Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 8704e82eba7e
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 6ef8cad2a768
Choose a head ref
2 contributors

Commits on Sep 24, 2017

  1. kubernetes: 1.5.6 -> 1.6.4

    @matejc @globin
    matejc authored and globin committed Sep 24, 2017
    Copy the full SHA
    c3cfd92 View commit details

  2. kubernetes module: authorization improvements

    @offlinehacker @globin
    offlinehacker authored and globin committed Sep 24, 2017
    Copy the full SHA
    90d5468 View commit details

  3. kube-dns: 1.14.1

    @matejc @globin
    matejc authored and globin committed Sep 24, 2017
    Copy the full SHA
    7332179 View commit details

  4. kubernetes: update service

    @matejc @globin
    matejc authored and globin committed Sep 24, 2017
    Copy the full SHA
    ed322f4 View commit details

  5. kubernetes: add tests

    @matejc @globin
    matejc authored and globin committed Sep 24, 2017
    Copy the full SHA
    7f9d1a7 View commit details

  6. kubernetes: fix minor issues

    @matejc @globin
    matejc authored and globin committed Sep 24, 2017
    Copy the full SHA
    8e14e97 View commit details

  7. kubernetes module: flannel support, minor fixes 

    - add flannel support
- remove deprecated authorizationRBACSuperAdmin option
- rename from deprecated poratalNet to serviceClusterIpRange
- add nodeIp option for kubelet
- kubelet, add br_netfilter to kernelModules
- enable firewall by default
- enable dns by default on node and on master
- disable iptables for docker by default on nodes
- dns, restart on failure
- update tests

and other minor changes
    @offlinehacker @globin
    offlinehacker authored and globin committed Sep 24, 2017
    Copy the full SHA
    7dfeac8 View commit details

  8. kubernetes module: per service kubeconfig support

    @offlinehacker @globin
    offlinehacker authored and globin committed Sep 24, 2017
    Copy the full SHA
    c96ca5f View commit details

  9. kubernetes module: add support for common CA file

    @offlinehacker @globin
    offlinehacker authored and globin committed Sep 24, 2017
    Copy the full SHA
    c262291 View commit details

  10. kubernetes module: default auth mode to only RBAC

    @offlinehacker @globin
    offlinehacker authored and globin committed Sep 24, 2017
    Copy the full SHA
    b25d155 View commit details

  11. kubernetes module: fix cidr ranges

    @offlinehacker @globin
    offlinehacker authored and globin committed Sep 24, 2017
    Copy the full SHA
    d842d53 View commit details

  12. kubernetes module: add storage and tolerations addmission controllers

    @offlinehacker @globin
    offlinehacker authored and globin committed Sep 24, 2017
    Copy the full SHA
    856ca73 View commit details

  13. kubernetes module: enable leader elect by default

    @offlinehacker @globin
    offlinehacker authored and globin committed Sep 24, 2017
    Copy the full SHA
    8e48fff View commit details

  14. kubernetes module: kubelet, add socat to path for kubectl portforward

    @offlinehacker @globin
    offlinehacker authored and globin committed Sep 24, 2017
    Copy the full SHA
    55dbbfd View commit details

  15. cni: 0.3.0 -> 0.5.2

    @offlinehacker @globin
    offlinehacker authored and globin committed Sep 24, 2017
    Copy the full SHA
    ff64138 View commit details

  16. kubernetes: 1.6.4 -> 1.7.1

    @offlinehacker @globin
    offlinehacker authored and globin committed Sep 24, 2017
    Copy the full SHA
    bff4286 View commit details

  17. kuberentes: expose kube-addons script

    @offlinehacker @globin
    offlinehacker authored and globin committed Sep 24, 2017
    Copy the full SHA
    f10138b View commit details

  18. kubernetes module: add featureGates option

    @offlinehacker @globin
    offlinehacker authored and globin committed Sep 24, 2017
    Copy the full SHA
    74f9952 View commit details

  19. kubernetes module: fix documentation links

    @offlinehacker @globin
    offlinehacker authored and globin committed Sep 24, 2017
    Copy the full SHA
    7c89362 View commit details

  20. kubernetes module: webhook authorization for kubelet

    @offlinehacker @globin
    offlinehacker authored and globin committed Sep 24, 2017
    Copy the full SHA
    9d97c92 View commit details

  21. kubernetes module: seedDockerImages option for seeding docker images … 

    …built with nix
    @offlinehacker @globin
    offlinehacker authored and globin committed Sep 24, 2017
    Copy the full SHA
    2beadcf View commit details

  22. kubernetes module: refactor module system, kube-dns as module

    @offlinehacker @globin
    offlinehacker authored and globin committed Sep 24, 2017
    Copy the full SHA
    ddf5de5 View commit details

  23. kubernetes: fix dns addon hashes, fix clusterDns, enable proxy on master

    @matejc @globin
    matejc authored and globin committed Sep 24, 2017
    Copy the full SHA
    6ea272c View commit details

  24. kubernetes: build e2e.test

    @matejc @globin
    matejc authored and globin committed Sep 24, 2017
    Copy the full SHA
    1febe07 View commit details

  25. kubernetes: fix tests

    @matejc @globin
    matejc authored and globin committed Sep 24, 2017
    Copy the full SHA
    6ef8cad View commit details
4 changes: 3 additions & 1 deletion nixos/modules/module-list.nix
View file
Original file line number Diff line number Diff line change
@@ -157,7 +157,9 @@
./services/backup/tarsnap.nix
./services/backup/znapzend.nix
./services/cluster/fleet.nix
./services/cluster/kubernetes.nix
./services/cluster/kubernetes/default.nix
./services/cluster/kubernetes/dns.nix
./services/cluster/kubernetes/dashboard.nix
./services/cluster/panamax.nix
./services/computing/boinc/client.nix
./services/computing/torque/server.nix
160 changes: 160 additions & 0 deletions nixos/modules/services/cluster/kubernetes/dashboard.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,160 @@
{ config, pkgs, lib, ... }:

with lib;

let
cfg = config.services.kubernetes.addons.dashboard;

name = "gcr.io/google_containers/kubernetes-dashboard-amd64";
version = "v1.6.3";

image = pkgs.dockerTools.pullImage {
imageName = name;
imageTag = version;
sha256 = "1sf54d96nkgic9hir9c6p14gw24ns1k5d5a0r1sg414kjrvic0b4";
};
in {
options.services.kubernetes.addons.dashboard = {
enable = mkEnableOption "kubernetes dashboard addon";

enableRBAC = mkOption {
description = "Whether to enable role based access control is enabled for kubernetes dashboard";
type = types.bool;
default = elem "RBAC" config.services.kubernetes.apiserver.authorizationMode;
};
};

config = mkIf cfg.enable {
services.kubernetes.kubelet.seedDockerImages = [image];

services.kubernetes.addonManager.addons = {
kubernetes-dashboard-deployment = {
kind = "Deployment";
apiVersion = "apps/v1beta1";
metadata = {
labels = {
k8s-addon = "kubernetes-dashboard.addons.k8s.io";
k8s-app = "kubernetes-dashboard";
version = version;
"kubernetes.io/cluster-service" = "true";
"addonmanager.kubernetes.io/mode" = "Reconcile";
};
name = "kubernetes-dashboard";
namespace = "kube-system";
};
spec = {
replicas = 1;
revisionHistoryLimit = 10;
selector.matchLabels."k8s-app" = "kubernetes-dashboard";
template = {
metadata = {
labels = {
k8s-addon = "kubernetes-dashboard.addons.k8s.io";
k8s-app = "kubernetes-dashboard";
version = version;
"kubernetes.io/cluster-service" = "true";
};
annotations = {
"scheduler.alpha.kubernetes.io/critical-pod" = "";
#"scheduler.alpha.kubernetes.io/tolerations" = ''[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'';
};
};
spec = {
containers = [{
name = "kubernetes-dashboard";
image = "${name}:${version}";
ports = [{
containerPort = 9090;
protocol = "TCP";
}];
resources = {
limits = {
cpu = "100m";
memory = "50Mi";
};
requests = {
cpu = "100m";
memory = "50Mi";
};
};
livenessProbe = {
httpGet = {
path = "/";
port = 9090;
};
initialDelaySeconds = 30;
timeoutSeconds = 30;
};
}];
serviceAccountName = "kubernetes-dashboard";
tolerations = [{
key = "node-role.kubernetes.io/master";
effect = "NoSchedule";
}];
};
};
};
};

kubernetes-dashboard-svc = {
apiVersion = "v1";
kind = "Service";
metadata = {
labels = {
k8s-addon = "kubernetes-dashboard.addons.k8s.io";
k8s-app = "kubernetes-dashboard";
"kubernetes.io/cluster-service" = "true";
"kubernetes.io/name" = "KubeDashboard";
"addonmanager.kubernetes.io/mode" = "Reconcile";
};
name = "kubernetes-dashboard";
namespace = "kube-system";
};
spec = {
ports = [{
port = 80;
targetPort = 9090;
}];
selector.k8s-app = "kubernetes-dashboard";
};
};

kubernetes-dashboard-sa = {
apiVersion = "v1";
kind = "ServiceAccount";
metadata = {
labels = {
k8s-app = "kubernetes-dashboard";
k8s-addon = "kubernetes-dashboard.addons.k8s.io";
"addonmanager.kubernetes.io/mode" = "Reconcile";
};
name = "kubernetes-dashboard";
namespace = "kube-system";
};
};
} // (optionalAttrs cfg.enableRBAC {
kubernetes-dashboard-crb = {
apiVersion = "rbac.authorization.k8s.io/v1beta1";
kind = "ClusterRoleBinding";
metadata = {
name = "kubernetes-dashboard";
labels = {
k8s-app = "kubernetes-dashboard";
k8s-addon = "kubernetes-dashboard.addons.k8s.io";
"addonmanager.kubernetes.io/mode" = "Reconcile";
};
};
roleRef = {
apiGroup = "rbac.authorization.k8s.io";
kind = "ClusterRole";
name = "cluster-admin";
};
subjects = [{
kind = "ServiceAccount";
name = "kubernetes-dashboard";
namespace = "kube-system";
}];
};
});
};
}
Loading