min
/
infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial deployment of Kubernetes control plane

This commit is contained in:
minish 2024-11-02 02:56:58 -04:00
parent 12b327ca88
commit 9bd1f0cfa1
Signed by: min
SSH Key Fingerprint: SHA256:NFjjdbkd6u7aoMlcrDCVvz6o2UBtlAuPm8IQ2vhZ3Fg
3 changed files with 37 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
nixos/hosts/silver/mounts.nix
View File

@ -15,6 +15,12 @@
"/var/lib/acme" "/var/lib/acme"
"/srv" "/srv"
# k8s
"/var/lib/containerd"
"/var/lib/kubernetes"
"/var/lib/kubelet"
"/var/lib/kube-proxy"
]; ];
files = [ files = [
"/etc/machine-id" "/etc/machine-id"

1
nixos/hosts/silver/services/default.nix
View File

@ -7,6 +7,7 @@
./gitea.nix ./gitea.nix
./synapse.nix ./synapse.nix
./nebula.nix ./nebula.nix
./k8s.nix
]; ];
security.acme = { security.acme = {

30
nixos/hosts/silver/services/k8s.nix Normal file
View File

@ -0,0 +1,30 @@
{pkgs, ...}: let
kMasterIp = "10.13.0.1";
kMasterHostname = "silver";
kMasterApiServerPort = 6443;
in {
networking.extraHosts = "${kMasterIp} ${kMasterHostname}";
systemd.services.etcd.preStart = ''${pkgs.writeShellScript "etcd-wait" ''
while [ ! -f /var/lib/kubernetes/secrets/etcd.pem ]; do sleep 1; done
''}'';
services.kubernetes = {
roles = ["master" "node"];
masterAddress = kMasterHostname;
apiserverAddress = "https://${kMasterHostname}:${toString kMasterApiServerPort}";
apiserver = {
securePort = kMasterApiServerPort;
advertiseAddress = kMasterIp;
};
easyCerts = true;
# use coredns
addons.dns.enable = true;
# needed if you use swap
kubelet.extraOpts = "--fail-swap-on=false";
};
}