Преглед изворни кода

update deployer

pull/1/head
Daniel Poelzleithner пре 1 година
родитељ
комит
bbcb8eef69
5 измењених фајлова са 127 додато и 16 уклоњено
  1. 22
    16
      hosts/containers/deployer/configuration.nix
  2. 105
    0
      kubernetes/cluster.yml
  3. 0
    0
      lib/common/c3d2.nix
  4. 0
    0
      lib/mpd.nix
  5. 0
    0
      lib/users.nix

+ 22
- 16
hosts/containers/deployer/configuration.nix Прегледај датотеку

@@ -8,7 +8,7 @@
8 8
   imports =
9 9
     [ ../../../lib/lxc-container.nix
10 10
     ../../../lib/shared.nix
11
-    # ../../../lib/admins.nix
11
+    ../../../lib/admins.nix
12 12
   ];
13 13
 
14 14
   environment.systemPackages = with pkgs; [
@@ -20,30 +20,35 @@
20 20
     man
21 21
     zsh
22 22
     vim
23
+    screen
24
+    tmux
23 25
   ];
24 26
 
25 27
   networking = {
26 28
     hostName = "deployer";
27 29
     # usePredictableInterfacenames = false;
28
-    interfaces.ens18.ipv4.addresses = [{
29
-        address = "172.20.73.7";
30
-        prefixLength = 26;
31
-    }];
32
-    interfaces.ens18.ipv6.addresses = [{
33
-        address= "2a02:8106:208:5282:8c15:86ff:fe0f:b018";
34
-        prefixLength = 64;
35
-    }];
30
+    # interfaces.ens18.ipv4.addresses = [{
31
+    #     address = "172.20.73.7";
32
+    #     prefixLength = 26;
33
+    # }];
34
+    # interfaces.ens18.ipv6.addresses = [{
35
+    #     address= "2a02:8106:208:5282:8c15:86ff:fe0f:b018";
36
+    #     prefixLength = 64;
37
+    # }];
36 38
 
37
-    nameservers = [ "172.20.72.6" "9.9.9.9" ];
39
+    # nameservers = [ "172.20.72.6" "9.9.9.9" ];
38 40
 
39
-    defaultGateway = {
40
-       address = "172.20.73.1";
41
-       interface = "eth0@if23";
42
-    };
43
-    #defaultGateway6 = {
41
+    # defaultGateway = {
42
+    #    address = "172.20.73.1";
43
+    #    interface = "eth0@if23";
44
+    # };
45
+    # #defaultGateway6 = {
44 46
     #  address = "fe80::a800:42ff:fe7a:3246";
45 47
     #  interface = "ens18";
46 48
     #};
49
+    firewall.allowedTCPPorts = [ 
50
+      22
51
+    ];
47 52
   };
48 53
 
49 54
   services.openssh = {
@@ -54,12 +59,13 @@
54 59
   nix.buildCores = 16;
55 60
   nix.maxJobs = 16;
56 61
 
57
-    users.extraUsers.k-ot = {
62
+  users.extraUsers.k-ot = {
58 63
      isNormalUser = true;
59 64
      uid = 1000;
60 65
     extraGroups = [ "wheel" ];
61 66
   };
62 67
 
68
+  security.sudo.wheelNeedsPassword = false;
63 69
 
64 70
   system.stateVersion = "19.03"; # Did you read the comment?
65 71
 

+ 105
- 0
kubernetes/cluster.yml Прегледај датотеку

@@ -0,0 +1,105 @@
1
+nodes:
2
+  - address: k8s-1.hq.c3d2.de
3
+    user: ubuntu
4
+    role:
5
+      - controlplane
6
+      - etcd
7
+  - address: k8s-2.hq.c3d2.de
8
+    user: ubuntu
9
+    role:
10
+      - controlplane
11
+      - etcd
12
+      - worker
13
+  - address: k8s-3.hq.c3d2.de
14
+    user: ubuntu
15
+    role:
16
+      - controlplane 
17
+      - etcd
18
+      - worker
19
+
20
+ssh_agent_auth: true
21
+cluster_name: chaoscluster
22
+kubernetes_version: v1.13.5-rancher1-2
23
+
24
+services:
25
+    etcd:
26
+
27
+    kube-api:
28
+      # IP range for any services created on Kubernetes
29
+      # This must match the service_cluster_ip_range in kube-controller
30
+      service_cluster_ip_range: 10.43.0.0/16
31
+      # Expose a different port range for NodePort services
32
+      service_node_port_range: 30000-32767    
33
+      pod_security_policy: false
34
+      # Add additional arguments to the kubernetes API server
35
+      # This WILL OVERRIDE any existing defaults
36
+      #extra_args:
37
+      #  # Enable audit log to stdout
38
+      #  audit-log-path: "-"
39
+    # Note for Rancher 2 users: If you are configuring Cluster Options using a Config File when creating Rancher Launched Kubernetes, the names of services should contain underscores only: `kube_controller`. This only applies to Rancher v2.0.5 and v2.0.6.
40
+    kube-controller:
41
+      # CIDR pool used to assign IP addresses to pods in the cluster
42
+      cluster_cidr: 10.42.0.0/16
43
+      # IP range for any services created on Kubernetes
44
+      # This must match the service_cluster_ip_range in kube-api
45
+      service_cluster_ip_range: 10.43.0.0/16
46
+    kubelet:
47
+      # Base domain for the cluster
48
+      cluster_domain: k8s.hq.c3d2.de
49
+      # IP address for the DNS service endpoint
50
+      cluster_dns_server: 10.43.0.10
51
+      # Fail if swap is on
52
+      fail_swap_on: false
53
+      # Set max pods to 250 instead of default 110
54
+      extra_args:
55
+        max-pods: 250
56
+      # Optionally define additional volume binds to a service
57
+      #extra_binds:
58
+      #  - "/usr/libexec/kubernetes/kubelet-plugins:/usr/libexec/kubernetes/kubelet-plugins"
59
+
60
+# Currently, only authentication strategy supported is x509.
61
+# You can optionally create additional SANs (hostnames or IPs) to add to
62
+#  the API server PKI certificate.
63
+# This is useful if you want to use a load balancer for the control plane servers.
64
+authentication:
65
+    strategy: x509
66
+    sans:
67
+      - "k8s.hq.c3d2.de"
68
+      - "172.22.99.13"
69
+      - "172.22.99.15"
70
+      - "172.22.99.16"
71
+
72
+# Kubernetes Authorization mode
73
+# Use `mode: rbac` to enable RBAC
74
+# Use `mode: none` to disable authorization
75
+authorization:
76
+    mode: none
77
+
78
+# Add-ons are deployed using kubernetes jobs. RKE will give up on trying to get the job status after this timeout in seconds..
79
+addon_job_timeout: 30
80
+
81
+# Currently only nginx ingress provider is supported.
82
+# To disable ingress controller, set `provider: none`
83
+
84
+ingress:
85
+    provider: nginx
86
+
87
+# All add-on manifests MUST specify a namespace
88
+addons: |-
89
+    ---
90
+    apiVersion: v1
91
+    kind: Pod
92
+    metadata:
93
+      name: my-nginx
94
+      namespace: default
95
+    spec:
96
+      containers:
97
+      - name: my-nginx
98
+        image: nginx
99
+        ports:
100
+        - containerPort: 80
101
+
102
+# addons_include:
103
+#    - https://raw.githubusercontent.com/rook/rook/master/cluster/examples/kubernetes/rook-operator.yaml
104
+#    - https://raw.githubusercontent.com/rook/rook/master/cluster/examples/kubernetes/rook-cluster.yaml
105
+#    - /path/to/manifest

common.nix → lib/common/c3d2.nix Прегледај датотеку


mpd.nix → lib/mpd.nix Прегледај датотеку


users.nix → lib/users.nix Прегледај датотеку


Loading…
Откажи
Сачувај