pyrox.dev / nixpkgs
lol
fork atom

nixos/kubernetes: improvements

- Added option 'cni.configDir' to allow for having CNI config outside of nix-store
Existing behavior (writing verbatim CNI conf-files to nix-store) is still available.

- Removed unused option 'apiserver.publicAddress' and changed 'apiserver.address' to 'bindAddress'
This conforms better to k8s docs and removes existing --bind-address hardcoding to 0.0.0.0

- Fixed c/p mistake in apiserver systemd unit description

- Updated 18.09 release notes to reflect changes to existing options
And fixed some typos from previous PR

- Make docker images for Kubernetes Dashboard and kube-dns configurable

Johan Thomsen 8d7ea96a da892062

options
unified split
Changed files
+105 -63
nixos
doc
manual
release-notes
rl-1809.xml
modules
rename.nix
services
cluster
kubernetes
dashboard.nix
default.nix
dns.nix
+14 -1
nixos/doc/manual/release-notes/rl-1809.xml 
···

       
288

       
 

       
   </listitem>


     

       
289

       
 

       
   <listitem>


     

       
290

       
 

       
    <para>


     

       
291

       
-

       
     Recommented way to access the Kubernetes Dashboard is with HTTPS (TLS)


     

       
292

       
 

       
     Therefore; public service port for the dashboard has changed to 443


     

       
293

       
 

       
     (container port 8443) and scheme to https.


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
294

       
 

       
    </para>


     

       
295

       
 

       
   </listitem>


     

       
296

       
 

       
  </itemizedlist>


     
···

       
288

       
 

       
   </listitem>


     

       
289

       
 

       
   <listitem>


     

       
290

       
 

       
    <para>


     

       
291

       
+

       
     Recommended way to access the Kubernetes Dashboard is via HTTPS (TLS)


     

       
292

       
 

       
     Therefore; public service port for the dashboard has changed to 443


     

       
293

       
 

       
     (container port 8443) and scheme to https.


     

       
294

       
+

       
    </para>


     

       
295

       
+

       
   </listitem>


     

       
296

       
+

       
   <listitem>


     

       
297

       
+

       
    <para>


     

       
298

       
+

       
     The option <varname>services.kubernetes.apiserver.address</varname>


     

       
299

       
+

       
     was renamed to <varname>services.kubernetes.apiserver.bindAddress</varname>.


     

       
300

       
+

       
     Note that the default value has changed from 127.0.0.1 to 0.0.0.0.


     

       
301

       
+

       
    </para>


     

       
302

       
+

       
   </listitem>


     

       
303

       
+

       
   <listitem>


     

       
304

       
+

       
    <para>


     

       
305

       
+

       
     The option <varname>services.kubernetes.apiserver.publicAddress</varname>


     

       
306

       
+

       
     was not used and thus has been removed.


     

       
307

       
 

       
    </para>


     

       
308

       
 

       
   </listitem>


     

       
309

       
 

       
  </itemizedlist>
+2
nixos/modules/rename.nix 
···

       
32

       
 

       
    (mkRenamedOptionModule [ "services" "i2pd" "extIp" ] [ "services" "i2pd" "address" ])


     

       
33

       
 

       
    (mkRenamedOptionModule [ "services" "kibana" "host" ] [ "services" "kibana" "listenAddress" ])


     

       
34

       
 

       
    (mkRenamedOptionModule [ "services" "kubernetes" "apiserver" "admissionControl" ] [ "services" "kubernetes" "apiserver" "enableAdmissionPlugins" ])


     

       

       

       
     

       

       

       
     

       
35

       
 

       
    (mkRenamedOptionModule [ "services" "logstash" "address" ] [ "services" "logstash" "listenAddress" ])


     

       
36

       
 

       
    (mkRenamedOptionModule [ "services" "mpd" "network" "host" ] [ "services" "mpd" "network" "listenAddress" ])


     

       
37

       
 

       
    (mkRenamedOptionModule [ "services" "neo4j" "host" ] [ "services" "neo4j" "listenAddress" ])


     
···

       
32

       
 

       
    (mkRenamedOptionModule [ "services" "i2pd" "extIp" ] [ "services" "i2pd" "address" ])


     

       
33

       
 

       
    (mkRenamedOptionModule [ "services" "kibana" "host" ] [ "services" "kibana" "listenAddress" ])


     

       
34

       
 

       
    (mkRenamedOptionModule [ "services" "kubernetes" "apiserver" "admissionControl" ] [ "services" "kubernetes" "apiserver" "enableAdmissionPlugins" ])


     

       
35

       
+

       
    (mkRenamedOptionModule [ "services" "kubernetes" "apiserver" "address" ] ["services" "kubernetes" "apiserver" "bindAddress"])


     

       
36

       
+

       
    (mkRemovedOptionModule [ "services" "kubernetes" "apiserver" "publicAddress" ] "")


     

       
37

       
 

       
    (mkRenamedOptionModule [ "services" "logstash" "address" ] [ "services" "logstash" "listenAddress" ])


     

       
38

       
 

       
    (mkRenamedOptionModule [ "services" "mpd" "network" "host" ] [ "services" "mpd" "network" "listenAddress" ])


     

       
39

       
 

       
    (mkRenamedOptionModule [ "services" "neo4j" "host" ] [ "services" "neo4j" "listenAddress" ])
+21 -14
nixos/modules/services/cluster/kubernetes/dashboard.nix 
···

       
4

       
 

       



     

       
5

       
 

       
let


     

       
6

       
 

       
  cfg = config.services.kubernetes.addons.dashboard;


     

       
7

       
-

       



     

       
8

       
-

       
  name = "k8s.gcr.io/kubernetes-dashboard-amd64";


     

       
9

       
-

       
  version = "v1.8.3";


     

       
10

       
-

       



     

       
11

       
-

       
  image = pkgs.dockerTools.pullImage {


     

       
12

       
-

       
    imageName = name;


     

       
13

       
-

       
    imageDigest = "sha256:dc4026c1b595435ef5527ca598e1e9c4343076926d7d62b365c44831395adbd0";


     

       
14

       
-

       
    finalImageTag = version;


     

       
15

       
-

       
    sha256 = "18ajcg0q1vignfjk2sm4xj4wzphfz8wah69ps8dklqfvv0164mc8";


     

       
16

       
-

       
  };


     

       
17

       
 

       
in {


     

       
18

       
 

       
  options.services.kubernetes.addons.dashboard = {


     

       
19

       
 

       
    enable = mkEnableOption "kubernetes dashboard addon";


     
···

       
23

       
 

       
      type = types.bool;


     

       
24

       
 

       
      default = elem "RBAC" config.services.kubernetes.apiserver.authorizationMode;


     

       
25

       
 

       
    };


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
26

       
 

       
  };


     

       
27

       
 

       



     

       
28

       
 

       
  config = mkIf cfg.enable {


     

       
29

       
-

       
    services.kubernetes.kubelet.seedDockerImages = [image];


     

       
30

       
 

       



     

       
31

       
 

       
    services.kubernetes.addonManager.addons = {


     

       
32

       
 

       
      kubernetes-dashboard-deployment = {


     
···

       
36

       
 

       
          labels = {


     

       
37

       
 

       
            k8s-addon = "kubernetes-dashboard.addons.k8s.io";


     

       
38

       
 

       
            k8s-app = "kubernetes-dashboard";


     

       
39

       
-

       
            version = version;


     

       
40

       
 

       
            "kubernetes.io/cluster-service" = "true";


     

       
41

       
 

       
            "addonmanager.kubernetes.io/mode" = "Reconcile";


     

       
42

       
 

       
          };


     
···

       
52

       
 

       
              labels = {


     

       
53

       
 

       
                k8s-addon = "kubernetes-dashboard.addons.k8s.io";


     

       
54

       
 

       
                k8s-app = "kubernetes-dashboard";


     

       
55

       
-

       
                version = version;


     

       
56

       
 

       
                "kubernetes.io/cluster-service" = "true";


     

       
57

       
 

       
              };


     

       
58

       
 

       
              annotations = {


     
···

       
63

       
 

       
              priorityClassName = "system-cluster-critical";


     

       
64

       
 

       
              containers = [{


     

       
65

       
 

       
                name = "kubernetes-dashboard";


     

       
66

       
-

       
                image = "${name}:${version}";


     

       
67

       
 

       
                ports = [{


     

       
68

       
 

       
                  containerPort = 8443;


     

       
69

       
 

       
                  protocol = "TCP";


     
···

       
4

       
 

       



     

       
5

       
 

       
let


     

       
6

       
 

       
  cfg = config.services.kubernetes.addons.dashboard;


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
7

       
 

       
in {


     

       
8

       
 

       
  options.services.kubernetes.addons.dashboard = {


     

       
9

       
 

       
    enable = mkEnableOption "kubernetes dashboard addon";


     
···

       
13

       
 

       
      type = types.bool;


     

       
14

       
 

       
      default = elem "RBAC" config.services.kubernetes.apiserver.authorizationMode;


     

       
15

       
 

       
    };


     

       
16

       
+

       



     

       
17

       
+

       
    version = mkOption {


     

       
18

       
+

       
      description = "Which version of the kubernetes dashboard to deploy";


     

       
19

       
+

       
      type = types.str;


     

       
20

       
+

       
      default = "v1.8.3";


     

       
21

       
+

       
    };


     

       
22

       
+

       



     

       
23

       
+

       
    image = mkOption {


     

       
24

       
+

       
      description = "Docker image to seed for the kubernetes dashboard container.";


     

       
25

       
+

       
      type = types.attrs;


     

       
26

       
+

       
      default = {


     

       
27

       
+

       
        imageName = "k8s.gcr.io/kubernetes-dashboard-amd64";


     

       
28

       
+

       
        imageDigest = "sha256:dc4026c1b595435ef5527ca598e1e9c4343076926d7d62b365c44831395adbd0";


     

       
29

       
+

       
        finalImageTag = cfg.version;


     

       
30

       
+

       
        sha256 = "18ajcg0q1vignfjk2sm4xj4wzphfz8wah69ps8dklqfvv0164mc8";


     

       
31

       
+

       
      };


     

       
32

       
+

       
    };


     

       
33

       
 

       
  };


     

       
34

       
 

       



     

       
35

       
 

       
  config = mkIf cfg.enable {


     

       
36

       
+

       
    services.kubernetes.kubelet.seedDockerImages = [(pkgs.dockerTools.pullImage cfg.image)];


     

       
37

       
 

       



     

       
38

       
 

       
    services.kubernetes.addonManager.addons = {


     

       
39

       
 

       
      kubernetes-dashboard-deployment = {


     
···

       
43

       
 

       
          labels = {


     

       
44

       
 

       
            k8s-addon = "kubernetes-dashboard.addons.k8s.io";


     

       
45

       
 

       
            k8s-app = "kubernetes-dashboard";


     

       
46

       
+

       
            version = cfg.version;


     

       
47

       
 

       
            "kubernetes.io/cluster-service" = "true";


     

       
48

       
 

       
            "addonmanager.kubernetes.io/mode" = "Reconcile";


     

       
49

       
 

       
          };


     
···

       
59

       
 

       
              labels = {


     

       
60

       
 

       
                k8s-addon = "kubernetes-dashboard.addons.k8s.io";


     

       
61

       
 

       
                k8s-app = "kubernetes-dashboard";


     

       
62

       
+

       
                version = cfg.version;


     

       
63

       
 

       
                "kubernetes.io/cluster-service" = "true";


     

       
64

       
 

       
              };


     

       
65

       
 

       
              annotations = {


     
···

       
70

       
 

       
              priorityClassName = "system-cluster-critical";


     

       
71

       
 

       
              containers = [{


     

       
72

       
 

       
                name = "kubernetes-dashboard";


     

       
73

       
+

       
                image = with cfg.image; "${imageName}:${finalImageTag}";


     

       
74

       
 

       
                ports = [{


     

       
75

       
 

       
                  containerPort = 8443;


     

       
76

       
 

       
                  protocol = "TCP";
+28 -19
nixos/modules/services/cluster/kubernetes/default.nix 
···

       
73

       
 

       
  mkKubeConfigOptions = prefix: {


     

       
74

       
 

       
    server = mkOption {


     

       
75

       
 

       
      description = "${prefix} kube-apiserver server address.";


     

       
76

       
-

       
      default = "http://${cfg.apiserver.address}:${toString cfg.apiserver.port}";


     

       

       

       
     

       

       

       
     

       
77

       
 

       
      type = types.str;


     

       
78

       
 

       
    };


     

       
79

       
 

       



     
···

       
103

       
 

       
    keyFile = mkDefault cfg.kubeconfig.keyFile;


     

       
104

       
 

       
  };


     

       
105

       
 

       



     

       
106

       
-

       
  cniConfig = pkgs.buildEnv {


     

       
107

       
-

       
    name = "kubernetes-cni-config";


     

       
108

       
-

       
    paths = imap (i: entry:


     

       
109

       
-

       
      pkgs.writeTextDir "${toString (10+i)}-${entry.type}.conf" (builtins.toJSON entry)


     

       
110

       
-

       
    ) cfg.kubelet.cni.config;


     

       
111

       
-

       
  };


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
112

       
 

       



     

       
113

       
 

       
  manifests = pkgs.buildEnv {


     

       
114

       
 

       
    name = "kubernetes-manifests";


     
···

       
244

       
 

       
        type = types.listOf types.str;


     

       
245

       
 

       
      };


     

       
246

       
 

       



     

       
247

       
-

       
      address = mkOption {


     

       
248

       
-

       
        description = "Kubernetes apiserver listening address.";


     

       
249

       
-

       
        default = "127.0.0.1";


     

       
250

       
-

       
        type = types.str;


     

       
251

       
-

       
      };


     

       
252

       
-

       



     

       
253

       
-

       
      publicAddress = mkOption {


     

       
254

       
 

       
        description = ''


     

       
255

       
-

       
          Kubernetes apiserver public listening address used for read only and


     

       
256

       
-

       
          secure port.


     

       

       

       
     

       
257

       
 

       
        '';


     

       
258

       
-

       
        default = cfg.apiserver.address;


     

       
259

       
 

       
        type = types.str;


     

       
260

       
 

       
      };


     

       
261

       
 

       



     
···

       
670

       
 

       
            }]


     

       
671

       
 

       
          '';


     

       
672

       
 

       
        };


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
673

       
 

       
      };


     

       
674

       
 

       



     

       
675

       
 

       
      manifests = mkOption {


     
···

       
892

       
 

       



     

       
893

       
 

       
    (mkIf cfg.apiserver.enable {


     

       
894

       
 

       
      systemd.services.kube-apiserver = {


     

       
895

       
-

       
        description = "Kubernetes Kubelet Service";


     

       
896

       
 

       
        wantedBy = [ "kubernetes.target" ];


     

       
897

       
 

       
        after = [ "network.target" "docker.service" ];


     

       
898

       
 

       
        serviceConfig = {


     
···

       
906

       
 

       
            ${optionalString (cfg.etcd.keyFile != null)


     

       
907

       
 

       
              "--etcd-keyfile=${cfg.etcd.keyFile}"} \


     

       
908

       
 

       
            --insecure-port=${toString cfg.apiserver.port} \


     

       
909

       
-

       
            --bind-address=${toString cfg.apiserver.address} \


     

       
910

       
 

       
            ${optionalString (cfg.apiserver.advertiseAddress != null)


     

       
911

       
 

       
              "--advertise-address=${cfg.apiserver.advertiseAddress}"} \


     

       
912

       
 

       
            --allow-privileged=${boolToString cfg.apiserver.allowPrivileged}\


     
···

       
73

       
 

       
  mkKubeConfigOptions = prefix: {


     

       
74

       
 

       
    server = mkOption {


     

       
75

       
 

       
      description = "${prefix} kube-apiserver server address.";


     

       
76

       
+

       
      default = "http://${if cfg.apiserver.advertiseAddress != null


     

       
77

       
+

       
                          then cfg.apiserver.advertiseAddress


     

       
78

       
+

       
                          else "127.0.0.1"}:${toString cfg.apiserver.port}";


     

       
79

       
 

       
      type = types.str;


     

       
80

       
 

       
    };


     

       
81

       
 

       



     
···

       
105

       
 

       
    keyFile = mkDefault cfg.kubeconfig.keyFile;


     

       
106

       
 

       
  };


     

       
107

       
 

       



     

       
108

       
+

       
  cniConfig =


     

       
109

       
+

       
    if cfg.kubelet.cni.config != [] && !(isNull cfg.kubelet.cni.configDir) then


     

       
110

       
+

       
      throw "Verbatim CNI-config and CNI configDir cannot both be set."


     

       
111

       
+

       
    else if !(isNull cfg.kubelet.cni.configDir) then


     

       
112

       
+

       
      cfg.kubelet.cni.configDir


     

       
113

       
+

       
    else


     

       
114

       
+

       
      (pkgs.buildEnv {


     

       
115

       
+

       
        name = "kubernetes-cni-config";


     

       
116

       
+

       
        paths = imap (i: entry:


     

       
117

       
+

       
          pkgs.writeTextDir "${toString (10+i)}-${entry.type}.conf" (builtins.toJSON entry)


     

       
118

       
+

       
        ) cfg.kubelet.cni.config;


     

       
119

       
+

       
      });


     

       
120

       
 

       



     

       
121

       
 

       
  manifests = pkgs.buildEnv {


     

       
122

       
 

       
    name = "kubernetes-manifests";


     
···

       
252

       
 

       
        type = types.listOf types.str;


     

       
253

       
 

       
      };


     

       
254

       
 

       



     

       
255

       
+

       
      bindAddress = mkOption {


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
256

       
 

       
        description = ''


     

       
257

       
+

       
          The IP address on which to listen for the --secure-port port.


     

       
258

       
+

       
          The associated interface(s) must be reachable by the rest


     

       
259

       
+

       
          of the cluster, and by CLI/web clients.


     

       
260

       
 

       
        '';


     

       
261

       
+

       
        default = "0.0.0.0";


     

       
262

       
 

       
        type = types.str;


     

       
263

       
 

       
      };


     

       
264

       
 

       



     
···

       
673

       
 

       
            }]


     

       
674

       
 

       
          '';


     

       
675

       
 

       
        };


     

       
676

       
+

       



     

       
677

       
+

       
        configDir = mkOption {


     

       
678

       
+

       
          description = "Path to Kubernetes CNI configuration directory.";


     

       
679

       
+

       
          type = types.nullOr types.path;


     

       
680

       
+

       
          default = null;


     

       
681

       
+

       
        };


     

       
682

       
 

       
      };


     

       
683

       
 

       



     

       
684

       
 

       
      manifests = mkOption {


     
···

       
901

       
 

       



     

       
902

       
 

       
    (mkIf cfg.apiserver.enable {


     

       
903

       
 

       
      systemd.services.kube-apiserver = {


     

       
904

       
+

       
        description = "Kubernetes APIServer Service";


     

       
905

       
 

       
        wantedBy = [ "kubernetes.target" ];


     

       
906

       
 

       
        after = [ "network.target" "docker.service" ];


     

       
907

       
 

       
        serviceConfig = {


     
···

       
915

       
 

       
            ${optionalString (cfg.etcd.keyFile != null)


     

       
916

       
 

       
              "--etcd-keyfile=${cfg.etcd.keyFile}"} \


     

       
917

       
 

       
            --insecure-port=${toString cfg.apiserver.port} \


     

       
918

       
+

       
            --bind-address=${cfg.apiserver.bindAddress} \


     

       
919

       
 

       
            ${optionalString (cfg.apiserver.advertiseAddress != null)


     

       
920

       
 

       
              "--advertise-address=${cfg.apiserver.advertiseAddress}"} \


     

       
921

       
 

       
            --allow-privileged=${boolToString cfg.apiserver.allowPrivileged}\
+40 -29
nixos/modules/services/cluster/kubernetes/dns.nix 
···

       
4

       
 

       



     

       
5

       
 

       
let


     

       
6

       
 

       
  version = "1.14.10";


     

       
7

       
-

       



     

       
8

       
-

       
  k8s-dns-kube-dns = pkgs.dockerTools.pullImage {


     

       
9

       
-

       
    imageName = "k8s.gcr.io/k8s-dns-kube-dns-amd64";


     

       
10

       
-

       
    imageDigest = "sha256:b99fc3eee2a9f052f7eb4cc00f15eb12fc405fa41019baa2d6b79847ae7284a8";


     

       
11

       
-

       
    finalImageTag = version;


     

       
12

       
-

       
    sha256 = "0x583znk9smqn0fix7ld8sm5jgaxhqhx3fq97b1wkqm7iwhvl3pj";


     

       
13

       
-

       
  };


     

       
14

       
-

       



     

       
15

       
-

       
  k8s-dns-dnsmasq-nanny = pkgs.dockerTools.pullImage {


     

       
16

       
-

       
    imageName = "k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64";


     

       
17

       
-

       
    imageDigest = "sha256:bbb2a290a568125b3b996028958eb773f33b5b87a6b37bf38a28f8b62dddb3c8";


     

       
18

       
-

       
    finalImageTag = version;


     

       
19

       
-

       
    sha256 = "1fihml7s2mfwgac51cbqpylkwbivc8nyhgi4vb820s83zvl8a6y1";


     

       
20

       
-

       
  };


     

       
21

       
-

       



     

       
22

       
-

       
  k8s-dns-sidecar = pkgs.dockerTools.pullImage {


     

       
23

       
-

       
    imageName = "k8s.gcr.io/k8s-dns-sidecar-amd64";


     

       
24

       
-

       
    imageDigest = "sha256:4f1ab957f87b94a5ec1edc26fae50da2175461f00afecf68940c4aa079bd08a4";


     

       
25

       
-

       
    finalImageTag = version;


     

       
26

       
-

       
    sha256 = "08l1bv5jgrhvjzpqpbinrkgvv52snc4fzyd8ya9v18ns2klyz7m0";


     

       
27

       
-

       
  };


     

       
28

       
-

       



     

       
29

       
 

       
  cfg = config.services.kubernetes.addons.dns;


     

       
30

       
 

       
in {


     

       
31

       
 

       
  options.services.kubernetes.addons.dns = {


     
···

       
48

       
 

       
      default = "cluster.local";


     

       
49

       
 

       
      type = types.str;


     

       
50

       
 

       
    };


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
51

       
 

       
  };


     

       
52

       
 

       



     

       
53

       
 

       
  config = mkIf cfg.enable {


     

       
54

       
-

       
    services.kubernetes.kubelet.seedDockerImages = [


     

       
55

       
-

       
      k8s-dns-kube-dns


     

       
56

       
-

       
      k8s-dns-dnsmasq-nanny


     

       
57

       
-

       
      k8s-dns-sidecar


     

       
58

       
 

       
    ];


     

       
59

       
 

       



     

       
60

       
 

       
    services.kubernetes.addonManager.addons = {


     
···

       
88

       
 

       
              containers = [


     

       
89

       
 

       
                {


     

       
90

       
 

       
                  name = "kubedns";


     

       
91

       
-

       
                  image = "k8s.gcr.io/k8s-dns-kube-dns-amd64:${version}";


     

       
92

       
 

       
                  resources = {


     

       
93

       
 

       
                    limits.memory = "170Mi";


     

       
94

       
 

       
                    requests = {


     
···

       
154

       
 

       
                }


     

       
155

       
 

       
                {


     

       
156

       
 

       
                  name = "dnsmasq";


     

       
157

       
-

       
                  image = "k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64:${version}";


     

       
158

       
 

       
                  livenessProbe = {


     

       
159

       
 

       
                    httpGet = {


     

       
160

       
 

       
                      path = "/healthcheck/dnsmasq";


     
···

       
206

       
 

       
                }


     

       
207

       
 

       
                {


     

       
208

       
 

       
                  name = "sidecar";


     

       
209

       
-

       
                  image = "k8s.gcr.io/k8s-dns-sidecar-amd64:${version}";


     

       
210

       
 

       
                  livenessProbe = {


     

       
211

       
 

       
                    httpGet = {


     

       
212

       
 

       
                      path = "/metrics";


     
···

       
4

       
 

       



     

       
5

       
 

       
let


     

       
6

       
 

       
  version = "1.14.10";


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
7

       
 

       
  cfg = config.services.kubernetes.addons.dns;


     

       
8

       
 

       
in {


     

       
9

       
 

       
  options.services.kubernetes.addons.dns = {


     
···

       
26

       
 

       
      default = "cluster.local";


     

       
27

       
 

       
      type = types.str;


     

       
28

       
 

       
    };


     

       
29

       
+

       



     

       
30

       
+

       
    kube-dns = mkOption {


     

       
31

       
+

       
      description = "Docker image to seed for the kube-dns main container.";


     

       
32

       
+

       
      type = types.attrs;


     

       
33

       
+

       
      default = {


     

       
34

       
+

       
        imageName = "k8s.gcr.io/k8s-dns-kube-dns-amd64";


     

       
35

       
+

       
        imageDigest = "sha256:b99fc3eee2a9f052f7eb4cc00f15eb12fc405fa41019baa2d6b79847ae7284a8";


     

       
36

       
+

       
        finalImageTag = version;


     

       
37

       
+

       
        sha256 = "0x583znk9smqn0fix7ld8sm5jgaxhqhx3fq97b1wkqm7iwhvl3pj";


     

       
38

       
+

       
      };


     

       
39

       
+

       
    };


     

       
40

       
+

       



     

       
41

       
+

       
    dnsmasq-nanny = mkOption {


     

       
42

       
+

       
      description = "Docker image to seed for the kube-dns dnsmasq container.";


     

       
43

       
+

       
      type = types.attrs;


     

       
44

       
+

       
      default = {


     

       
45

       
+

       
        imageName = "k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64";


     

       
46

       
+

       
        imageDigest = "sha256:bbb2a290a568125b3b996028958eb773f33b5b87a6b37bf38a28f8b62dddb3c8";


     

       
47

       
+

       
        finalImageTag = version;


     

       
48

       
+

       
        sha256 = "1fihml7s2mfwgac51cbqpylkwbivc8nyhgi4vb820s83zvl8a6y1";


     

       
49

       
+

       
      };


     

       
50

       
+

       
    };


     

       
51

       
+

       



     

       
52

       
+

       
    sidecar = mkOption {


     

       
53

       
+

       
      description = "Docker image to seed for the kube-dns sidecar container.";


     

       
54

       
+

       
      type = types.attrs;


     

       
55

       
+

       
      default = {


     

       
56

       
+

       
        imageName = "k8s.gcr.io/k8s-dns-sidecar-amd64";


     

       
57

       
+

       
        imageDigest = "sha256:4f1ab957f87b94a5ec1edc26fae50da2175461f00afecf68940c4aa079bd08a4";


     

       
58

       
+

       
        finalImageTag = version;


     

       
59

       
+

       
        sha256 = "08l1bv5jgrhvjzpqpbinrkgvv52snc4fzyd8ya9v18ns2klyz7m0";


     

       
60

       
+

       
      };


     

       
61

       
+

       
    };


     

       
62

       
 

       
  };


     

       
63

       
 

       



     

       
64

       
 

       
  config = mkIf cfg.enable {


     

       
65

       
+

       
    services.kubernetes.kubelet.seedDockerImages = with pkgs.dockerTools; [


     

       
66

       
+

       
      (pullImage cfg.kube-dns)


     

       
67

       
+

       
      (pullImage cfg.dnsmasq-nanny)


     

       
68

       
+

       
      (pullImage cfg.sidecar)


     

       
69

       
 

       
    ];


     

       
70

       
 

       



     

       
71

       
 

       
    services.kubernetes.addonManager.addons = {


     
···

       
99

       
 

       
              containers = [


     

       
100

       
 

       
                {


     

       
101

       
 

       
                  name = "kubedns";


     

       
102

       
+

       
                  image = with cfg.kube-dns; "${imageName}:${finalImageTag}";


     

       
103

       
 

       
                  resources = {


     

       
104

       
 

       
                    limits.memory = "170Mi";


     

       
105

       
 

       
                    requests = {


     
···

       
165

       
 

       
                }


     

       
166

       
 

       
                {


     

       
167

       
 

       
                  name = "dnsmasq";


     

       
168

       
+

       
                  image = with cfg.dnsmasq-nanny; "${imageName}:${finalImageTag}";


     

       
169

       
 

       
                  livenessProbe = {


     

       
170

       
 

       
                    httpGet = {


     

       
171

       
 

       
                      path = "/healthcheck/dnsmasq";


     
···

       
217

       
 

       
                }


     

       
218

       
 

       
                {


     

       
219

       
 

       
                  name = "sidecar";


     

       
220

       
+

       
                  image = with cfg.sidecar; "${imageName}:${finalImageTag}";


     

       
221

       
 

       
                  livenessProbe = {


     

       
222

       
 

       
                    httpGet = {


     

       
223

       
 

       
                      path = "/metrics";