forked from hswaw/hscloud
nix: bump to new k8s
This commit is contained in:
parent
b245865087
commit
4232c8b733
1 changed files with 14 additions and 11 deletions
|
@ -17,6 +17,8 @@ in rec {
|
|||
boot.loader.grub.version = 2;
|
||||
boot.loader.grub.device = node.diskBoot;
|
||||
|
||||
boot.kernelParams = [ "boot.shell_on_fail" ];
|
||||
|
||||
time.timeZone = "Europe/Warsaw";
|
||||
|
||||
# List packages installed in system profile. To search, run:
|
||||
|
@ -110,25 +112,24 @@ in rec {
|
|||
|
||||
caFile = pki.kube.apiserver.ca;
|
||||
clusterCidr = "10.10.16.0/20";
|
||||
verbose = false;
|
||||
|
||||
path = [ pkgs.e2fsprogs ]; # kubelet wants to mkfs.ext4 when mounting pvcs
|
||||
|
||||
addons.dns.enable = false;
|
||||
|
||||
etcd = {
|
||||
servers = (map (n: "https://${n.fqdn}:2379") nodes);
|
||||
caFile = pki.etcd.kube.ca;
|
||||
keyFile = pki.etcd.kube.key;
|
||||
certFile = pki.etcd.kube.cert;
|
||||
};
|
||||
|
||||
apiserver = rec {
|
||||
enable = true;
|
||||
port = ports.k8sAPIServerPlain;
|
||||
insecurePort = ports.k8sAPIServerPlain;
|
||||
securePort = ports.k8sAPIServerSecure;
|
||||
advertiseAddress = "${node.ipAddr}";
|
||||
|
||||
etcd = {
|
||||
servers = (map (n: "https://${n.fqdn}:2379") nodes);
|
||||
caFile = pki.etcd.kube.ca;
|
||||
keyFile = pki.etcd.kube.key;
|
||||
certFile = pki.etcd.kube.cert;
|
||||
};
|
||||
|
||||
tlsCertFile = pki.kube.apiserver.cert;
|
||||
tlsKeyFile = pki.kube.apiserver.key;
|
||||
|
||||
|
@ -141,6 +142,7 @@ in rec {
|
|||
|
||||
serviceAccountKeyFile = pki.kube.serviceaccounts.key;
|
||||
|
||||
allowPrivileged = true;
|
||||
serviceClusterIpRange = "10.10.12.0/24";
|
||||
runtimeConfig = "api/all,authentication.k8s.io/v1beta1";
|
||||
authorizationMode = ["Node" "RBAC"];
|
||||
|
@ -160,8 +162,8 @@ in rec {
|
|||
|
||||
controllerManager = {
|
||||
enable = true;
|
||||
address = "0.0.0.0";
|
||||
port = ports.k8sControllerManagerPlain;
|
||||
bindAddress = "0.0.0.0";
|
||||
insecurePort = ports.k8sControllerManagerPlain;
|
||||
leaderElect = true;
|
||||
serviceAccountKeyFile = pki.kube.serviceaccounts.key;
|
||||
rootCaFile = pki.kube.ca;
|
||||
|
@ -193,6 +195,7 @@ in rec {
|
|||
kubelet = {
|
||||
enable = true;
|
||||
unschedulable = false;
|
||||
allowPrivileged = true;
|
||||
hostname = fqdn;
|
||||
tlsCertFile = pki.kube.kubelet.cert;
|
||||
tlsKeyFile = pki.kube.kubelet.key;
|
||||
|
|
Loading…
Reference in a new issue