This is a breaking change, requiring users of `featureGates` to change
from a `listOf str` to `attrsOf bool`.
Before:
```nix
featureGates = [ "EphemeralContainers" ];
extraOpts = pkgs.lib.concatStringsSep " " (
[
"--container-runtime=remote"
''--feature-gates="CSIMigration=false"''
});
```
After:
```nix
featureGates = {EphemeralContainers = true; CSIMigration=false;};
```
This is much nicer, and sets us up for later work of migrating to
configuration files for other services, like e.g. has been happening
with kubelet (see: #290119).
Signed-off-by: Christina Sørensen <christina@cafkafk.com>
Allow to set kubelet configuration parameters
via an option. Additionally, expose the
respective options for graceful node
shutdown directly, as it is anticipated to
be used frequently.
This contribution extends the k3s module to
enable the usage of Helm charts and container
images in air-gapped environments. Additionally,
the manifests option allows to specify arbitrary
manifests that are deployed by k3s automatically.
It is now possible to deploy Kubernetes workloads
using the k3s module.
Set assertions to avoid obvious errors.
Eliminate the conflict between default CNI (`cana`) and `NetworkManager`.
Determine whether optional can be used for agent.
Add the option `cisHardening` to enable CIS Hardening.
Set kernel parameters by `boot.kernel.sysctl`.
Using `lib.escapeShellArgs` to make `ExecStart` more resilient to escaping issues.
Using a list of `str` to extra flags.
these changes were generated with nixq 0.0.2, by running
nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix
nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix
nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix
two mentions of the mdDoc function remain in nixos/, both of which
are inside of comments.
Since lib.mdDoc is already defined as just id, this commit is a no-op as
far as Nix (and the built manual) is concerned.
The `authority.file.path` field of a cert spec is
[defined as follows]
(https://github.com/cloudflare/certmgr/tree/v3.0.3#pki-specs):
> if this is included, the CA certificate will be saved here.
It follows the same file specification format above. Use this
if you want to save your CA cert to disk.
So certmgr fails, because each certmgr spec (apiserver,
addonManager, ...) wants to manage the file at the `cert.caCert`
location. However, the `authority.file.path` field is not needed
for generating a certificate, as the certificate is generated by
the CA, which is reachable at `authority.remote` (e.g.
https://localhost:8888 with `easyCerts = true`). The
`authority.file.path` field just saves the certificate of the CA
to disk.
* k3s: add environmentFile option
Enabling to include secrets through configuration such as 'sops'
* Update nixos/doc/manual/release-notes/rl-2305.section.md
Co-authored-by: Jairo Llopis <973709+yajo@users.noreply.github.com>
