public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Cleanup pki: kubelet

Browse Source
This commit is contained in:
Christian Albrecht 2019-03-11 10:58:57 +01:00
parent ea6985ffc1
commit 73657b7fcf
No known key found for this signature in database
GPG Key ID: 866AF4B25DF7EB00
2 changed files with 23 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
nixos/modules/services/cluster/kubernetes/kubelet.nix
View File

@ -241,7 +241,18 @@ in
###### implementation ###### implementation
config = mkMerge [ config = mkMerge [
(mkIf cfg.enable { (let
kubeletPaths = filter (a: a != null) [
cfg.kubeconfig.caFile
cfg.kubeconfig.certFile
cfg.kubeconfig.keyFile
cfg.clientCaFile
cfg.tlsCertFile
cfg.tlsKeyFile
];
in mkIf cfg.enable {
services.kubernetes.kubelet.seedDockerImages = [infraContainer]; services.kubernetes.kubelet.seedDockerImages = [infraContainer];
systemd.services.kubelet = { systemd.services.kubelet = {
@ -304,6 +315,15 @@ in
''; '';
WorkingDirectory = top.dataDir; WorkingDirectory = top.dataDir;
}; };
unitConfig.ConditionPathExists = kubeletPaths;
};
systemd.paths.kubelet = {
wantedBy = [ "kubelet.service" ];
pathConfig = {
PathExists = kubeletPaths;
PathChanged = kubeletPaths;
};
}; };
systemd.services.docker.before = [ "kubelet.service" ]; systemd.services.docker.before = [ "kubelet.service" ];
@ -321,6 +341,7 @@ in
''; '';
script = "echo Ok"; script = "echo Ok";
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
serviceConfig.Slice = "kubernetes.slice"; serviceConfig.Slice = "kubernetes.slice";
}; };
@ -337,7 +358,7 @@ in
flannel-date = "stat --print=%Y ${docker-env}"; flannel-date = "stat --print=%Y ${docker-env}";
docker-date = "systemctl show --property=ActiveEnterTimestamp --value docker"; docker-date = "systemctl show --property=ActiveEnterTimestamp --value docker";
in '' in ''
while ! test -f ${docker-env} ; do sleep 1 ; done until test -f ${docker-env} ; do sleep 1 ; done
while test `${flannel-date}` -gt `date +%s --date="$(${docker-date})"` ; do while test `${flannel-date}` -gt `date +%s --date="$(${docker-date})"` ; do
sleep 1 sleep 1
done done

17
nixos/modules/services/cluster/kubernetes/pki.nix
View File

@ -132,11 +132,6 @@ in
cfg.certs.schedulerClient.cert cfg.certs.schedulerClient.cert
cfg.certs.schedulerClient.key cfg.certs.schedulerClient.key
]; ];
kubeletPaths = [
top.kubelet.clientCaFile
top.kubelet.tlsCertFile
top.kubelet.tlsKeyFile
];
in in
{ {
@ -376,18 +371,6 @@ in
unitConfig.ConditionPathExists = proxyPaths; unitConfig.ConditionPathExists = proxyPaths;
}; };
systemd.services.kubelet = mkIf top.kubelet.enable {
unitConfig.ConditionPathExists = kubeletPaths;
};
systemd.paths.kubelet = mkIf top.kubelet.enable {
wantedBy = [ "kubelet.service" ];
pathConfig = {
PathExists = kubeletPaths;
PathChanged = kubeletPaths;
};
};
systemd.paths.kube-proxy = mkIf top.proxy.enable { systemd.paths.kube-proxy = mkIf top.proxy.enable {
wantedBy = [ "kube-proxy.service" ]; wantedBy = [ "kube-proxy.service" ];
pathConfig = { pathConfig = {