The current kubernetes module only allows you to set a single DNS
resolver for the kubelet. Historically, this has not mattered as the
value was passed to a cli argument as a string and as per the kubelet's
configuration parsing mechanism, multiple values could be passed as a
comma-delimited string. However, recently, the module was refactored to
make configure kubernetes components via configuration files rather than
the deprecated command-line arguments. These files more strongly-typed
than CLI arguments and to pass multiple values, one must define a list
in the file. When this change was made, an incorrect assumption was made
that only a single DNS server could be specified and forced a
single-item list into this configuration file. We need to introduce a
breaking change to the module in order to allow the user to supply their
own list with however many dns resolvers they wish to use.
Every now and then, kubernetes adds new configuration parameters to the
kubelet configuration. Since this is defined using a nix attrset which
is then converted to json/yaml, it would be nice to have an escape hatch
similar to the extraOpts one that exists for additional CLI arguments.
The typical use case would be to configure new settings before they are
officially supported in the nixos module.
This is a breaking change, requiring users of `featureGates` to change
from a `listOf str` to `attrsOf bool`.
Before:
```nix
featureGates = [ "EphemeralContainers" ];
extraOpts = pkgs.lib.concatStringsSep " " (
[
"--container-runtime=remote"
''--feature-gates="CSIMigration=false"''
});
```
After:
```nix
featureGates = {EphemeralContainers = true; CSIMigration=false;};
```
This is much nicer, and sets us up for later work of migrating to
configuration files for other services, like e.g. has been happening
with kubelet (see: #290119).
Signed-off-by: Christina Sørensen <christina@cafkafk.com>
these changes were generated with nixq 0.0.2, by running
nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix
nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix
nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix
two mentions of the mdDoc function remain in nixos/, both of which
are inside of comments.
Since lib.mdDoc is already defined as just id, this commit is a no-op as
far as Nix (and the built manual) is concerned.
The `authority.file.path` field of a cert spec is
[defined as follows]
(https://github.com/cloudflare/certmgr/tree/v3.0.3#pki-specs):
> if this is included, the CA certificate will be saved here.
It follows the same file specification format above. Use this
if you want to save your CA cert to disk.
So certmgr fails, because each certmgr spec (apiserver,
addonManager, ...) wants to manage the file at the `cert.caCert`
location. However, the `authority.file.path` field is not needed
for generating a certificate, as the certificate is generated by
the CA, which is reachable at `authority.remote` (e.g.
https://localhost:8888 with `easyCerts = true`). The
`authority.file.path` field just saves the certificate of the CA
to disk.
conversions were done using https://github.com/pennae/nix-doc-munge
using (probably) rev f34e145 running
nix-doc-munge nixos/**/*.nix
nix-doc-munge --import nixos/**/*.nix
the tool ensures that only changes that could affect the generated
manual *but don't* are committed, other changes require manual review
and are discarded.
the conversion procedure is simple:
- find all things that look like options, ie calls to either `mkOption`
or `lib.mkOption` that take an attrset. remember the attrset as the
option
- for all options, find a `description` attribute who's value is not a
call to `mdDoc` or `lib.mdDoc`
- textually convert the entire value of the attribute to MD with a few
simple regexes (the set from mdize-module.sh)
- if the change produced a change in the manual output, discard
- if the change kept the manual unchanged, add some text to the
description to make sure we've actually found an option. if the
manual changes this time, keep the converted description
this procedure converts 80% of nixos options to markdown. around 2000
options remain to be inspected, but most of those fail the "does not
change the manual output check": currently the MD conversion process
does not faithfully convert docbook tags like <code> and <package>, so
any option using such tags will not be converted at all.
--port and --address have both been deprecated and are nonfunctional
starting with kubernetes 1.23. Use --secure-port and --bind-address
instead. This means that users can no longer rely on the insecure port
for anything, so update the release notes accordingly.
this set almost certainly shouldn't be touched by users, nor listed in
the manual. make it internal and use it only through the option path to
make clear that this should not be modified.
some options have default that are best described in prose, such as
defaults that depend on the system stateVersion, defaults that are
derivations specific to the surrounding context, or those where the
expression is much longer and harder to understand than a simple text
snippet.
