public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #128818 from NixOS/backport-128546-to-release-21.05

Browse Source 
[Backport release-21.05] kubernetes: make tests pass by fixing a conntrack-tools dep and a missing dir
This commit is contained in:
Niklas Hambüchen 2021-07-27 16:18:00 +02:00 committed by GitHub
commit 0a532d8b22
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
nixos/modules/services/cluster/kubernetes/pki.nix
View File

@ -189,6 +189,7 @@ in
# manually paste it in place. Just symlink. # manually paste it in place. Just symlink.
# otherwise, create the target file, ready for users to insert the token # otherwise, create the target file, ready for users to insert the token
mkdir -p $(dirname ${certmgrAPITokenPath})
if [ -f "${cfsslAPITokenPath}" ]; then if [ -f "${cfsslAPITokenPath}" ]; then
ln -fs "${cfsslAPITokenPath}" "${certmgrAPITokenPath}" ln -fs "${cfsslAPITokenPath}" "${certmgrAPITokenPath}"
else else

2
nixos/modules/services/cluster/kubernetes/proxy.nix
View File

@ -59,7 +59,7 @@ in
description = "Kubernetes Proxy Service"; description = "Kubernetes Proxy Service";
wantedBy = [ "kubernetes.target" ]; wantedBy = [ "kubernetes.target" ];
after = [ "kube-apiserver.service" ]; after = [ "kube-apiserver.service" ];
path = with pkgs; [ iptables conntrack_tools ]; path = with pkgs; [ iptables conntrack-tools ];
serviceConfig = { serviceConfig = {
Slice = "kubernetes.slice"; Slice = "kubernetes.slice";
ExecStart = ''${top.package}/bin/kube-proxy \ ExecStart = ''${top.package}/bin/kube-proxy \

9
nixos/tests/kubernetes/base.nix
View File

@ -40,7 +40,7 @@ let
allowedTCPPorts = [ allowedTCPPorts = [
10250 # kubelet 10250 # kubelet
]; ];
trustedInterfaces = ["docker0"]; trustedInterfaces = ["mynet"];
extraCommands = concatMapStrings (node: '' extraCommands = concatMapStrings (node: ''
iptables -A INPUT -s ${node.config.networking.primaryIPAddress} -j ACCEPT iptables -A INPUT -s ${node.config.networking.primaryIPAddress} -j ACCEPT
@ -61,6 +61,13 @@ let
advertiseAddress = master.ip; advertiseAddress = master.ip;
}; };
masterAddress = "${masterName}.${config.networking.domain}"; masterAddress = "${masterName}.${config.networking.domain}";
# workaround for:
# https://github.com/kubernetes/kubernetes/issues/102676
# (workaround from) https://github.com/kubernetes/kubernetes/issues/95488
kubelet.extraOpts = ''\
--cgroups-per-qos=false \
--enforce-node-allocatable="" \
'';
}; };
} }
(optionalAttrs (any (role: role == "master") machine.roles) { (optionalAttrs (any (role: role == "master") machine.roles) {