diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 2978eaefb46..7ae3722bc8f 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -346,6 +346,7 @@ ./services/networking/ferm.nix ./services/networking/firefox/sync-server.nix ./services/networking/firewall.nix + ./services/networking/flannel.nix ./services/networking/flashpolicyd.nix ./services/networking/freenet.nix ./services/networking/gale.nix diff --git a/nixos/modules/services/networking/flannel.nix b/nixos/modules/services/networking/flannel.nix new file mode 100644 index 00000000000..28b6c4f657d --- /dev/null +++ b/nixos/modules/services/networking/flannel.nix @@ -0,0 +1,153 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.flannel; + + networkConfig = filterAttrs (n: v: v != null) { + Network = cfg.network; + SubnetLen = cfg.subnetLen; + SubnetMin = cfg.subnetMin; + SubnetMax = cfg.subnetMax; + Backend = cfg.backend; + }; +in { + options.services.flannel = { + enable = mkEnableOption "flannel"; + + package = mkOption { + description = "Package to use for flannel"; + type = types.package; + default = pkgs.flannel.bin; + }; + + publicIp = mkOption { + description = '' + IP accessible by other nodes for inter-host communication. + Defaults to the IP of the interface being used for communication. + ''; + type = types.nullOr types.str; + default = null; + }; + + iface = mkOption { + description = '' + Interface to use (IP or name) for inter-host communication. + Defaults to the interface for the default route on the machine. + ''; + type = types.nullOr types.str; + default = null; + }; + + etcd = { + endpoints = mkOption { + description = "Etcd endpoints"; + type = types.listOf types.str; + default = ["http://127.0.0.1:2379"]; + }; + + prefix = mkOption { + description = "Etcd key prefix"; + type = types.str; + default = "/coreos.com/network"; + }; + + caFile = mkOption { + description = "Etcd certificate authority file"; + type = types.nullOr types.path; + default = null; + }; + + certFile = mkOption { + description = "Etcd cert file"; + type = types.nullOr types.path; + default = null; + }; + + keyFile = mkOption { + description = "Etcd key file"; + type = types.nullOr types.path; + default = null; + }; + }; + + network = mkOption { + description = " IPv4 network in CIDR format to use for the entire flannel network."; + type = types.str; + }; + + subnetLen = mkOption { + description = '' + The size of the subnet allocated to each host. Defaults to 24 (i.e. /24) + unless the Network was configured to be smaller than a /24 in which case + it is one less than the network. + ''; + type = types.int; + default = 24; + }; + + subnetMin = mkOption { + description = '' + The beginning of IP range which the subnet allocation should start with. + Defaults to the first subnet of Network. + ''; + type = types.nullOr types.str; + default = null; + }; + + subnetMax = mkOption { + description = '' + The end of IP range which the subnet allocation should start with. + Defaults to the last subnet of Network. + ''; + type = types.nullOr types.str; + default = null; + }; + + backend = mkOption { + description = "Type of backend to use and specific configurations for that backend."; + type = types.attrs; + default = { + Type = "vxlan"; + }; + }; + }; + + config = mkIf cfg.enable { + systemd.services.flannel = { + description = "Flannel Service"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + environment = { + FLANNELD_PUBLIC_IP = cfg.publicIp; + FLANNELD_ETCD_ENDPOINTS = concatStringsSep "," cfg.etcd.endpoints; + FLANNELD_ETCD_KEYFILE = cfg.etcd.keyFile; + FLANNELD_ETCD_CERTFILE = cfg.etcd.certFile; + FLANNELD_ETCD_CAFILE = cfg.etcd.caFile; + FLANNELD_IFACE = cfg.iface; + ETCDCTL_CERT_FILE = cfg.etcd.certFile; + ETCDCTL_KEY_FILE = cfg.etcd.keyFile; + ETCDCTL_CA_FILE = cfg.etcd.caFile; + ETCDCTL_PEERS = concatStringsSep "," cfg.etcd.endpoints; + }; + preStart = '' + echo "setting network configuration" + until ${pkgs.etcdctl.bin}/bin/etcdctl set /coreos.com/network/config '${builtins.toJSON networkConfig}' + do + echo "setting network configuration, retry" + sleep 1 + done + ''; + postStart = '' + while [ ! -f /run/flannel/subnet.env ] + do + sleep 1 + done + ''; + serviceConfig.ExecStart = "${cfg.package}/bin/flannel"; + }; + + services.etcd.enable = mkDefault cfg.etcd.endpoints == ["http://127.0.0.1:2379"]; + }; +} diff --git a/nixos/tests/flannel.nix b/nixos/tests/flannel.nix new file mode 100644 index 00000000000..7f27903a302 --- /dev/null +++ b/nixos/tests/flannel.nix @@ -0,0 +1,55 @@ +import ./make-test.nix ({ pkgs, ...} : rec { + name = "flannel"; + + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ offline ]; + }; + + nodes = let + flannelConfig = { + services.flannel = { + enable = true; + network = "10.1.0.0/16"; + iface = "eth1"; + etcd.endpoints = ["http://etcd:2379"]; + }; + + networking.firewall.allowedUDPPorts = [ 8472 ]; + }; + in { + etcd = { config, pkgs, ... }: { + services = { + etcd = { + enable = true; + listenClientUrls = ["http://etcd:2379"]; + listenPeerUrls = ["http://etcd:2380"]; + initialAdvertisePeerUrls = ["http://etcd:2379"]; + initialCluster = ["etcd=http://etcd:2379"]; + }; + }; + + networking.firewall.allowedTCPPorts = [ 2379 ]; + }; + + node1 = { config, ... }: { + require = [flannelConfig]; + }; + + node2 = { config, ... }: { + require = [flannelConfig]; + }; + }; + + testScript = '' + startAll; + + $node1->waitForUnit("flannel.service"); + $node2->waitForUnit("flannel.service"); + + my $ip1 = $node1->succeed("ip -4 addr show flannel.1 | grep -oP '(?<=inet).*(?=/)'"); + my $ip2 = $node2->succeed("ip -4 addr show flannel.1 | grep -oP '(?<=inet).*(?=/)'"); + + $node1->waitUntilSucceeds("ping -c 1 $ip2"); + $node2->waitUntilSucceeds("ping -c 1 $ip1"); + ''; +}) diff --git a/pkgs/tools/networking/flannel/default.nix b/pkgs/tools/networking/flannel/default.nix index 2eea08b9238..732051d8ec7 100644 --- a/pkgs/tools/networking/flannel/default.nix +++ b/pkgs/tools/networking/flannel/default.nix @@ -1,8 +1,10 @@ { stdenv, lib, buildGoPackage, fetchFromGitHub }: +with lib; + buildGoPackage rec { name = "flannel-${version}"; - version = "0.5.5"; + version = "0.6.2"; rev = "v${version}"; goPackagePath = "github.com/coreos/flannel"; @@ -13,6 +15,14 @@ buildGoPackage rec { inherit rev; owner = "coreos"; repo = "flannel"; - sha256 = "19nrilcc41411rag2qm22vdna4kpqm933ry9m82wkd7sqzb50fpw"; + sha256 = "03l0zyv9ajda70zw7jgwlmilw26h849jbb9f4slbycphhvbmpvb9"; + }; + + meta = { + description = "Network fabric for containers, designed for Kubernetes"; + license = licenses.asl20; + homepage = https://github.com/coreos/flannel; + maintainers = with maintainers; [offline]; + platforms = with platforms; linux; }; }