From 559e2ab9512a938691076a23fba744ff115cd260 Mon Sep 17 00:00:00 2001 From: Jaka Hudoklin Date: Wed, 19 Aug 2015 23:51:54 +0200 Subject: [PATCH 1/2] kubernetes: 0.18.0 -> 1.0.3 --- .../networking/cluster/kubernetes/default.nix | 21 +++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/pkgs/applications/networking/cluster/kubernetes/default.nix b/pkgs/applications/networking/cluster/kubernetes/default.nix index a096d43b11cc..56d4cc7e769b 100644 --- a/pkgs/applications/networking/cluster/kubernetes/default.nix +++ b/pkgs/applications/networking/cluster/kubernetes/default.nix @@ -1,14 +1,14 @@ -{ stdenv, fetchFromGitHub, which, go, makeWrapper, iptables, rsync, utillinux, coreutils }: +{ stdenv, fetchFromGitHub, which, go, makeWrapper, iptables, rsync, utillinux, coreutils, e2fsprogs, procps-ng }: stdenv.mkDerivation rec { name = "kubernetes-${version}"; - version = "0.18.0"; + version = "1.0.3"; src = fetchFromGitHub { owner = "GoogleCloudPlatform"; repo = "kubernetes"; rev = "v${version}"; - sha256 = "1adbd5n2fs1278f6kz6pd23813w2k4pgcxjl21idflh8jafxsyj7"; + sha256 = "12wqw9agiz07wlw1sd0n41fn6xf74zn5sv37hslfa77w2d4ri5yb"; }; buildInputs = [ makeWrapper which go iptables rsync ]; @@ -26,14 +26,23 @@ stdenv.mkDerivation rec { ''; installPhase = '' - mkdir -p "$out/bin" - cp _output/local/go/bin/* "$out/bin/" + mkdir -p "$out/bin" "$out"/libexec/kubernetes/cluster + cp _output/local/go/bin/{kube*,hyperkube} "$out/bin/" cp cluster/addons/dns/kube2sky/kube2sky "$out/bin/" + cp cluster/saltbase/salt/helpers/safe_format_and_mount "$out/libexec/kubernetes" + cp -R hack "$out/libexec/kubernetes" + cp cluster/update-storage-objects.sh "$out/libexec/kubernetes/cluster" + makeWrapper "$out"/libexec/kubernetes/cluster/update-storage-objects.sh "$out"/bin/kube-update-storage-objects \ + --prefix KUBE_BIN : "$out/bin" ''; preFixup = '' wrapProgram "$out/bin/kube-proxy" --prefix PATH : "${iptables}/bin" - wrapProgram "$out/bin/kubelet" --prefix PATH : "${utillinux}/bin" + wrapProgram "$out/bin/kubelet" --prefix PATH : "${utillinux}/bin:${procps-ng}/bin" + chmod +x "$out/libexec/kubernetes/safe_format_and_mount" + wrapProgram "$out/libexec/kubernetes/safe_format_and_mount" --prefix PATH : "${e2fsprogs}/bin:${utillinux}/bin" + substituteInPlace "$out"/libexec/kubernetes/cluster/update-storage-objects.sh \ + --replace KUBE_OUTPUT_HOSTBIN KUBE_BIN ''; meta = with stdenv.lib; { From c33d2822781fd5449e19083c60123a3b5b93b698 Mon Sep 17 00:00:00 2001 From: Jaka Hudoklin Date: Wed, 19 Aug 2015 23:52:19 +0200 Subject: [PATCH 2/2] kubernetes service: fix for 1.0.3 --- nixos/modules/services/cluster/kubernetes.nix | 66 +++++++++++++------ 1 file changed, 47 insertions(+), 19 deletions(-) diff --git a/nixos/modules/services/cluster/kubernetes.nix b/nixos/modules/services/cluster/kubernetes.nix index d00c1aaa1055..0abef29dd19c 100644 --- a/nixos/modules/services/cluster/kubernetes.nix +++ b/nixos/modules/services/cluster/kubernetes.nix @@ -78,12 +78,6 @@ in { type = types.int; }; - readOnlyPort = mkOption { - description = "Kubernets apiserver read-only port."; - default = 7080; - type = types.int; - }; - securePort = mkOption { description = "Kubernetes apiserver secure port."; default = 6443; @@ -102,6 +96,12 @@ in { type = types.str; }; + clientCaFile = mkOption { + description = "Kubernetes apiserver CA file for client auth."; + default = ""; + type = types.str; + }; + tokenAuth = mkOption { description = '' Kubernetes apiserver token authentication file. See @@ -158,6 +158,19 @@ in { type = types.str; }; + runtimeConfig = mkOption { + description = "Api runtime configuration"; + default = ""; + example = "api/all=false,api/v1=true"; + type = types.str; + }; + + admissionControl = mkOption { + description = "Kubernetes admission control plugins to use."; + default = ["AlwaysAdmit"]; + type = types.listOf types.str; + }; + extraOpts = mkOption { description = "Kubernetes apiserver extra command line options."; default = ""; @@ -222,12 +235,6 @@ in { type = types.str; }; - machines = mkOption { - description = "Kubernetes controller list of machines to schedule to schedule onto"; - default = []; - type = types.listOf types.str; - }; - extraOpts = mkOption { description = "Kubernetes controller extra command line options."; default = ""; @@ -260,6 +267,20 @@ in { type = types.int; }; + healthz = { + bind = mkOption { + description = "Kubernetes kubelet healthz listening address."; + default = "127.0.0.1"; + type = types.str; + }; + + port = mkOption { + description = "Kubernetes kubelet healthz port."; + default = 10248; + type = types.int; + }; + }; + hostname = mkOption { description = "Kubernetes kubelet hostname override"; default = config.networking.hostName; @@ -374,7 +395,6 @@ in { --etcd-servers=${concatMapStringsSep "," (f: "http://${f}") cfg.etcdServers} \ --insecure-bind-address=${cfg.apiserver.address} \ --insecure-port=${toString cfg.apiserver.port} \ - --read-only-port=${toString cfg.apiserver.readOnlyPort} \ --bind-address=${cfg.apiserver.publicAddress} \ --allow-privileged=${if cfg.apiserver.allowPrivileged then "true" else "false"} \ ${optionalString (cfg.apiserver.tlsCertFile!="") @@ -383,11 +403,16 @@ in { "--tls-private-key-file=${cfg.apiserver.tlsPrivateKeyFile}"} \ ${optionalString (cfg.apiserver.tokenAuth!=[]) "--token-auth-file=${tokenAuthFile}"} \ + ${optionalString (cfg.apiserver.clientCaFile!="") + "--client-ca-file=${cfg.apiserver.clientCaFile}"} \ --authorization-mode=${cfg.apiserver.authorizationMode} \ ${optionalString (cfg.apiserver.authorizationMode == "ABAC") "--authorization-policy-file=${authorizationPolicyFile}"} \ --secure-port=${toString cfg.apiserver.securePort} \ --service-cluster-ip-range=${cfg.apiserver.portalNet} \ + ${optionalString (cfg.apiserver.runtimeConfig!="") + "--runtime-config=${cfg.apiserver.runtimeConfig}"} \ + --admission_control=${cfg.apiserver.admissionControl} \ --logtostderr=true \ ${optionalString cfg.verbose "--v=6 --log-flush-frequency=1s"} \ ${cfg.apiserver.extraOpts} @@ -431,7 +456,6 @@ in { --address=${cfg.controllerManager.address} \ --port=${toString cfg.controllerManager.port} \ --master=${cfg.controllerManager.master} \ - --machines=${concatStringsSep "," cfg.controllerManager.machines} \ --logtostderr=true \ ${optionalString cfg.verbose "--v=6 --log-flush-frequency=1s"} \ ${cfg.controllerManager.extraOpts} @@ -454,6 +478,8 @@ in { --register-node=${if cfg.kubelet.registerNode then "true" else "false"} \ --address=${cfg.kubelet.address} \ --port=${toString cfg.kubelet.port} \ + --healthz-bind-address=${cfg.kubelet.healthz.bind} \ + --healthz-port=${toString cfg.kubelet.healthz.port} \ --hostname-override=${cfg.kubelet.hostname} \ --allow-privileged=${if cfg.kubelet.allowPrivileged then "true" else "false"} \ --root-dir=${cfg.dataDir} \ @@ -504,9 +530,6 @@ in { User = "kubernetes"; }; }; - - services.skydns.enable = mkDefault true; - services.skydns.domain = mkDefault cfg.kubelet.clusterDomain; }) (mkIf (any (el: el == "master") cfg.roles) { @@ -524,6 +547,9 @@ in { (mkIf (any (el: el == "node" || el == "master") cfg.roles) { services.etcd.enable = mkDefault true; + + services.skydns.enable = mkDefault true; + services.skydns.domain = mkDefault cfg.kubelet.clusterDomain; }) (mkIf ( @@ -538,8 +564,10 @@ in { serviceConfig.Type = "oneshot"; script = '' mkdir -p /var/run/kubernetes - chown kubernetes /var/run/kubernetes - ln -fs ${pkgs.writeText "kubernetes-dockercfg" cfg.dockerCfg} /var/run/kubernetes/.dockercfg + chown kubernetes /var/lib/kubernetes + + rm ${cfg.dataDir}/.dockercfg || true + ln -fs ${pkgs.writeText "kubernetes-dockercfg" cfg.dockerCfg} ${cfg.dataDir}/.dockercfg ''; };