forked from c3d2/nix-config
update deployer
This commit is contained in:
parent
54f79a031b
commit
bbcb8eef69
|
@ -8,7 +8,7 @@
|
||||||
imports =
|
imports =
|
||||||
[ ../../../lib/lxc-container.nix
|
[ ../../../lib/lxc-container.nix
|
||||||
../../../lib/shared.nix
|
../../../lib/shared.nix
|
||||||
# ../../../lib/admins.nix
|
../../../lib/admins.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
@ -20,30 +20,35 @@
|
||||||
man
|
man
|
||||||
zsh
|
zsh
|
||||||
vim
|
vim
|
||||||
|
screen
|
||||||
|
tmux
|
||||||
];
|
];
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "deployer";
|
hostName = "deployer";
|
||||||
# usePredictableInterfacenames = false;
|
# usePredictableInterfacenames = false;
|
||||||
interfaces.ens18.ipv4.addresses = [{
|
# interfaces.ens18.ipv4.addresses = [{
|
||||||
address = "172.20.73.7";
|
# address = "172.20.73.7";
|
||||||
prefixLength = 26;
|
# prefixLength = 26;
|
||||||
}];
|
# }];
|
||||||
interfaces.ens18.ipv6.addresses = [{
|
# interfaces.ens18.ipv6.addresses = [{
|
||||||
address= "2a02:8106:208:5282:8c15:86ff:fe0f:b018";
|
# address= "2a02:8106:208:5282:8c15:86ff:fe0f:b018";
|
||||||
prefixLength = 64;
|
# prefixLength = 64;
|
||||||
}];
|
# }];
|
||||||
|
|
||||||
nameservers = [ "172.20.72.6" "9.9.9.9" ];
|
# nameservers = [ "172.20.72.6" "9.9.9.9" ];
|
||||||
|
|
||||||
defaultGateway = {
|
# defaultGateway = {
|
||||||
address = "172.20.73.1";
|
# address = "172.20.73.1";
|
||||||
interface = "eth0@if23";
|
# interface = "eth0@if23";
|
||||||
};
|
# };
|
||||||
#defaultGateway6 = {
|
# #defaultGateway6 = {
|
||||||
# address = "fe80::a800:42ff:fe7a:3246";
|
# address = "fe80::a800:42ff:fe7a:3246";
|
||||||
# interface = "ens18";
|
# interface = "ens18";
|
||||||
#};
|
#};
|
||||||
|
firewall.allowedTCPPorts = [
|
||||||
|
22
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
|
@ -60,6 +65,7 @@
|
||||||
extraGroups = [ "wheel" ];
|
extraGroups = [ "wheel" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
security.sudo.wheelNeedsPassword = false;
|
||||||
|
|
||||||
system.stateVersion = "19.03"; # Did you read the comment?
|
system.stateVersion = "19.03"; # Did you read the comment?
|
||||||
|
|
||||||
|
|
105
kubernetes/cluster.yml
Normal file
105
kubernetes/cluster.yml
Normal file
|
@ -0,0 +1,105 @@
|
||||||
|
nodes:
|
||||||
|
- address: k8s-1.hq.c3d2.de
|
||||||
|
user: ubuntu
|
||||||
|
role:
|
||||||
|
- controlplane
|
||||||
|
- etcd
|
||||||
|
- address: k8s-2.hq.c3d2.de
|
||||||
|
user: ubuntu
|
||||||
|
role:
|
||||||
|
- controlplane
|
||||||
|
- etcd
|
||||||
|
- worker
|
||||||
|
- address: k8s-3.hq.c3d2.de
|
||||||
|
user: ubuntu
|
||||||
|
role:
|
||||||
|
- controlplane
|
||||||
|
- etcd
|
||||||
|
- worker
|
||||||
|
|
||||||
|
ssh_agent_auth: true
|
||||||
|
cluster_name: chaoscluster
|
||||||
|
kubernetes_version: v1.13.5-rancher1-2
|
||||||
|
|
||||||
|
services:
|
||||||
|
etcd:
|
||||||
|
|
||||||
|
kube-api:
|
||||||
|
# IP range for any services created on Kubernetes
|
||||||
|
# This must match the service_cluster_ip_range in kube-controller
|
||||||
|
service_cluster_ip_range: 10.43.0.0/16
|
||||||
|
# Expose a different port range for NodePort services
|
||||||
|
service_node_port_range: 30000-32767
|
||||||
|
pod_security_policy: false
|
||||||
|
# Add additional arguments to the kubernetes API server
|
||||||
|
# This WILL OVERRIDE any existing defaults
|
||||||
|
#extra_args:
|
||||||
|
# # Enable audit log to stdout
|
||||||
|
# audit-log-path: "-"
|
||||||
|
# Note for Rancher 2 users: If you are configuring Cluster Options using a Config File when creating Rancher Launched Kubernetes, the names of services should contain underscores only: `kube_controller`. This only applies to Rancher v2.0.5 and v2.0.6.
|
||||||
|
kube-controller:
|
||||||
|
# CIDR pool used to assign IP addresses to pods in the cluster
|
||||||
|
cluster_cidr: 10.42.0.0/16
|
||||||
|
# IP range for any services created on Kubernetes
|
||||||
|
# This must match the service_cluster_ip_range in kube-api
|
||||||
|
service_cluster_ip_range: 10.43.0.0/16
|
||||||
|
kubelet:
|
||||||
|
# Base domain for the cluster
|
||||||
|
cluster_domain: k8s.hq.c3d2.de
|
||||||
|
# IP address for the DNS service endpoint
|
||||||
|
cluster_dns_server: 10.43.0.10
|
||||||
|
# Fail if swap is on
|
||||||
|
fail_swap_on: false
|
||||||
|
# Set max pods to 250 instead of default 110
|
||||||
|
extra_args:
|
||||||
|
max-pods: 250
|
||||||
|
# Optionally define additional volume binds to a service
|
||||||
|
#extra_binds:
|
||||||
|
# - "/usr/libexec/kubernetes/kubelet-plugins:/usr/libexec/kubernetes/kubelet-plugins"
|
||||||
|
|
||||||
|
# Currently, only authentication strategy supported is x509.
|
||||||
|
# You can optionally create additional SANs (hostnames or IPs) to add to
|
||||||
|
# the API server PKI certificate.
|
||||||
|
# This is useful if you want to use a load balancer for the control plane servers.
|
||||||
|
authentication:
|
||||||
|
strategy: x509
|
||||||
|
sans:
|
||||||
|
- "k8s.hq.c3d2.de"
|
||||||
|
- "172.22.99.13"
|
||||||
|
- "172.22.99.15"
|
||||||
|
- "172.22.99.16"
|
||||||
|
|
||||||
|
# Kubernetes Authorization mode
|
||||||
|
# Use `mode: rbac` to enable RBAC
|
||||||
|
# Use `mode: none` to disable authorization
|
||||||
|
authorization:
|
||||||
|
mode: none
|
||||||
|
|
||||||
|
# Add-ons are deployed using kubernetes jobs. RKE will give up on trying to get the job status after this timeout in seconds..
|
||||||
|
addon_job_timeout: 30
|
||||||
|
|
||||||
|
# Currently only nginx ingress provider is supported.
|
||||||
|
# To disable ingress controller, set `provider: none`
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
provider: nginx
|
||||||
|
|
||||||
|
# All add-on manifests MUST specify a namespace
|
||||||
|
addons: |-
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Pod
|
||||||
|
metadata:
|
||||||
|
name: my-nginx
|
||||||
|
namespace: default
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: my-nginx
|
||||||
|
image: nginx
|
||||||
|
ports:
|
||||||
|
- containerPort: 80
|
||||||
|
|
||||||
|
# addons_include:
|
||||||
|
# - https://raw.githubusercontent.com/rook/rook/master/cluster/examples/kubernetes/rook-operator.yaml
|
||||||
|
# - https://raw.githubusercontent.com/rook/rook/master/cluster/examples/kubernetes/rook-cluster.yaml
|
||||||
|
# - /path/to/manifest
|
Loading…
Reference in New Issue
Block a user