diff --git a/hosts/k8s/k3s-prod-1-master-1/default.nix b/hosts/k8s/k3s-prod-1-master-1/default.nix index d40dd6cd..82b1ea88 100644 --- a/hosts/k8s/k3s-prod-1-master-1/default.nix +++ b/hosts/k8s/k3s-prod-1-master-1/default.nix @@ -17,6 +17,9 @@ tokenFile = config.age.secrets."k3s-prod-1-token".path; # the first node in the cluster should be the one to initialize the cluster clusterInit = true; + # use my own domain & kube-vip's virtual IP for the API server + # so that the API server can always be accessed even if some nodes are down + masterHost = "prod-cluster-1.writefor.fun"; }; in { imports = diff --git a/hosts/k8s/k3s-prod-1-master-2/default.nix b/hosts/k8s/k3s-prod-1-master-2/default.nix index 3d123490..2133c9c0 100644 --- a/hosts/k8s/k3s-prod-1-master-2/default.nix +++ b/hosts/k8s/k3s-prod-1-master-2/default.nix @@ -6,7 +6,6 @@ ... }: let hostName = "k3s-prod-1-master-2"; # define your hostname. - k3sServerName = "k3s-prod-1-master-1"; coreModule = mylib.genKubeVirtCoreModule { inherit pkgs hostName; @@ -16,7 +15,9 @@ inherit pkgs; kubeconfigFile = "/home/${myvars.username}/.kube/config"; tokenFile = config.age.secrets."k3s-prod-1-token".path; - serverIp = myvars.networking.hostsAddr.${k3sServerName}.ipv4; + # use my own domain & kube-vip's virtual IP for the API server + # so that the API server can always be accessed even if some nodes are down + masterHost = "prod-cluster-1.writefor.fun"; }; in { imports = diff --git a/hosts/k8s/k3s-prod-1-master-3/default.nix b/hosts/k8s/k3s-prod-1-master-3/default.nix index 69e9ecd9..b5ff12a8 100644 --- a/hosts/k8s/k3s-prod-1-master-3/default.nix +++ b/hosts/k8s/k3s-prod-1-master-3/default.nix @@ -6,7 +6,6 @@ ... }: let hostName = "k3s-prod-1-master-3"; # define your hostname. - k3sServerName = "k3s-prod-1-master-1"; coreModule = mylib.genKubeVirtCoreModule { inherit pkgs hostName; @@ -16,7 +15,9 @@ inherit pkgs; kubeconfigFile = "/home/${myvars.username}/.kube/config"; tokenFile = config.age.secrets."k3s-prod-1-token".path; - serverIp = myvars.networking.hostsAddr.${k3sServerName}.ipv4; + # use my own domain & kube-vip's virtual IP for the API server + # so that the API server can always be accessed even if some nodes are down + masterHost = "prod-cluster-1.writefor.fun"; }; in { imports = diff --git a/hosts/k8s/k3s-prod-1-worker-1/default.nix b/hosts/k8s/k3s-prod-1-worker-1/default.nix index 0a3e2e57..ee076146 100644 --- a/hosts/k8s/k3s-prod-1-worker-1/default.nix +++ b/hosts/k8s/k3s-prod-1-worker-1/default.nix @@ -6,7 +6,6 @@ ... }: let hostName = "k3s-prod-1-worker-1"; # define your hostname. - k3sServerName = "k3s-prod-1-master-1"; coreModule = mylib.genKubeVirtCoreModule { inherit pkgs hostName; @@ -15,7 +14,9 @@ k3sModule = mylib.genK3sAgentModule { inherit pkgs; tokenFile = config.age.secrets."k3s-prod-1-token".path; - serverIp = myvars.networking.hostsAddr.${k3sServerName}.ipv4; + # use my own domain & kube-vip's virtual IP for the API server + # so that the API server can always be accessed even if some nodes are down + masterHost = "prod-cluster-1.writefor.fun"; }; in { imports = diff --git a/hosts/k8s/k3s-prod-1-worker-2/default.nix b/hosts/k8s/k3s-prod-1-worker-2/default.nix index 0d71f351..f534589e 100644 --- a/hosts/k8s/k3s-prod-1-worker-2/default.nix +++ b/hosts/k8s/k3s-prod-1-worker-2/default.nix @@ -6,7 +6,6 @@ ... }: let hostName = "k3s-prod-1-worker-2"; # define your hostname. - k3sServerName = "k3s-prod-1-master-1"; coreModule = mylib.genKubeVirtCoreModule { inherit pkgs hostName; @@ -15,7 +14,9 @@ k3sModule = mylib.genK3sAgentModule { inherit pkgs; tokenFile = config.age.secrets."k3s-prod-1-token".path; - serverIp = myvars.networking.hostsAddr.${k3sServerName}.ipv4; + # use my own domain & kube-vip's virtual IP for the API server + # so that the API server can always be accessed even if some nodes are down + masterHost = "prod-cluster-1.writefor.fun"; }; in { imports = diff --git a/hosts/k8s/k3s-prod-1-worker-3/default.nix b/hosts/k8s/k3s-prod-1-worker-3/default.nix index 16bfe7ed..0acec9e5 100644 --- a/hosts/k8s/k3s-prod-1-worker-3/default.nix +++ b/hosts/k8s/k3s-prod-1-worker-3/default.nix @@ -6,7 +6,6 @@ ... }: let hostName = "k3s-prod-1-worker-3"; # define your hostname. - k3sServerName = "k3s-prod-1-master-1"; coreModule = mylib.genKubeVirtCoreModule { inherit pkgs hostName; @@ -15,7 +14,9 @@ k3sModule = mylib.genK3sAgentModule { inherit pkgs; tokenFile = config.age.secrets."k3s-prod-1-token".path; - serverIp = myvars.networking.hostsAddr.${k3sServerName}.ipv4; + # use my own domain & kube-vip's virtual IP for the API server + # so that the API server can always be accessed even if some nodes are down + masterHost = "prod-cluster-1.writefor.fun"; }; in { imports = diff --git a/hosts/k8s/k3s-test-1-master-1/default.nix b/hosts/k8s/k3s-test-1-master-1/default.nix index 77eaebe6..f635685a 100644 --- a/hosts/k8s/k3s-test-1-master-1/default.nix +++ b/hosts/k8s/k3s-test-1-master-1/default.nix @@ -17,6 +17,9 @@ tokenFile = config.age.secrets."k3s-prod-1-token".path; # the first node in the cluster should be the one to initialize the cluster clusterInit = true; + # use my own domain & kube-vip's virtual IP for the API server + # so that the API server can always be accessed even if some nodes are down + masterHost = "test-cluster-1.writefor.fun"; }; in { imports = diff --git a/hosts/k8s/k3s-test-1-master-2/default.nix b/hosts/k8s/k3s-test-1-master-2/default.nix index d57a3dc5..55746860 100644 --- a/hosts/k8s/k3s-test-1-master-2/default.nix +++ b/hosts/k8s/k3s-test-1-master-2/default.nix @@ -6,7 +6,6 @@ ... }: let hostName = "k3s-test-1-master-2"; # define your hostname. - k3sServerName = "k3s-test-1-master-1"; coreModule = mylib.genKubeVirtCoreModule { inherit pkgs hostName; @@ -16,7 +15,9 @@ inherit pkgs; kubeconfigFile = "/home/${myvars.username}/.kube/config"; tokenFile = config.age.secrets."k3s-prod-1-token".path; - serverIp = myvars.networking.hostsAddr.${k3sServerName}.ipv4; + # use my own domain & kube-vip's virtual IP for the API server + # so that the API server can always be accessed even if some nodes are down + masterHost = "test-cluster-1.writefor.fun"; }; in { imports = diff --git a/hosts/k8s/k3s-test-1-master-3/default.nix b/hosts/k8s/k3s-test-1-master-3/default.nix index 7680b4b7..ffe41f55 100644 --- a/hosts/k8s/k3s-test-1-master-3/default.nix +++ b/hosts/k8s/k3s-test-1-master-3/default.nix @@ -6,7 +6,6 @@ ... }: let hostName = "k3s-test-1-master-3"; # define your hostname. - k3sServerName = "k3s-test-1-master-1"; coreModule = mylib.genKubeVirtCoreModule { inherit pkgs hostName; @@ -16,7 +15,9 @@ inherit pkgs; kubeconfigFile = "/home/${myvars.username}/.kube/config"; tokenFile = config.age.secrets."k3s-prod-1-token".path; - serverIp = myvars.networking.hostsAddr.${k3sServerName}.ipv4; + # use my own domain & kube-vip's virtual IP for the API server + # so that the API server can always be accessed even if some nodes are down + masterHost = "test-cluster-1.writefor.fun"; }; in { imports = diff --git a/hosts/k8s/kubevirt-shoryu/default.nix b/hosts/k8s/kubevirt-shoryu/default.nix index 9f45746b..0e5f35dc 100644 --- a/hosts/k8s/kubevirt-shoryu/default.nix +++ b/hosts/k8s/kubevirt-shoryu/default.nix @@ -19,6 +19,9 @@ tokenFile = "/run/media/nixos_k3s/kubevirt-k3s-token"; # the first node in the cluster should be the one to initialize the cluster clusterInit = true; + # use my own domain & kube-vip's virtual IP for the API server + # so that the API server can always be accessed even if some nodes are down + masterHost = "kubevirt-cluster-1.writefor.fun"; }; in { imports = diff --git a/hosts/k8s/kubevirt-shushou/default.nix b/hosts/k8s/kubevirt-shushou/default.nix index 2b2e27c4..7f014315 100644 --- a/hosts/k8s/kubevirt-shushou/default.nix +++ b/hosts/k8s/kubevirt-shushou/default.nix @@ -17,7 +17,9 @@ inherit pkgs; kubeconfigFile = "/home/${myvars.username}/.kube/config"; tokenFile = "/run/media/nixos_k3s/kubevirt-k3s-token"; - serverIp = myvars.networking.hostsAddr.${k3sServerName}.ipv4; + # use my own domain & kube-vip's virtual IP for the API server + # so that the API server can always be accessed even if some nodes are down + masterHost = "kubevirt-cluster-1.writefor.fun"; }; in { imports = diff --git a/hosts/k8s/kubevirt-youko/default.nix b/hosts/k8s/kubevirt-youko/default.nix index e207f439..4d818781 100644 --- a/hosts/k8s/kubevirt-youko/default.nix +++ b/hosts/k8s/kubevirt-youko/default.nix @@ -17,7 +17,9 @@ inherit pkgs; kubeconfigFile = "/home/${myvars.username}/.kube/config"; tokenFile = "/run/media/nixos_k3s/kubevirt-k3s-token"; - serverIp = myvars.networking.hostsAddr.${k3sServerName}.ipv4; + # use my own domain & kube-vip's virtual IP for the API server + # so that the API server can always be accessed even if some nodes are down + masterHost = "kubevirt-cluster-1.writefor.fun"; }; in { imports = diff --git a/lib/genK3sAgentModule.nix b/lib/genK3sAgentModule.nix index f536aca1..510dc514 100644 --- a/lib/genK3sAgentModule.nix +++ b/lib/genK3sAgentModule.nix @@ -1,6 +1,6 @@ { pkgs, - serverIp, + masterHost, tokenFile, ... }: let @@ -12,7 +12,7 @@ in { inherit package tokenFile; role = "agent"; - serverAddr = "https://${serverIp}:6443"; + serverAddr = "https://${masterHost}:6443"; # https://docs.k3s.io/cli/agent extraFlags = let flagList = [ diff --git a/lib/genK3sServerModule.nix b/lib/genK3sServerModule.nix index 655e5279..75817d8c 100644 --- a/lib/genK3sServerModule.nix +++ b/lib/genK3sServerModule.nix @@ -6,8 +6,10 @@ # If you are configuring an HA cluster with an embedded etcd, # the 1st server must have `clusterInit = true` # and other servers must connect to it using `serverAddr`. - serverIp ? null, - clusterInit ? (serverIp == null), + # + # this can be a domain name or an IP address(such as kube-vip's virtual IP) + masterHost, + clusterInit ? false, addTaints ? false, ... }: let @@ -32,14 +34,14 @@ in { serverAddr = if clusterInit then "" - else "https://${serverIp}:6443"; + else "https://${masterHost}:6443"; role = "server"; # https://docs.k3s.io/cli/server extraFlags = let flagList = [ - "--write-kubeconfig ${kubeconfigFile}" + "--write-kubeconfig=${kubeconfigFile}" "--write-kubeconfig-mode=644" "--service-node-port-range=80-32767" "--kube-apiserver-arg='--allow-privileged=true'" # required by kubevirt @@ -52,6 +54,7 @@ in { "--disable=servicelb" # we use kube-vip instead "--flannel-backend=none" # we use cilium instead "--disable-network-policy" + "--tls-san=${masterHost}" ] # prevent workloads from running on the master ++ (pkgs.lib.optionals addTaints ["--node-taint=CriticalAddonsOnly=true:NoExecute"]);