rec { domain = ".hswaw.net"; k8sapi = "k0.hswaw.net"; acmeEmail = "q3k@hackerspace.pl"; nodes = [ { fqdn = "bc01n01.hswaw.net"; ipAddr = "185.236.240.35"; podNet = "10.10.16.0/24"; diskBoot = "/dev/sdb"; } { fqdn = "bc01n02.hswaw.net"; ipAddr = "185.236.240.36"; podNet = "10.10.17.0/24"; diskBoot = "/dev/sdb"; } { fqdn = "bc01n03.hswaw.net"; ipAddr = "185.236.240.37"; podNet = "10.10.18.0/24"; diskBoot = "/dev/sdb"; } ]; pki = rec { root = /opt/hscloud; make = (radix: name: rec { ca = root + "/${radix}-ca.crt"; cert = root + "/${radix}-${name}.crt"; key = root + "/${radix}-${name}.key"; json = (builtins.toJSON { ca = (builtins.toString ca); cert = (builtins.toString cert); key = (builtins.toString key); }); }); etcdPeer = (make "etcdpeer" "server"); etcd = { server = (make "etcd" "server"); kube = (make "etcd" "kube"); }; makeKube = (name: (make "kube" name) // { config = { server = "https://${k8sapi}:${toString ports.k8sAPIServerSecure}"; certFile = (make "kube" name).cert; keyFile = (make "kube" name).key; }; }); kube = rec { ca = apiserver.ca; # Used to identify apiserver. apiserver = (makeKube "apiserver"); # Used to identify controller-manager. controllermanager = (makeKube "controller-manager"); # Used to identify scheduler. scheduler = (makeKube "scheduler"); # Used to identify kube-proxy. proxy = (makeKube "proxy"); # Used to identify kubelet. kubelet = (makeKube "node"); # Used to encrypt service accounts. serviceaccounts = (makeKube "serviceaccounts"); }; kubeFront = { apiserver = (make "kubeFront" "apiserver"); }; }; ports = { k8sAPIServerPlain = 4000; k8sAPIServerSecure = 4001; k8sControllerManagerPlain = 0; # 4002; do not serve plain http k8sControllerManagerSecure = 4003; }; }