pyrox.dev
1{ roles, config, pkgs, certs }:
2with pkgs.lib;
3let
4 base = {
5 inherit roles;
6 featureGates = ["AllAlpha"];
7 flannel.enable = true;
8 addons.dashboard.enable = true;
9 verbose = true;
10
11 caFile = "${certs.master}/ca.pem";
12 apiserver = {
13 tlsCertFile = "${certs.master}/kube-apiserver.pem";
14 tlsKeyFile = "${certs.master}/kube-apiserver-key.pem";
15 kubeletClientCertFile = "${certs.master}/kubelet-client.pem";
16 kubeletClientKeyFile = "${certs.master}/kubelet-client-key.pem";
17 serviceAccountKeyFile = "${certs.master}/kube-service-accounts.pem";
18 };
19 etcd = {
20 servers = ["https://etcd.${config.networking.domain}:2379"];
21 certFile = "${certs.worker}/etcd-client.pem";
22 keyFile = "${certs.worker}/etcd-client-key.pem";
23 };
24 kubeconfig = {
25 server = "https://api.${config.networking.domain}";
26 };
27 kubelet = {
28 tlsCertFile = "${certs.worker}/kubelet.pem";
29 tlsKeyFile = "${certs.worker}/kubelet-key.pem";
30 hostname = "${config.networking.hostName}.${config.networking.domain}";
31 kubeconfig = {
32 certFile = "${certs.worker}/apiserver-client-kubelet-${config.networking.hostName}.pem";
33 keyFile = "${certs.worker}/apiserver-client-kubelet-${config.networking.hostName}-key.pem";
34 };
35 };
36 controllerManager = {
37 serviceAccountKeyFile = "${certs.master}/kube-service-accounts-key.pem";
38 kubeconfig = {
39 certFile = "${certs.master}/apiserver-client-kube-controller-manager.pem";
40 keyFile = "${certs.master}/apiserver-client-kube-controller-manager-key.pem";
41 };
42 };
43 scheduler = {
44 kubeconfig = {
45 certFile = "${certs.master}/apiserver-client-kube-scheduler.pem";
46 keyFile = "${certs.master}/apiserver-client-kube-scheduler-key.pem";
47 };
48 };
49 proxy = {
50 kubeconfig = {
51 certFile = "${certs.worker}/apiserver-client-kube-proxy.pem";
52 keyFile = "${certs.worker}//apiserver-client-kube-proxy-key.pem";
53 };
54 };
55 };
56
57in {
58 services.kubernetes = base;
59}