commit 29fd05f3f5beabfd65550c43bda1f797bcb3b9dc · pyrox.dev/nixpkgs

+76 -14

nixos/modules/services/cluster/kubernetes/dashboard.nix

···

       5
        
       let

     

       6
        
         cfg = config.services.kubernetes.addons.dashboard;

     

       7
        
       

     

       8
       -
         name = "gcr.io/google_containers/kubernetes-dashboard-amd64";

     

       9
       -
       	version = "v1.8.2";

     

       10
        
       

     

       11
        
         image = pkgs.dockerTools.pullImage {

     

       12
        
           imageName = name;

     

       0
        
       
     

       13
        
           finalImageTag = version;

     

       14
       -
           sha256 = "11h0fz3wxp0f10fsyqaxjm7l2qg7xws50dv5iwlck5gb1fjmajad";

     

       15
       -
           imageDigest = "sha256:e7984d10351601080bbc146635d51f0cfbea31ca6f0df323cf7a58cf2f6a68df";

     

       16
        
         };

     

       17
        
       in {

     

       18
        
         options.services.kubernetes.addons.dashboard = {

     
···

       31
        
           services.kubernetes.addonManager.addons = {

     

       32
        
             kubernetes-dashboard-deployment = {

     

       33
        
               kind = "Deployment";

     

       34
       -
               apiVersion = "apps/v1beta1";

     

       35
        
               metadata = {

     

       36
        
                 labels = {

     

       37
        
                   k8s-addon = "kubernetes-dashboard.addons.k8s.io";

     
···

       57
        
                     };

     

       58
        
                     annotations = {

     

       59
        
                       "scheduler.alpha.kubernetes.io/critical-pod" = "";

     

       60
       -
                       #"scheduler.alpha.kubernetes.io/tolerations" = ''[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'';

     

       61
        
                     };

     

       62
        
                   };

     

       63
        
                   spec = {

     

       0
        
       
     

       64
        
                     containers = [{

     

       65
        
                       name = "kubernetes-dashboard";

     

       66
        
                       image = "${name}:${version}";

     

       67
        
                       ports = [{

     

       68
       -
                         containerPort = 9090;

     

       69
        
                         protocol = "TCP";

     

       70
        
                       }];

     

       71
        
                       resources = {

     

       72
        
                         limits = {

     

       73
        
                           cpu = "100m";

     

       74
       -
                           memory = "250Mi";

     

       75
        
                         };

     

       76
        
                         requests = {

     

       77
        
                           cpu = "100m";

     

       78
       -
                           memory = "50Mi";

     

       79
        
                         };

     

       80
        
                       };

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       81
        
                       livenessProbe = {

     

       82
        
                         httpGet = {

     

       0
        
       
     

       83
        
                           path = "/";

     

       84
       -
                           port = 9090;

     

       85
        
                         };

     

       86
        
                         initialDelaySeconds = 30;

     

       87
        
                         timeoutSeconds = 30;

     

       88
        
                       };

     

       89
        
                     }];

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       90
        
                     serviceAccountName = "kubernetes-dashboard";

     

       91
        
                     tolerations = [{

     

       92
        
                       key = "node-role.kubernetes.io/master";

     

       93
        
                       effect = "NoSchedule";

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       94
        
                     }];

     

       95
        
                   };

     

       96
        
                 };

     
···

       113
        
               };

     

       114
        
               spec = {

     

       115
        
                 ports = [{

     

       116
       -
                   port = 80;

     

       117
       -
                   targetPort = 9090;

     

       118
        
                 }];

     

       119
        
                 selector.k8s-app = "kubernetes-dashboard";

     

       120
        
               };

     
···

       127
        
                 labels = {

     

       128
        
                   k8s-app = "kubernetes-dashboard";

     

       129
        
                   k8s-addon = "kubernetes-dashboard.addons.k8s.io";

     

       130
       -
       						"addonmanager.kubernetes.io/mode" = "Reconcile";

     

       131
        
                 };

     

       132
        
                 name = "kubernetes-dashboard";

     

       133
        
                 namespace = "kube-system";

     

       134
        
               };

     

       135
        
             };

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       136
        
           } // (optionalAttrs cfg.enableRBAC {

     

       137
        
             kubernetes-dashboard-crb = {

     

       138
       -
               apiVersion = "rbac.authorization.k8s.io/v1beta1";

     

       139
        
               kind = "ClusterRoleBinding";

     

       140
        
               metadata = {

     

       141
        
                 name = "kubernetes-dashboard";

···

       5
        
       let

     

       6
        
         cfg = config.services.kubernetes.addons.dashboard;

     

       7
        
       

     

       8
       +
         name = "k8s.gcr.io/kubernetes-dashboard-amd64";

     

       9
       +
         version = "v1.8.3";

     

       10
        
       

     

       11
        
         image = pkgs.dockerTools.pullImage {

     

       12
        
           imageName = name;

     

       13
       +
           imageDigest = "sha256:dc4026c1b595435ef5527ca598e1e9c4343076926d7d62b365c44831395adbd0";

     

       14
        
           finalImageTag = version;

     

       15
       +
           sha256 = "18ajcg0q1vignfjk2sm4xj4wzphfz8wah69ps8dklqfvv0164mc8";

     

       0
        
       
     

       16
        
         };

     

       17
        
       in {

     

       18
        
         options.services.kubernetes.addons.dashboard = {

     
···

       31
        
           services.kubernetes.addonManager.addons = {

     

       32
        
             kubernetes-dashboard-deployment = {

     

       33
        
               kind = "Deployment";

     

       34
       +
               apiVersion = "apps/v1";

     

       35
        
               metadata = {

     

       36
        
                 labels = {

     

       37
        
                   k8s-addon = "kubernetes-dashboard.addons.k8s.io";

     
···

       57
        
                     };

     

       58
        
                     annotations = {

     

       59
        
                       "scheduler.alpha.kubernetes.io/critical-pod" = "";

     

       0
        
       
     

       60
        
                     };

     

       61
        
                   };

     

       62
        
                   spec = {

     

       63
       +
                     priorityClassName = "system-cluster-critical";

     

       64
        
                     containers = [{

     

       65
        
                       name = "kubernetes-dashboard";

     

       66
        
                       image = "${name}:${version}";

     

       67
        
                       ports = [{

     

       68
       +
                         containerPort = 8443;

     

       69
        
                         protocol = "TCP";

     

       70
        
                       }];

     

       71
        
                       resources = {

     

       72
        
                         limits = {

     

       73
        
                           cpu = "100m";

     

       74
       +
                           memory = "300Mi";

     

       75
        
                         };

     

       76
        
                         requests = {

     

       77
        
                           cpu = "100m";

     

       78
       +
                           memory = "100Mi";

     

       79
        
                         };

     

       80
        
                       };

     

       81
       +
                       args = ["--auto-generate-certificates"];

     

       82
       +
                       volumeMounts = [{

     

       83
       +
                         name = "tmp-volume";

     

       84
       +
                         mountPath = "/tmp";

     

       85
       +
                       } {

     

       86
       +
                         name = "kubernetes-dashboard-certs";

     

       87
       +
                         mountPath = "/certs";

     

       88
       +
                       }];

     

       89
        
                       livenessProbe = {

     

       90
        
                         httpGet = {

     

       91
       +
                           scheme = "HTTPS";

     

       92
        
                           path = "/";

     

       93
       +
                           port = 8443;

     

       94
        
                         };

     

       95
        
                         initialDelaySeconds = 30;

     

       96
        
                         timeoutSeconds = 30;

     

       97
        
                       };

     

       98
        
                     }];

     

       99
       +
                     volumes = [{

     

       100
       +
                       name = "kubernetes-dashboard-certs";

     

       101
       +
                       secret = {

     

       102
       +
                         secretName = "kubernetes-dashboard-certs";

     

       103
       +
                       };

     

       104
       +
                     } {

     

       105
       +
                       name = "tmp-volume";

     

       106
       +
                       emptyDir = {};

     

       107
       +
                     }];

     

       108
        
                     serviceAccountName = "kubernetes-dashboard";

     

       109
        
                     tolerations = [{

     

       110
        
                       key = "node-role.kubernetes.io/master";

     

       111
        
                       effect = "NoSchedule";

     

       112
       +
                     } {

     

       113
       +
                       key = "CriticalAddonsOnly";

     

       114
       +
                       operator = "Exists";

     

       115
        
                     }];

     

       116
        
                   };

     

       117
        
                 };

     
···

       134
        
               };

     

       135
        
               spec = {

     

       136
        
                 ports = [{

     

       137
       +
                   port = 443;

     

       138
       +
                   targetPort = 8443;

     

       139
        
                 }];

     

       140
        
                 selector.k8s-app = "kubernetes-dashboard";

     

       141
        
               };

     
···

       148
        
                 labels = {

     

       149
        
                   k8s-app = "kubernetes-dashboard";

     

       150
        
                   k8s-addon = "kubernetes-dashboard.addons.k8s.io";

     

       151
       +
                   "addonmanager.kubernetes.io/mode" = "Reconcile";

     

       152
        
                 };

     

       153
        
                 name = "kubernetes-dashboard";

     

       154
        
                 namespace = "kube-system";

     

       155
        
               };

     

       156
        
             };

     

       157
       +
             kubernetes-dashboard-sec-certs = {

     

       158
       +
               apiVersion = "v1";

     

       159
       +
               kind = "Secret";

     

       160
       +
               metadata = {

     

       161
       +
                 labels = {

     

       162
       +
                   k8s-app = "kubernetes-dashboard";

     

       163
       +
                   # Allows editing resource and makes sure it is created first.

     

       164
       +
                   "addonmanager.kubernetes.io/mode" = "EnsureExists";

     

       165
       +
                 };

     

       166
       +
                 name = "kubernetes-dashboard-certs";

     

       167
       +
                 namespace = "kube-system";

     

       168
       +
               };

     

       169
       +
               type = "Opaque";

     

       170
       +
             };

     

       171
       +
             kubernetes-dashboard-sec-kholder = {

     

       172
       +
               apiVersion = "v1";

     

       173
       +
               kind = "Secret";

     

       174
       +
               metadata = {

     

       175
       +
                 labels = {

     

       176
       +
                   k8s-app = "kubernetes-dashboard";

     

       177
       +
                   # Allows editing resource and makes sure it is created first.

     

       178
       +
                   "addonmanager.kubernetes.io/mode" = "EnsureExists";

     

       179
       +
                 };

     

       180
       +
                 name = "kubernetes-dashboard-key-holder";

     

       181
       +
                 namespace = "kube-system";

     

       182
       +
               };

     

       183
       +
               type = "Opaque";

     

       184
       +
             };

     

       185
       +
             kubernetes-dashboard-cm = {

     

       186
       +
               apiVersion = "v1";

     

       187
       +
               kind = "ConfigMap";

     

       188
       +
               metadata = {

     

       189
       +
                 labels = {

     

       190
       +
                   k8s-app = "kubernetes-dashboard";

     

       191
       +
                   # Allows editing resource and makes sure it is created first.

     

       192
       +
                   "addonmanager.kubernetes.io/mode" = "EnsureExists";

     

       193
       +
                 };

     

       194
       +
                 name = "kubernetes-dashboard-settings";

     

       195
       +
                 namespace = "kube-system";

     

       196
       +
               };

     

       197
       +
             };

     

       198
        
           } // (optionalAttrs cfg.enableRBAC {

     

       199
        
             kubernetes-dashboard-crb = {

     

       200
       +
               apiVersion = "rbac.authorization.k8s.io/v1";

     

       201
        
               kind = "ClusterRoleBinding";

     

       202
        
               metadata = {

     

       203
        
                 name = "kubernetes-dashboard";