mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-25 00:12:56 +00:00
Cleanup pki: control-plane-online
This commit is contained in:
parent
50c5f489ef
commit
45e683fbd6
@ -276,6 +276,30 @@ in {
|
|||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.targets.kube-control-plane-online = {
|
||||||
|
wantedBy = [ "kubernetes.target" ];
|
||||||
|
before = [ "kubernetes.target" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.kube-control-plane-online = rec {
|
||||||
|
description = "Kubernetes control plane is online";
|
||||||
|
wantedBy = [ "kube-control-plane-online.target" ];
|
||||||
|
after = [ "kube-scheduler.service" "kube-controller-manager.service" ];
|
||||||
|
before = [ "kube-control-plane-online.target" ];
|
||||||
|
environment.KUBECONFIG = cfg.lib.mkKubeConfig "default" cfg.kubeconfig;
|
||||||
|
path = [ pkgs.kubectl ];
|
||||||
|
preStart = ''
|
||||||
|
until kubectl get --raw=/healthz 2>/dev/null; do
|
||||||
|
echo kubectl get --raw=/healthz: exit status $?
|
||||||
|
sleep 3
|
||||||
|
done
|
||||||
|
'';
|
||||||
|
script = "echo Ok";
|
||||||
|
serviceConfig = {
|
||||||
|
TimeoutSec = "500";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
systemd.tmpfiles.rules = [
|
||||||
"d /opt/cni/bin 0755 root root -"
|
"d /opt/cni/bin 0755 root root -"
|
||||||
"d /run/kubernetes 0755 kubernetes kubernetes -"
|
"d /run/kubernetes 0755 kubernetes kubernetes -"
|
||||||
@ -300,28 +324,7 @@ in {
|
|||||||
then cfg.apiserver.advertiseAddress
|
then cfg.apiserver.advertiseAddress
|
||||||
else "${cfg.masterAddress}:${toString cfg.apiserver.securePort}"}");
|
else "${cfg.masterAddress}:${toString cfg.apiserver.securePort}"}");
|
||||||
|
|
||||||
systemd.targets.kube-control-plane-online = {
|
services.kubernetes.kubeconfig.server = mkDefault cfg.apiserverAddress;
|
||||||
wantedBy = [ "kubernetes.target" ];
|
|
||||||
before = [ "kubernetes.target" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.kube-control-plane-online = rec {
|
|
||||||
description = "Kubernetes control plane is online";
|
|
||||||
wantedBy = [ "kube-control-plane-online.target" ];
|
|
||||||
after = [ "kube-scheduler.service" "kube-controller-manager.service" ];
|
|
||||||
before = [ "kube-control-plane-online.target" ];
|
|
||||||
preStart = ''
|
|
||||||
${cfg.lib.mkWaitCurl ( with config.systemd.services.kube-control-plane-online; {
|
|
||||||
sleep = 3;
|
|
||||||
path = "/healthz";
|
|
||||||
cacert = cfg.caFile;
|
|
||||||
} // optionalAttrs (environment ? cert) { inherit (environment) cert key; })}
|
|
||||||
'';
|
|
||||||
script = "echo Ok";
|
|
||||||
serviceConfig = {
|
|
||||||
TimeoutSec = "500";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
})
|
})
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
@ -283,12 +283,6 @@ in
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.kube-control-plane-online.environment = let
|
|
||||||
client = with cfg.certs; if top.apiserver.enable then clusterAdmin else kubelet;
|
|
||||||
in {
|
|
||||||
inherit (client) cert key;
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.etc.${cfg.etcClusterAdminKubeconfig}.source = mkIf (!isNull cfg.etcClusterAdminKubeconfig)
|
environment.etc.${cfg.etcClusterAdminKubeconfig}.source = mkIf (!isNull cfg.etcClusterAdminKubeconfig)
|
||||||
(top.lib.mkKubeConfig "cluster-admin" clusterAdminKubeconfig);
|
(top.lib.mkKubeConfig "cluster-admin" clusterAdminKubeconfig);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user