Commit graph

34 commits

Author SHA1 Message Date
Thomas Kim Pham
1d07b0edac add missing k8s Webhook authorization mode 2018-06-19 22:33:57 +02:00
Johan Thomsen
f9ad1cae78 nixos/kubernetes: dashboard lockdown
Kubernetes dashboard currently has cluster admin permissions,
which is not recommended.

- Renamed option "services.kubernetes.addons.dashboard.enableRBAC" to "services.kubernetes.addons.dashboard.rbac.enable"
- Added option "services.kubernetes.addons.dashboard.rbac.clusterAdmin", default = false.
- Setting recommended minimal permissions for the dashboard in accordance with https://github.com/kubernetes/dashboard/wiki/Installation
- Updated release note for 18.09.
2018-06-19 22:28:00 +02:00
Johan Thomsen
8d7ea96a13 nixos/kubernetes: improvements
- Added option 'cni.configDir' to allow for having CNI config outside of nix-store
  Existing behavior (writing verbatim CNI conf-files to nix-store) is still available.

- Removed unused option 'apiserver.publicAddress' and changed 'apiserver.address' to 'bindAddress'
  This conforms better to k8s docs and removes existing --bind-address hardcoding to 0.0.0.0

- Fixed c/p mistake in apiserver systemd unit description

- Updated 18.09 release notes to reflect changes to existing options
  And fixed some typos from previous PR

- Make docker images for Kubernetes Dashboard and kube-dns configurable
2018-06-12 22:47:32 +02:00
Geoffrey Huntley
ca0e52edc3 kubernetes: corrected spelling mistake in docs (#41439) 2018-06-04 05:45:25 +00:00
Geoffrey Huntley
f607f01b70 fix: connect the --bind-address arg to the cfg.apiserver.address option 2018-05-28 18:07:06 +02:00
Alberto Berti
29fd05f3f5 Kuberetes Dashboard addon 1.8.2 -> 1.8.3
As shipped with k8s 1.10.3.

Also:
- updated the definition jsons as they are distributed in k8s.
- updated the image uris as they are renamed in k8s
- added imageDigest param as per 736848723e
2018-05-25 11:10:02 +02:00
Alberto Berti
55fa98dd76 Kuberbetes DNS addon 1.14.4 -> 1.14.10
As shipped with k8s 1.10.3.

Also:
- updated the definition jsons as they are distributed in k8s.
- updated the image uris as they are renamed in k8s
- added imageDigest param as per 736848723e
2018-05-25 10:59:10 +02:00
Charles Strahan
996849ab86 kubernetes: update to 1.10 2018-05-25 10:50:36 +02:00
lewo
4ccb13adb6
Merge pull request #40665 from seppeljordan/fix-kubernetes-modules
nixos/kubernetes: Update kube-dns and kube-dashbashboard docker image…
2018-05-24 20:31:35 +02:00
Geoffrey Huntley
e22d072c64 kubernetes: fix 404 links to documentation 2018-05-24 14:16:08 +02:00
Kevin Liu
b6f2e75d75
kubernetes-dashboard: raise memory limit to 250MB
On my cluster, I often get OOM errors that cause the dashboard to crash just by going over 50MB.
2018-05-21 21:07:24 -04:00
Sebastian Jordan
b4b3892bd1 nixos/kubernetes: Update kube-dns and kube-dashbashboard docker image derivations to new pullImage function signature 2018-05-16 15:42:16 +02:00
Charles Strahan
709b6f664e
nixos: kubernetes fixes
* Fix reference CNI plugins
  * The plugins were split out of the upstream cni repo around version
    0.6.0

* Fix RBAC and DNS tests
  * Fix broken apiVersion fields
  * Change plugin linking to look in ${package}/bin rather than
    ${package.plugins}

* Initial work towards a working e2e test
  * Test still fails, but at least the expression evaluates now

Continues @srhb's work in #37199

Fixes #37199
2018-03-30 17:33:45 -04:00
Ryan Mulligan
b189247ba0 treewide: use more HTTPS URLs
Uses the HTTPS url for cases where the existing URL has a permanent
redirect. For each domain, at least one fixed derivation URL was
downloaded to test the domain is properly serving downloads.

Also fixes jbake source URL, which was broken.
2018-03-24 22:04:25 -07:00
Sarah Brofeldt
bf58890a5a nixos/k8s: Enable Node authorizer and NodeRestriction by default 2018-02-04 21:23:36 +01:00
Roman Kuznetsov
f63604a598
kubernetes-dashboard (module): 1.6.3 -> 1.8.2 2018-01-17 09:01:32 +01:00
Robin Gloster
4aeb38e5b9
Revert "kubernetes: fix hashes after dockerTools change"
This reverts commit 9ba024f6d8.
2017-09-28 14:09:49 +02:00
Robin Gloster
9ba024f6d8
kubernetes: fix hashes after dockerTools change 2017-09-24 12:09:07 +02:00
Matej Cotman
6ea272ced4 kubernetes: fix dns addon hashes, fix clusterDns, enable proxy on master 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
ddf5de5de0 kubernetes module: refactor module system, kube-dns as module 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
2beadcf181 kubernetes module: seedDockerImages option for seeding docker images built with nix 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
9d97c92d68 kubernetes module: webhook authorization for kubelet 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
7c893623d4 kubernetes module: fix documentation links 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
74f99525e0 kubernetes module: add featureGates option 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
55dbbfd899 kubernetes module: kubelet, add socat to path for kubectl portforward 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
8e48fff268 kubernetes module: enable leader elect by default 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
856ca7347f kubernetes module: add storage and tolerations addmission controllers 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
d842d539d9 kubernetes module: fix cidr ranges 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
b25d155976 kubernetes module: default auth mode to only RBAC 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
c2622910ab kubernetes module: add support for common CA file 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
c96ca5f3bd kubernetes module: per service kubeconfig support 2017-09-24 11:44:25 +02:00
Jaka Hudoklin
7dfeac88ac kubernetes module: flannel support, minor fixes
- add flannel support
- remove deprecated authorizationRBACSuperAdmin option
- rename from deprecated poratalNet to serviceClusterIpRange
- add nodeIp option for kubelet
- kubelet, add br_netfilter to kernelModules
- enable firewall by default
- enable dns by default on node and on master
- disable iptables for docker by default on nodes
- dns, restart on failure
- update tests

and other minor changes
2017-09-24 11:44:25 +02:00
Matej Cotman
8e14e978c8 kubernetes: fix minor issues 2017-09-24 11:44:25 +02:00
Matej Cotman
ed322f4235 kubernetes: update service 2017-09-24 11:44:25 +02:00