forked from c3d2/nix-config
update deployer
This commit is contained in:
parent
54f79a031b
commit
bbcb8eef69
|
@ -8,7 +8,7 @@
|
|||
imports =
|
||||
[ ../../../lib/lxc-container.nix
|
||||
../../../lib/shared.nix
|
||||
# ../../../lib/admins.nix
|
||||
../../../lib/admins.nix
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
@ -20,30 +20,35 @@
|
|||
man
|
||||
zsh
|
||||
vim
|
||||
screen
|
||||
tmux
|
||||
];
|
||||
|
||||
networking = {
|
||||
hostName = "deployer";
|
||||
# usePredictableInterfacenames = false;
|
||||
interfaces.ens18.ipv4.addresses = [{
|
||||
address = "172.20.73.7";
|
||||
prefixLength = 26;
|
||||
}];
|
||||
interfaces.ens18.ipv6.addresses = [{
|
||||
address= "2a02:8106:208:5282:8c15:86ff:fe0f:b018";
|
||||
prefixLength = 64;
|
||||
}];
|
||||
# interfaces.ens18.ipv4.addresses = [{
|
||||
# address = "172.20.73.7";
|
||||
# prefixLength = 26;
|
||||
# }];
|
||||
# interfaces.ens18.ipv6.addresses = [{
|
||||
# address= "2a02:8106:208:5282:8c15:86ff:fe0f:b018";
|
||||
# prefixLength = 64;
|
||||
# }];
|
||||
|
||||
nameservers = [ "172.20.72.6" "9.9.9.9" ];
|
||||
# nameservers = [ "172.20.72.6" "9.9.9.9" ];
|
||||
|
||||
defaultGateway = {
|
||||
address = "172.20.73.1";
|
||||
interface = "eth0@if23";
|
||||
};
|
||||
#defaultGateway6 = {
|
||||
# defaultGateway = {
|
||||
# address = "172.20.73.1";
|
||||
# interface = "eth0@if23";
|
||||
# };
|
||||
# #defaultGateway6 = {
|
||||
# address = "fe80::a800:42ff:fe7a:3246";
|
||||
# interface = "ens18";
|
||||
#};
|
||||
firewall.allowedTCPPorts = [
|
||||
22
|
||||
];
|
||||
};
|
||||
|
||||
services.openssh = {
|
||||
|
@ -54,12 +59,13 @@
|
|||
nix.buildCores = 16;
|
||||
nix.maxJobs = 16;
|
||||
|
||||
users.extraUsers.k-ot = {
|
||||
users.extraUsers.k-ot = {
|
||||
isNormalUser = true;
|
||||
uid = 1000;
|
||||
extraGroups = [ "wheel" ];
|
||||
};
|
||||
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
|
||||
system.stateVersion = "19.03"; # Did you read the comment?
|
||||
|
||||
|
|
|
@ -0,0 +1,105 @@
|
|||
nodes:
|
||||
- address: k8s-1.hq.c3d2.de
|
||||
user: ubuntu
|
||||
role:
|
||||
- controlplane
|
||||
- etcd
|
||||
- address: k8s-2.hq.c3d2.de
|
||||
user: ubuntu
|
||||
role:
|
||||
- controlplane
|
||||
- etcd
|
||||
- worker
|
||||
- address: k8s-3.hq.c3d2.de
|
||||
user: ubuntu
|
||||
role:
|
||||
- controlplane
|
||||
- etcd
|
||||
- worker
|
||||
|
||||
ssh_agent_auth: true
|
||||
cluster_name: chaoscluster
|
||||
kubernetes_version: v1.13.5-rancher1-2
|
||||
|
||||
services:
|
||||
etcd:
|
||||
|
||||
kube-api:
|
||||
# IP range for any services created on Kubernetes
|
||||
# This must match the service_cluster_ip_range in kube-controller
|
||||
service_cluster_ip_range: 10.43.0.0/16
|
||||
# Expose a different port range for NodePort services
|
||||
service_node_port_range: 30000-32767
|
||||
pod_security_policy: false
|
||||
# Add additional arguments to the kubernetes API server
|
||||
# This WILL OVERRIDE any existing defaults
|
||||
#extra_args:
|
||||
# # Enable audit log to stdout
|
||||
# audit-log-path: "-"
|
||||
# Note for Rancher 2 users: If you are configuring Cluster Options using a Config File when creating Rancher Launched Kubernetes, the names of services should contain underscores only: `kube_controller`. This only applies to Rancher v2.0.5 and v2.0.6.
|
||||
kube-controller:
|
||||
# CIDR pool used to assign IP addresses to pods in the cluster
|
||||
cluster_cidr: 10.42.0.0/16
|
||||
# IP range for any services created on Kubernetes
|
||||
# This must match the service_cluster_ip_range in kube-api
|
||||
service_cluster_ip_range: 10.43.0.0/16
|
||||
kubelet:
|
||||
# Base domain for the cluster
|
||||
cluster_domain: k8s.hq.c3d2.de
|
||||
# IP address for the DNS service endpoint
|
||||
cluster_dns_server: 10.43.0.10
|
||||
# Fail if swap is on
|
||||
fail_swap_on: false
|
||||
# Set max pods to 250 instead of default 110
|
||||
extra_args:
|
||||
max-pods: 250
|
||||
# Optionally define additional volume binds to a service
|
||||
#extra_binds:
|
||||
# - "/usr/libexec/kubernetes/kubelet-plugins:/usr/libexec/kubernetes/kubelet-plugins"
|
||||
|
||||
# Currently, only authentication strategy supported is x509.
|
||||
# You can optionally create additional SANs (hostnames or IPs) to add to
|
||||
# the API server PKI certificate.
|
||||
# This is useful if you want to use a load balancer for the control plane servers.
|
||||
authentication:
|
||||
strategy: x509
|
||||
sans:
|
||||
- "k8s.hq.c3d2.de"
|
||||
- "172.22.99.13"
|
||||
- "172.22.99.15"
|
||||
- "172.22.99.16"
|
||||
|
||||
# Kubernetes Authorization mode
|
||||
# Use `mode: rbac` to enable RBAC
|
||||
# Use `mode: none` to disable authorization
|
||||
authorization:
|
||||
mode: none
|
||||
|
||||
# Add-ons are deployed using kubernetes jobs. RKE will give up on trying to get the job status after this timeout in seconds..
|
||||
addon_job_timeout: 30
|
||||
|
||||
# Currently only nginx ingress provider is supported.
|
||||
# To disable ingress controller, set `provider: none`
|
||||
|
||||
ingress:
|
||||
provider: nginx
|
||||
|
||||
# All add-on manifests MUST specify a namespace
|
||||
addons: |-
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: my-nginx
|
||||
namespace: default
|
||||
spec:
|
||||
containers:
|
||||
- name: my-nginx
|
||||
image: nginx
|
||||
ports:
|
||||
- containerPort: 80
|
||||
|
||||
# addons_include:
|
||||
# - https://raw.githubusercontent.com/rook/rook/master/cluster/examples/kubernetes/rook-operator.yaml
|
||||
# - https://raw.githubusercontent.com/rook/rook/master/cluster/examples/kubernetes/rook-cluster.yaml
|
||||
# - /path/to/manifest
|
Loading…
Reference in New Issue