kubernetes, bare metaling

2026-05-25 09:22:30 +02:00 · 2026-05-07 13:47:57 +02:00 · 2026-05-07 13:47:57 +02:00 · 1409710022
commit 1409710022
parent fc6edfa41b
10 changed files with 253 additions and 156 deletions
--- a/vms/kube-daddy/default.nix
+++ b/vms/kube-daddy/default.nix
@ -6,124 +6,4 @@
    config = ./kube-daddy.nix;
  };

-  systemd.services.kube-iptable = {
-    after = [ "network.target" ];
-    wantedBy = [ "multi-user.target" ];
-
-    serviceConfig = {
-      Type = "oneshot";
-      ExecStart = "${pkgs.iptables}/bin/iptables -t nat -I POSTROUTING 1 -s 10.0.0.0/24 -o enp8s0 -j MASQUERADE ";
-      RemainAfterExit = true;
-      User = "root";
-    };
-
-    stopIfChanged = true;
-  };
-
-  networking = {
-    bridges = {
-      "br0" = {
-        interfaces = [
-          "microvm-tap1"
-          "microvm-tap2"
-        ];
-      };
-    };
-
-    interfaces.br0.ipv4.addresses = [
-      {
-        address = "10.0.0.1";
-        prefixLength = 24;
-      }
-    ];
-
-    localCommands = ''
-      ip tuntap add dev microvm-tap1 mode tap user root || true
-      ip tuntap add dev microvm-tap2 mode tap user root || true
-      ip link set microvm-tap1 up
-      ip link set microvm-tap2 up
-    '';
-
-    nat = {
-      enable = true;
-      externalInterface = "enp8s0";
-      internalIPs = [ "10.0.0.0/24" ];
-      forwardPorts = [
-        {
-          sourcePort = 8877;
-          destination = "10.0.0.2:8888";
-          proto = "tcp";
-        }
-        # { # Access this directly from host by 10.0.0.2:4325
-        #   sourcePort = 4325; # argocd
-        #   destination = "10.0.0.2:8080";
-        #   proto = "tcp";
-        # }
-        {
-          # Netbird
-          sourcePort = 3478;
-          destination = "10.0.0.2:3478";
-          proto = "udp";
-        }
-        {
-          sourcePort = 6443;
-          destination = "10.0.0.2:6443";
-          proto = "tcp";
-        }
-        {
-          sourcePort = 4123;
-          destination = "10.0.0.2:4123";
-          proto = "tcp";
-        }
-        {
-          sourcePort = 8472;
-          destination = "10.0.0.2:8472";
-          proto = "udp";
-        }
-        {
-          sourcePort = 2379;
-          destination = "10.0.0.2:2379";
-          proto = "udp";
-        }
-        {
-          sourcePort = 2380;
-          destination = "10.0.0.2:2380";
-          proto = "udp";
-        }
-        {
-          sourcePort = 2379;
-          proto = "tcp";
-          destination = "10.0.0.2:2379";
-        }
-        {
-          sourcePort = 2380;
-          destination = "10.0.0.2:2380";
-          proto = "tcp";
-        }
-        {
-          sourcePort = 4001;
-          destination = "10.0.0.2:4001";
-          proto = "udp";
-        }
-        {
-          sourcePort = 4001;
-          destination = "10.0.0.2:4001";
-          proto = "tcp";
-        }
-        # If your app uses UDP (like HTTP/3 or QUIC), add this too:
-        # { sourcePort = 8888; destination = "10.0.0.2:8888"; proto = "udp"; }
-      ];
-    };
-
-    # 5. Update Firewall to trust the Bridge
-    firewall.trustedInterfaces = [ "br0" ];
-  };
-
-  systemd.tmpfiles.rules = [
-    "d /var/lib/microvms/shared 0755 microvm kvm -"
-    "d /var/lib/microvms/shared/kube 0755 microvm kvm -"
-    "d /var/lib/microvms/shared/docking 0755 microvm kvm -"
-    "d /var/lib/microvms/shared/.config 0755 microvm kvm -"
-    "d /var/lib/microvms/shared/.local 0755 microvm kvm -"
-  ];
 }
--- a/vms/kube-networking.nix
+++ b/vms/kube-networking.nix
@ -0,0 +1,123 @@
+{ pkgs, ... }:
+{
+  systemd.services.kube-iptable = {
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+
+    serviceConfig = {
+      Type = "oneshot";
+      ExecStart = "${pkgs.iptables}/bin/iptables -t nat -I POSTROUTING 1 -s 10.0.0.0/24 -o enp8s0 -j MASQUERADE ";
+      RemainAfterExit = true;
+      User = "root";
+    };
+
+    stopIfChanged = true;
+  };
+
+  networking = {
+    bridges = {
+      "br0" = {
+        interfaces = [
+          "microvm-tap1"
+          "microvm-tap2"
+        ];
+      };
+    };
+
+    interfaces.br0.ipv4.addresses = [
+      {
+        address = "10.0.0.1";
+        prefixLength = 24;
+      }
+    ];
+
+    localCommands = ''
+      ip tuntap add dev microvm-tap1 mode tap user root || true
+      ip tuntap add dev microvm-tap2 mode tap user root || true
+      ip link set microvm-tap1 up
+      ip link set microvm-tap2 up
+    '';
+
+    nat = {
+      enable = true;
+      externalInterface = "enp8s0";
+      internalIPs = [ "10.0.0.0/24" ];
+      forwardPorts = [
+        {
+          sourcePort = 8877;
+          destination = "10.0.0.2:8888";
+          proto = "tcp";
+        }
+        # { # Access this directly from host by 10.0.0.2:4325
+        #   sourcePort = 4325; # argocd
+        #   destination = "10.0.0.2:8080";
+        #   proto = "tcp";
+        # }
+        {
+          # Netbird
+          sourcePort = 3478;
+          destination = "10.0.0.2:3478";
+          proto = "udp";
+        }
+        {
+          sourcePort = 6443;
+          destination = "10.0.0.2:6443";
+          proto = "tcp";
+        }
+        {
+          sourcePort = 4123;
+          destination = "10.0.0.2:4123";
+          proto = "tcp";
+        }
+        {
+          sourcePort = 8472;
+          destination = "10.0.0.2:8472";
+          proto = "udp";
+        }
+        {
+          sourcePort = 2379;
+          destination = "10.0.0.2:2379";
+          proto = "udp";
+        }
+        {
+          sourcePort = 2380;
+          destination = "10.0.0.2:2380";
+          proto = "udp";
+        }
+        {
+          sourcePort = 2379;
+          proto = "tcp";
+          destination = "10.0.0.2:2379";
+        }
+        {
+          sourcePort = 2380;
+          destination = "10.0.0.2:2380";
+          proto = "tcp";
+        }
+        {
+          sourcePort = 4001;
+          destination = "10.0.0.2:4001";
+          proto = "udp";
+        }
+        {
+          sourcePort = 4001;
+          destination = "10.0.0.2:4001";
+          proto = "tcp";
+        }
+        # If your app uses UDP (like HTTP/3 or QUIC), add this too:
+        # { sourcePort = 8888; destination = "10.0.0.2:8888"; proto = "udp"; }
+      ];
+    };
+
+    # 5. Update Firewall to trust the Bridge
+    firewall.trustedInterfaces = [ "br0" ];
+  };
+
+  systemd.tmpfiles.rules = [
+    "d /var/lib/microvms/shared 0755 microvm kvm -"
+    "d /var/lib/microvms/shared/kube 0755 microvm kvm -"
+    "d /var/lib/microvms/shared/docking 0755 microvm kvm -"
+    "d /var/lib/microvms/shared/.config 0755 microvm kvm -"
+    "d /var/lib/microvms/shared/.local 0755 microvm kvm -"
+  ];
+}
--- a/vms/kube-vm/kube-vm.nix
+++ b/vms/kube-vm/kube-vm.nix
@ -45,6 +45,8 @@
  microvm = {
    # Choose your hypervisor: "qemu", "firecracker", "cloud-hypervisor", etc.
    hypervisor = "qemu";
+    vcpu = 8;
+    mem = 8192 / 3;

    # Create a tap interface or user networking
    interfaces = [{
@ -65,11 +67,28 @@
    volumes = [{
      image = "/var/lib/microvms/kube-vm/kube-vm.img";
      mountPoint = "/";
-      size = 512 * 4; # Size in MB
+      size = 512 * 8; # Size in MB
    }];
  };

-  boot.kernelModules = [ "br_netfilter" ];
+  boot.kernel.sysctl = {
+    "net.ipv4.ip_forward" = 1;
+    "net.ipv6.conf.all.forwarding" = 1; 
+  };
+
+    systemd.services."load-kernel-modules" = {
+    enable = true;
+    description = "Modprobe kernel modules";
+    # before = [ "flannel.service" ];
+    wantedBy = [
+      "multi-user.target"
+      # "flannel.service"
+    ];
+
+    script = ''
+      ${pkgs.kmod}/bin/modprobe br_netfilter
+    '';
+  };

  networking = {
    hostName = "kube-vm";
--- a/vms/kube-vm/kubernetes/kubelet.nix
+++ b/vms/kube-vm/kubernetes/kubelet.nix
@ -1,28 +0,0 @@
-{ pkgs, ... }:
-
-{
-  systemd.services.kubelet = {
-    description = "kubelet: The Kubernetes Node Agent";
-    documentation = [ "https://kubernetes.io/docs/home/" ];
-
-    # Unit requirements
-    wants = [ "network-online.target" ];
-    after = [ "network-online.target" ];
-
-    serviceConfig = {
-      # Use the kubelet binary from the Nix store
-      ExecStart = "${pkgs.kubernetes}/bin/kubelet";
-
-      Restart = "always";
-      RestartSec = 10;
-    };
-
-    # Systemd 230+ uses StartLimitIntervalSec in the [Unit] section
-    unitConfig = {
-      StartLimitIntervalSec = 0;
-    };
-
-    # Equivalent to [Install] WantedBy
-    wantedBy = [ "multi-user.target" ];
-  };
-}
--- a/vms/kube-vm/kubernetes/kubernetes.nix
+++ b/vms/kube-vm/kubernetes/kubernetes.nix
@ -1,4 +0,0 @@
-{ pkgs, ... }: {
-  imports = [ ./kublet.nix ];
-  environment.systemPackages = with pkgs; [ kubernetes ];
-}