From c2622910ab2fe37664ae5effa2b839c46dda7196 Mon Sep 17 00:00:00 2001 From: Jaka Hudoklin Date: Tue, 30 May 2017 11:57:52 +0200 Subject: [PATCH] kubernetes module: add support for common CA file --- .../services/cluster/kubernetes/default.nix | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/nixos/modules/services/cluster/kubernetes/default.nix b/nixos/modules/services/cluster/kubernetes/default.nix index a37f4fd1d75..449094175ce 100644 --- a/nixos/modules/services/cluster/kubernetes/default.nix +++ b/nixos/modules/services/cluster/kubernetes/default.nix @@ -49,7 +49,7 @@ let caFile = mkOption { description = "${prefix} certificate authrority file used to connect to kube-apiserver."; type = types.nullOr types.path; - default = null; + default = cfg.caFile; }; certFile = mkOption { @@ -256,13 +256,19 @@ in { caFile = mkOption { description = "Etcd ca file."; - default = null; + default = cfg.caFile; type = types.nullOr types.path; }; }; kubeconfig = mkKubeConfigOptions "Default kubeconfig"; + caFile = mkOption { + description = "Default kubernetes certificate authority"; + type = types.nullOr types.path; + default = null; + }; + dataDir = mkOption { description = "Kubernetes root directory for managing kubelet files."; default = "/var/lib/kubernetes"; @@ -335,7 +341,7 @@ in { clientCaFile = mkOption { description = "Kubernetes apiserver CA file for client auth."; - default = null; + default = cfg.caFile; type = types.nullOr types.path; }; @@ -427,7 +433,7 @@ in { kubeletClientCaFile = mkOption { description = "Path to a cert file for connecting to kubelet."; - default = null; + default = cfg.caFile; type = types.nullOr types.path; }; @@ -529,7 +535,7 @@ in { Kubernetes controller manager certificate authority file included in service account's token secret. ''; - default = null; + default = cfg.caFile; type = types.nullOr types.path; };