diff options
| author | Christian Albrecht <christian.albrecht@mayflower.de> | 2019-03-11 11:42:12 +0100 |
|---|---|---|
| committer | Christian Albrecht <christian.albrecht@mayflower.de> | 2019-03-11 12:22:59 +0100 |
| commit | 45e683fbd6bc2b8ccf57b6425f4877deed618569 (patch) | |
| tree | f974cfd359b0375faf99f0bbf02e6c6bedb4092b /nixos/modules | |
| parent | 50c5f489ef4d9a1273860a5f5eaa9810f2c9d2ce (diff) | |
| download | nixpkgs-45e683fbd6bc2b8ccf57b6425f4877deed618569.tar nixpkgs-45e683fbd6bc2b8ccf57b6425f4877deed618569.tar.gz nixpkgs-45e683fbd6bc2b8ccf57b6425f4877deed618569.tar.bz2 nixpkgs-45e683fbd6bc2b8ccf57b6425f4877deed618569.tar.lz nixpkgs-45e683fbd6bc2b8ccf57b6425f4877deed618569.tar.xz nixpkgs-45e683fbd6bc2b8ccf57b6425f4877deed618569.tar.zst nixpkgs-45e683fbd6bc2b8ccf57b6425f4877deed618569.zip | |
Cleanup pki: control-plane-online
Diffstat (limited to 'nixos/modules')
| -rw-r--r-- | nixos/modules/services/cluster/kubernetes/default.nix | 47 | ||||
| -rw-r--r-- | nixos/modules/services/cluster/kubernetes/pki.nix | 6 |
2 files changed, 25 insertions, 28 deletions
diff --git a/nixos/modules/services/cluster/kubernetes/default.nix b/nixos/modules/services/cluster/kubernetes/default.nix index 6560cff6328..7cc172f1255 100644 --- a/nixos/modules/services/cluster/kubernetes/default.nix +++ b/nixos/modules/services/cluster/kubernetes/default.nix @@ -276,6 +276,30 @@ in { wantedBy = [ "multi-user.target" ]; }; + systemd.targets.kube-control-plane-online = { + wantedBy = [ "kubernetes.target" ]; + before = [ "kubernetes.target" ]; + }; + + systemd.services.kube-control-plane-online = rec { + description = "Kubernetes control plane is online"; + wantedBy = [ "kube-control-plane-online.target" ]; + after = [ "kube-scheduler.service" "kube-controller-manager.service" ]; + before = [ "kube-control-plane-online.target" ]; + environment.KUBECONFIG = cfg.lib.mkKubeConfig "default" cfg.kubeconfig; + path = [ pkgs.kubectl ]; + preStart = '' + until kubectl get --raw=/healthz 2>/dev/null; do + echo kubectl get --raw=/healthz: exit status $? + sleep 3 + done + ''; + script = "echo Ok"; + serviceConfig = { + TimeoutSec = "500"; + }; + }; + systemd.tmpfiles.rules = [ "d /opt/cni/bin 0755 root root -" "d /run/kubernetes 0755 kubernetes kubernetes -" @@ -300,28 +324,7 @@ in { then cfg.apiserver.advertiseAddress else "${cfg.masterAddress}:${toString cfg.apiserver.securePort}"}"); - systemd.targets.kube-control-plane-online = { - wantedBy = [ "kubernetes.target" ]; - before = [ "kubernetes.target" ]; - }; - - systemd.services.kube-control-plane-online = rec { - description = "Kubernetes control plane is online"; - wantedBy = [ "kube-control-plane-online.target" ]; - after = [ "kube-scheduler.service" "kube-controller-manager.service" ]; - before = [ "kube-control-plane-online.target" ]; - preStart = '' - ${cfg.lib.mkWaitCurl ( with config.systemd.services.kube-control-plane-online; { - sleep = 3; - path = "/healthz"; - cacert = cfg.caFile; - } // optionalAttrs (environment ? cert) { inherit (environment) cert key; })} - ''; - script = "echo Ok"; - serviceConfig = { - TimeoutSec = "500"; - }; - }; + services.kubernetes.kubeconfig.server = mkDefault cfg.apiserverAddress; }) ]; } diff --git a/nixos/modules/services/cluster/kubernetes/pki.nix b/nixos/modules/services/cluster/kubernetes/pki.nix index 6396ec22907..1d0232fa235 100644 --- a/nixos/modules/services/cluster/kubernetes/pki.nix +++ b/nixos/modules/services/cluster/kubernetes/pki.nix @@ -283,12 +283,6 @@ in }; }; - systemd.services.kube-control-plane-online.environment = let - client = with cfg.certs; if top.apiserver.enable then clusterAdmin else kubelet; - in { - inherit (client) cert key; - }; - environment.etc.${cfg.etcClusterAdminKubeconfig}.source = mkIf (!isNull cfg.etcClusterAdminKubeconfig) (top.lib.mkKubeConfig "cluster-admin" clusterAdminKubeconfig); |