oceanbox/platform
6
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Secure certificates after generation

Browse Source
This commit is contained in:
Jonas Juselius
2019-02-23 15:34:28 +01:00
parent cce9aa825b
commit 66d29be22c
19 changed files with 2098 additions and 144 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
nixos/overlays/kubernetes.nix
View File

@@ -60,7 +60,7 @@ let
cluster.server = cfg.server;
}];
users = [{
name = name';
name = "kubelet";
user = {
client-certificate = cfg.certFile;
client-key = cfg.keyFile;
@@ -69,9 +69,9 @@ let
contexts = [{
context = {
cluster = "local";
user = name';
user = "kubelet";
};
current-context = "default";
current-context = "kubelet-context";
}];
}));
@@ -630,13 +630,6 @@ in {
type = types.bool;
};
# TODO: remove this deprecated flag
cadvisorPort = mkOption {
description = "Kubernetes kubelet local cadvisor port.";
default = 4194;
type = types.int;
};
clusterDns = mkOption {
description = "Use alternative DNS.";
default = "10.1.0.1";
@@ -799,7 +792,7 @@ in {
clusterCidr = mkOption {
description = "Kubernetes controller manager and proxy CIDR Range for Pods in cluster.";
default = "10.1.0.0/16";
type = types.str;
type = types.nullOr types.str;
};
flannel.enable = mkOption {
@@ -870,7 +863,6 @@ in {
--hostname-override=${cfg.kubelet.hostname} \
--allow-privileged=${boolToString cfg.kubelet.allowPrivileged} \
--root-dir=${cfg.dataDir} \
--cadvisor_port=${toString cfg.kubelet.cadvisorPort} \
${optionalString (cfg.kubelet.clusterDns != "")
"--cluster-dns=${cfg.kubelet.clusterDns}"} \
${optionalString (cfg.kubelet.clusterDomain != "")
@@ -1034,9 +1026,9 @@ in {
${if (cfg.controllerManager.rootCaFile!=null)
then "--root-ca-file=${cfg.controllerManager.rootCaFile}"
else "--root-ca-file=/var/run/kubernetes/apiserver.crt"} \
${optionalString (cfg.clusterCidr!=null)
"--cluster-cidr=${cfg.clusterCidr}"} \
--allocate-node-cidrs=true \
${if (cfg.clusterCidr!=null)
then "--cluster-cidr=${cfg.clusterCidr} --allocate-node-cidrs=true"
else "--allocate-node-cidrs=false"} \
${optionalString (cfg.controllerManager.featureGates != [])
"--feature-gates=${concatMapStringsSep "," (feature: "${feature}=true") cfg.controllerManager.featureGates}"} \
${optionalString cfg.verbose "--v=6"} \