From 9bd1f0cfa1321eb9130049bd08a5a9d2654d3151 Mon Sep 17 00:00:00 2001 From: min Date: Sat, 2 Nov 2024 02:56:58 -0400 Subject: [PATCH] Initial deployment of Kubernetes control plane --- nixos/hosts/silver/mounts.nix | 6 +++++ nixos/hosts/silver/services/default.nix | 1 + nixos/hosts/silver/services/k8s.nix | 30 +++++++++++++++++++++++++ 3 files changed, 37 insertions(+) create mode 100644 nixos/hosts/silver/services/k8s.nix diff --git a/nixos/hosts/silver/mounts.nix b/nixos/hosts/silver/mounts.nix index 81203a6..a1d6739 100644 --- a/nixos/hosts/silver/mounts.nix +++ b/nixos/hosts/silver/mounts.nix @@ -15,6 +15,12 @@ "/var/lib/acme" "/srv" + + # k8s + "/var/lib/containerd" + "/var/lib/kubernetes" + "/var/lib/kubelet" + "/var/lib/kube-proxy" ]; files = [ "/etc/machine-id" diff --git a/nixos/hosts/silver/services/default.nix b/nixos/hosts/silver/services/default.nix index 1850d78..31e43aa 100644 --- a/nixos/hosts/silver/services/default.nix +++ b/nixos/hosts/silver/services/default.nix @@ -7,6 +7,7 @@ ./gitea.nix ./synapse.nix ./nebula.nix + ./k8s.nix ]; security.acme = { diff --git a/nixos/hosts/silver/services/k8s.nix b/nixos/hosts/silver/services/k8s.nix new file mode 100644 index 0000000..8bbc66a --- /dev/null +++ b/nixos/hosts/silver/services/k8s.nix @@ -0,0 +1,30 @@ +{pkgs, ...}: let + kMasterIp = "10.13.0.1"; + kMasterHostname = "silver"; + kMasterApiServerPort = 6443; +in { + networking.extraHosts = "${kMasterIp} ${kMasterHostname}"; + + systemd.services.etcd.preStart = ''${pkgs.writeShellScript "etcd-wait" '' + while [ ! -f /var/lib/kubernetes/secrets/etcd.pem ]; do sleep 1; done + ''}''; + + services.kubernetes = { + roles = ["master" "node"]; + masterAddress = kMasterHostname; + apiserverAddress = "https://${kMasterHostname}:${toString kMasterApiServerPort}"; + + apiserver = { + securePort = kMasterApiServerPort; + advertiseAddress = kMasterIp; + }; + + easyCerts = true; + + # use coredns + addons.dns.enable = true; + + # needed if you use swap + kubelet.extraOpts = "--fail-swap-on=false"; + }; +}