pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / networking / flannel.nix
at 23.11-pre 6.0 kB view raw
1{ config, lib, pkgs, ... }: 2 3with lib; 4 5let 6 cfg = config.services.flannel; 7 8 networkConfig = filterAttrs (n: v: v != null) { 9 Network = cfg.network; 10 SubnetLen = cfg.subnetLen; 11 SubnetMin = cfg.subnetMin; 12 SubnetMax = cfg.subnetMax; 13 Backend = cfg.backend; 14 }; 15in { 16 options.services.flannel = { 17 enable = mkEnableOption (lib.mdDoc "flannel"); 18 19 package = mkOption { 20 description = lib.mdDoc "Package to use for flannel"; 21 type = types.package; 22 default = pkgs.flannel; 23 defaultText = literalExpression "pkgs.flannel"; 24 }; 25 26 publicIp = mkOption { 27 description = lib.mdDoc '' 28 IP accessible by other nodes for inter-host communication. 29 Defaults to the IP of the interface being used for communication. 30 ''; 31 type = types.nullOr types.str; 32 default = null; 33 }; 34 35 iface = mkOption { 36 description = lib.mdDoc '' 37 Interface to use (IP or name) for inter-host communication. 38 Defaults to the interface for the default route on the machine. 39 ''; 40 type = types.nullOr types.str; 41 default = null; 42 }; 43 44 etcd = { 45 endpoints = mkOption { 46 description = lib.mdDoc "Etcd endpoints"; 47 type = types.listOf types.str; 48 default = ["http://127.0.0.1:2379"]; 49 }; 50 51 prefix = mkOption { 52 description = lib.mdDoc "Etcd key prefix"; 53 type = types.str; 54 default = "/coreos.com/network"; 55 }; 56 57 caFile = mkOption { 58 description = lib.mdDoc "Etcd certificate authority file"; 59 type = types.nullOr types.path; 60 default = null; 61 }; 62 63 certFile = mkOption { 64 description = lib.mdDoc "Etcd cert file"; 65 type = types.nullOr types.path; 66 default = null; 67 }; 68 69 keyFile = mkOption { 70 description = lib.mdDoc "Etcd key file"; 71 type = types.nullOr types.path; 72 default = null; 73 }; 74 }; 75 76 kubeconfig = mkOption { 77 description = lib.mdDoc '' 78 Path to kubeconfig to use for storing flannel config using the 79 Kubernetes API 80 ''; 81 type = types.nullOr types.path; 82 default = null; 83 }; 84 85 network = mkOption { 86 description = lib.mdDoc " IPv4 network in CIDR format to use for the entire flannel network."; 87 type = types.str; 88 }; 89 90 nodeName = mkOption { 91 description = lib.mdDoc '' 92 Needed when running with Kubernetes as backend as this cannot be auto-detected"; 93 ''; 94 type = types.nullOr types.str; 95 default = config.networking.fqdnOrHostName; 96 defaultText = literalExpression "config.networking.fqdnOrHostName"; 97 example = "node1.example.com"; 98 }; 99 100 storageBackend = mkOption { 101 description = lib.mdDoc "Determines where flannel stores its configuration at runtime"; 102 type = types.enum ["etcd" "kubernetes"]; 103 default = "etcd"; 104 }; 105 106 subnetLen = mkOption { 107 description = lib.mdDoc '' 108 The size of the subnet allocated to each host. Defaults to 24 (i.e. /24) 109 unless the Network was configured to be smaller than a /24 in which case 110 it is one less than the network. 111 ''; 112 type = types.int; 113 default = 24; 114 }; 115 116 subnetMin = mkOption { 117 description = lib.mdDoc '' 118 The beginning of IP range which the subnet allocation should start with. 119 Defaults to the first subnet of Network. 120 ''; 121 type = types.nullOr types.str; 122 default = null; 123 }; 124 125 subnetMax = mkOption { 126 description = lib.mdDoc '' 127 The end of IP range which the subnet allocation should start with. 128 Defaults to the last subnet of Network. 129 ''; 130 type = types.nullOr types.str; 131 default = null; 132 }; 133 134 backend = mkOption { 135 description = lib.mdDoc "Type of backend to use and specific configurations for that backend."; 136 type = types.attrs; 137 default = { 138 Type = "vxlan"; 139 }; 140 }; 141 }; 142 143 config = mkIf cfg.enable { 144 systemd.services.flannel = { 145 description = "Flannel Service"; 146 wantedBy = [ "multi-user.target" ]; 147 after = [ "network.target" ]; 148 environment = { 149 FLANNELD_PUBLIC_IP = cfg.publicIp; 150 FLANNELD_IFACE = cfg.iface; 151 } // optionalAttrs (cfg.storageBackend == "etcd") { 152 FLANNELD_ETCD_ENDPOINTS = concatStringsSep "," cfg.etcd.endpoints; 153 FLANNELD_ETCD_KEYFILE = cfg.etcd.keyFile; 154 FLANNELD_ETCD_CERTFILE = cfg.etcd.certFile; 155 FLANNELD_ETCD_CAFILE = cfg.etcd.caFile; 156 ETCDCTL_CERT = cfg.etcd.certFile; 157 ETCDCTL_KEY = cfg.etcd.keyFile; 158 ETCDCTL_CACERT = cfg.etcd.caFile; 159 ETCDCTL_ENDPOINTS = concatStringsSep "," cfg.etcd.endpoints; 160 ETCDCTL_API = "3"; 161 } // optionalAttrs (cfg.storageBackend == "kubernetes") { 162 FLANNELD_KUBE_SUBNET_MGR = "true"; 163 FLANNELD_KUBECONFIG_FILE = cfg.kubeconfig; 164 NODE_NAME = cfg.nodeName; 165 }; 166 path = [ pkgs.iptables ]; 167 preStart = optionalString (cfg.storageBackend == "etcd") '' 168 echo "setting network configuration" 169 until ${pkgs.etcd}/bin/etcdctl put /coreos.com/network/config '${builtins.toJSON networkConfig}' 170 do 171 echo "setting network configuration, retry" 172 sleep 1 173 done 174 ''; 175 serviceConfig = { 176 ExecStart = "${cfg.package}/bin/flannel"; 177 Restart = "always"; 178 RestartSec = "10s"; 179 RuntimeDirectory = "flannel"; 180 }; 181 }; 182 183 services.etcd.enable = mkDefault (cfg.storageBackend == "etcd" && cfg.etcd.endpoints == ["http://127.0.0.1:2379"]); 184 185 # for some reason, flannel doesn't let you configure this path 186 # see: https://github.com/coreos/flannel/blob/master/Documentation/configuration.md#configuration 187 environment.etc."kube-flannel/net-conf.json" = mkIf (cfg.storageBackend == "kubernetes") { 188 source = pkgs.writeText "net-conf.json" (builtins.toJSON networkConfig); 189 }; 190 }; 191}