-
Notifications
You must be signed in to change notification settings - Fork 15
/
kubernetes.nix
35 lines (32 loc) · 1.1 KB
/
kubernetes.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
{ lib, config, pkgs, ... }:
{
# Smooths out upstream service startup issues.
imports = [ ./kubernetes-startup.nix ];
# Provision single node kubernetes listening on localhost.
services.kubernetes = {
roles = ["master" "node"];
masterAddress = "localhost";
kubelet.extraOpts = "--image-service-endpoint unix:///run/nix-snapshotter/nix-snapshotter.sock";
};
# Do not take over cni/net.d as nerdctl wants it writeable as well.
environment.etc = lib.mkMerge [
{ "cni/net.d".enable = false; }
(
lib.listToAttrs
(lib.imap
(i: entry:
let name = "cni/net.d/${toString (10+i)}-${entry.type}.conf";
in {
inherit name;
value = { source = pkgs.writeText name (builtins.toJSON entry); };
})
config.services.kubernetes.kubelet.cni.config
)
)
];
# Allow non-root "admin" user to just use `kubectl`.
services.certmgr.specs.clusterAdmin.private_key.owner = "rootless";
environment.sessionVariables = {
KUBECONFIG = "/etc/${config.services.kubernetes.pki.etcClusterAdminKubeconfig}";
};
}