public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

kubernetes service: fix for 1.0.3

Browse Source
This commit is contained in:
Jaka Hudoklin 2015-08-19 23:52:19 +02:00
parent 559e2ab951
commit c33d282278
1 changed files with 47 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
nixos/modules/services/cluster/kubernetes.nix
View File

@ -78,12 +78,6 @@ in {
type = types.int; type = types.int;
}; };
readOnlyPort = mkOption {
description = "Kubernets apiserver read-only port.";
default = 7080;
type = types.int;
};
securePort = mkOption { securePort = mkOption {
description = "Kubernetes apiserver secure port."; description = "Kubernetes apiserver secure port.";
default = 6443; default = 6443;
@ -102,6 +96,12 @@ in {
type = types.str; type = types.str;
}; };
clientCaFile = mkOption {
description = "Kubernetes apiserver CA file for client auth.";
default = "";
type = types.str;
};
tokenAuth = mkOption { tokenAuth = mkOption {
description = '' description = ''
Kubernetes apiserver token authentication file. See Kubernetes apiserver token authentication file. See
@ -158,6 +158,19 @@ in {
type = types.str; type = types.str;
}; };
runtimeConfig = mkOption {
description = "Api runtime configuration";
default = "";
example = "api/all=false,api/v1=true";
type = types.str;
};
admissionControl = mkOption {
description = "Kubernetes admission control plugins to use.";
default = ["AlwaysAdmit"];
type = types.listOf types.str;
};
extraOpts = mkOption { extraOpts = mkOption {
description = "Kubernetes apiserver extra command line options."; description = "Kubernetes apiserver extra command line options.";
default = ""; default = "";
@ -222,12 +235,6 @@ in {
type = types.str; type = types.str;
}; };
machines = mkOption {
description = "Kubernetes controller list of machines to schedule to schedule onto";
default = [];
type = types.listOf types.str;
};
extraOpts = mkOption { extraOpts = mkOption {
description = "Kubernetes controller extra command line options."; description = "Kubernetes controller extra command line options.";
default = ""; default = "";
@ -260,6 +267,20 @@ in {
type = types.int; type = types.int;
}; };
healthz = {
bind = mkOption {
description = "Kubernetes kubelet healthz listening address.";
default = "127.0.0.1";
type = types.str;
};
port = mkOption {
description = "Kubernetes kubelet healthz port.";
default = 10248;
type = types.int;
};
};
hostname = mkOption { hostname = mkOption {
description = "Kubernetes kubelet hostname override"; description = "Kubernetes kubelet hostname override";
default = config.networking.hostName; default = config.networking.hostName;
@ -374,7 +395,6 @@ in {
--etcd-servers=${concatMapStringsSep "," (f: "http://${f}") cfg.etcdServers} \ --etcd-servers=${concatMapStringsSep "," (f: "http://${f}") cfg.etcdServers} \
--insecure-bind-address=${cfg.apiserver.address} \ --insecure-bind-address=${cfg.apiserver.address} \
--insecure-port=${toString cfg.apiserver.port} \ --insecure-port=${toString cfg.apiserver.port} \
--read-only-port=${toString cfg.apiserver.readOnlyPort} \
--bind-address=${cfg.apiserver.publicAddress} \ --bind-address=${cfg.apiserver.publicAddress} \
--allow-privileged=${if cfg.apiserver.allowPrivileged then "true" else "false"} \ --allow-privileged=${if cfg.apiserver.allowPrivileged then "true" else "false"} \
${optionalString (cfg.apiserver.tlsCertFile!="") ${optionalString (cfg.apiserver.tlsCertFile!="")
@ -383,11 +403,16 @@ in {
"--tls-private-key-file=${cfg.apiserver.tlsPrivateKeyFile}"} \ "--tls-private-key-file=${cfg.apiserver.tlsPrivateKeyFile}"} \
${optionalString (cfg.apiserver.tokenAuth!=[]) ${optionalString (cfg.apiserver.tokenAuth!=[])
"--token-auth-file=${tokenAuthFile}"} \ "--token-auth-file=${tokenAuthFile}"} \
${optionalString (cfg.apiserver.clientCaFile!="")
"--client-ca-file=${cfg.apiserver.clientCaFile}"} \
--authorization-mode=${cfg.apiserver.authorizationMode} \ --authorization-mode=${cfg.apiserver.authorizationMode} \
${optionalString (cfg.apiserver.authorizationMode == "ABAC") ${optionalString (cfg.apiserver.authorizationMode == "ABAC")
"--authorization-policy-file=${authorizationPolicyFile}"} \ "--authorization-policy-file=${authorizationPolicyFile}"} \
--secure-port=${toString cfg.apiserver.securePort} \ --secure-port=${toString cfg.apiserver.securePort} \
--service-cluster-ip-range=${cfg.apiserver.portalNet} \ --service-cluster-ip-range=${cfg.apiserver.portalNet} \
${optionalString (cfg.apiserver.runtimeConfig!="")
"--runtime-config=${cfg.apiserver.runtimeConfig}"} \
--admission_control=${cfg.apiserver.admissionControl} \
--logtostderr=true \ --logtostderr=true \
${optionalString cfg.verbose "--v=6 --log-flush-frequency=1s"} \ ${optionalString cfg.verbose "--v=6 --log-flush-frequency=1s"} \
${cfg.apiserver.extraOpts} ${cfg.apiserver.extraOpts}
@ -431,7 +456,6 @@ in {
--address=${cfg.controllerManager.address} \ --address=${cfg.controllerManager.address} \
--port=${toString cfg.controllerManager.port} \ --port=${toString cfg.controllerManager.port} \
--master=${cfg.controllerManager.master} \ --master=${cfg.controllerManager.master} \
--machines=${concatStringsSep "," cfg.controllerManager.machines} \
--logtostderr=true \ --logtostderr=true \
${optionalString cfg.verbose "--v=6 --log-flush-frequency=1s"} \ ${optionalString cfg.verbose "--v=6 --log-flush-frequency=1s"} \
${cfg.controllerManager.extraOpts} ${cfg.controllerManager.extraOpts}
@ -454,6 +478,8 @@ in {
--register-node=${if cfg.kubelet.registerNode then "true" else "false"} \ --register-node=${if cfg.kubelet.registerNode then "true" else "false"} \
--address=${cfg.kubelet.address} \ --address=${cfg.kubelet.address} \
--port=${toString cfg.kubelet.port} \ --port=${toString cfg.kubelet.port} \
--healthz-bind-address=${cfg.kubelet.healthz.bind} \
--healthz-port=${toString cfg.kubelet.healthz.port} \
--hostname-override=${cfg.kubelet.hostname} \ --hostname-override=${cfg.kubelet.hostname} \
--allow-privileged=${if cfg.kubelet.allowPrivileged then "true" else "false"} \ --allow-privileged=${if cfg.kubelet.allowPrivileged then "true" else "false"} \
--root-dir=${cfg.dataDir} \ --root-dir=${cfg.dataDir} \
@ -504,9 +530,6 @@ in {
User = "kubernetes"; User = "kubernetes";
}; };
}; };
services.skydns.enable = mkDefault true;
services.skydns.domain = mkDefault cfg.kubelet.clusterDomain;
}) })
(mkIf (any (el: el == "master") cfg.roles) { (mkIf (any (el: el == "master") cfg.roles) {
@ -524,6 +547,9 @@ in {
(mkIf (any (el: el == "node" || el == "master") cfg.roles) { (mkIf (any (el: el == "node" || el == "master") cfg.roles) {
services.etcd.enable = mkDefault true; services.etcd.enable = mkDefault true;
services.skydns.enable = mkDefault true;
services.skydns.domain = mkDefault cfg.kubelet.clusterDomain;
}) })
(mkIf ( (mkIf (
@ -538,8 +564,10 @@ in {
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
script = '' script = ''
mkdir -p /var/run/kubernetes mkdir -p /var/run/kubernetes
chown kubernetes /var/run/kubernetes chown kubernetes /var/lib/kubernetes
ln -fs ${pkgs.writeText "kubernetes-dockercfg" cfg.dockerCfg} /var/run/kubernetes/.dockercfg
rm ${cfg.dataDir}/.dockercfg || true
ln -fs ${pkgs.writeText "kubernetes-dockercfg" cfg.dockerCfg} ${cfg.dataDir}/.dockercfg
''; '';
}; };