Fix missing ca.crt/pem in secrets/serviceaccount.
Add helm.
This commit is contained in:
Jonas Juselius
6
k8s.nix
6
k8s.nix
@@ -1,5 +1,7 @@
|
|||||||
with import ./certs.nix;
|
with import ./certs.nix;
|
||||||
let
|
let
|
||||||
|
pkgs = import <nixpkgs> {};
|
||||||
|
|
||||||
etcdServers = [ "etcd0" "etcd1" "etcd2" ];
|
etcdServers = [ "etcd0" "etcd1" "etcd2" ];
|
||||||
# etcdServers = [ "k8s0-0" "k8s0-1" "k8s0-2" ];
|
# etcdServers = [ "k8s0-0" "k8s0-1" "k8s0-2" ];
|
||||||
etcdEndpoints = builtins.map (x: "https://${x}:2379") etcdServers;
|
etcdEndpoints = builtins.map (x: "https://${x}:2379") etcdServers;
|
||||||
@@ -97,11 +99,12 @@ let
|
|||||||
kubeletClientCaFile = ca_pem;
|
kubeletClientCaFile = ca_pem;
|
||||||
kubeletClientKeyFile = worker_key;
|
kubeletClientKeyFile = worker_key;
|
||||||
kubeletClientCertFile = worker_cert;
|
kubeletClientCertFile = worker_cert;
|
||||||
# serviceAccountKeyFile = apiserver_key;
|
serviceAccountKeyFile = apiserver_key;
|
||||||
};
|
};
|
||||||
scheduler.leaderElect = true;
|
scheduler.leaderElect = true;
|
||||||
controllerManager.leaderElect = true;
|
controllerManager.leaderElect = true;
|
||||||
controllerManager.serviceAccountKeyFile = apiserver_key;
|
controllerManager.serviceAccountKeyFile = apiserver_key;
|
||||||
|
controllerManager.rootCaFile = ca_pem;
|
||||||
dns.enable = true;
|
dns.enable = true;
|
||||||
dns.port = 4053;
|
dns.port = 4053;
|
||||||
};
|
};
|
||||||
@@ -109,6 +112,7 @@ let
|
|||||||
allowedTCPPorts = [ 5000 8080 4443 4053 ];
|
allowedTCPPorts = [ 5000 8080 4443 4053 ];
|
||||||
allowedUDPPorts = [ 4053 ];
|
allowedUDPPorts = [ 4053 ];
|
||||||
};
|
};
|
||||||
|
environment.systemPackages = [ pkgs.kubernetes-helm ];
|
||||||
};
|
};
|
||||||
|
|
||||||
baseConfig = node: {
|
baseConfig = node: {
|
||||||
|
|||||||
Reference in New Issue
Block a user