pyrox.dev
1{ roles, config, pkgs, certs }:
2with pkgs.lib;
3let
4 base = {
5 inherit roles;
6 featureGates = ["AllAlpha"];
7 flannel.enable = true;
8 addons.dashboard.enable = true;
9
10 caFile = "${certs.master}/ca.pem";
11 apiserver = {
12 tlsCertFile = "${certs.master}/kube-apiserver.pem";
13 tlsKeyFile = "${certs.master}/kube-apiserver-key.pem";
14 kubeletClientCertFile = "${certs.master}/kubelet-client.pem";
15 kubeletClientKeyFile = "${certs.master}/kubelet-client-key.pem";
16 serviceAccountKeyFile = "${certs.master}/kube-service-accounts.pem";
17 };
18 etcd = {
19 servers = ["https://etcd.${config.networking.domain}:2379"];
20 certFile = "${certs.worker}/etcd-client.pem";
21 keyFile = "${certs.worker}/etcd-client-key.pem";
22 };
23 kubeconfig = {
24 server = "https://api.${config.networking.domain}";
25 };
26 kubelet = {
27 tlsCertFile = "${certs.worker}/kubelet.pem";
28 tlsKeyFile = "${certs.worker}/kubelet-key.pem";
29 hostname = "${config.networking.hostName}.${config.networking.domain}";
30 kubeconfig = {
31 certFile = "${certs.worker}/apiserver-client-kubelet-${config.networking.hostName}.pem";
32 keyFile = "${certs.worker}/apiserver-client-kubelet-${config.networking.hostName}-key.pem";
33 };
34 };
35 controllerManager = {
36 serviceAccountKeyFile = "${certs.master}/kube-service-accounts-key.pem";
37 kubeconfig = {
38 certFile = "${certs.master}/apiserver-client-kube-controller-manager.pem";
39 keyFile = "${certs.master}/apiserver-client-kube-controller-manager-key.pem";
40 };
41 };
42 scheduler = {
43 kubeconfig = {
44 certFile = "${certs.master}/apiserver-client-kube-scheduler.pem";
45 keyFile = "${certs.master}/apiserver-client-kube-scheduler-key.pem";
46 };
47 };
48 proxy = {
49 kubeconfig = {
50 certFile = "${certs.worker}/apiserver-client-kube-proxy.pem";
51 keyFile = "${certs.worker}//apiserver-client-kube-proxy-key.pem";
52 };
53 };
54 };
55
56in {
57 services.kubernetes = base;
58}