botalex/nixos-server
1
0
Fork 0
mirror of https://github.com/MagicBOTAlex/nixos-server.git synced 2026-05-06 18:12:30 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
nixos-server/vms/kube-daddy/kubernetes.nix
BOTAlex 1b3da60827 sync
2026-04-07 04:49:06 +02:00

83 lines
2.1 KiB
Nix
Raw Blame History

{ config
, pkgs
, lib
, ...
}:
let
# When using easyCerts=true the IP Address must resolve to the master on creation.
# So use simply 127.0.0.1 in that case. Otherwise you will have errors like this https://github.com/NixOS/nixpkgs/issues/59364
kubeMasterIP = "176.23.63.215";
kubeMasterHostname = "clussy.deprived.dev";
kubeMasterAPIServerPort = 6443;
in
{
# resolve master hostname
networking.extraHosts = ''
${kubeMasterIP} ${kubeMasterHostname}
10.0.0.2 kube-daddy
10.0.0.4 kube-desk
10.0.0.5 kube-snorre
10.0.0.8 kube-metal
'';
networking.firewall.enable = false;
imports = [
./argo-forward.nix
./jelly-forward.nix
./longhorn-deps.nix
];
# packages for administration tasks
environment.systemPackages = with pkgs; [
kompose
kubectl
kubernetes
(pkgs.callPackage /etc/nixos/modules/customPackages/wgmesh { })
];
services.kubernetes = {
roles = [
"master"
"node"
];
masterAddress = kubeMasterHostname;
apiserverAddress = "https://${kubeMasterHostname}:${toString kubeMasterAPIServerPort}";
easyCerts = true;
apiserver = {
securePort = kubeMasterAPIServerPort;
advertiseAddress = kubeMasterIP;
extraOpts =
let
admissionConfig = pkgs.writeText "admission-config.yaml" ''
apiVersion: apiserver.config.k8s.io/v1
kind: AdmissionConfiguration
plugins:
- name: PodSecurity
configuration:
apiVersion: pod-security.admission.config.k8s.io/v1
kind: PodSecurityConfiguration
defaults:
enforce: "baseline"
enforce-version: "latest"
exemptions:
namespaces: [ "kube-system" ]
'';
in
"--admission-control-config-file=${admissionConfig}";
};
flannel.enable = true;
# use coredns
addons.dns.enable = true;
# needed if you use swap
kubelet.extraOpts = "--fail-swap-on=false --allow-privileged=true --resolv-conf=/run/systemd/resolve/resolv.conf";
};
services.flannel = {
iface = "br0";
publicIp = "10.0.0.2";
};
}
Reference in a new issue View git blame Copy permalink