pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / networking / flannel.nix
at 25.11-pre 6.3 kB view raw
1{ 2 config, 3 lib, 4 pkgs, 5 ... 6}: 7let 8 cfg = config.services.flannel; 9 10 networkConfig = 11 (lib.filterAttrs (n: v: v != null) { 12 Network = cfg.network; 13 SubnetLen = cfg.subnetLen; 14 SubnetMin = cfg.subnetMin; 15 SubnetMax = cfg.subnetMax; 16 Backend = cfg.backend; 17 }) 18 // cfg.extraNetworkConfig; 19in 20{ 21 options.services.flannel = { 22 enable = lib.mkEnableOption "flannel"; 23 24 package = lib.mkPackageOption pkgs "flannel" { }; 25 26 publicIp = lib.mkOption { 27 description = '' 28 IP accessible by other nodes for inter-host communication. 29 Defaults to the IP of the interface being used for communication. 30 ''; 31 type = lib.types.nullOr lib.types.str; 32 default = null; 33 }; 34 35 iface = lib.mkOption { 36 description = '' 37 Interface to use (IP or name) for inter-host communication. 38 Defaults to the interface for the default route on the machine. 39 ''; 40 type = lib.types.nullOr lib.types.str; 41 default = null; 42 }; 43 44 etcd = { 45 endpoints = lib.mkOption { 46 description = "Etcd endpoints"; 47 type = lib.types.listOf lib.types.str; 48 default = [ "http://127.0.0.1:2379" ]; 49 }; 50 51 prefix = lib.mkOption { 52 description = "Etcd key prefix"; 53 type = lib.types.str; 54 default = "/coreos.com/network"; 55 }; 56 57 caFile = lib.mkOption { 58 description = "Etcd certificate authority file"; 59 type = lib.types.nullOr lib.types.path; 60 default = null; 61 }; 62 63 certFile = lib.mkOption { 64 description = "Etcd cert file"; 65 type = lib.types.nullOr lib.types.path; 66 default = null; 67 }; 68 69 keyFile = lib.mkOption { 70 description = "Etcd key file"; 71 type = lib.types.nullOr lib.types.path; 72 default = null; 73 }; 74 }; 75 76 kubeconfig = lib.mkOption { 77 description = '' 78 Path to kubeconfig to use for storing flannel config using the 79 Kubernetes API 80 ''; 81 type = lib.types.nullOr lib.types.path; 82 default = null; 83 }; 84 85 network = lib.mkOption { 86 description = " IPv4 network in CIDR format to use for the entire flannel network."; 87 type = lib.types.str; 88 }; 89 90 nodeName = lib.mkOption { 91 description = '' 92 Needed when running with Kubernetes as backend as this cannot be auto-detected"; 93 ''; 94 type = lib.types.nullOr lib.types.str; 95 default = config.networking.fqdnOrHostName; 96 defaultText = lib.literalExpression "config.networking.fqdnOrHostName"; 97 example = "node1.example.com"; 98 }; 99 100 storageBackend = lib.mkOption { 101 description = "Determines where flannel stores its configuration at runtime"; 102 type = lib.types.enum [ 103 "etcd" 104 "kubernetes" 105 ]; 106 default = "etcd"; 107 }; 108 109 subnetLen = lib.mkOption { 110 description = '' 111 The size of the subnet allocated to each host. Defaults to 24 (i.e. /24) 112 unless the Network was configured to be smaller than a /24 in which case 113 it is one less than the network. 114 ''; 115 type = lib.types.int; 116 default = 24; 117 }; 118 119 subnetMin = lib.mkOption { 120 description = '' 121 The beginning of IP range which the subnet allocation should start with. 122 Defaults to the first subnet of Network. 123 ''; 124 type = lib.types.nullOr lib.types.str; 125 default = null; 126 }; 127 128 subnetMax = lib.mkOption { 129 description = '' 130 The end of IP range which the subnet allocation should start with. 131 Defaults to the last subnet of Network. 132 ''; 133 type = lib.types.nullOr lib.types.str; 134 default = null; 135 }; 136 137 backend = lib.mkOption { 138 description = "Type of backend to use and specific configurations for that backend."; 139 type = lib.types.attrs; 140 default = { 141 Type = "vxlan"; 142 }; 143 }; 144 145 extraNetworkConfig = lib.mkOption { 146 description = "Extra configuration to be added to the net-conf.json/etcd-backed network configuration."; 147 type = (pkgs.formats.json { }).type; 148 default = { }; 149 example = { 150 EnableIPv6 = true; 151 }; 152 }; 153 }; 154 155 config = lib.mkIf cfg.enable { 156 systemd.services.flannel = { 157 description = "Flannel Service"; 158 wantedBy = [ "multi-user.target" ]; 159 after = [ "network.target" ]; 160 environment = 161 { 162 FLANNELD_PUBLIC_IP = cfg.publicIp; 163 FLANNELD_IFACE = cfg.iface; 164 } 165 // lib.optionalAttrs (cfg.storageBackend == "etcd") { 166 FLANNELD_ETCD_ENDPOINTS = lib.concatStringsSep "," cfg.etcd.endpoints; 167 FLANNELD_ETCD_KEYFILE = cfg.etcd.keyFile; 168 FLANNELD_ETCD_CERTFILE = cfg.etcd.certFile; 169 FLANNELD_ETCD_CAFILE = cfg.etcd.caFile; 170 ETCDCTL_CERT = cfg.etcd.certFile; 171 ETCDCTL_KEY = cfg.etcd.keyFile; 172 ETCDCTL_CACERT = cfg.etcd.caFile; 173 ETCDCTL_ENDPOINTS = lib.concatStringsSep "," cfg.etcd.endpoints; 174 ETCDCTL_API = "3"; 175 } 176 // lib.optionalAttrs (cfg.storageBackend == "kubernetes") { 177 FLANNELD_KUBE_SUBNET_MGR = "true"; 178 FLANNELD_KUBECONFIG_FILE = cfg.kubeconfig; 179 NODE_NAME = cfg.nodeName; 180 }; 181 path = [ pkgs.iptables ]; 182 preStart = lib.optionalString (cfg.storageBackend == "etcd") '' 183 echo "setting network configuration" 184 until ${pkgs.etcd}/bin/etcdctl put /coreos.com/network/config '${builtins.toJSON networkConfig}' 185 do 186 echo "setting network configuration, retry" 187 sleep 1 188 done 189 ''; 190 serviceConfig = { 191 ExecStart = "${cfg.package}/bin/flannel"; 192 Restart = "always"; 193 RestartSec = "10s"; 194 RuntimeDirectory = "flannel"; 195 }; 196 }; 197 198 boot.kernelModules = [ "br_netfilter" ]; 199 200 services.etcd.enable = lib.mkDefault ( 201 cfg.storageBackend == "etcd" && cfg.etcd.endpoints == [ "http://127.0.0.1:2379" ] 202 ); 203 204 # for some reason, flannel doesn't let you configure this path 205 # see: https://github.com/coreos/flannel/blob/master/Documentation/configuration.md#configuration 206 environment.etc."kube-flannel/net-conf.json" = lib.mkIf (cfg.storageBackend == "kubernetes") { 207 source = pkgs.writeText "net-conf.json" (builtins.toJSON networkConfig); 208 }; 209 }; 210}