- All kubernetes components have been seperated into different files
- All TLS-enabled ports have been deprecated and disabled by default
- EasyCert option added to support automatic cluster PKI-bootstrap
- RBAC has been enforced for all cluster components by default
- NixOS kubernetes test cases make use of easyCerts to setup PKI
In fff5923686 all occurences of
users.extraUsers and users.extraGroups have been changed tree-wide to
users.users and users.group. In the meantime the hadoop modules were
introduced via #41381 (060a98e9f4).
Unfortunately those modules still use users.extraUsers, which has been
renamed a long time ago (14321ae243, about
three years from now), so let's actually rename it accordingly as well.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @matthewbauer, @aespinosa
Kubernetes dashboard currently has cluster admin permissions,
which is not recommended.
- Renamed option "services.kubernetes.addons.dashboard.enableRBAC" to "services.kubernetes.addons.dashboard.rbac.enable"
- Added option "services.kubernetes.addons.dashboard.rbac.clusterAdmin", default = false.
- Setting recommended minimal permissions for the dashboard in accordance with https://github.com/kubernetes/dashboard/wiki/Installation
- Updated release note for 18.09.
- Added option 'cni.configDir' to allow for having CNI config outside of nix-store
Existing behavior (writing verbatim CNI conf-files to nix-store) is still available.
- Removed unused option 'apiserver.publicAddress' and changed 'apiserver.address' to 'bindAddress'
This conforms better to k8s docs and removes existing --bind-address hardcoding to 0.0.0.0
- Fixed c/p mistake in apiserver systemd unit description
- Updated 18.09 release notes to reflect changes to existing options
And fixed some typos from previous PR
- Make docker images for Kubernetes Dashboard and kube-dns configurable
As shipped with k8s 1.10.3.
Also:
- updated the definition jsons as they are distributed in k8s.
- updated the image uris as they are renamed in k8s
- added imageDigest param as per 736848723e
As shipped with k8s 1.10.3.
Also:
- updated the definition jsons as they are distributed in k8s.
- updated the image uris as they are renamed in k8s
- added imageDigest param as per 736848723e
* Fix reference CNI plugins
* The plugins were split out of the upstream cni repo around version
0.6.0
* Fix RBAC and DNS tests
* Fix broken apiVersion fields
* Change plugin linking to look in ${package}/bin rather than
${package.plugins}
* Initial work towards a working e2e test
* Test still fails, but at least the expression evaluates now
Continues @srhb's work in #37199Fixes#37199
Uses the HTTPS url for cases where the existing URL has a permanent
redirect. For each domain, at least one fixed derivation URL was
downloaded to test the domain is properly serving downloads.
Also fixes jbake source URL, which was broken.