Commit 5aa1c788df2b

Vincent Demeester <vincent@sbr.pm>
2021-09-03 10:42:07
systems: updates k8s hosts
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
main
1 parent fe0cefd
Changed files (4)
systems
hosts
k8sn1.nix
k8sn2.nix
k8sn3.nix
modules
profiles
kubernetes.nix
systems/hosts/k8sn1.nix
@@ -31,6 +31,8 @@ in
 
   networking = {
     hostName = hostname;
+    domain = "home";
+    firewall.enable = false;
   };
 
   profiles = {
systems/hosts/k8sn2.nix
@@ -7,6 +7,11 @@ in
 {
   imports = [
     <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+    (import ../../nix).home-manager-stable
+    ../../systems/modules
+    # FIXME Need to refactor vincent user as.. it's adding way to much by default...
+    # (import ../../users).vincent
+    (import ../../users).root
   ];
 
   fileSystems."/" = {
@@ -22,6 +27,8 @@ in
 
   networking = {
     hostName = hostname;
+    domain = "home";
+    firewall.enable = false;
   };
 
   profiles = {
@@ -31,7 +38,7 @@ in
     kubernetes = {
       enable = true;
       master = {
-        enable = true;
+        enable = false;
         ip = kubeMasterIP;
       };
     };
systems/hosts/k8sn3.nix
@@ -7,6 +7,11 @@ in
 {
   imports = [
     <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+    (import ../../nix).home-manager-stable
+    ../../systems/modules
+    # FIXME Need to refactor vincent user as.. it's adding way to much by default...
+    # (import ../../users).vincent
+    (import ../../users).root
   ];
 
   fileSystems."/" = {
@@ -22,6 +27,8 @@ in
 
   networking = {
     hostName = hostname;
+    domain = "home";
+    firewall.enable = false;
   };
 
   profiles = {
@@ -31,7 +38,7 @@ in
     kubernetes = {
       enable = true;
       master = {
-        enable = true;
+        enable = false;
         ip = kubeMasterIP;
       };
     };
systems/modules/profiles/kubernetes.nix
@@ -25,7 +25,12 @@ in
     };
   };
   config = mkIf cfg.enable {
-    networking.extraHosts = "${cfg.master.ip} ${cfg.master.hostname}";
+    networking = {
+      firewall.allowedTCPPorts = [ 80 443 6443 ];
+      extraHosts = "${cfg.master.ip} ${cfg.master.hostname}";
+    };
+
+    boot.kernelModules = [ "ceph" ];
 
     # packages for administration tasks
     environment.systemPackages = with pkgs; [
@@ -37,17 +42,18 @@ in
       roles = [ "node" ] ++ optionals cfg.master.enable [ "master" ];
       masterAddress = cfg.master.hostname;
       apiserverAddress = "https://${cfg.master.hostname}:${toString cfg.master.port}";
+      kubeconfig.server = "https://${cfg.master.hostname}:${toString cfg.master.port}";
       easyCerts = true;
-      apiserver = {
+      apiserver = mkIf cfg.master.enable {
         securePort = cfg.master.port;
         advertiseAddress = cfg.master.ip;
       };
-
+      controllerManager.extraOpts = "--horizontal-pod-autoscaler-use-rest-clients=false";
       # use coredns
       addons.dns.enable = true;
 
       # needed if you use swap
-      kubelet.extraOpts = "--fail-swap-on=false";
+      kubelet.extraOpts = "--fail-swap-on=false --root-dir=/var/lib/kubelet";
     };
   };
 }