diff options
author | Sarah Brofeldt <sarah@qtr.dk> | 2022-02-15 08:21:09 +0100 |
---|---|---|
committer | Sarah Brofeldt <sarah@qtr.dk> | 2022-02-15 08:31:49 +0100 |
commit | 152dd4c81daa1c24d6ff65c3771070e8f4f7f098 (patch) | |
tree | 5ab2db4adbd93cbf6b88c8c4bda2ad126fc1768d /nixos | |
parent | 2fea3f30b571a60f78b2c3fa2aac5c005cf94cf2 (diff) | |
download | nixpkgs-152dd4c81daa1c24d6ff65c3771070e8f4f7f098.tar nixpkgs-152dd4c81daa1c24d6ff65c3771070e8f4f7f098.tar.gz nixpkgs-152dd4c81daa1c24d6ff65c3771070e8f4f7f098.tar.bz2 nixpkgs-152dd4c81daa1c24d6ff65c3771070e8f4f7f098.tar.lz nixpkgs-152dd4c81daa1c24d6ff65c3771070e8f4f7f098.tar.xz nixpkgs-152dd4c81daa1c24d6ff65c3771070e8f4f7f098.tar.zst nixpkgs-152dd4c81daa1c24d6ff65c3771070e8f4f7f098.zip |
nixos/kubernetes: Update deprecated scheduler opts
--port and --address have both been deprecated and are nonfunctional starting with kubernetes 1.23. Use --secure-port and --bind-address instead. This means that users can no longer rely on the insecure port for anything, so update the release notes accordingly.
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-2205.section.xml | 11 | ||||
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2205.section.md | 2 | ||||
-rw-r--r-- | nixos/modules/services/cluster/kubernetes/scheduler.nix | 4 |
3 files changed, 15 insertions, 2 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml index 50cf06c94ee..7ac06869055 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml @@ -280,6 +280,17 @@ </listitem> <listitem> <para> + <literal>services.kubernetes.scheduler.{port,address}</literal> + now set <literal>--secure-port</literal> and + <literal>--bind-address</literal> instead of + <literal>--port</literal> and <literal>--address</literal>, + since the former have been deprecated and are no longer + functional in kubernetes>=1.23. Ensure that you are not + relying on the insecure behaviour before upgrading. + </para> + </listitem> + <listitem> + <para> The DHCP server (<literal>services.dhcpd4</literal>, <literal>services.dhcpd6</literal>) has been hardened. The service is now using the systemd’s diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md index 4f8b098958c..7d6410ca16c 100644 --- a/nixos/doc/manual/release-notes/rl-2205.section.md +++ b/nixos/doc/manual/release-notes/rl-2205.section.md @@ -96,6 +96,8 @@ In addition to numerous new and upgraded packages, this release has the followin - `services.kubernetes.addons.dashboard` was removed due to it being an outdated version. +- `services.kubernetes.scheduler.{port,address}` now set `--secure-port` and `--bind-address` instead of `--port` and `--address`, since the former have been deprecated and are no longer functional in kubernetes>=1.23. Ensure that you are not relying on the insecure behaviour before upgrading. + - The DHCP server (`services.dhcpd4`, `services.dhcpd6`) has been hardened. The service is now using the systemd's `DynamicUser` mechanism to run as an unprivileged dynamically-allocated user with limited capabilities. The dhcpd state files are now always stored in `/var/lib/dhcpd{4,6}` and the `services.dhcpd4.stateDir` and `service.dhcpd6.stateDir` options have been removed. diff --git a/nixos/modules/services/cluster/kubernetes/scheduler.nix b/nixos/modules/services/cluster/kubernetes/scheduler.nix index 2a522f1db89..2d95528a6ea 100644 --- a/nixos/modules/services/cluster/kubernetes/scheduler.nix +++ b/nixos/modules/services/cluster/kubernetes/scheduler.nix @@ -66,12 +66,12 @@ in serviceConfig = { Slice = "kubernetes.slice"; ExecStart = ''${top.package}/bin/kube-scheduler \ - --address=${cfg.address} \ + --bind-address=${cfg.address} \ ${optionalString (cfg.featureGates != []) "--feature-gates=${concatMapStringsSep "," (feature: "${feature}=true") cfg.featureGates}"} \ --kubeconfig=${top.lib.mkKubeConfig "kube-scheduler" cfg.kubeconfig} \ --leader-elect=${boolToString cfg.leaderElect} \ - --port=${toString cfg.port} \ + --secure-port=${toString cfg.port} \ ${optionalString (cfg.verbosity != null) "--v=${toString cfg.verbosity}"} \ ${cfg.extraOpts} ''; |