From af6a9ab676aa76eba1eaaf9310182c44e44b389d Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Wed, 25 Nov 2020 10:14:21 +0100 Subject: [PATCH] Remove docker0 masquerading rule, and fix hostname-override. The masq rule interfered with svc.spec.externalTrafficPolicy=Local. The default hostname-override has a bug for kube-proxy in nix. --- modules/k8s.nix | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/modules/k8s.nix b/modules/k8s.nix index 002aa7e..6ab8ba7 100644 --- a/modules/k8s.nix +++ b/modules/k8s.nix @@ -33,11 +33,12 @@ let cluster-scripts = let + first = builtins.head cfg.k8s.ingressNodes; + rest = builtins.tail cfg.k8s.ingressNodes; ingressNodes = builtins.foldl' (a: x: - a + ",${x}") "${cfg.k8s.master.name}" - cfg.k8s.extraIngressNodes; + a + ",${x}") first rest; ingressReplicaCount = - builtins.toString (1 + builtins.length cfg.k8s.extraIngressNodes); + builtins.toString (builtins.length cfg.k8s.ingressNodes); show-kubernetes-charts-config = '' #!/usr/bin/env bash cat << EOF @@ -280,6 +281,8 @@ let masterAddress = "${cfg.k8s.master.name}.${cfg.domain}"; clusterCidr = cfg.k8s.cidr; # kubelet.clusterDomain = "${cfg.clusterName}.local"; + kubelet.hostname = "${cfg.hostName}.${cfg.domain}"; + proxy.hostname = "${cfg.hostName}.${cfg.domain}"; }; networking = { @@ -287,7 +290,6 @@ let enable = true; allowedTCPPorts = [ 4194 10250 ]; allowedUDPPorts = [ 53 ]; - extraCommands = ''iptables -m comment --comment "pod external access" -t nat -A POSTROUTING ! -d 10.10.0.0/16 -m addrtype ! --dst-type LOCAL -j MASQUERADE''; }; }; virtualisation.docker.extraOptions = "--insecure-registry 10.0.0.0/8"; @@ -322,9 +324,9 @@ in { default = "10.0.0.0/16"; }; - extraIngressNodes = mkOption { + ingressNodes = mkOption { type = types.listOf types.str; - default = []; + default = null; }; master = {