{ config, lib, pkgs, ... }: let # shellCommand = cmd: (lib.concatMapStringsSep " " lib.strings.escapeShellArg cmd); shellCommand = cmd: (builtins.concatStringsSep " " cmd); in { imports = [ ]; options.me = { kube_controller_manager.enable = lib.mkOption { type = lib.types.bool; default = false; example = true; description = "Whether we want to install kube_controller_manager."; }; }; config = lib.mkIf config.me.kube_controller_manager.enable { systemd.services.kube-controller-manager = { enable = true; description = "Kubernetes Controller Manager"; documentation = [ "https://github.com/kubernetes/kubernetes" ]; wantedBy = [ "kubernetes.target" ]; after = [ "kube-apiserver.service" ]; # path = with pkgs; [ # zfs # ]; unitConfig.DefaultDependencies = "no"; serviceConfig = { ExecStart = ( shellCommand [ "${pkgs.kubernetes}/bin/kube-controller-manager" "--bind-address=0.0.0.0" # "--cluster-cidr=10.200.0.0/16" # "--cluster-cidr=2620:11f:7001:7:ffff:ffff:0ac8:0000/96" "--allocate-node-cidrs=true" "--cluster-cidr=10.200.0.0/16,2620:11f:7001:7:ffff:eeee::/96" "--node-cidr-mask-size-ipv4=20" # default is 24 "--node-cidr-mask-size-ipv6=112" # default is 64, must be smaller than cluster-cidr mask "--cluster-name=kubernetes" "--cluster-signing-cert-file=/.persist/keys/kube/client-ca.crt" "--cluster-signing-key-file=/.persist/keys/kube/client-ca.key" "--kubeconfig=/.persist/keys/kube/kube-controller-manager.kubeconfig" "--root-ca-file=/.persist/keys/kube/client-ca.crt" "--service-account-private-key-file=/.persist/keys/kube/service-accounts.key" # "--service-cluster-ip-range=10.197.0.0/16" # "--service-cluster-ip-range=2620:11f:7001:7:ffff:ffff:0ac5:0000/16" "--service-cluster-ip-range=fd00:3e42:e349::/112,10.197.0.0/16" "--use-service-account-credentials=true" "--v=2" ] ); Restart = "on-failure"; RestartSec = 5; LimitNOFILE = 65536; User = "kubernetes"; }; }; networking.firewall.allowedTCPPorts = [ 10257 ]; }; }