/keys/package/bootstrap-script/files/manifests/cilium.yaml diff --git a/nix/kubernetes/roles/bootstrap/files/flux.yaml b/nix/kubernetes/keys/package/bootstrap-script/files/manifests/flux.yaml similarity index 100% rename from nix/kubernetes/roles/bootstrap/files/flux.yaml rename to nix/kubernetes/keys/package/bootstrap-script/files/manifests/flux.yaml diff --git a/nix/kubernetes/roles/bootstrap/files/flux_namespace.yaml b/nix/kubernetes/keys/package/bootstrap-script/files/manifests/flux_namespace.yaml similarity index 100% rename from nix/kubernetes/roles/bootstrap/files/flux_namespace.yaml rename to nix/kubernetes/keys/package/bootstrap-script/files/manifests/flux_namespace.yaml diff --git a/nix/kubernetes/roles/bootstrap/files/initial_clusterrole.yaml b/nix/kubernetes/keys/package/bootstrap-script/files/manifests/initial_clusterrole.yaml similarity index 100% rename from nix/kubernetes/roles/bootstrap/files/initial_clusterrole.yaml rename to nix/kubernetes/keys/package/bootstrap-script/files/manifests/initial_clusterrole.yaml diff --git a/nix/kubernetes/keys/package/bootstrap-script/package.nix b/nix/kubernetes/keys/package/bootstrap-script/package.nix new file mode 100644 index 00000000..bfaa8475 --- /dev/null +++ b/nix/kubernetes/keys/package/bootstrap-script/package.nix @@ -0,0 +1,49 @@ +# unpackPhase +# patchPhase +# configurePhase +# buildPhase +# checkPhase +# installPhase +# fixupPhase +# installCheckPhase +# distPhase +{ + config, + lib, + stdenv, + writeShellScript, + k8s, + openssh, + ... +}: +let + bootstrap_script = (writeShellScript "bootstrap-script" bootstrap_script_body); + bootstrap_script_body = ('' + set -euo pipefail + IFS=$'\n\t' + DIR="$( cd "$( dirname "''${BASH_SOURCE[0]}" )" && pwd )" + + ${apply_manifests} + echo "Bootstrap finished" + ''); + manifests = ( + lib.concatMapStringsSep "," lib.escapeShellArg [ + ./files/manifests/initial_clusterrole.yaml + ./files/manifests/cilium.yaml + ./files/manifests/flux_namespace.yaml + ./files/manifests/flux.yaml + ] + ); + apply_manifests = "kubectl --kubeconfig=${k8s.client-configs.admin}/admin.kubeconfig apply --server-side --force-conflicts -f ${manifests}"; +in +stdenv.mkDerivation (finalAttrs: { + name = "bootstrap-script"; + nativeBuildInputs = [ ]; + buildInputs = [ ]; + + unpackPhase = "true"; + + installPhase = '' + cp ${bootstrap_script} "$out" + ''; +}) diff --git a/nix/kubernetes/keys/scope.nix b/nix/kubernetes/keys/scope.nix index bdb5d539..e36cde16 100644 --- a/nix/kubernetes/keys/scope.nix +++ b/nix/kubernetes/keys/scope.nix @@ -166,5 +166,6 @@ makeScope newScope ( encryption_config = (callPackage ./package/k8s-encryption-key/package.nix additional_vars); all_keys = (callPackage ./package/k8s-keys/package.nix additional_vars); deploy_script = (callPackage ./package/deploy-script/package.nix additional_vars); + bootstrap_script = (callPackage ./package/bootstrap-script/package.nix additional_vars); } ) diff --git a/nix/kubernetes/roles/bootstrap/default.nix b/nix/kubernetes/roles/bootstrap/default.nix deleted file mode 100644 index 2eda302c..00000000 --- a/nix/kubernetes/roles/bootstrap/default.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: - -{ - imports = [ ]; - - options.me = { - bootstrap.enable = lib.mkOption { - type = lib.types.bool; - default = false; - example = true; - description = "Whether we want to install bootstrap."; - }; - - bootstrap.manifests = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ ]; - example = lib.literalExpression ''[ ${./files/clusterrole.yaml} ]''; - description = "List of kubernetes manifests to load into the cluster."; - }; - }; - - config = - lib.mkIf (config.me.bootstrap.enable && ((builtins.length config.me.bootstrap.manifests) > 0)) - { - systemd.services.kube-bootstrap = { - enable = true; - description = "Load initial kubernetes manifests into the cluster"; - after = [ "kubernetes.target" ]; - wantedBy = [ "multi-user.target" ]; - path = with pkgs; [ - kubectl - ]; - unitConfig.DefaultDependencies = "no"; - serviceConfig = { - Type = "oneshot"; - }; - script = - let - manifests = (lib.concatMapStringsSep "," lib.escapeShellArg config.me.bootstrap.manifests); - in - '' - set -o pipefail - IFS=$'\n\t' - - kubectl --kubeconfig=/.persist/keys/kube/kubelet.kubeconfig apply --server-side --force-conflicts -f ${manifests} - ''; - }; - }; -} diff --git a/nix/kubernetes/roles/worker_node/default.nix b/nix/kubernetes/roles/worker_node/default.nix index 7a2edc35..804d6f8f 100644 --- a/nix/kubernetes/roles/worker_node/default.nix +++ b/nix/kubernetes/roles/worker_node/default.nix @@ -18,10 +18,6 @@ }; config = lib.mkIf config.me.worker_node.enable { - me.bootstrap.manifests = [ - "${../bootstrap/files/initial_clusterrole.yaml}" - "${../bootstrap/files/cilium.yaml}" - ]; me.cilium.enable = true; me.containerd.enable = true; me.firewall.enable = true;