oceanbox/platform
6
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Add IP SANs to kubelet cert for metrics-server

Browse Source
This commit is contained in:
Jonas Juselius
2020-11-20 20:01:59 +01:00
parent 9a6250229d
commit 9d7a786d28
1 changed files with 26 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
modules/default.nix
View File

@@ -3,6 +3,12 @@ with lib;
let
cfg = cluster;
mkSANs = host: [
host.name
host.address
"127.0.0.1"
];
pki = import ./pki.nix { inherit pkgs; ca = cfg.initca; };
mkCert = host: {
@@ -10,19 +16,14 @@ let
cn = host.name;
ca = cfg.ca;
o = cfg.clusterName;
hosts = [
host.name
"${host.name}.${cfg.domain}"
host.address
"127.0.0.1"
];
};
};
baseDeployment = nodes: attrs:
let
hosts =
builtins.foldl'
(a: x: a // { ${x.name} = mkHost x _; }) {} nodes;
hosts' = lib.recursiveUpdate hosts attrs;
names = builtins.attrNames hosts;
in
builtins.foldl' (a: x: a // { ${x} = self: hosts'.${x}; }) {} names;
in {
k8s = rec {
apiserver = host: self: {
@@ -34,13 +35,13 @@ in {
cfg
{
hostName = host.name;
cert = mkCert host.name;
k8s.master.enable = true;
k8s.node.enable = true;
}
];
imports = [ host.hw ./modules.nix ];
services.kubernetes.kubelet.extraSANs = mkSANs host;
imports = [ host.hw ./modules.nix ../overrides/kubelet.nix ];
};
node = host: self: {
@@ -52,16 +53,19 @@ in {
cfg
{
hostName = host.name;
cert = mkCert host.name;
k8s.node.enable = true;
}
];
imports = [ host.hw ./modules.nix ];
services.kubernetes.kubelet.extraSANs = mkSANs host;
imports = [ host.hw ./modules.nix ../overrides/kubelet.nix ];
};
mkDeployment = master: nodes:
mkDeployment =
let
master = cfg.k8s.master;
nodes = cfg.k8s.nodes;
server = { "${master.name}" = apiserver master; };
in
builtins.foldl' (a: x:
@@ -82,7 +86,7 @@ in {
}
];
imports = [ host.hw ./modules.nix ];
imports = [ ../overrides host.hw ./modules.nix ];
};
mkDeployment = nodes:
@@ -107,11 +111,8 @@ in {
imports = [ host.hw ./modules.nix ];
};
mkDeployment = masterNode: workerNodes:
let
master = { "${master.name}" = apiserver masterNode; };
in
mkDeployment = nodes:
builtins.foldl' (a: x:
a // { "${x.name}" = mkWorker x; }) master workerNodes;
a // { "${x.name}" = node x; }) {} nodes;
};
}