diff options
Diffstat (limited to 'nixos/modules/services/cluster/kubernetes/flannel.nix')
-rw-r--r-- | nixos/modules/services/cluster/kubernetes/flannel.nix | 70 |
1 files changed, 10 insertions, 60 deletions
diff --git a/nixos/modules/services/cluster/kubernetes/flannel.nix b/nixos/modules/services/cluster/kubernetes/flannel.nix index d9437427d6d..93ee2fd65ee 100644 --- a/nixos/modules/services/cluster/kubernetes/flannel.nix +++ b/nixos/modules/services/cluster/kubernetes/flannel.nix @@ -23,27 +23,17 @@ in { ###### interface options.services.kubernetes.flannel = { - enable = mkEnableOption "flannel networking"; - kubeconfig = top.lib.mkKubeConfigOptions "Kubernetes flannel"; + enable = mkEnableOption "enable flannel networking"; }; ###### implementation - config = let - - flannelPaths = filter (a: a != null) [ - cfg.kubeconfig.caFile - cfg.kubeconfig.certFile - cfg.kubeconfig.keyFile - ]; - kubeconfig = top.lib.mkKubeConfig "flannel" cfg.kubeconfig; - - in mkIf cfg.enable { + config = mkIf cfg.enable { services.flannel = { enable = mkDefault true; network = mkDefault top.clusterCidr; - inherit storageBackend kubeconfig; - nodeName = top.kubelet.hostname; + inherit storageBackend; + nodeName = config.services.kubernetes.kubelet.hostname; }; services.kubernetes.kubelet = { @@ -58,66 +48,24 @@ in }]; }; - systemd.services.mk-docker-opts = { + systemd.services."mk-docker-opts" = { description = "Pre-Docker Actions"; - wantedBy = [ "flannel.target" ]; - before = [ "flannel.target" ]; path = with pkgs; [ gawk gnugrep ]; script = '' ${mkDockerOpts}/mk-docker-opts -d /run/flannel/docker systemctl restart docker ''; - unitConfig.ConditionPathExists = [ "/run/flannel/subnet.env" ]; serviceConfig.Type = "oneshot"; }; - systemd.paths.flannel-subnet-env = { - wantedBy = [ "mk-docker-opts.service" ]; - pathConfig = { - PathExists = [ "/run/flannel/subnet.env" ]; - PathChanged = [ "/run/flannel/subnet.env" ]; - Unit = "mk-docker-opts.service"; - }; - }; - - systemd.targets.flannel = { - wantedBy = [ "kube-node-online.target" ]; - before = [ "kube-node-online.target" ]; - }; - - systemd.services.flannel = { - wantedBy = [ "flannel.target" ]; - after = [ "kubelet.target" ]; - before = [ "flannel.target" ]; - path = with pkgs; [ iptables kubectl ]; - environment.KUBECONFIG = kubeconfig; - preStart = let - args = [ - "--selector=kubernetes.io/hostname=${top.kubelet.hostname}" - # flannel exits if node is not registered yet, before that there is no podCIDR - "--output=jsonpath={.items[0].spec.podCIDR}" - # if jsonpath cannot be resolved exit with status 1 - "--allow-missing-template-keys=false" - ]; - in '' - until kubectl get nodes ${concatStringsSep " " args} 2>/dev/null; do - echo Waiting for ${top.kubelet.hostname} to be RegisteredNode - sleep 1 - done - ''; - unitConfig.ConditionPathExists = flannelPaths; - }; - - systemd.paths.flannel = { + systemd.paths."flannel-subnet-env" = { wantedBy = [ "flannel.service" ]; pathConfig = { - PathExists = flannelPaths; - PathChanged = flannelPaths; + PathModified = "/run/flannel/subnet.env"; + Unit = "mk-docker-opts.service"; }; }; - services.kubernetes.flannel.kubeconfig.server = mkDefault top.apiserverAddress; - systemd.services.docker = { environment.DOCKER_OPTS = "-b none"; serviceConfig.EnvironmentFile = "-/run/flannel/docker"; @@ -144,6 +92,7 @@ in # give flannel som kubernetes rbac permissions if applicable services.kubernetes.addonManager.bootstrapAddons = mkIf ((storageBackend == "kubernetes") && (elem "RBAC" top.apiserver.authorizationMode)) { + flannel-cr = { apiVersion = "rbac.authorization.k8s.io/v1beta1"; kind = "ClusterRole"; @@ -179,6 +128,7 @@ in name = "flannel-client"; }]; }; + }; }; } |