mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-20 12:42:24 +00:00
Code Issues Wiki Activity
219509 commits 303 branches 124 tags 6.4 GiB
Commit graph

139 commits

Author SHA1 Message Date
Antonio Nuno Monteiro e2c11ad3c0 nixos/kubernetes: allow configuring cfssl API server SANs 2020-01-18 23:39:21 -08:00
rnhmjoj 1d61efb7f1 treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
Silvan Mosberger 4ee3e8b21d
nixos/treewide: Move rename.nix imports to their respective modules 
A centralized list for these renames is not good because:
- It breaks disabledModules for modules that have a rename defined
- Adding/removing renames for a module means having to find them in the
central file
- Merge conflicts due to multiple people editing the central file
 2019-12-10 02:51:19 +01:00
Sascha Grunert 7f358a5f3b
nixos/kubernetes: Module and test compatibility with kubernetes 1.16 
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
 2019-11-15 05:58:35 +01:00
volth 7b8fb5c06c treewide: remove redundant quotes 2019-09-08 23:38:31 +00:00
Jan Tojnar cdf426488b
Merge branch 'master' into staging-next 
Fixed trivial conflicts caused by removing rec.
 2019-09-06 03:20:09 +02:00
Johan Thomsen d891283aa4 nixos/kubernetes: make module compatible with v1.15.x 2019-09-04 17:38:41 +02:00
Johan Thomsen 00975b5628 Revert "Merge pull request #56789 from mayflower/upstream-k8s-refactor" 
This reverts commit 7dc6e77bc2, reversing
changes made to bce47ea9d5.

Motivation for the revert in #67563
 2019-09-04 17:37:02 +02:00
volth 08f68313a4 treewide: remove redundant rec 2019-08-28 11:07:32 +00:00
volth 35d68ef143 treewide: remove redundant quotes 2019-08-26 21:40:19 +00:00
volth f3282c8d1e treewide: remove unused variables (#63177) 
* treewide: remove unused variables

* making ofborg happy
 2019-06-16 19:59:05 +00:00
Robin Gloster a1dcac5104
Merge pull request #57523 from mayflower/kube-apiserver-preferred-address-types 
nixos/kubernetes: Add preferredAddressTypes option to apiserver
 2019-05-18 09:57:12 +00:00
Robin Gloster 6cf583cf2f
Merge pull request #60406 from JohnAZoidberg/remove-isnull 
treewide: Remove usage of isNull
 2019-05-18 09:36:24 +00:00
Alberto Berti f965fb26a9 nixos/kubernetes: upgrade CoreDNS 1.3.1 -> 1.5.0 2019-05-06 13:10:32 +02:00
Johan Thomsen 29bf511ef9 nixos/kubernetes: fix control-plane-online prestart dependency 
The kubeconfig provided to the kubernetes-control-plane-online.service
is invalid. However, the apiserver /healthz endpoint can be accessed without auth so it's
simpler to just use curl for that.
 2019-04-29 17:42:16 +02:00
Daniel Schaefer 786f02f7a4 treewide: Remove usage of isNull 
isNull "is deprecated; just write e == null instead" says the Nix manual
 2019-04-29 14:05:50 +02:00
Aaron Andersen 4a11ce7f26
cleanup redundant text in modules utilizing mkEnableOption 
Closes #59911
 2019-04-20 14:44:02 +02:00
Robin Gloster b278cd86e1
Merge branch 'master' into kube-apiserver-preferred-address-types 2019-04-17 16:40:06 +00:00
Robin Gloster 44afc81af1
Merge pull request #57693 from mayflower/kube-apiserver-proxy-client-certs 
nixos/kubernetes: Add proxy client certs to apiserver
 2019-04-17 16:38:51 +00:00
Robin Gloster 7dc6e77bc2
Merge pull request #56789 from mayflower/upstream-k8s-refactor 
nixos/kubernetes: stabilize cluster deployment/startup across machines
 2019-04-17 16:37:58 +00:00
Markus 2e29412e9c nixos/kubernetes: Add proxy client certs to apiserver 2019-03-15 13:21:43 +00:00
Markus 87d1a82627 nixos/kubernetes: Add preferredAddressTypes option to apiserver 2019-03-12 15:01:14 +00:00
Christian Albrecht e3a80ebc40
Cleanup pki: remove mkWaitCurl 2019-03-11 12:22:59 +01:00
Christian Albrecht 45e683fbd6
Cleanup pki: control-plane-online 2019-03-11 12:22:59 +01:00
Christian Albrecht 50c5f489ef
Cleanup pki: scheduler 2019-03-11 12:22:53 +01:00
Christian Albrecht 46653f84c9
Cleanup pki: proxy 2019-03-11 12:22:49 +01:00
Christian Albrecht 73657b7fcf
Cleanup pki: kubelet 2019-03-11 12:22:44 +01:00
Christian Albrecht ea6985ffc1
Cleanup pki: flannel 2019-03-11 12:22:40 +01:00
Christian Albrecht ce83dc2c52
Cleanup pki: controller-manager 2019-03-11 12:22:36 +01:00
Christian Albrecht 8ab50cb239
Cleanup pki: apiserver and etcd 2019-03-11 12:22:31 +01:00
Christian Albrecht ee9dd4386a
Cleanup pki: addon-manager 2019-03-11 12:16:58 +01:00
Jonas Juselius 279716c330 nixos/kubernetes: add dns addonmanger reconcile mode option (#55834) 
Allow coredns ConfigMap and Depolyment to be editable by the user. An use
case is augmenting the default, generated dns records with local services.
 2019-03-09 12:57:41 +02:00
Christian Albrecht 154356d820
nixos/kubernetes: Fix kube-control-plane-online must not be present 
outside kubernetes module.
 2019-03-08 09:36:59 +01:00
Johan Thomsen 80c4fd4f85 nixos/kubernetes: minor module fixes 
- mkDefault etcd instance name
- make sure ca-cert in mkKubeConfig can be overriden
- fix controller-manager "tls-private-key-file" flag name
 2019-03-08 09:18:51 +01:00
Christian Albrecht ff382c18c8
nixos/kubernetes: Address review: Move remaining paths to pki 2019-03-06 17:56:28 +01:00
Christian Albrecht e148cb040b
nixos/kubernetes: Address review: rename node-online target 2019-03-06 17:17:20 +01:00
Christian Albrecht 5684034693
nixos/kubernetes: Address review: Remove restart from certmgr bootstrap service 2019-03-06 16:55:13 +01:00
Christian Albrecht 7323b77435
nixos/kubernetes: Address review: Separate preStart from certificates 2019-03-06 16:55:08 +01:00
Christian Albrecht 52fe1d2e7a
nixos/kubernetes: Address review: Move controller manager paths into pki 2019-03-06 16:55:04 +01:00
Christian Albrecht 6e9037fed0
nixos/kubernetes: Address review: Move bootstrapping addons into own service 2019-03-06 16:54:50 +01:00
Christian Albrecht ff91d5818c
nixos/kubernetes: Address review: Rename targets and move proxy to node-online.target 2019-03-06 16:54:22 +01:00
Christian Albrecht 74962bf767
nixos/kubernetes: No need to restart services besides certmgr 
within the node join script, since certmgr is taking care of
restarting services.
 2019-03-03 19:43:15 +01:00
Christian Albrecht 7df88bd802
nixos/kubernetes: Put dashboard service account into bootstrapAddons 
to prevent errors in log about missing permissions when
addon manager starts the dashboard.
 2019-03-03 19:43:15 +01:00
Christian Albrecht fd28c0a82a
nixos/kubernetes: Seed docker images before kubelet service start 
to speed up startup time because it can be parallelized.
 2019-03-03 19:43:14 +01:00
Christian Albrecht cf8389c904
nixos/kubernetes: Add longer timeouts for waiting services 2019-03-03 19:43:14 +01:00
Christian Albrecht 51aeaaffc2
nixos/kubernetes: flannel needs iptables in service path 2019-03-03 19:43:13 +01:00
Christian Albrecht 62f03750e4
nixos/kubernetes: Stabilize services startup across machines 
by adding targets and curl wait loops to services to ensure services
are not started before their depended services are reachable.

Extra targets cfssl-online.target and kube-apiserver-online.target
syncronize starts across machines and node-online.target ensures
docker is restarted and ready to deploy containers on after flannel
has discussed the network cidr with apiserver.

Since flannel needs to be started before addon-manager to configure
the docker interface, it has to have its own rbac bootstrap service.

The curl wait loops within the other services exists to ensure that when
starting the service it is able to do its work immediately without
clobbering the log about failing conditions.

By ensuring kubernetes.target is only reached after starting the
cluster it can be used in the tests as a wait condition.

In kube-certmgr-bootstrap mkdir is needed for it to not fail to start.

The following is the relevant part of systemctl list-dependencies

default.target
● ├─certmgr.service
● ├─cfssl.service
● ├─docker.service
● ├─etcd.service
● ├─flannel.service
● ├─kubernetes.target
● │ ├─kube-addon-manager.service
● │ ├─kube-proxy.service
● │ ├─kube-apiserver-online.target
● │ │ ├─flannel-rbac-bootstrap.service
● │ │ ├─kube-apiserver-online.service
● │ │ ├─kube-apiserver.service
● │ │ ├─kube-controller-manager.service
● │ │ └─kube-scheduler.service
● │ └─node-online.target
● │   ├─node-online.service
● │   ├─flannel.target
● │   │ ├─flannel.service
● │   │ └─mk-docker-opts.service
● │   └─kubelet.target
● │     └─kubelet.service
● ├─network-online.target
● │ └─cfssl-online.target
● │   ├─certmgr.service
● │   ├─cfssl-online.service
● │   └─kube-certmgr-bootstrap.service
 2019-03-03 19:39:02 +01:00
Christian Albrecht f9e2f76a59
nixos/kubernetes: Add systemd path units 
to protect services from crashing and clobbering the logs when
certificates are not in place yet and make sure services are activated
when certificates are ready.

To prevent errors similar to "kube-controller-manager.path: Failed to
enter waiting state: Too many open files"
fs.inotify.max_user_instances has to be increased.
 2019-03-03 19:34:57 +01:00
Adam Finn Tulinius 291c809888 nixos/kubernetes: add missing systemd restart options 2019-02-21 14:57:57 +01:00
Jaka Hudoklin 97a27fd2d2
nixos/kubernetes: fix flannel and kubelet startup 2019-02-21 00:26:11 +01:00