summary refs log tree commit diff
path: root/nixos/modules/services/cluster/kubernetes/addon-manager.nix
diff options
context:
space:
mode:
authorChristian Albrecht <christian.albrecht@mayflower.de>2019-03-06 16:44:38 +0100
committerChristian Albrecht <christian.albrecht@mayflower.de>2019-03-06 16:54:50 +0100
commit6e9037fed0ce0b55ef37188ec1a58e18e196a780 (patch)
tree81dc9f365252a4d2810521f1bcbbaf0979025646 /nixos/modules/services/cluster/kubernetes/addon-manager.nix
parentff91d5818cf4703e01670251096da301cc2c7c54 (diff)
downloadnixpkgs-6e9037fed0ce0b55ef37188ec1a58e18e196a780.tar
nixpkgs-6e9037fed0ce0b55ef37188ec1a58e18e196a780.tar.gz
nixpkgs-6e9037fed0ce0b55ef37188ec1a58e18e196a780.tar.bz2
nixpkgs-6e9037fed0ce0b55ef37188ec1a58e18e196a780.tar.lz
nixpkgs-6e9037fed0ce0b55ef37188ec1a58e18e196a780.tar.xz
nixpkgs-6e9037fed0ce0b55ef37188ec1a58e18e196a780.tar.zst
nixpkgs-6e9037fed0ce0b55ef37188ec1a58e18e196a780.zip
nixos/kubernetes: Address review: Move bootstrapping addons into own service
Diffstat (limited to 'nixos/modules/services/cluster/kubernetes/addon-manager.nix')
-rw-r--r--nixos/modules/services/cluster/kubernetes/addon-manager.nix26


1 files changed, 26 insertions, 0 deletions
diff --git a/nixos/modules/services/cluster/kubernetes/addon-manager.nix b/nixos/modules/services/cluster/kubernetes/addon-manager.nix
index 46f5b68b2a5..406b20b0d8d 100644
--- a/nixos/modules/services/cluster/kubernetes/addon-manager.nix
+++ b/nixos/modules/services/cluster/kubernetes/addon-manager.nix
@@ -72,9 +72,16 @@ in
     systemd.services.kube-addon-manager = {
       description = "Kubernetes addon manager";
       wantedBy = [ "kube-control-plane-online.target" ];
+      after = [ "kube-addon-manager-bootstrap.service" ];
       before = [ "kube-control-plane-online.target" ];
       environment.ADDON_PATH = "/etc/kubernetes/addons/";
       path = [ pkgs.gawk ];
+      preStart = ''
+        ${top.lib.mkWaitCurl ( with config.systemd.services.kube-addon-manager; {
+          path = "/api/v1/namespaces/kube-system/serviceaccounts/default";
+          cacert = top.caFile;
+        } // optionalAttrs (environment ? cert) { inherit (environment) cert key; })}
+      '';
       serviceConfig = {
         Slice = "kubernetes.slice";
         ExecStart = "${top.package}/bin/kube-addons";
@@ -86,6 +93,25 @@ in
       };
     };
 
+    systemd.services.kube-addon-manager-bootstrap = mkIf (top.apiserver.enable && top.addonManager.bootstrapAddons != {}) {
+      wantedBy = [ "kube-control-plane-online.target" ];
+      after = [ "kube-apiserver.service" ];
+      before = [ "kube-control-plane-online.target" ];
+      path = [ pkgs.kubectl ];
+      preStart = with pkgs; let
+        files = mapAttrsToList (n: v: writeText "${n}.json" (builtins.toJSON v))
+          cfg.bootstrapAddons;
+      in ''
+        ${top.lib.mkWaitCurl ( with config.systemd.services.kube-addon-manager-bootstrap; {
+          path = "/api";
+          cacert = top.caFile;
+        } // optionalAttrs (environment ? cert) { inherit (environment) cert key; })}
+
+        kubectl apply -f ${concatStringsSep " \\\n -f " files}
+      '';
+      script = "echo Ok";
+    };
+
     services.kubernetes.addonManager.bootstrapAddons = mkIf isRBACEnabled
     (let
       name = system:kube-addon-manager;

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-21 06:54:18 +0000