diff --git a/modules/k8s.nix b/modules/k8s.nix index ddc8160..5836749 100644 --- a/modules/k8s.nix +++ b/modules/k8s.nix @@ -29,55 +29,66 @@ let ''; }; - kube-system-bootstrap = - let - workerNodes = pkgs.writeText "kube-worker-nodes" ( - builtins.foldl' (a: x: - a + " - ${x.address}\n") "" cfg.k8s.nodes); - grafanaLdap = pkgs.writeText "grafana-ldap.toml" - cfg.k8s.bootstrap.grafana_ldap_toml; - in - pkgs.stdenv.mkDerivation { - name = "kube-system-bootstrap"; - src = ../bootstrap; + cluster-scripts = pkgs.stdenv.mkDerivation { + name = "cluster-scripts"; + src = ../scripts; buildCommand = '' - share=$out/share/kube-system-bootstrap mkdir -p $out/bin - mkdir -p $share/bin - mkdir -p $share/config - mkdir -p $share/charts - - export bash="${pkgs.bash}" - export apiserver="${cfg.k8s.master.name}" - export apiserverAddress="${cfg.k8s.master.address}" - export initca="${pki.initca}" - export cluster="${cfg.clusterName}" - export fileserver="${cfg.k8s.fileserver}" - export acme_email="${cfg.k8s.bootstrap.acme_email}" - export grafana_smtp_user="$(echo -n ${cfg.k8s.bootstrap.grafana_smtp_user} | base64 -w0)" - export grafana_smtp_password="$(echo -n ${cfg.k8s.bootstrap.grafana_smtp_password} | base64 -w0)" - export grafana_ldap_toml="$(cat ${grafanaLdap} | base64 -w0)" - export workers="$(cat ${workerNodes})" - - substituteAll $src/bin/initial-kube-system-bootstrap $share/bin/initial-kube-system-bootstrap - chmod 755 $share/bin/initial-kube-system-bootstrap - - substituteAll $src/copy-kube-system-bootstrap $out/bin/copy-kube-system-bootstrap - chmod 755 $out/bin/copy-kube-system-bootstrap - - cd $src/config - for i in *; do - substituteAll $i $share/config/$i - done - - cd $src/charts - for i in *; do - substituteAll $i $share/charts/$i - done - - cp $src/bin/* $share/bin + cp $src/* $out/bin + ''; + }; + + show-kubernetes-charts-config = + let + ingressNodes = builtins.foldl' (a: x: + a + ", ${x}") "${cfg.k8s.master.name}" + cfg.k8s.extraIngressNodes; + ingressReplicas = + builtins.toString (1 + builtins.length cfg.k8s.extraIngressNodes); + grafanaLdap = pkgs.writeText "grafana-ldap.toml" + cfg.k8s.charts.grafana_ldap_toml; + in + pkgs.writeScriptBin "show-kubernetes-charts-config" + '' + #!${pkgs.stdenv.shell} + cat << EOF + # Generated by show-kubernetes-charts-config + # $(date) + + vars=( + initca="${pki.initca}" + apiserver="${cfg.k8s.master.name}" + cluster="${cfg.clusterName}" + ingress_nodes="[ ${ingressNodes} ]" + ingress_replicas="${ingressReplicas}" + filseserver="${cfg.k8s.fileserver}" + acme_email="${cfg.k8s.charts.acme_email}" + grafana_smtp_user="$(echo -n ${cfg.k8s.charts.grafana_smtp_user} | base64 -w0)" + grafana_smtp_password="$(echo -n ${cfg.k8s.charts.grafana_smtp_password} | base64 -w0)" + grafana_ldap_toml="$(cat ${grafanaLdap} | base64 -w0)" + ) + + EOF + cat << 'EOF' + make_substitutions () { + read x + for i in "''${vars[@]}"; do + k=$(echo "$i" | cut -d= -f1) + v=$(echo "$i" | cut -d= -f2) + echo "$x" | sed "s/@$k@/$v/g" + done + } + + kubectl_apply () { + charts=("$@") + for i in "''${charts[@]}"; do + k=$(echo "$i" | cut -d= -f1) + v=$(echo "$i" | cut -d= -f2) + sed "s/@$k@/$v/g" $i | kubectl apply -f - + done + } + EOF ''; - }; install-apitoken = '' #!${pkgs.bash}/bin/bash @@ -150,7 +161,8 @@ let environment.systemPackages = [ pkgs.kubernetes-helm pkgs.kubectl - kube-system-bootstrap + cluster-scripts + show-kubernetes-charts-config ]; systemd.services.kube-certmgr-apitoken-bootstrap = { @@ -220,6 +232,11 @@ in { default = "10.0.0.0/16"; }; + extraIngressNodes = mkOption { + type = types.listOf types.str; + default = []; + }; + master = { enable = mkEnableOption "Enable kubernetes master node"; @@ -248,7 +265,7 @@ in { enable = mkEnableOption "Enable kubernetes"; }; - bootstrap = { + charts = { acme_email = mkOption { type = types.str; default = "";