oceanbox/platform
6
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Fix apitoken generation

Browse Source
This commit is contained in:
Jonas Juselius
2019-12-18 10:08:47 +01:00
parent bd0066f615
commit f4a43488c3
1 changed files with 27 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
lib/k8s.nix
View File

@@ -7,26 +7,37 @@ let
cluster-ca = import ./initca.nix { inherit pgks initca; }; cluster-ca = import ./initca.nix { inherit pgks initca; };
cfssl-apitoken = pkgs.stdenv.mkDerivation { cfssl-apitoken =
name = "cfssl-apitoken"; let
buildCommand = '' apitoken = pkgs.stdenv.mkDerivation {
head -c ${toString (32 / 2)} /dev/urandom | \ name = "apitoken";
od -An -t x | tr -d ' ' > $out buildCommand = ''
chmod 400 $out head -c ${toString (32 / 2)} /dev/urandom | \
''; od -An -t x | tr -d ' ' > $out
}; chmod 400 $out
'';
};
in
# make ca derivation sha depend on initca cfssl output
pkgs.stdenv.mkDerivation {
name = "cfssl-apitoken";
src = apitoken;
buildCommand = ''
cp $src $out
'';
};
kube-system-bootstrap = kube-system-bootstrap =
with settings; with settings;
let let
worker_nodes = pkgs.writeText "worker-nodes.txt" ( worker_nodes = pkgs.writeText "kube-worker-nodes" (
builtins.foldl' (a: x: builtins.foldl' (a: x:
a + " - ${x.address}\n" a + " - ${x.address}\n"
) "" settings.workers); ) "" settings.workers);
grafana_ldap = pkgs.writeText "grafana-ldap.toml" grafana_ldap_toml; grafana_ldap = pkgs.writeText "grafana-ldap.toml" grafana_ldap_toml;
in in
pkgs.stdenv.mkDerivation { pkgs.stdenv.mkDerivation {
name = "bootstrap-kube-system"; name = "kube-system-bootstrap";
src = ../bootstrap; src = ../bootstrap;
buildCommand = '' buildCommand = ''
mkdir -p $out/bin mkdir -p $out/bin
@@ -44,8 +55,8 @@ let
export grafana_ldap_toml="$(cat ${grafana_ldap} | base64 -w0)" export grafana_ldap_toml="$(cat ${grafana_ldap} | base64 -w0)"
export workers="$(cat ${worker_nodes})" export workers="$(cat ${worker_nodes})"
substituteAll $src/kube-system-bootstrap $out/bin/bootstrap-kube-system substituteAll $src/initial-kube-system-bootstrap $out/bin/initial-kube-system-bootstrap
chmod 755 $out/bin/bootstrap-kube-system chmod 755 $out/bin/initial-kube-system-bootstrap
cd $src/config cd $src/config
for i in *; do for i in *; do
@@ -81,7 +92,8 @@ let
services.cfssl.caKey = "${cluster-ca}/ca-key.pem"; services.cfssl.caKey = "${cluster-ca}/ca-key.pem";
services.kubernetes = { services.kubernetes = {
roles = [ "master" ]; roles = [ "master" ];
inherit apiserverAddress masterAddress; inherit apiserverAddress;
masterAddress = settings.master.name;
clusterCidr = settings.cidr; clusterCidr = settings.cidr;
pki.genCfsslCACert = false; pki.genCfsslCACert = false;
pki.genCfsslAPIToken = false; pki.genCfsslAPIToken = false;
@@ -147,7 +159,8 @@ let
kubeWorker = { kubeWorker = {
services.kubernetes = rec { services.kubernetes = rec {
roles = [ "node" ]; roles = [ "node" ];
inherit apiserverAddress masterAddress; inherit apiserverAddress;
masterAddress = settings.master.name;
clusterCidr = settings.cidr; clusterCidr = settings.cidr;
kubelet.clusterDomain = "${settings.clusterName}.local"; kubelet.clusterDomain = "${settings.clusterName}.local";
}; };