diff options
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/services/cluster/kubernetes/default.nix | 13 | ||||
-rw-r--r-- | nixos/modules/services/cluster/kubernetes/pki.nix | 22 |
2 files changed, 12 insertions, 23 deletions
diff --git a/nixos/modules/services/cluster/kubernetes/default.nix b/nixos/modules/services/cluster/kubernetes/default.nix index 7cc172f1255..84ed6821692 100644 --- a/nixos/modules/services/cluster/kubernetes/default.nix +++ b/nixos/modules/services/cluster/kubernetes/default.nix @@ -73,18 +73,6 @@ let }; }; - mkWaitCurl = { address ? cfg.apiserverAddress, sleep ? 2, path ? "", args ? "-o /dev/null", - cacert ? null, cert ? null, key ? null, }: '' - while ! ${pkgs.curl}/bin/curl --fail-early -fs \ - ${if cacert != null then "--cacert ${cacert}" else ""} \ - ${if cert != null then "--cert ${cert}" else ""} \ - ${if key != null then "--key ${key}" else ""} \ - ${address}${path} ${args} ; do - sleep ${toString sleep} - echo Waiting to be able to reach ${address}${path} - done - ''; - kubeConfigDefaults = { server = mkDefault cfg.kubeconfig.server; caFile = mkDefault cfg.kubeconfig.caFile; @@ -174,7 +162,6 @@ in { inherit mkCert; inherit mkKubeConfig; inherit mkKubeConfigOptions; - inherit mkWaitCurl; }; type = types.attrs; }; diff --git a/nixos/modules/services/cluster/kubernetes/pki.nix b/nixos/modules/services/cluster/kubernetes/pki.nix index 1d0232fa235..4cf3269e18f 100644 --- a/nixos/modules/services/cluster/kubernetes/pki.nix +++ b/nixos/modules/services/cluster/kubernetes/pki.nix @@ -182,12 +182,12 @@ in description = "Wait for ${remote} to be reachable."; wantedBy = [ "cfssl-online.target" ]; before = [ "cfssl-online.target" ]; + path = [ pkgs.curl ]; preStart = '' - ${top.lib.mkWaitCurl { - address = remote; - path = "/api/v1/cfssl/info"; - args = "-kd '{}' -o /dev/null"; - }} + until curl --fail-early -fskd '{}' ${remote}/api/v1/cfssl/info -o /dev/null; do + echo curl ${remote}/api/v1/cfssl/info: exit status $? + sleep 2 + done ''; script = "echo Ok"; serviceConfig = { @@ -200,6 +200,7 @@ in wantedBy = [ "cfssl-online.target" ]; after = [ "cfssl-online.target" ]; before = [ "certmgr.service" ]; + path = with pkgs; [ curl cfssl ]; script = concatStringsSep "\n" ['' set -e @@ -218,11 +219,12 @@ in '' (optionalString (cfg.pkiTrustOnBootstrap) '' if [ ! -s "${top.caFile}" ]; then - ${top.lib.mkWaitCurl { - address = "https://${top.masterAddress}:${cfsslPort}"; - path = "/api/v1/cfssl/info"; - args = "-kd '{}' -o - | ${pkgs.cfssl}/bin/cfssljson -stdout >${top.caFile}"; - }} + until test -s ${top.caFile}.json; do + sleep 2 + curl --fail-early -fskd '{}' ${remote}/api/v1/cfssl/info -o ${top.caFile}.json + done + cfssljson -f ${top.caFile}.json -stdout >${top.caFile} + rm ${top.caFile}.json fi '') ]; |