nixos/modules/services/cluster/kubernetes/proxy.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / cluster / kubernetes / proxy.nix
at 23.11-pre 3.1 kB view raw
  1{ config, lib, options, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6  top = config.services.kubernetes;
  7  otop = options.services.kubernetes;
  8  cfg = top.proxy;
  9in
 10{
 11  imports = [
 12    (mkRenamedOptionModule [ "services" "kubernetes" "proxy" "address" ] ["services" "kubernetes" "proxy" "bindAddress"])
 13  ];
 14
 15  ###### interface
 16  options.services.kubernetes.proxy = with lib.types; {
 17
 18    bindAddress = mkOption {
 19      description = lib.mdDoc "Kubernetes proxy listening address.";
 20      default = "0.0.0.0";
 21      type = str;
 22    };
 23
 24    enable = mkEnableOption (lib.mdDoc "Kubernetes proxy");
 25
 26    extraOpts = mkOption {
 27      description = lib.mdDoc "Kubernetes proxy extra command line options.";
 28      default = "";
 29      type = separatedString " ";
 30    };
 31
 32    featureGates = mkOption {
 33      description = lib.mdDoc "List set of feature gates";
 34      default = top.featureGates;
 35      defaultText = literalExpression "config.${otop.featureGates}";
 36      type = listOf str;
 37    };
 38
 39    hostname = mkOption {
 40      description = lib.mdDoc "Kubernetes proxy hostname override.";
 41      default = config.networking.hostName;
 42      defaultText = literalExpression "config.networking.hostName";
 43      type = str;
 44    };
 45
 46    kubeconfig = top.lib.mkKubeConfigOptions "Kubernetes proxy";
 47
 48    verbosity = mkOption {
 49      description = lib.mdDoc ''
 50        Optional glog verbosity level for logging statements. See
 51        <https://github.com/kubernetes/community/blob/master/contributors/devel/logging.md>
 52      '';
 53      default = null;
 54      type = nullOr int;
 55    };
 56
 57  };
 58
 59  ###### implementation
 60  config = mkIf cfg.enable {
 61    systemd.services.kube-proxy = {
 62      description = "Kubernetes Proxy Service";
 63      wantedBy = [ "kubernetes.target" ];
 64      after = [ "kube-apiserver.service" ];
 65      path = with pkgs; [ iptables conntrack-tools ];
 66      serviceConfig = {
 67        Slice = "kubernetes.slice";
 68        ExecStart = ''${top.package}/bin/kube-proxy \
 69          --bind-address=${cfg.bindAddress} \
 70          ${optionalString (top.clusterCidr!=null)
 71            "--cluster-cidr=${top.clusterCidr}"} \
 72          ${optionalString (cfg.featureGates != [])
 73            "--feature-gates=${concatMapStringsSep "," (feature: "${feature}=true") cfg.featureGates}"} \
 74          --hostname-override=${cfg.hostname} \
 75          --kubeconfig=${top.lib.mkKubeConfig "kube-proxy" cfg.kubeconfig} \
 76          ${optionalString (cfg.verbosity != null) "--v=${toString cfg.verbosity}"} \
 77          ${cfg.extraOpts}
 78        '';
 79        WorkingDirectory = top.dataDir;
 80        Restart = "on-failure";
 81        RestartSec = 5;
 82      };
 83      unitConfig = {
 84        StartLimitIntervalSec = 0;
 85      };
 86    };
 87
 88    services.kubernetes.proxy.hostname = with config.networking; mkDefault hostName;
 89
 90    services.kubernetes.pki.certs = {
 91      kubeProxyClient = top.lib.mkCert {
 92        name = "kube-proxy-client";
 93        CN = "system:kube-proxy";
 94        action = "systemctl restart kube-proxy.service";
 95      };
 96    };
 97
 98    services.kubernetes.proxy.kubeconfig.server = mkDefault top.apiserverAddress;
 99  };
100
101  meta.buildDocsInSandbox = false;
102}