commit ab1567e8121dfcdb4f7a395b39a3a345f41c7474 · pyrox.dev/nixpkgs

+1

nixos/modules/services/cluster/kubernetes/pki.nix

···

       189
       189
        
               # manually paste it in place. Just symlink.

     

       190
       190
        
               # otherwise, create the target file, ready for users to insert the token

     

       191
       191
        
       

     

       192
       192
       +
               mkdir -p $(dirname ${certmgrAPITokenPath})

     

       192
       193
        
               if [ -f "${cfsslAPITokenPath}" ]; then

     

       193
       194
        
                 ln -fs "${cfsslAPITokenPath}" "${certmgrAPITokenPath}"

     

       194
       195
        
               else

+1 -1

nixos/modules/services/cluster/kubernetes/proxy.nix

···

       59
       59
        
             description = "Kubernetes Proxy Service";

     

       60
       60
        
             wantedBy = [ "kubernetes.target" ];

     

       61
       61
        
             after = [ "kube-apiserver.service" ];

     

       62
       62
       -
             path = with pkgs; [ iptables conntrack_tools ];

     

       62
       62
       +
             path = with pkgs; [ iptables conntrack-tools ];

     

       63
       63
        
             serviceConfig = {

     

       64
       64
        
               Slice = "kubernetes.slice";

     

       65
       65
        
               ExecStart = ''${top.package}/bin/kube-proxy \

+8 -1

nixos/tests/kubernetes/base.nix

···

       40
       40
        
                         allowedTCPPorts = [

     

       41
       41
        
                           10250 # kubelet

     

       42
       42
        
                         ];

     

       43
       43
       -
                         trustedInterfaces = ["docker0"];

     

       43
       43
       +
                         trustedInterfaces = ["mynet"];

     

       44
       44
        
       

     

       45
       45
        
                         extraCommands = concatMapStrings  (node: ''

     

       46
       46
        
                           iptables -A INPUT -s ${node.config.networking.primaryIPAddress} -j ACCEPT

     
···

       61
       61
        
                         advertiseAddress = master.ip;

     

       62
       62
        
                       };

     

       63
       63
        
                       masterAddress = "${masterName}.${config.networking.domain}";

     

       64
       64
       +
                       # workaround for:

     

       65
       65
       +
                       #   https://github.com/kubernetes/kubernetes/issues/102676

     

       66
       66
       +
                       #   (workaround from) https://github.com/kubernetes/kubernetes/issues/95488

     

       67
       67
       +
                       kubelet.extraOpts = ''\

     

       68
       68
       +
                         --cgroups-per-qos=false \

     

       69
       69
       +
                         --enforce-node-allocatable="" \

     

       70
       70
       +
                       '';

     

       64
       71
        
                     };

     

       65
       72
        
                   }

     

       66
       73
        
                   (optionalAttrs (any (role: role == "master") machine.roles) {