From 635376d3af33ce8fa6a3d3f0974dcde53be44520 Mon Sep 17 00:00:00 2001
From: pennae <github@quasiparticle.net>
Date: Sat, 8 Jan 2022 06:59:18 +0100
Subject: Revert "nixos/kubernetes: make lib option internal and readonly"

This reverts commit 7e28421e1704c95c056f2b2e7fc27a7569182e0f.
---
 nixos/modules/services/cluster/kubernetes/controller-manager.nix | 7 +++----
 nixos/modules/services/cluster/kubernetes/default.nix            | 2 --
 nixos/modules/services/cluster/kubernetes/kubelet.nix            | 7 +++----
 nixos/modules/services/cluster/kubernetes/pki.nix                | 9 ++++-----
 nixos/modules/services/cluster/kubernetes/proxy.nix              | 7 +++----
 nixos/modules/services/cluster/kubernetes/scheduler.nix          | 7 +++----
 6 files changed, 16 insertions(+), 23 deletions(-)

(limited to 'nixos/modules/services/cluster/kubernetes')

diff --git a/nixos/modules/services/cluster/kubernetes/controller-manager.nix b/nixos/modules/services/cluster/kubernetes/controller-manager.nix
index 6d54659720c..ed25715fab7 100644
--- a/nixos/modules/services/cluster/kubernetes/controller-manager.nix
+++ b/nixos/modules/services/cluster/kubernetes/controller-manager.nix
@@ -6,7 +6,6 @@ let
   top = config.services.kubernetes;
   otop = options.services.kubernetes;
   cfg = top.controllerManager;
-  klib = options.services.kubernetes.lib.default;
 in
 {
   imports = [
@@ -57,7 +56,7 @@ in
       type = int;
     };
 
-    kubeconfig = klib.mkKubeConfigOptions "Kubernetes controller manager";
+    kubeconfig = top.lib.mkKubeConfigOptions "Kubernetes controller manager";
 
     leaderElect = mkOption {
       description = "Whether to start leader election before executing main loop.";
@@ -130,7 +129,7 @@ in
             "--cluster-cidr=${cfg.clusterCidr}"} \
           ${optionalString (cfg.featureGates != [])
             "--feature-gates=${concatMapStringsSep "," (feature: "${feature}=true") cfg.featureGates}"} \
-          --kubeconfig=${klib.mkKubeConfig "kube-controller-manager" cfg.kubeconfig} \
+          --kubeconfig=${top.lib.mkKubeConfig "kube-controller-manager" cfg.kubeconfig} \
           --leader-elect=${boolToString cfg.leaderElect} \
           ${optionalString (cfg.rootCaFile!=null)
             "--root-ca-file=${cfg.rootCaFile}"} \
@@ -157,7 +156,7 @@ in
       path = top.path;
     };
 
-    services.kubernetes.pki.certs = with klib; {
+    services.kubernetes.pki.certs = with top.lib; {
       controllerManager = mkCert {
         name = "kube-controller-manager";
         CN = "kube-controller-manager";
diff --git a/nixos/modules/services/cluster/kubernetes/default.nix b/nixos/modules/services/cluster/kubernetes/default.nix
index 715c88ad88c..17625d97136 100644
--- a/nixos/modules/services/cluster/kubernetes/default.nix
+++ b/nixos/modules/services/cluster/kubernetes/default.nix
@@ -193,8 +193,6 @@ in {
         inherit mkKubeConfigOptions;
       };
       type = types.attrs;
-      readOnly = true;
-      internal = true;
     };
 
     secretsPath = mkOption {
diff --git a/nixos/modules/services/cluster/kubernetes/kubelet.nix b/nixos/modules/services/cluster/kubernetes/kubelet.nix
index 2d58547ce4c..3e8eac96f6b 100644
--- a/nixos/modules/services/cluster/kubernetes/kubelet.nix
+++ b/nixos/modules/services/cluster/kubernetes/kubelet.nix
@@ -6,7 +6,6 @@ let
   top = config.services.kubernetes;
   otop = options.services.kubernetes;
   cfg = top.kubelet;
-  klib = options.services.kubernetes.lib.default;
 
   cniConfig =
     if cfg.cni.config != [] && cfg.cni.configDir != null then
@@ -28,7 +27,7 @@ let
     config.Cmd = ["/bin/pause"];
   };
 
-  kubeconfig = klib.mkKubeConfig "kubelet" cfg.kubeconfig;
+  kubeconfig = top.lib.mkKubeConfig "kubelet" cfg.kubeconfig;
 
   manifestPath = "kubernetes/manifests";
 
@@ -178,7 +177,7 @@ in
       type = str;
     };
 
-    kubeconfig = klib.mkKubeConfigOptions "Kubelet";
+    kubeconfig = top.lib.mkKubeConfigOptions "Kubelet";
 
     manifests = mkOption {
       description = "List of manifests to bootstrap with kubelet (only pods can be created as manifest entry)";
@@ -359,7 +358,7 @@ in
       services.kubernetes.kubelet.hostname = with config.networking;
         mkDefault (hostName + optionalString (domain != null) ".${domain}");
 
-      services.kubernetes.pki.certs = with klib; {
+      services.kubernetes.pki.certs = with top.lib; {
         kubelet = mkCert {
           name = "kubelet";
           CN = top.kubelet.hostname;
diff --git a/nixos/modules/services/cluster/kubernetes/pki.nix b/nixos/modules/services/cluster/kubernetes/pki.nix
index 00d572a5098..76ab03cd520 100644
--- a/nixos/modules/services/cluster/kubernetes/pki.nix
+++ b/nixos/modules/services/cluster/kubernetes/pki.nix
@@ -1,11 +1,10 @@
-{ config, options, lib, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 
 with lib;
 
 let
   top = config.services.kubernetes;
   cfg = top.pki;
-  klib = options.services.kubernetes.lib;
 
   csrCA = pkgs.writeText "kube-pki-cacert-csr.json" (builtins.toJSON {
     key = {
@@ -30,7 +29,7 @@ let
   cfsslAPITokenLength = 32;
 
   clusterAdminKubeconfig = with cfg.certs.clusterAdmin;
-    klib.mkKubeConfig "cluster-admin" {
+    top.lib.mkKubeConfig "cluster-admin" {
         server = top.apiserverAddress;
         certFile = cert;
         keyFile = key;
@@ -251,7 +250,7 @@ in
       # - it would be better with a more Nix-oriented way of managing addons
       systemd.services.kube-addon-manager = mkIf top.addonManager.enable (mkMerge [{
         environment.KUBECONFIG = with cfg.certs.addonManager;
-          klib.mkKubeConfig "addon-manager" {
+          top.lib.mkKubeConfig "addon-manager" {
             server = top.apiserverAddress;
             certFile = cert;
             keyFile = key;
@@ -344,7 +343,7 @@ in
       '';
 
       services.flannel = with cfg.certs.flannelClient; {
-        kubeconfig = klib.mkKubeConfig "flannel" {
+        kubeconfig = top.lib.mkKubeConfig "flannel" {
           server = top.apiserverAddress;
           certFile = cert;
           keyFile = key;
diff --git a/nixos/modules/services/cluster/kubernetes/proxy.nix b/nixos/modules/services/cluster/kubernetes/proxy.nix
index 986301f6bd9..5f3da034120 100644
--- a/nixos/modules/services/cluster/kubernetes/proxy.nix
+++ b/nixos/modules/services/cluster/kubernetes/proxy.nix
@@ -6,7 +6,6 @@ let
   top = config.services.kubernetes;
   otop = options.services.kubernetes;
   cfg = top.proxy;
-  klib = options.services.kubernetes.lib.default;
 in
 {
   imports = [
@@ -44,7 +43,7 @@ in
       type = str;
     };
 
-    kubeconfig = klib.mkKubeConfigOptions "Kubernetes proxy";
+    kubeconfig = top.lib.mkKubeConfigOptions "Kubernetes proxy";
 
     verbosity = mkOption {
       description = ''
@@ -73,7 +72,7 @@ in
           ${optionalString (cfg.featureGates != [])
             "--feature-gates=${concatMapStringsSep "," (feature: "${feature}=true") cfg.featureGates}"} \
           --hostname-override=${cfg.hostname} \
-          --kubeconfig=${klib.mkKubeConfig "kube-proxy" cfg.kubeconfig} \
+          --kubeconfig=${top.lib.mkKubeConfig "kube-proxy" cfg.kubeconfig} \
           ${optionalString (cfg.verbosity != null) "--v=${toString cfg.verbosity}"} \
           ${cfg.extraOpts}
         '';
@@ -89,7 +88,7 @@ in
     services.kubernetes.proxy.hostname = with config.networking; mkDefault hostName;
 
     services.kubernetes.pki.certs = {
-      kubeProxyClient = klib.mkCert {
+      kubeProxyClient = top.lib.mkCert {
         name = "kube-proxy-client";
         CN = "system:kube-proxy";
         action = "systemctl restart kube-proxy.service";
diff --git a/nixos/modules/services/cluster/kubernetes/scheduler.nix b/nixos/modules/services/cluster/kubernetes/scheduler.nix
index 442e3fe3a69..87263ee72fa 100644
--- a/nixos/modules/services/cluster/kubernetes/scheduler.nix
+++ b/nixos/modules/services/cluster/kubernetes/scheduler.nix
@@ -6,7 +6,6 @@ let
   top = config.services.kubernetes;
   otop = options.services.kubernetes;
   cfg = top.scheduler;
-  klib = options.services.kubernetes.lib.default;
 in
 {
   ###### interface
@@ -33,7 +32,7 @@ in
       type = listOf str;
     };
 
-    kubeconfig = klib.mkKubeConfigOptions "Kubernetes scheduler";
+    kubeconfig = top.lib.mkKubeConfigOptions "Kubernetes scheduler";
 
     leaderElect = mkOption {
       description = "Whether to start leader election before executing main loop.";
@@ -70,7 +69,7 @@ in
           --address=${cfg.address} \
           ${optionalString (cfg.featureGates != [])
             "--feature-gates=${concatMapStringsSep "," (feature: "${feature}=true") cfg.featureGates}"} \
-          --kubeconfig=${klib.mkKubeConfig "kube-scheduler" cfg.kubeconfig} \
+          --kubeconfig=${top.lib.mkKubeConfig "kube-scheduler" cfg.kubeconfig} \
           --leader-elect=${boolToString cfg.leaderElect} \
           --port=${toString cfg.port} \
           ${optionalString (cfg.verbosity != null) "--v=${toString cfg.verbosity}"} \
@@ -88,7 +87,7 @@ in
     };
 
     services.kubernetes.pki.certs = {
-      schedulerClient = klib.mkCert {
+      schedulerClient = top.lib.mkCert {
         name = "kube-scheduler-client";
         CN = "system:kube-scheduler";
         action = "systemctl restart kube-scheduler.service";
-- 
cgit 1.4.1