kubernetes, bare metaling

2026-05-25 09:22:30 +02:00 · 2026-05-07 13:47:57 +02:00 · 2026-05-07 13:47:57 +02:00 · 1409710022
commit 1409710022
parent fc6edfa41b
10 changed files with 253 additions and 156 deletions
--- a/kubenetes/containerd.nix
+++ b/kubenetes/containerd.nix
@ -0,0 +1,69 @@
+{ config, lib, pkgs, ... }: let
+nvidiaEnabled = builtins.elem "nvidia" config.services.xserver.videoDrivers;
+in {
+  config = lib.mkMerge [
+    (lib.mkIf nvidiaEnabled {
+  virtualisation.docker.enableNvidia = true;
+  virtualisation.docker.enable = true;
+  hardware.nvidia-container-toolkit = {
+    enable = true;
+    mount-nvidia-executables = true;
+    mount-nvidia-docker-1-directories = true;
+    extraArgs = [ "--device-name-strategy=uuid" ];
+  };
+
+  environment.systemPackages = with pkgs; [ nvidia-docker (lib.getOutput "tools" config.hardware.nvidia-container-toolkit.package) runc ];
+  services.envfs.enable = true;
+  virtualisation.docker.daemon.settings.features.cdi = true;
+
+  virtualisation.containerd = {
+    enable = true;
+    settings = {
+      plugins = {
+        "io.containerd.grpc.v1.cri" = {
+          # enable_cdi = true;
+          # cdi_spec_dirs = [ "/etc/cdi" "/var/run/cdi" ];
+          containerd = {
+            # default_runtime_name = "runc";
+            runtimes.runc.options = { SystemdCgroup = false; };
+            default_runtime_name = "nvidia";
+            runtimes = {
+              nvidia = {
+                privileged_without_host_devices = false;
+                runtime_type = "io.containerd.runc.v2";
+                options = {
+                  BinaryName = "${lib.getOutput "tools" config.hardware.nvidia-container-toolkit.package}/bin/nvidia-container-runtime";
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+      })
+    (lib.mkIf (!nvidiaEnabled ) {
+  virtualisation.containerd = {
+    enable = true;
+settings = {
+    version = 2;
+    plugins."io.containerd.grpc.v1.cri" = {
+      # This is the critical part for Kubeadm
+      containerd.runtimes.runc = {
+        runtime_type = "io.containerd.runc.v2";
+        options.SystemdCgroup = true;
+      };
+      
+      # # Keep your existing settings
+      # containerd.snapshotter = lib.mkIf config.boot.zfs.enabled (lib.mkOptionDefault "zfs");
+      # cni.bin_dir = lib.mkOptionDefault "${pkgs.cni-plugins}/bin";
+    };
+  };
+    };
+      })
+  ];
+
+
+  # # Tell the Kubelet to use containerd
+  # services.kubernetes.kubelet.containerRuntimeEndpoint = "unix:///run/containerd/containerd.sock";
+}
--- a/kubenetes/kubelet.nix
+++ b/kubenetes/kubelet.nix
@ -0,0 +1,32 @@
+{ pkgs, ... }:
+
+{
+  systemd.services.kubelet = {
+    description = "kubelet: The Kubernetes Node Agent";
+    documentation = [ "https://kubernetes.io/docs/home/" ];
+
+    # Unit requirements
+    wants = [ "network-online.target" ];
+    after = [ "network-online.target" ];
+
+    serviceConfig = {
+      # Use the kubelet binary from the Nix store
+      ExecStart = ''${pkgs.kubernetes}/bin/kubelet \
+      --config=/var/lib/kubelet/config.yaml \
+      --kubeconfig=/etc/kubernetes/kubelet.conf \
+      --pod-manifest-path=/etc/kubernetes/manifests
+      '';
+
+      Restart = "always";
+      RestartSec = 10;
+    };
+
+    # Systemd 230+ uses StartLimitIntervalSec in the [Unit] section
+    unitConfig = {
+      StartLimitIntervalSec = 0;
+    };
+
+    # Equivalent to [Install] WantedBy
+    wantedBy = [ "multi-user.target" ];
+  };
+}
--- a/kubenetes/kubernetes.nix
+++ b/kubenetes/kubernetes.nix
@ -0,0 +1,4 @@
+{ pkgs, ... }: {
+  imports = [ ./kubelet.nix ./containerd.nix ];
+  environment.systemPackages = with pkgs; [ kubernetes cri-tools ];
+}