nixpkgs/nixos/tests/kubernetes/kubernetes-common.nix

{ roles, config, pkgs, certs }:
with pkgs.lib;
let
  base = {
    inherit roles;
    featureGates = ["AllAlpha"];
    flannel.enable = true;
    addons.dashboard.enable = true;

    caFile = "${certs.master}/ca.pem";
    apiserver = {
      tlsCertFile = "${certs.master}/kube-apiserver.pem";
      tlsKeyFile = "${certs.master}/kube-apiserver-key.pem";
      kubeletClientCertFile = "${certs.master}/kubelet-client.pem";
      kubeletClientKeyFile = "${certs.master}/kubelet-client-key.pem";
      serviceAccountKeyFile = "${certs.master}/kube-service-accounts.pem";
    };
    etcd = {
      servers = ["https://etcd.${config.networking.domain}:2379"];
      certFile = "${certs.worker}/etcd-client.pem";
      keyFile = "${certs.worker}/etcd-client-key.pem";
    };
    kubeconfig = {
      server = "https://api.${config.networking.domain}";
    };
    kubelet = {
      tlsCertFile = "${certs.worker}/kubelet.pem";
      tlsKeyFile = "${certs.worker}/kubelet-key.pem";
      hostname = "${config.networking.hostName}.${config.networking.domain}";
      kubeconfig = {
        certFile = "${certs.worker}/apiserver-client-kubelet-${config.networking.hostName}.pem";
        keyFile = "${certs.worker}/apiserver-client-kubelet-${config.networking.hostName}-key.pem";
      };
    };
    controllerManager = {
      serviceAccountKeyFile = "${certs.master}/kube-service-accounts-key.pem";
      kubeconfig = {
        certFile = "${certs.master}/apiserver-client-kube-controller-manager.pem";
        keyFile = "${certs.master}/apiserver-client-kube-controller-manager-key.pem";
      };
    };
    scheduler = {
      kubeconfig = {
        certFile = "${certs.master}/apiserver-client-kube-scheduler.pem";
        keyFile = "${certs.master}/apiserver-client-kube-scheduler-key.pem";
      };
    };
    proxy = {
      kubeconfig = {
        certFile = "${certs.worker}/apiserver-client-kube-proxy.pem";
        keyFile = "${certs.worker}//apiserver-client-kube-proxy-key.pem";
      };
    };
  };

in {
  services.kubernetes = base;
}
kubernetes: fix tests 2017-09-09 02:00:35 +02:00			`{ roles, config, pkgs, certs }:`
			`with pkgs.lib;`
kubernetes: add tests 2017-05-03 01:20:32 +02:00			`let`
kubernetes: fix tests 2017-09-09 02:00:35 +02:00			`base = {`
			`inherit roles;`
			`featureGates = ["AllAlpha"];`
			`flannel.enable = true;`
			`addons.dashboard.enable = true;`

			`caFile = "${certs.master}/ca.pem";`
			`apiserver = {`
			`tlsCertFile = "${certs.master}/kube-apiserver.pem";`
			`tlsKeyFile = "${certs.master}/kube-apiserver-key.pem";`
			`kubeletClientCertFile = "${certs.master}/kubelet-client.pem";`
			`kubeletClientKeyFile = "${certs.master}/kubelet-client-key.pem";`
			`serviceAccountKeyFile = "${certs.master}/kube-service-accounts.pem";`
kubernetes: add tests 2017-05-03 01:20:32 +02:00			`};`
			`etcd = {`
kubernetes: fix tests 2017-09-09 02:00:35 +02:00			`servers = ["https://etcd.${config.networking.domain}:2379"];`
			`certFile = "${certs.worker}/etcd-client.pem";`
			`keyFile = "${certs.worker}/etcd-client-key.pem";`
kubernetes: add tests 2017-05-03 01:20:32 +02:00			`};`
			`kubeconfig = {`
kubernetes: fix tests 2017-09-09 02:00:35 +02:00			`server = "https://api.${config.networking.domain}";`
			`};`
			`kubelet = {`
			`tlsCertFile = "${certs.worker}/kubelet.pem";`
			`tlsKeyFile = "${certs.worker}/kubelet-key.pem";`
			`hostname = "${config.networking.hostName}.${config.networking.domain}";`
			`kubeconfig = {`
nixos/k8s: Enable Node authorizer and NodeRestriction by default 2018-02-04 21:23:36 +01:00			`certFile = "${certs.worker}/apiserver-client-kubelet-${config.networking.hostName}.pem";`
			`keyFile = "${certs.worker}/apiserver-client-kubelet-${config.networking.hostName}-key.pem";`
kubernetes: fix tests 2017-09-09 02:00:35 +02:00			`};`
			`};`
			`controllerManager = {`
			`serviceAccountKeyFile = "${certs.master}/kube-service-accounts-key.pem";`
			`kubeconfig = {`
			`certFile = "${certs.master}/apiserver-client-kube-controller-manager.pem";`
			`keyFile = "${certs.master}/apiserver-client-kube-controller-manager-key.pem";`
			`};`
			`};`
			`scheduler = {`
			`kubeconfig = {`
			`certFile = "${certs.master}/apiserver-client-kube-scheduler.pem";`
			`keyFile = "${certs.master}/apiserver-client-kube-scheduler-key.pem";`
			`};`
			`};`
			`proxy = {`
			`kubeconfig = {`
			`certFile = "${certs.worker}/apiserver-client-kube-proxy.pem";`
			`keyFile = "${certs.worker}//apiserver-client-kube-proxy-key.pem";`
			`};`
kubernetes: add tests 2017-05-03 01:20:32 +02:00			`};`
			`};`

kubernetes: fix tests 2017-09-09 02:00:35 +02:00			`in {`
			`services.kubernetes = base;`
kubernetes: add tests 2017-05-03 01:20:32 +02:00			`}`