oceanbox/platform
6
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Remove docker0 masquerading rule, and fix hostname-override.

Browse Source 
The masq rule interfered with svc.spec.externalTrafficPolicy=Local.
The default hostname-override has a bug for kube-proxy in nix.
This commit is contained in:
Jonas Juselius
2020-11-25 10:14:21 +01:00
parent 0ab907609c
commit af6a9ab676
1 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
modules/k8s.nix
View File

@@ -33,11 +33,12 @@ let
cluster-scripts =
let
first = builtins.head cfg.k8s.ingressNodes;
rest = builtins.tail cfg.k8s.ingressNodes;
ingressNodes = builtins.foldl' (a: x:
a + ",${x}") "${cfg.k8s.master.name}"
cfg.k8s.extraIngressNodes;
a + ",${x}") first rest;
ingressReplicaCount =
builtins.toString (1 + builtins.length cfg.k8s.extraIngressNodes);
builtins.toString (builtins.length cfg.k8s.ingressNodes);
show-kubernetes-charts-config = ''
#!/usr/bin/env bash
cat << EOF
@@ -280,6 +281,8 @@ let
masterAddress = "${cfg.k8s.master.name}.${cfg.domain}";
clusterCidr = cfg.k8s.cidr;
# kubelet.clusterDomain = "${cfg.clusterName}.local";
kubelet.hostname = "${cfg.hostName}.${cfg.domain}";
proxy.hostname = "${cfg.hostName}.${cfg.domain}";
};
networking = {
@@ -287,7 +290,6 @@ let
enable = true;
allowedTCPPorts = [ 4194 10250 ];
allowedUDPPorts = [ 53 ];
extraCommands = ''iptables -m comment --comment "pod external access" -t nat -A POSTROUTING ! -d 10.10.0.0/16 -m addrtype ! --dst-type LOCAL -j MASQUERADE'';
};
};
virtualisation.docker.extraOptions = "--insecure-registry 10.0.0.0/8";
@@ -322,9 +324,9 @@ in {
default = "10.0.0.0/16";
};
extraIngressNodes = mkOption {
ingressNodes = mkOption {
type = types.listOf types.str;
default = [];
default = null;
};
master = {