diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix
index 8820a6da8c0b..b15dd84999a9 100644
--- a/nixos/modules/rename.nix
+++ b/nixos/modules/rename.nix
@@ -31,6 +31,7 @@ with lib;
(mkRenamedOptionModule [ "services" "graphite" "web" "host" ] [ "services" "graphite" "web" "listenAddress" ])
(mkRenamedOptionModule [ "services" "i2pd" "extIp" ] [ "services" "i2pd" "address" ])
(mkRenamedOptionModule [ "services" "kibana" "host" ] [ "services" "kibana" "listenAddress" ])
+ (mkRenamedOptionModule [ "services" "kubernetes" "apiserver" "admissionControl" ] [ "services" "kubernetes" "apiserver" "enableAdmissionPlugins" ])
(mkRenamedOptionModule [ "services" "logstash" "address" ] [ "services" "logstash" "listenAddress" ])
(mkRenamedOptionModule [ "services" "mpd" "network" "host" ] [ "services" "mpd" "network" "listenAddress" ])
(mkRenamedOptionModule [ "services" "neo4j" "host" ] [ "services" "neo4j" "listenAddress" ])
diff --git a/nixos/modules/services/cluster/kubernetes/default.nix b/nixos/modules/services/cluster/kubernetes/default.nix
index d0309ebd5b8a..8216e686facd 100644
--- a/nixos/modules/services/cluster/kubernetes/default.nix
+++ b/nixos/modules/services/cluster/kubernetes/default.nix
@@ -5,6 +5,37 @@ with lib;
let
cfg = config.services.kubernetes;
+ # YAML config; see:
+ # https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/
+ # https://github.com/kubernetes/kubernetes/blob/release-1.10/pkg/kubelet/apis/kubeletconfig/v1beta1/types.go
+ #
+ # TODO: migrate the following flags to this config file
+ #
+ # --pod-manifest-path
+ # --address
+ # --port
+ # --tls-cert-file
+ # --tls-private-key-file
+ # --client-ca-file
+ # --authentication-token-webhook
+ # --authentication-token-webhook-cache-ttl
+ # --authorization-mode
+ # --healthz-bind-address
+ # --healthz-port
+ # --allow-privileged
+ # --cluster-dns
+ # --cluster-domain
+ # --hairpin-mode
+ # --feature-gates
+ kubeletConfig = pkgs.runCommand "kubelet-config.yaml" { } ''
+ echo > $out ${pkgs.lib.escapeShellArg (builtins.toJSON {
+ kind = "KubeletConfiguration";
+ apiVersion = "kubelet.config.k8s.io/v1beta1";
+ ${if cfg.kubelet.applyManifests then "staticPodPath" else null} =
+ manifests;
+ })}
+ '';
+
skipAttrs = attrs: map (filterAttrs (k: v: k != "enable"))
(filter (v: !(hasAttr "enable" v) || v.enable) attrs);
@@ -339,9 +370,9 @@ in {
type = types.str;
};
- admissionControl = mkOption {
+ enableAdmissionPlugins = mkOption {
description = ''
- Kubernetes admission control plugins to use. See
+ Kubernetes admission control plugins to enable. See
'';
default = ["NamespaceLifecycle" "LimitRanger" "ServiceAccount" "ResourceQuota" "DefaultStorageClass" "DefaultTolerationSeconds" "NodeRestriction"];
@@ -353,6 +384,15 @@ in {
type = types.listOf types.str;
};
+ disableAdmissionPlugins = mkOption {
+ description = ''
+ Kubernetes admission control plugins to disable. See
+
+ '';
+ default = [];
+ type = types.listOf types.str;
+ };
+
serviceAccountKeyFile = mkOption {
description = ''
Kubernetes apiserver PEM-encoded x509 RSA private or public key file,
@@ -573,6 +613,7 @@ in {
type = types.bool;
};
+ # TODO: remove this deprecated flag
cadvisorPort = mkOption {
description = "Kubernetes kubelet local cadvisor port.";
default = 4194;
@@ -783,12 +824,10 @@ in {
serviceConfig = {
Slice = "kubernetes.slice";
ExecStart = ''${cfg.package}/bin/kubelet \
- ${optionalString cfg.kubelet.applyManifests
- "--pod-manifest-path=${manifests}"} \
${optionalString (taints != "")
"--register-with-taints=${taints}"} \
--kubeconfig=${mkKubeConfig "kubelet" cfg.kubelet.kubeconfig} \
- --require-kubeconfig \
+ --config=${kubeletConfig} \
--address=${cfg.kubelet.address} \
--port=${toString cfg.kubelet.port} \
--register-node=${boolToString cfg.kubelet.registerNode} \
@@ -899,7 +938,8 @@ in {
--service-cluster-ip-range=${cfg.apiserver.serviceClusterIpRange} \
${optionalString (cfg.apiserver.runtimeConfig != "")
"--runtime-config=${cfg.apiserver.runtimeConfig}"} \
- --admission_control=${concatStringsSep "," cfg.apiserver.admissionControl} \
+ --enable-admission-plugins=${concatStringsSep "," cfg.apiserver.enableAdmissionPlugins} \
+ --disable-admission-plugins=${concatStringsSep "," cfg.apiserver.disableAdmissionPlugins} \
${optionalString (cfg.apiserver.serviceAccountKeyFile!=null)
"--service-account-key-file=${cfg.apiserver.serviceAccountKeyFile}"} \
${optionalString cfg.verbose "--v=6"} \
diff --git a/pkgs/applications/networking/cluster/kubernetes/default.nix b/pkgs/applications/networking/cluster/kubernetes/default.nix
index e1023afc7aba..c2d0fa3e7063 100644
--- a/pkgs/applications/networking/cluster/kubernetes/default.nix
+++ b/pkgs/applications/networking/cluster/kubernetes/default.nix
@@ -7,7 +7,7 @@
"cmd/kube-apiserver"
"cmd/kube-controller-manager"
"cmd/kube-proxy"
- "plugin/cmd/kube-scheduler"
+ "cmd/kube-scheduler"
"test/e2e/e2e.test"
]
}:
@@ -16,16 +16,16 @@ with lib;
stdenv.mkDerivation rec {
name = "kubernetes-${version}";
- version = "1.9.7";
+ version = "1.10.0";
src = fetchFromGitHub {
owner = "kubernetes";
repo = "kubernetes";
rev = "v${version}";
- sha256 = "1dykh48c6bvypg51mlxjdyrggpjq597mjj83xgj1pfadsy6pp9bh";
+ sha256 = "0k6m55p0q8qscg8l7y1ymmp5vc3i07znqk61g4hs1gx0dj3id6mc";
};
- # go > 1.10 should be fixed by https://github.com/kubernetes/kubernetes/pull/60373
+ # go > 1.10 should be fixed by https://github.com/kubernetes/kubernetes/pull/60597
buildInputs = [ removeReferencesTo makeWrapper which go_1_9 rsync go-bindata ];
outputs = ["out" "man" "pause"];