starred/nix-config
1
0
Fork 0
mirror of https://github.com/ryan4yin/nix-config.git synced 2026-03-25 02:41:26 +01:00
Code Issues Packages Projects Releases 10 Wiki Activity

feat: add configs for kubevirt-lab-1

Browse Source
This commit is contained in:
Ryan Yin
2024-03-28 22:22:32 +08:00
parent 8d845f6fd0
commit 69fafe0c7c
10 changed files with 260 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
lib/genK3sServerModule.nix
View File

@@ -8,6 +8,7 @@
# and other servers must connect to it using `serverAddr`.
serverIp ? null,
clusterInit ? (serverIp == null),
addTaints ? false,
...
}: let
package = pkgs.k3s_1_29;
@@ -18,6 +19,8 @@ in {
kubectl
istioctl
kubernetes-helm
cilium-cli
fluxcd
skopeo
dive # explore docker layers
@@ -33,20 +36,33 @@ in {
role = "server";
# https://docs.k3s.io/cli/server
extraFlags =
" --write-kubeconfig ${kubeconfigFile}"
+ " --write-kubeconfig-mode 644"
+ " --service-node-port-range 80-32767"
+ " --kube-apiserver-arg='--allow-privileged=true'" # required by kubevirt
+ " --node-taint=CriticalAddonsOnly=true:NoExecute" # prevent workloads from running on the master
+ " --data-dir /var/lib/rancher/k3s"
+ " --etcd-expose-metrics true"
+ " --etcd-snapshot-schedule-cron '0 */12 * * *'"
# disable some features we don't need
+ " --disable-helm-controller" # we use fluxcd instead
+ " --disable=traefik" # deploy our own ingress controller instead
+ " --disable=servicelb" # we use kube-vip instead
+ " --flannel-backend=none" # we use cilium instead
+ " --disable-network-policy";
extraFlags = let
flagList =
[
"--write-kubeconfig ${kubeconfigFile}"
"--write-kubeconfig-mode=644"
"--service-node-port-range=80-32767"
"--kube-apiserver-arg='--allow-privileged=true'" # required by kubevirt
"--data-dir /var/lib/rancher/k3s"
"--etcd-expose-metrics=true"
"--etcd-snapshot-schedule-cron='0 */12 * * *'"
# disable some features we don't need
"--disable-helm-controller" # we use fluxcd instead
"--disable=traefik" # deploy our own ingress controller instead
"--disable=servicelb" # we use kube-vip instead
"--flannel-backend=none" # we use cilium instead
"--disable-network-policy"
]
# prevent workloads from running on the master
++ (pkgs.lib.optionals addTaints ["--node-taint=CriticalAddonsOnly=true:NoExecute"]);
in
pkgs.lib.concatStringsSep " " flagList;
};
# create symlinks to link k3s's cni directory to the one used by almost all CNI plugins
systemd.tmpfiles.rules = [
"L+ /opt/cni/bin - - - - /var/lib/rancher/k3s/data/current/bin"
# seems like k3s's containerd will create /etc/cni/net.d, so we don't need to create a symlink for it
# "L+ /etc/cni/net.d - - - - /var/lib/rancher/k3s/agent/etc/cni/net.d"
];
}