mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-18 07:46:09 +01:00
Merge pull request #9353 from offlinehacker/pkgs/kubernetes/update/1.0.3
kubernetes: update to 1.0.3, fix module
This commit is contained in:
commit
7a7895bcad
2 changed files with 62 additions and 25 deletions
|
@ -78,12 +78,6 @@ in {
|
|||
type = types.int;
|
||||
};
|
||||
|
||||
readOnlyPort = mkOption {
|
||||
description = "Kubernets apiserver read-only port.";
|
||||
default = 7080;
|
||||
type = types.int;
|
||||
};
|
||||
|
||||
securePort = mkOption {
|
||||
description = "Kubernetes apiserver secure port.";
|
||||
default = 6443;
|
||||
|
@ -102,6 +96,12 @@ in {
|
|||
type = types.str;
|
||||
};
|
||||
|
||||
clientCaFile = mkOption {
|
||||
description = "Kubernetes apiserver CA file for client auth.";
|
||||
default = "";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
tokenAuth = mkOption {
|
||||
description = ''
|
||||
Kubernetes apiserver token authentication file. See
|
||||
|
@ -158,6 +158,19 @@ in {
|
|||
type = types.str;
|
||||
};
|
||||
|
||||
runtimeConfig = mkOption {
|
||||
description = "Api runtime configuration";
|
||||
default = "";
|
||||
example = "api/all=false,api/v1=true";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
admissionControl = mkOption {
|
||||
description = "Kubernetes admission control plugins to use.";
|
||||
default = ["AlwaysAdmit"];
|
||||
type = types.listOf types.str;
|
||||
};
|
||||
|
||||
extraOpts = mkOption {
|
||||
description = "Kubernetes apiserver extra command line options.";
|
||||
default = "";
|
||||
|
@ -222,12 +235,6 @@ in {
|
|||
type = types.str;
|
||||
};
|
||||
|
||||
machines = mkOption {
|
||||
description = "Kubernetes controller list of machines to schedule to schedule onto";
|
||||
default = [];
|
||||
type = types.listOf types.str;
|
||||
};
|
||||
|
||||
extraOpts = mkOption {
|
||||
description = "Kubernetes controller extra command line options.";
|
||||
default = "";
|
||||
|
@ -260,6 +267,20 @@ in {
|
|||
type = types.int;
|
||||
};
|
||||
|
||||
healthz = {
|
||||
bind = mkOption {
|
||||
description = "Kubernetes kubelet healthz listening address.";
|
||||
default = "127.0.0.1";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
description = "Kubernetes kubelet healthz port.";
|
||||
default = 10248;
|
||||
type = types.int;
|
||||
};
|
||||
};
|
||||
|
||||
hostname = mkOption {
|
||||
description = "Kubernetes kubelet hostname override";
|
||||
default = config.networking.hostName;
|
||||
|
@ -374,7 +395,6 @@ in {
|
|||
--etcd-servers=${concatMapStringsSep "," (f: "http://${f}") cfg.etcdServers} \
|
||||
--insecure-bind-address=${cfg.apiserver.address} \
|
||||
--insecure-port=${toString cfg.apiserver.port} \
|
||||
--read-only-port=${toString cfg.apiserver.readOnlyPort} \
|
||||
--bind-address=${cfg.apiserver.publicAddress} \
|
||||
--allow-privileged=${if cfg.apiserver.allowPrivileged then "true" else "false"} \
|
||||
${optionalString (cfg.apiserver.tlsCertFile!="")
|
||||
|
@ -383,11 +403,16 @@ in {
|
|||
"--tls-private-key-file=${cfg.apiserver.tlsPrivateKeyFile}"} \
|
||||
${optionalString (cfg.apiserver.tokenAuth!=[])
|
||||
"--token-auth-file=${tokenAuthFile}"} \
|
||||
${optionalString (cfg.apiserver.clientCaFile!="")
|
||||
"--client-ca-file=${cfg.apiserver.clientCaFile}"} \
|
||||
--authorization-mode=${cfg.apiserver.authorizationMode} \
|
||||
${optionalString (cfg.apiserver.authorizationMode == "ABAC")
|
||||
"--authorization-policy-file=${authorizationPolicyFile}"} \
|
||||
--secure-port=${toString cfg.apiserver.securePort} \
|
||||
--service-cluster-ip-range=${cfg.apiserver.portalNet} \
|
||||
${optionalString (cfg.apiserver.runtimeConfig!="")
|
||||
"--runtime-config=${cfg.apiserver.runtimeConfig}"} \
|
||||
--admission_control=${cfg.apiserver.admissionControl} \
|
||||
--logtostderr=true \
|
||||
${optionalString cfg.verbose "--v=6 --log-flush-frequency=1s"} \
|
||||
${cfg.apiserver.extraOpts}
|
||||
|
@ -431,7 +456,6 @@ in {
|
|||
--address=${cfg.controllerManager.address} \
|
||||
--port=${toString cfg.controllerManager.port} \
|
||||
--master=${cfg.controllerManager.master} \
|
||||
--machines=${concatStringsSep "," cfg.controllerManager.machines} \
|
||||
--logtostderr=true \
|
||||
${optionalString cfg.verbose "--v=6 --log-flush-frequency=1s"} \
|
||||
${cfg.controllerManager.extraOpts}
|
||||
|
@ -454,6 +478,8 @@ in {
|
|||
--register-node=${if cfg.kubelet.registerNode then "true" else "false"} \
|
||||
--address=${cfg.kubelet.address} \
|
||||
--port=${toString cfg.kubelet.port} \
|
||||
--healthz-bind-address=${cfg.kubelet.healthz.bind} \
|
||||
--healthz-port=${toString cfg.kubelet.healthz.port} \
|
||||
--hostname-override=${cfg.kubelet.hostname} \
|
||||
--allow-privileged=${if cfg.kubelet.allowPrivileged then "true" else "false"} \
|
||||
--root-dir=${cfg.dataDir} \
|
||||
|
@ -504,9 +530,6 @@ in {
|
|||
User = "kubernetes";
|
||||
};
|
||||
};
|
||||
|
||||
services.skydns.enable = mkDefault true;
|
||||
services.skydns.domain = mkDefault cfg.kubelet.clusterDomain;
|
||||
})
|
||||
|
||||
(mkIf (any (el: el == "master") cfg.roles) {
|
||||
|
@ -524,6 +547,9 @@ in {
|
|||
|
||||
(mkIf (any (el: el == "node" || el == "master") cfg.roles) {
|
||||
services.etcd.enable = mkDefault true;
|
||||
|
||||
services.skydns.enable = mkDefault true;
|
||||
services.skydns.domain = mkDefault cfg.kubelet.clusterDomain;
|
||||
})
|
||||
|
||||
(mkIf (
|
||||
|
@ -538,8 +564,10 @@ in {
|
|||
serviceConfig.Type = "oneshot";
|
||||
script = ''
|
||||
mkdir -p /var/run/kubernetes
|
||||
chown kubernetes /var/run/kubernetes
|
||||
ln -fs ${pkgs.writeText "kubernetes-dockercfg" cfg.dockerCfg} /var/run/kubernetes/.dockercfg
|
||||
chown kubernetes /var/lib/kubernetes
|
||||
|
||||
rm ${cfg.dataDir}/.dockercfg || true
|
||||
ln -fs ${pkgs.writeText "kubernetes-dockercfg" cfg.dockerCfg} ${cfg.dataDir}/.dockercfg
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
{ stdenv, fetchFromGitHub, which, go, makeWrapper, iptables, rsync, utillinux, coreutils }:
|
||||
{ stdenv, fetchFromGitHub, which, go, makeWrapper, iptables, rsync, utillinux, coreutils, e2fsprogs, procps-ng }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "kubernetes-${version}";
|
||||
version = "0.18.0";
|
||||
version = "1.0.3";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "GoogleCloudPlatform";
|
||||
repo = "kubernetes";
|
||||
rev = "v${version}";
|
||||
sha256 = "1adbd5n2fs1278f6kz6pd23813w2k4pgcxjl21idflh8jafxsyj7";
|
||||
sha256 = "12wqw9agiz07wlw1sd0n41fn6xf74zn5sv37hslfa77w2d4ri5yb";
|
||||
};
|
||||
|
||||
buildInputs = [ makeWrapper which go iptables rsync ];
|
||||
|
@ -26,14 +26,23 @@ stdenv.mkDerivation rec {
|
|||
'';
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p "$out/bin"
|
||||
cp _output/local/go/bin/* "$out/bin/"
|
||||
mkdir -p "$out/bin" "$out"/libexec/kubernetes/cluster
|
||||
cp _output/local/go/bin/{kube*,hyperkube} "$out/bin/"
|
||||
cp cluster/addons/dns/kube2sky/kube2sky "$out/bin/"
|
||||
cp cluster/saltbase/salt/helpers/safe_format_and_mount "$out/libexec/kubernetes"
|
||||
cp -R hack "$out/libexec/kubernetes"
|
||||
cp cluster/update-storage-objects.sh "$out/libexec/kubernetes/cluster"
|
||||
makeWrapper "$out"/libexec/kubernetes/cluster/update-storage-objects.sh "$out"/bin/kube-update-storage-objects \
|
||||
--prefix KUBE_BIN : "$out/bin"
|
||||
'';
|
||||
|
||||
preFixup = ''
|
||||
wrapProgram "$out/bin/kube-proxy" --prefix PATH : "${iptables}/bin"
|
||||
wrapProgram "$out/bin/kubelet" --prefix PATH : "${utillinux}/bin"
|
||||
wrapProgram "$out/bin/kubelet" --prefix PATH : "${utillinux}/bin:${procps-ng}/bin"
|
||||
chmod +x "$out/libexec/kubernetes/safe_format_and_mount"
|
||||
wrapProgram "$out/libexec/kubernetes/safe_format_and_mount" --prefix PATH : "${e2fsprogs}/bin:${utillinux}/bin"
|
||||
substituteInPlace "$out"/libexec/kubernetes/cluster/update-storage-objects.sh \
|
||||
--replace KUBE_OUTPUT_HOSTBIN KUBE_BIN
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
|
|
Loading…
Reference in a new issue