From 45dbb95515563a067ca1bfa3f7474e6503e5f705 Mon Sep 17 00:00:00 2001
From: zowoq <59103226+zowoq@users.noreply.github.com>
Date: Tue, 14 Dec 2021 11:03:48 +1000
Subject: [PATCH] nixos/kubernetes: remove dashboard
---
.../from_md/release-notes/rl-2205.section.xml | 6 +
.../manual/release-notes/rl-2205.section.md | 2 +
nixos/modules/module-list.nix | 1 -
.../cluster/kubernetes/addon-manager.nix | 2 +-
.../cluster/kubernetes/addons/dashboard.nix | 344 ------------------
.../services/cluster/kubernetes/default.nix | 1 +
nixos/tests/kubernetes/base.nix | 1 -
7 files changed, 10 insertions(+), 347 deletions(-)
delete mode 100644 nixos/modules/services/cluster/kubernetes/addons/dashboard.nix
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
index 4a68bc941860..517a2e458aae 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
@@ -103,6 +103,12 @@
new versions will release.
+
+
+ services.kubernetes.addons.dashboard was
+ removed due to it being an outdated version.
+
+
The wafHook hook now honors
diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md
index 556552723100..cfe1130068c7 100644
--- a/nixos/doc/manual/release-notes/rl-2205.section.md
+++ b/nixos/doc/manual/release-notes/rl-2205.section.md
@@ -41,6 +41,8 @@ In addition to numerous new and upgraded packages, this release has the followin
org-contrib, refer to the ones in `pkgs.emacsPackages.elpaPackages` and
`pkgs.emacsPackages.nongnuPackages` where the new versions will release.
+- `services.kubernetes.addons.dashboard` was removed due to it being an outdated version.
+
- The `wafHook` hook now honors `NIX_BUILD_CORES` when `enableParallelBuilding` is not set explicitly. Packages can restore the old behaviour by setting `enableParallelBuilding=false`.
- `pkgs.claws-mail-gtk2`, representing Claws Mail's older release version three, was removed in order to get rid of Python 2.
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 55de01735024..dd6a74df30cb 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -296,7 +296,6 @@
./services/cluster/hadoop/default.nix
./services/cluster/k3s/default.nix
./services/cluster/kubernetes/addons/dns.nix
- ./services/cluster/kubernetes/addons/dashboard.nix
./services/cluster/kubernetes/addon-manager.nix
./services/cluster/kubernetes/apiserver.nix
./services/cluster/kubernetes/controller-manager.nix
diff --git a/nixos/modules/services/cluster/kubernetes/addon-manager.nix b/nixos/modules/services/cluster/kubernetes/addon-manager.nix
index 3d988dc2479a..9159d5915eb7 100644
--- a/nixos/modules/services/cluster/kubernetes/addon-manager.nix
+++ b/nixos/modules/services/cluster/kubernetes/addon-manager.nix
@@ -58,7 +58,7 @@ in
"spec" = { ... };
};
}
- // import { cfg = config.services.kubernetes; };
+ // import { cfg = config.services.kubernetes; };
'';
};
diff --git a/nixos/modules/services/cluster/kubernetes/addons/dashboard.nix b/nixos/modules/services/cluster/kubernetes/addons/dashboard.nix
deleted file mode 100644
index 54b1f3859fcb..000000000000
--- a/nixos/modules/services/cluster/kubernetes/addons/dashboard.nix
+++ /dev/null
@@ -1,344 +0,0 @@
-{ config, options, pkgs, lib, ... }:
-
-with lib;
-
-let
- cfg = config.services.kubernetes.addons.dashboard;
- opt = options.services.kubernetes.addons.dashboard;
-in {
- imports = [
- (mkRenamedOptionModule [ "services" "kubernetes" "addons" "dashboard" "enableRBAC" ] [ "services" "kubernetes" "addons" "dashboard" "rbac" "enable" ])
- ];
-
- options.services.kubernetes.addons.dashboard = {
- enable = mkEnableOption "kubernetes dashboard addon";
-
- extraArgs = mkOption {
- description = "Extra arguments to append to the dashboard cmdline";
- type = types.listOf types.str;
- default = [];
- example = ["--enable-skip-login"];
- };
-
- rbac = mkOption {
- description = "Role-based access control (RBAC) options";
- default = {};
- type = types.submodule {
- options = {
- enable = mkOption {
- description = "Whether to enable role based access control is enabled for kubernetes dashboard";
- type = types.bool;
- default = elem "RBAC" config.services.kubernetes.apiserver.authorizationMode;
- defaultText = literalExpression ''
- elem "RBAC" config.${options.services.kubernetes.apiserver.authorizationMode}
- '';
- };
-
- clusterAdmin = mkOption {
- description = "Whether to assign cluster admin rights to the kubernetes dashboard";
- type = types.bool;
- default = false;
- };
- };
- };
- };
-
- version = mkOption {
- description = "Which version of the kubernetes dashboard to deploy";
- type = types.str;
- default = "v1.10.1";
- };
-
- image = mkOption {
- description = "Docker image to seed for the kubernetes dashboard container.";
- type = types.attrs;
- default = {
- imageName = "k8s.gcr.io/kubernetes-dashboard-amd64";
- imageDigest = "sha256:0ae6b69432e78069c5ce2bcde0fe409c5c4d6f0f4d9cd50a17974fea38898747";
- finalImageTag = cfg.version;
- sha256 = "01xrr4pwgr2hcjrjsi3d14ifpzdfbxzqpzxbk2fkbjb9zkv38zxy";
- };
- defaultText = literalExpression ''
- {
- imageName = "k8s.gcr.io/kubernetes-dashboard-amd64";
- imageDigest = "sha256:0ae6b69432e78069c5ce2bcde0fe409c5c4d6f0f4d9cd50a17974fea38898747";
- finalImageTag = config.${opt.version};
- sha256 = "01xrr4pwgr2hcjrjsi3d14ifpzdfbxzqpzxbk2fkbjb9zkv38zxy";
- };
- '';
- };
- };
-
- config = mkIf cfg.enable {
- services.kubernetes.kubelet.seedDockerImages = [(pkgs.dockerTools.pullImage cfg.image)];
-
- services.kubernetes.addonManager.addons = {
- kubernetes-dashboard-deployment = {
- kind = "Deployment";
- apiVersion = "apps/v1";
- metadata = {
- labels = {
- k8s-addon = "kubernetes-dashboard.addons.k8s.io";
- k8s-app = "kubernetes-dashboard";
- version = cfg.version;
- "kubernetes.io/cluster-service" = "true";
- "addonmanager.kubernetes.io/mode" = "Reconcile";
- };
- name = "kubernetes-dashboard";
- namespace = "kube-system";
- };
- spec = {
- replicas = 1;
- revisionHistoryLimit = 10;
- selector.matchLabels.k8s-app = "kubernetes-dashboard";
- template = {
- metadata = {
- labels = {
- k8s-addon = "kubernetes-dashboard.addons.k8s.io";
- k8s-app = "kubernetes-dashboard";
- version = cfg.version;
- "kubernetes.io/cluster-service" = "true";
- };
- annotations = {
- "scheduler.alpha.kubernetes.io/critical-pod" = "";
- };
- };
- spec = {
- priorityClassName = "system-cluster-critical";
- containers = [{
- name = "kubernetes-dashboard";
- image = with cfg.image; "${imageName}:${finalImageTag}";
- ports = [{
- containerPort = 8443;
- protocol = "TCP";
- }];
- resources = {
- limits = {
- cpu = "100m";
- memory = "300Mi";
- };
- requests = {
- cpu = "100m";
- memory = "100Mi";
- };
- };
- args = ["--auto-generate-certificates"] ++ cfg.extraArgs;
- volumeMounts = [{
- name = "tmp-volume";
- mountPath = "/tmp";
- } {
- name = "kubernetes-dashboard-certs";
- mountPath = "/certs";
- }];
- livenessProbe = {
- httpGet = {
- scheme = "HTTPS";
- path = "/";
- port = 8443;
- };
- initialDelaySeconds = 30;
- timeoutSeconds = 30;
- };
- }];
- volumes = [{
- name = "kubernetes-dashboard-certs";
- secret = {
- secretName = "kubernetes-dashboard-certs";
- };
- } {
- name = "tmp-volume";
- emptyDir = {};
- }];
- serviceAccountName = "kubernetes-dashboard";
- tolerations = [{
- key = "node-role.kubernetes.io/master";
- effect = "NoSchedule";
- } {
- key = "CriticalAddonsOnly";
- operator = "Exists";
- }];
- };
- };
- };
- };
-
- kubernetes-dashboard-svc = {
- apiVersion = "v1";
- kind = "Service";
- metadata = {
- labels = {
- k8s-addon = "kubernetes-dashboard.addons.k8s.io";
- k8s-app = "kubernetes-dashboard";
- "kubernetes.io/cluster-service" = "true";
- "kubernetes.io/name" = "KubeDashboard";
- "addonmanager.kubernetes.io/mode" = "Reconcile";
- };
- name = "kubernetes-dashboard";
- namespace = "kube-system";
- };
- spec = {
- ports = [{
- port = 443;
- targetPort = 8443;
- }];
- selector.k8s-app = "kubernetes-dashboard";
- };
- };
-
- kubernetes-dashboard-sa = {
- apiVersion = "v1";
- kind = "ServiceAccount";
- metadata = {
- labels = {
- k8s-app = "kubernetes-dashboard";
- k8s-addon = "kubernetes-dashboard.addons.k8s.io";
- "addonmanager.kubernetes.io/mode" = "Reconcile";
- };
- name = "kubernetes-dashboard";
- namespace = "kube-system";
- };
- };
- kubernetes-dashboard-sec-certs = {
- apiVersion = "v1";
- kind = "Secret";
- metadata = {
- labels = {
- k8s-app = "kubernetes-dashboard";
- # Allows editing resource and makes sure it is created first.
- "addonmanager.kubernetes.io/mode" = "EnsureExists";
- };
- name = "kubernetes-dashboard-certs";
- namespace = "kube-system";
- };
- type = "Opaque";
- };
- kubernetes-dashboard-sec-kholder = {
- apiVersion = "v1";
- kind = "Secret";
- metadata = {
- labels = {
- k8s-app = "kubernetes-dashboard";
- # Allows editing resource and makes sure it is created first.
- "addonmanager.kubernetes.io/mode" = "EnsureExists";
- };
- name = "kubernetes-dashboard-key-holder";
- namespace = "kube-system";
- };
- type = "Opaque";
- };
- kubernetes-dashboard-cm = {
- apiVersion = "v1";
- kind = "ConfigMap";
- metadata = {
- labels = {
- k8s-app = "kubernetes-dashboard";
- # Allows editing resource and makes sure it is created first.
- "addonmanager.kubernetes.io/mode" = "EnsureExists";
- };
- name = "kubernetes-dashboard-settings";
- namespace = "kube-system";
- };
- };
- } // (optionalAttrs cfg.rbac.enable
- (let
- subjects = [{
- kind = "ServiceAccount";
- name = "kubernetes-dashboard";
- namespace = "kube-system";
- }];
- labels = {
- k8s-app = "kubernetes-dashboard";
- k8s-addon = "kubernetes-dashboard.addons.k8s.io";
- "addonmanager.kubernetes.io/mode" = "Reconcile";
- };
- in
- (if cfg.rbac.clusterAdmin then {
- kubernetes-dashboard-crb = {
- apiVersion = "rbac.authorization.k8s.io/v1";
- kind = "ClusterRoleBinding";
- metadata = {
- name = "kubernetes-dashboard";
- inherit labels;
- };
- roleRef = {
- apiGroup = "rbac.authorization.k8s.io";
- kind = "ClusterRole";
- name = "cluster-admin";
- };
- inherit subjects;
- };
- }
- else
- {
- # Upstream role- and rolebinding as per:
- # https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/alternative/kubernetes-dashboard.yaml
- kubernetes-dashboard-role = {
- apiVersion = "rbac.authorization.k8s.io/v1";
- kind = "Role";
- metadata = {
- name = "kubernetes-dashboard-minimal";
- namespace = "kube-system";
- inherit labels;
- };
- rules = [
- # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
- {
- apiGroups = [""];
- resources = ["secrets"];
- verbs = ["create"];
- }
- # Allow Dashboard to create 'kubernetes-dashboard-settings' config map.
- {
- apiGroups = [""];
- resources = ["configmaps"];
- verbs = ["create"];
- }
- # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- {
- apiGroups = [""];
- resources = ["secrets"];
- resourceNames = ["kubernetes-dashboard-key-holder"];
- verbs = ["get" "update" "delete"];
- }
- # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- {
- apiGroups = [""];
- resources = ["configmaps"];
- resourceNames = ["kubernetes-dashboard-settings"];
- verbs = ["get" "update"];
- }
- # Allow Dashboard to get metrics from heapster.
- {
- apiGroups = [""];
- resources = ["services"];
- resourceNames = ["heapster"];
- verbs = ["proxy"];
- }
- {
- apiGroups = [""];
- resources = ["services/proxy"];
- resourceNames = ["heapster" "http:heapster:" "https:heapster:"];
- verbs = ["get"];
- }
- ];
- };
-
- kubernetes-dashboard-rb = {
- apiVersion = "rbac.authorization.k8s.io/v1";
- kind = "RoleBinding";
- metadata = {
- name = "kubernetes-dashboard-minimal";
- namespace = "kube-system";
- inherit labels;
- };
- roleRef = {
- apiGroup = "rbac.authorization.k8s.io";
- kind = "Role";
- name = "kubernetes-dashboard-minimal";
- };
- inherit subjects;
- };
- })
- ));
- };
-}
diff --git a/nixos/modules/services/cluster/kubernetes/default.nix b/nixos/modules/services/cluster/kubernetes/default.nix
index cf7fcb0a6d73..227c69fec36d 100644
--- a/nixos/modules/services/cluster/kubernetes/default.nix
+++ b/nixos/modules/services/cluster/kubernetes/default.nix
@@ -106,6 +106,7 @@ let
in {
imports = [
+ (mkRemovedOptionModule [ "services" "kubernetes" "addons" "dashboard" ] "Removed due to it being an outdated version")
(mkRemovedOptionModule [ "services" "kubernetes" "verbose" ] "")
];
diff --git a/nixos/tests/kubernetes/base.nix b/nixos/tests/kubernetes/base.nix
index 1f23ca55fb23..e1736f6fe172 100644
--- a/nixos/tests/kubernetes/base.nix
+++ b/nixos/tests/kubernetes/base.nix
@@ -51,7 +51,6 @@ let
environment.systemPackages = [ kubectl ];
services.flannel.iface = "eth1";
services.kubernetes = {
- addons.dashboard.enable = true;
proxy.hostname = "${masterName}.${domain}";
easyCerts = true;