Cleanup pki: scheduler
This commit is contained in:
parent
46653f84c9
commit
50c5f489ef
2 changed files with 26 additions and 25 deletions
|
@ -124,10 +124,6 @@ in
|
|||
top.caFile
|
||||
certmgrAPITokenPath
|
||||
];
|
||||
schedulerPaths = mkIf top.scheduler.enable [
|
||||
cfg.certs.schedulerClient.cert
|
||||
cfg.certs.schedulerClient.key
|
||||
];
|
||||
in
|
||||
{
|
||||
|
||||
|
@ -287,19 +283,6 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
systemd.services.kube-scheduler = mkIf top.scheduler.enable {
|
||||
environment = { inherit (top.pki.certs.schedulerClient) cert key; };
|
||||
unitConfig.ConditionPathExists = schedulerPaths;
|
||||
};
|
||||
|
||||
systemd.paths.kube-scheduler = mkIf top.scheduler.enable {
|
||||
wantedBy = [ "kube-scheduler.service" ];
|
||||
pathConfig = {
|
||||
PathExists = schedulerPaths;
|
||||
PathChanged = schedulerPaths;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.kube-control-plane-online.environment = let
|
||||
client = with cfg.certs; if top.apiserver.enable then clusterAdmin else kubelet;
|
||||
in {
|
||||
|
|
|
@ -56,18 +56,27 @@ in
|
|||
};
|
||||
|
||||
###### implementation
|
||||
config = mkIf cfg.enable {
|
||||
systemd.services.kube-scheduler = {
|
||||
config = let
|
||||
|
||||
schedulerPaths = filter (a: a != null) [
|
||||
cfg.kubeconfig.caFile
|
||||
cfg.kubeconfig.certFile
|
||||
cfg.kubeconfig.keyFile
|
||||
];
|
||||
|
||||
in mkIf cfg.enable {
|
||||
systemd.services.kube-scheduler = rec {
|
||||
description = "Kubernetes Scheduler Service";
|
||||
wantedBy = [ "kube-control-plane-online.target" ];
|
||||
after = [ "kube-apiserver.service" ];
|
||||
before = [ "kube-control-plane-online.target" ];
|
||||
environment.KUBECONFIG = top.lib.mkKubeConfig "kube-scheduler" cfg.kubeconfig;
|
||||
path = [ pkgs.kubectl ];
|
||||
preStart = ''
|
||||
${top.lib.mkWaitCurl ( with config.systemd.services.kube-scheduler; {
|
||||
sleep = 1;
|
||||
path = "/api";
|
||||
cacert = top.caFile;
|
||||
} // optionalAttrs (environment ? cert) { inherit (environment) cert key; })}
|
||||
until kubectl auth can-i get /api -q 2>/dev/null; do
|
||||
echo kubectl auth can-i get /api: exit status $?
|
||||
sleep 2
|
||||
done
|
||||
'';
|
||||
serviceConfig = {
|
||||
Slice = "kubernetes.slice";
|
||||
|
@ -75,7 +84,7 @@ in
|
|||
--address=${cfg.address} \
|
||||
${optionalString (cfg.featureGates != [])
|
||||
"--feature-gates=${concatMapStringsSep "," (feature: "${feature}=true") cfg.featureGates}"} \
|
||||
--kubeconfig=${top.lib.mkKubeConfig "kube-scheduler" cfg.kubeconfig} \
|
||||
--kubeconfig=${environment.KUBECONFIG} \
|
||||
--leader-elect=${boolToString cfg.leaderElect} \
|
||||
--port=${toString cfg.port} \
|
||||
${optionalString (cfg.verbosity != null) "--v=${toString cfg.verbosity}"} \
|
||||
|
@ -87,6 +96,15 @@ in
|
|||
Restart = "on-failure";
|
||||
RestartSec = 5;
|
||||
};
|
||||
unitConfig.ConditionPathExists = schedulerPaths;
|
||||
};
|
||||
|
||||
systemd.paths.kube-scheduler = {
|
||||
wantedBy = [ "kube-scheduler.service" ];
|
||||
pathConfig = {
|
||||
PathExists = schedulerPaths;
|
||||
PathChanged = schedulerPaths;
|
||||
};
|
||||
};
|
||||
|
||||
services.kubernetes.pki.certs = {
|
||||
|
|
Loading…
Reference in a new issue