From 73657b7fcfe8ad87af70a1b6186a355971da6c97 Mon Sep 17 00:00:00 2001
From: Christian Albrecht <christian.albrecht@mayflower.de>
Date: Mon, 11 Mar 2019 10:58:57 +0100
Subject: [PATCH] Cleanup pki: kubelet

---
 .../services/cluster/kubernetes/kubelet.nix   | 25 +++++++++++++++++--
 .../services/cluster/kubernetes/pki.nix       | 17 -------------
 2 files changed, 23 insertions(+), 19 deletions(-)

diff --git a/nixos/modules/services/cluster/kubernetes/kubelet.nix b/nixos/modules/services/cluster/kubernetes/kubelet.nix
index 8eb212b41ec..2a4a0624555 100644
--- a/nixos/modules/services/cluster/kubernetes/kubelet.nix
+++ b/nixos/modules/services/cluster/kubernetes/kubelet.nix
@@ -241,7 +241,18 @@ in
 
   ###### implementation
   config = mkMerge [
-    (mkIf cfg.enable {
+    (let
+
+      kubeletPaths = filter (a: a != null) [
+        cfg.kubeconfig.caFile
+        cfg.kubeconfig.certFile
+        cfg.kubeconfig.keyFile
+        cfg.clientCaFile
+        cfg.tlsCertFile
+        cfg.tlsKeyFile
+      ];
+
+    in mkIf cfg.enable {
       services.kubernetes.kubelet.seedDockerImages = [infraContainer];
 
       systemd.services.kubelet = {
@@ -304,6 +315,15 @@ in
           '';
           WorkingDirectory = top.dataDir;
         };
+        unitConfig.ConditionPathExists = kubeletPaths;
+      };
+
+      systemd.paths.kubelet = {
+        wantedBy =  [ "kubelet.service" ];
+        pathConfig = {
+          PathExists = kubeletPaths;
+          PathChanged = kubeletPaths;
+        };
       };
 
       systemd.services.docker.before = [ "kubelet.service" ];
@@ -321,6 +341,7 @@ in
         '';
         script = "echo Ok";
         serviceConfig.Type = "oneshot";
+        serviceConfig.RemainAfterExit = true;
         serviceConfig.Slice = "kubernetes.slice";
       };
 
@@ -337,7 +358,7 @@ in
           flannel-date = "stat --print=%Y ${docker-env}";
           docker-date = "systemctl show --property=ActiveEnterTimestamp --value docker";
         in ''
-          while ! test -f ${docker-env} ; do sleep 1 ; done
+          until test -f ${docker-env} ; do sleep 1 ; done
           while test `${flannel-date}` -gt `date +%s --date="$(${docker-date})"` ; do
             sleep 1
           done
diff --git a/nixos/modules/services/cluster/kubernetes/pki.nix b/nixos/modules/services/cluster/kubernetes/pki.nix
index 2e79e7590e3..92eefae5bda 100644
--- a/nixos/modules/services/cluster/kubernetes/pki.nix
+++ b/nixos/modules/services/cluster/kubernetes/pki.nix
@@ -132,11 +132,6 @@ in
       cfg.certs.schedulerClient.cert
       cfg.certs.schedulerClient.key
     ];
-    kubeletPaths = [
-      top.kubelet.clientCaFile
-      top.kubelet.tlsCertFile
-      top.kubelet.tlsKeyFile
-    ];
   in
   {
 
@@ -376,18 +371,6 @@ in
         unitConfig.ConditionPathExists = proxyPaths;
       };
 
-      systemd.services.kubelet = mkIf top.kubelet.enable {
-        unitConfig.ConditionPathExists = kubeletPaths;
-      };
-
-      systemd.paths.kubelet = mkIf top.kubelet.enable {
-        wantedBy =  [ "kubelet.service" ];
-        pathConfig = {
-          PathExists = kubeletPaths;
-          PathChanged = kubeletPaths;
-        };
-      };
-
       systemd.paths.kube-proxy = mkIf top.proxy.enable {
         wantedBy = [ "kube-proxy.service" ];
         pathConfig = {