diff options
author | Alexandru Scvortov <code@scvalex.net> | 2021-08-13 17:42:27 +0100 |
---|---|---|
committer | Alexandru Scvortov <code@scvalex.net> | 2021-08-13 17:55:03 +0100 |
commit | 6c38bb6d5d34b53bd98cfa6936a1d56c43368782 (patch) | |
tree | 30bd770a71eb6d1915f70d0a4ce10afb326a7db1 | |
parent | e67c07f09824c3e57c2b4db9e36cd446d099241a (diff) | |
download | nixpkgs-6c38bb6d5d34b53bd98cfa6936a1d56c43368782.tar nixpkgs-6c38bb6d5d34b53bd98cfa6936a1d56c43368782.tar.gz nixpkgs-6c38bb6d5d34b53bd98cfa6936a1d56c43368782.tar.bz2 nixpkgs-6c38bb6d5d34b53bd98cfa6936a1d56c43368782.tar.lz nixpkgs-6c38bb6d5d34b53bd98cfa6936a1d56c43368782.tar.xz nixpkgs-6c38bb6d5d34b53bd98cfa6936a1d56c43368782.tar.zst nixpkgs-6c38bb6d5d34b53bd98cfa6936a1d56c43368782.zip |
kubernetes: fix breakage introduced by upgrade to 1.22
4 files changed, 11 insertions, 15 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml index 8504593e768..f88be391879 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml @@ -668,11 +668,6 @@ to use wildcards in the <literal>source</literal> argument. </para> </listitem> - </itemizedlist> - <para> - <<<<<<< HEAD - </para> - <itemizedlist> <listitem> <para> The <literal>openrazer</literal> and @@ -715,6 +710,13 @@ release is also still available. </para> </listitem> + <listitem> + <para> + The <literal>kubernetes</literal> package was upgraded to + 1.22. The <literal>kubernetes.apiserver.kubeletHttps</literal> + option was removed and HTTPS is always used. + </para> + </listitem> </itemizedlist> </section> <section xml:id="sec-release-21.11-notable-changes"> diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md index 024ed9c7399..b7cb31883f6 100644 --- a/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixos/doc/manual/release-notes/rl-2111.section.md @@ -171,7 +171,6 @@ pt-services.clipcat.enable). - `programs.neovim.runtime` switched to a `linkFarm` internally, making it impossible to use wildcards in the `source` argument. -<<<<<<< HEAD - The `openrazer` and `openrazer-daemon` packages as well as the `hardware.openrazer` module now require users to be members of the `openrazer` group instead of `plugdev`. With this change, users no longer need be granted the entire set of `plugdev` group permissions, which can include permissions other than those required by `openrazer`. This is desirable from a security point of view. The setting [`harware.openrazer.users`](options.html#opt-services.hardware.openrazer.users) can be used to add users to the `openrazer` group. - The `yambar` package has been split into `yambar` and `yambar-wayland`, corresponding to the xorg and wayland backend respectively. Please switch to `yambar-wayland` if you are on wayland. @@ -182,6 +181,8 @@ To be able to access the web UI this port needs to be opened in the firewall. - The `varnish` package was upgraded from 6.3.x to 6.5.x. `varnish60` for the last LTS release is also still available. +- The `kubernetes` package was upgraded to 1.22. The `kubernetes.apiserver.kubeletHttps` option was removed and HTTPS is always used. + ## Other Notable Changes {#sec-release-21.11-notable-changes} - The setting [`services.openssh.logLevel`](options.html#opt-services.openssh.logLevel) `"VERBOSE"` `"INFO"`. This brings NixOS in line with upstream and other Linux distributions, and reduces log spam on servers due to bruteforcing botnets. diff --git a/nixos/modules/services/cluster/kubernetes/apiserver.nix b/nixos/modules/services/cluster/kubernetes/apiserver.nix index f1531caa754..f842f784b34 100644 --- a/nixos/modules/services/cluster/kubernetes/apiserver.nix +++ b/nixos/modules/services/cluster/kubernetes/apiserver.nix @@ -190,12 +190,6 @@ in type = nullOr path; }; - kubeletHttps = mkOption { - description = "Whether to use https for connections to kubelet."; - default = true; - type = bool; - }; - preferredAddressTypes = mkOption { description = "List of the preferred NodeAddressTypes to use for kubelet connections."; type = nullOr str; @@ -365,7 +359,6 @@ in "--feature-gates=${concatMapStringsSep "," (feature: "${feature}=true") cfg.featureGates}"} \ ${optionalString (cfg.basicAuthFile != null) "--basic-auth-file=${cfg.basicAuthFile}"} \ - --kubelet-https=${boolToString cfg.kubeletHttps} \ ${optionalString (cfg.kubeletClientCaFile != null) "--kubelet-certificate-authority=${cfg.kubeletClientCaFile}"} \ ${optionalString (cfg.kubeletClientCertFile != null) diff --git a/nixos/modules/services/cluster/kubernetes/flannel.nix b/nixos/modules/services/cluster/kubernetes/flannel.nix index 3f55719027f..fecea7a15f3 100644 --- a/nixos/modules/services/cluster/kubernetes/flannel.nix +++ b/nixos/modules/services/cluster/kubernetes/flannel.nix @@ -58,7 +58,7 @@ in services.kubernetes.addonManager.bootstrapAddons = mkIf ((storageBackend == "kubernetes") && (elem "RBAC" top.apiserver.authorizationMode)) { flannel-cr = { - apiVersion = "rbac.authorization.k8s.io/v1beta1"; + apiVersion = "rbac.authorization.k8s.io/v1"; kind = "ClusterRole"; metadata = { name = "flannel"; }; rules = [{ @@ -79,7 +79,7 @@ in }; flannel-crb = { - apiVersion = "rbac.authorization.k8s.io/v1beta1"; + apiVersion = "rbac.authorization.k8s.io/v1"; kind = "ClusterRoleBinding"; metadata = { name = "flannel"; }; roleRef = { |