public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/kubernetes: Address review: Move controller manager paths into pki

Browse Source
This commit is contained in:
Christian Albrecht 2019-03-06 16:50:35 +01:00
parent 6e9037fed0
commit 52fe1d2e7a
No known key found for this signature in database
GPG Key ID: 866AF4B25DF7EB00
2 changed files with 21 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
nixos/modules/services/cluster/kubernetes/controller-manager.nix
View File

@ -104,16 +104,7 @@ in
}; };
###### implementation ###### implementation
config = mkIf cfg.enable (let config = mkIf cfg.enable {
controllerManagerPaths = [
cfg.rootCaFile
cfg.tlsCertFile
cfg.tlsKeyFile
top.pki.certs.controllerManagerClient.cert
top.pki.certs.controllerManagerClient.key
];
in {
systemd.services.kube-controller-manager = { systemd.services.kube-controller-manager = {
description = "Kubernetes Controller Manager Service"; description = "Kubernetes Controller Manager Service";
wantedBy = [ "kube-control-plane-online.target" ]; wantedBy = [ "kube-control-plane-online.target" ];
@ -160,15 +151,6 @@ in
Group = "kubernetes"; Group = "kubernetes";
}; };
path = top.path; path = top.path;
unitConfig.ConditionPathExists = controllerManagerPaths;
};
systemd.paths.kube-controller-manager = {
wantedBy = [ "kube-controller-manager.service" ];
pathConfig = {
PathExists = controllerManagerPaths;
PathChanged = controllerManagerPaths;
};
}; };
services.kubernetes.pki.certs = with top.lib; { services.kubernetes.pki.certs = with top.lib; {
@ -185,5 +167,5 @@ in
}; };
services.kubernetes.controllerManager.kubeconfig.server = mkDefault top.apiserverAddress; services.kubernetes.controllerManager.kubeconfig.server = mkDefault top.apiserverAddress;
}); };
} }

19
nixos/modules/services/cluster/kubernetes/pki.nix
View File

@ -143,6 +143,13 @@ in
cfg.certs.schedulerClient.cert cfg.certs.schedulerClient.cert
cfg.certs.schedulerClient.key cfg.certs.schedulerClient.key
]; ];
controllerManagerPaths = [
top.controllerManager.rootCaFile
top.controllerManager.tlsCertFile
top.controllerManager.tlsKeyFile
cfg.certs.controllerManagerClient.cert
cfg.certs.controllerManagerClient.key
];
in in
{ {
@ -336,6 +343,18 @@ in
}; };
}; };
systemd.services.kube-controller-manager = mkIf top.controllerManager.enable {
unitConfig.ConditionPathExists = controllerManagerPaths;
};
systemd.paths.kube-controller-manager = mkIf top.controllerManager.enable {
wantedBy = [ "kube-controller-manager.service" ];
pathConfig = {
PathExists = controllerManagerPaths;
PathChanged = controllerManagerPaths;
};
};
environment.etc.${cfg.etcClusterAdminKubeconfig}.source = mkIf (!isNull cfg.etcClusterAdminKubeconfig) environment.etc.${cfg.etcClusterAdminKubeconfig}.source = mkIf (!isNull cfg.etcClusterAdminKubeconfig)
clusterAdminKubeconfig; clusterAdminKubeconfig;