kubernetes: update to 1.10
This commit is contained in:
parent
8033f52a12
commit
996849ab86
|
@ -31,6 +31,7 @@ with lib;
|
|||
(mkRenamedOptionModule [ "services" "graphite" "web" "host" ] [ "services" "graphite" "web" "listenAddress" ])
|
||||
(mkRenamedOptionModule [ "services" "i2pd" "extIp" ] [ "services" "i2pd" "address" ])
|
||||
(mkRenamedOptionModule [ "services" "kibana" "host" ] [ "services" "kibana" "listenAddress" ])
|
||||
(mkRenamedOptionModule [ "services" "kubernetes" "apiserver" "admissionControl" ] [ "services" "kubernetes" "apiserver" "enableAdmissionPlugins" ])
|
||||
(mkRenamedOptionModule [ "services" "logstash" "address" ] [ "services" "logstash" "listenAddress" ])
|
||||
(mkRenamedOptionModule [ "services" "mpd" "network" "host" ] [ "services" "mpd" "network" "listenAddress" ])
|
||||
(mkRenamedOptionModule [ "services" "neo4j" "host" ] [ "services" "neo4j" "listenAddress" ])
|
||||
|
|
|
@ -5,6 +5,37 @@ with lib;
|
|||
let
|
||||
cfg = config.services.kubernetes;
|
||||
|
||||
# YAML config; see:
|
||||
# https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/
|
||||
# https://github.com/kubernetes/kubernetes/blob/release-1.10/pkg/kubelet/apis/kubeletconfig/v1beta1/types.go
|
||||
#
|
||||
# TODO: migrate the following flags to this config file
|
||||
#
|
||||
# --pod-manifest-path
|
||||
# --address
|
||||
# --port
|
||||
# --tls-cert-file
|
||||
# --tls-private-key-file
|
||||
# --client-ca-file
|
||||
# --authentication-token-webhook
|
||||
# --authentication-token-webhook-cache-ttl
|
||||
# --authorization-mode
|
||||
# --healthz-bind-address
|
||||
# --healthz-port
|
||||
# --allow-privileged
|
||||
# --cluster-dns
|
||||
# --cluster-domain
|
||||
# --hairpin-mode
|
||||
# --feature-gates
|
||||
kubeletConfig = pkgs.runCommand "kubelet-config.yaml" { } ''
|
||||
echo > $out ${pkgs.lib.escapeShellArg (builtins.toJSON {
|
||||
kind = "KubeletConfiguration";
|
||||
apiVersion = "kubelet.config.k8s.io/v1beta1";
|
||||
${if cfg.kubelet.applyManifests then "staticPodPath" else null} =
|
||||
manifests;
|
||||
})}
|
||||
'';
|
||||
|
||||
skipAttrs = attrs: map (filterAttrs (k: v: k != "enable"))
|
||||
(filter (v: !(hasAttr "enable" v) || v.enable) attrs);
|
||||
|
||||
|
@ -339,9 +370,9 @@ in {
|
|||
type = types.str;
|
||||
};
|
||||
|
||||
admissionControl = mkOption {
|
||||
enableAdmissionPlugins = mkOption {
|
||||
description = ''
|
||||
Kubernetes admission control plugins to use. See
|
||||
Kubernetes admission control plugins to enable. See
|
||||
<link xlink:href="https://kubernetes.io/docs/admin/admission-controllers/"/>
|
||||
'';
|
||||
default = ["NamespaceLifecycle" "LimitRanger" "ServiceAccount" "ResourceQuota" "DefaultStorageClass" "DefaultTolerationSeconds" "NodeRestriction"];
|
||||
|
@ -353,6 +384,15 @@ in {
|
|||
type = types.listOf types.str;
|
||||
};
|
||||
|
||||
disableAdmissionPlugins = mkOption {
|
||||
description = ''
|
||||
Kubernetes admission control plugins to disable. See
|
||||
<link xlink:href="https://kubernetes.io/docs/admin/admission-controllers/"/>
|
||||
'';
|
||||
default = [];
|
||||
type = types.listOf types.str;
|
||||
};
|
||||
|
||||
serviceAccountKeyFile = mkOption {
|
||||
description = ''
|
||||
Kubernetes apiserver PEM-encoded x509 RSA private or public key file,
|
||||
|
@ -573,6 +613,7 @@ in {
|
|||
type = types.bool;
|
||||
};
|
||||
|
||||
# TODO: remove this deprecated flag
|
||||
cadvisorPort = mkOption {
|
||||
description = "Kubernetes kubelet local cadvisor port.";
|
||||
default = 4194;
|
||||
|
@ -783,12 +824,10 @@ in {
|
|||
serviceConfig = {
|
||||
Slice = "kubernetes.slice";
|
||||
ExecStart = ''${cfg.package}/bin/kubelet \
|
||||
${optionalString cfg.kubelet.applyManifests
|
||||
"--pod-manifest-path=${manifests}"} \
|
||||
${optionalString (taints != "")
|
||||
"--register-with-taints=${taints}"} \
|
||||
--kubeconfig=${mkKubeConfig "kubelet" cfg.kubelet.kubeconfig} \
|
||||
--require-kubeconfig \
|
||||
--config=${kubeletConfig} \
|
||||
--address=${cfg.kubelet.address} \
|
||||
--port=${toString cfg.kubelet.port} \
|
||||
--register-node=${boolToString cfg.kubelet.registerNode} \
|
||||
|
@ -899,7 +938,8 @@ in {
|
|||
--service-cluster-ip-range=${cfg.apiserver.serviceClusterIpRange} \
|
||||
${optionalString (cfg.apiserver.runtimeConfig != "")
|
||||
"--runtime-config=${cfg.apiserver.runtimeConfig}"} \
|
||||
--admission_control=${concatStringsSep "," cfg.apiserver.admissionControl} \
|
||||
--enable-admission-plugins=${concatStringsSep "," cfg.apiserver.enableAdmissionPlugins} \
|
||||
--disable-admission-plugins=${concatStringsSep "," cfg.apiserver.disableAdmissionPlugins} \
|
||||
${optionalString (cfg.apiserver.serviceAccountKeyFile!=null)
|
||||
"--service-account-key-file=${cfg.apiserver.serviceAccountKeyFile}"} \
|
||||
${optionalString cfg.verbose "--v=6"} \
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
"cmd/kube-apiserver"
|
||||
"cmd/kube-controller-manager"
|
||||
"cmd/kube-proxy"
|
||||
"plugin/cmd/kube-scheduler"
|
||||
"cmd/kube-scheduler"
|
||||
"test/e2e/e2e.test"
|
||||
]
|
||||
}:
|
||||
|
@ -16,16 +16,16 @@ with lib;
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "kubernetes-${version}";
|
||||
version = "1.9.7";
|
||||
version = "1.10.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "kubernetes";
|
||||
repo = "kubernetes";
|
||||
rev = "v${version}";
|
||||
sha256 = "1dykh48c6bvypg51mlxjdyrggpjq597mjj83xgj1pfadsy6pp9bh";
|
||||
sha256 = "0k6m55p0q8qscg8l7y1ymmp5vc3i07znqk61g4hs1gx0dj3id6mc";
|
||||
};
|
||||
|
||||
# go > 1.10 should be fixed by https://github.com/kubernetes/kubernetes/pull/60373
|
||||
# go > 1.10 should be fixed by https://github.com/kubernetes/kubernetes/pull/60597
|
||||
buildInputs = [ removeReferencesTo makeWrapper which go_1_9 rsync go-bindata ];
|
||||
|
||||
outputs = ["out" "man" "pause"];
|
||||
|
|
Loading…
Reference in New Issue