b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge pull request #33954 from kuznero/pr/kubernetes

Browse source 
kubernetes: 1.7.9 -> 1.9.1
This commit is contained in:
Tim Steinbach 2018-02-16 13:56:59 +00:00 committed by GitHub
parent b2f39f97d0 f44a81e19f
commit 87559028ef
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 19 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
nixos/modules/services/cluster/kubernetes/dashboard.nix
View file

@ -6,12 +6,12 @@ let
cfg = config.services.kubernetes.addons.dashboard; cfg = config.services.kubernetes.addons.dashboard;
name = "gcr.io/google_containers/kubernetes-dashboard-amd64"; name = "gcr.io/google_containers/kubernetes-dashboard-amd64";
version = "v1.6.3"; version = "v1.8.2";
image = pkgs.dockerTools.pullImage { image = pkgs.dockerTools.pullImage {
imageName = name; imageName = name;
imageTag = version; imageTag = version;
sha256 = "1sf54d96nkgic9hir9c6p14gw24ns1k5d5a0r1sg414kjrvic0b4"; sha256 = "11h0fz3wxp0f10fsyqaxjm7l2qg7xws50dv5iwlck5gb1fjmajad";
}; };
in { in {
options.services.kubernetes.addons.dashboard = { options.services.kubernetes.addons.dashboard = {

6
nixos/modules/services/cluster/kubernetes/default.nix
View file

@ -301,8 +301,8 @@ in {
Kubernetes apiserver authorization mode (AlwaysAllow/AlwaysDeny/ABAC/RBAC). See Kubernetes apiserver authorization mode (AlwaysAllow/AlwaysDeny/ABAC/RBAC). See
<link xlink:href="http://kubernetes.io/docs/admin/authorization.html"/> <link xlink:href="http://kubernetes.io/docs/admin/authorization.html"/>
''; '';
default = ["RBAC"]; default = ["RBAC" "Node"];
type = types.listOf (types.enum ["AlwaysAllow" "AlwaysDeny" "ABAC" "RBAC"]); type = types.listOf (types.enum ["AlwaysAllow" "AlwaysDeny" "ABAC" "RBAC" "Node"]);
}; };
authorizationPolicy = mkOption { authorizationPolicy = mkOption {
@ -344,7 +344,7 @@ in {
Kubernetes admission control plugins to use. See Kubernetes admission control plugins to use. See
<link xlink:href="http://kubernetes.io/docs/admin/admission-controllers/"/> <link xlink:href="http://kubernetes.io/docs/admin/admission-controllers/"/>
''; '';
default = ["NamespaceLifecycle" "LimitRanger" "ServiceAccount" "ResourceQuota" "DefaultStorageClass" "DefaultTolerationSeconds"]; default = ["NamespaceLifecycle" "LimitRanger" "ServiceAccount" "ResourceQuota" "DefaultStorageClass" "DefaultTolerationSeconds" "NodeRestriction"];
example = [ example = [
"NamespaceLifecycle" "NamespaceExists" "LimitRanger" "NamespaceLifecycle" "NamespaceExists" "LimitRanger"
"SecurityContextDeny" "ServiceAccount" "ResourceQuota" "SecurityContextDeny" "ServiceAccount" "ResourceQuota"

2
nixos/tests/kubernetes/base.nix
View file

@ -7,7 +7,7 @@ let
mkKubernetesBaseTest = mkKubernetesBaseTest =
{ name, domain ? "my.zyx", test, machines { name, domain ? "my.zyx", test, machines
, pkgs ? import <nixpkgs> { inherit system; } , pkgs ? import <nixpkgs> { inherit system; }
, certs ? import ./certs.nix { inherit pkgs; externalDomain = domain; } , certs ? import ./certs.nix { inherit pkgs; externalDomain = domain; kubelets = attrNames machines; }
, extraConfiguration ? null }: , extraConfiguration ? null }:
let let
masterName = head (filter (machineName: any (role: role == "master") machines.${machineName}.roles) (attrNames machines)); masterName = head (filter (machineName: any (role: role == "master") machines.${machineName}.roles) (attrNames machines));

11
nixos/tests/kubernetes/certs.nix
View file

@ -2,7 +2,8 @@
pkgs ? import <nixpkgs> {}, pkgs ? import <nixpkgs> {},
internalDomain ? "cloud.yourdomain.net", internalDomain ? "cloud.yourdomain.net",
externalDomain ? "myawesomecluster.cluster.yourdomain.net", externalDomain ? "myawesomecluster.cluster.yourdomain.net",
serviceClusterIp ? "10.0.0.1" serviceClusterIp ? "10.0.0.1",
kubelets
}: }:
let let
runWithCFSSL = name: cmd: runWithCFSSL = name: cmd:
@ -123,9 +124,10 @@ let
}; };
apiserver-client = { apiserver-client = {
kubelet = createClientCertKey { kubelet = hostname: createClientCertKey {
inherit ca; inherit ca;
cn = "apiserver-client-kubelet"; name = "apiserver-client-kubelet-${hostname}";
cn = "system:node:${hostname}.${externalDomain}";
groups = ["system:nodes"]; groups = ["system:nodes"];
}; };
@ -175,10 +177,9 @@ in {
paths = [ paths = [
(writeCFSSL (noKey ca)) (writeCFSSL (noKey ca))
(writeCFSSL kubelet) (writeCFSSL kubelet)
(writeCFSSL apiserver-client.kubelet)
(writeCFSSL apiserver-client.kube-proxy) (writeCFSSL apiserver-client.kube-proxy)
(writeCFSSL etcd-client) (writeCFSSL etcd-client)
]; ] ++ map (hostname: writeCFSSL (apiserver-client.kubelet hostname)) kubelets;
}; };
admin = writeCFSSL apiserver-client.admin; admin = writeCFSSL apiserver-client.admin;

2
nixos/tests/kubernetes/dns.nix
View file

@ -3,7 +3,7 @@ with import ./base.nix { inherit system; };
let let
domain = "my.zyx"; domain = "my.zyx";
certs = import ./certs.nix { externalDomain = domain; }; certs = import ./certs.nix { externalDomain = domain; kubelets = [ "machine1" "machine2" ]; };
redisPod = pkgs.writeText "redis-pod.json" (builtins.toJSON { redisPod = pkgs.writeText "redis-pod.json" (builtins.toJSON {
kind = "Pod"; kind = "Pod";

4
nixos/tests/kubernetes/kubernetes-common.nix
View file

@ -29,8 +29,8 @@ let
tlsKeyFile = "${certs.worker}/kubelet-key.pem"; tlsKeyFile = "${certs.worker}/kubelet-key.pem";
hostname = "${config.networking.hostName}.${config.networking.domain}"; hostname = "${config.networking.hostName}.${config.networking.domain}";
kubeconfig = { kubeconfig = {
certFile = "${certs.worker}/apiserver-client-kubelet.pem"; certFile = "${certs.worker}/apiserver-client-kubelet-${config.networking.hostName}.pem";
keyFile = "${certs.worker}/apiserver-client-kubelet-key.pem"; keyFile = "${certs.worker}/apiserver-client-kubelet-${config.networking.hostName}-key.pem";
}; };
}; };
controllerManager = { controllerManager = {

4
pkgs/applications/networking/cluster/kubecfg/default.nix
View file

@ -1,6 +1,6 @@
{ lib, buildGoPackage, fetchFromGitHub, ... }: { lib, buildGoPackage, fetchFromGitHub, ... }:
let version = "0.5.0"; in let version = "0.6.0"; in
buildGoPackage { buildGoPackage {
name = "kubecfg-${version}"; name = "kubecfg-${version}";
@ -9,7 +9,7 @@ buildGoPackage {
owner = "ksonnet"; owner = "ksonnet";
repo = "kubecfg"; repo = "kubecfg";
rev = "v${version}"; rev = "v${version}";
sha256 = "1s8w133p8qkj3dr73jimajm9ddp678lw9k9symj8rjw5p35igr93"; sha256 = "12kv1p707kdxjx5l8rcikd1gjwp5xjxdmmyvlpnvyagrphgrwpsf";
}; };
goPackagePath = "github.com/ksonnet/kubecfg"; goPackagePath = "github.com/ksonnet/kubecfg";

6
pkgs/applications/networking/cluster/kubernetes/default.nix
View file

@ -8,8 +8,6 @@
"cmd/kube-controller-manager" "cmd/kube-controller-manager"
"cmd/kube-proxy" "cmd/kube-proxy"
"plugin/cmd/kube-scheduler" "plugin/cmd/kube-scheduler"
"federation/cmd/federation-apiserver"
"federation/cmd/federation-controller-manager"
"test/e2e/e2e.test" "test/e2e/e2e.test"
] ]
}: }:
@ -18,13 +16,13 @@ with lib;
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "kubernetes-${version}"; name = "kubernetes-${version}";
version = "1.7.9"; version = "1.9.1";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "kubernetes"; owner = "kubernetes";
repo = "kubernetes"; repo = "kubernetes";
rev = "v${version}"; rev = "v${version}";
sha256 = "0lxagvv8mysw6n0vp5vsccl87b628dgsjrf298dx2dqx7wn7zjgi"; sha256 = "1dmq2g138h7fsswmq4l47b44gsl9anmm3ywqyi7y48f1rkvc11mk";
}; };
buildInputs = [ removeReferencesTo makeWrapper which go rsync go-bindata ]; buildInputs = [ removeReferencesTo makeWrapper which go rsync go-bindata ];