kubernetes: fix breakage introduced by upgrade to 1.22

This commit is contained in:
Alexandru Scvortov 2021-08-13 17:42:27 +01:00
parent e67c07f098
commit 6c38bb6d5d
4 changed files with 11 additions and 15 deletions

View file

@ -668,11 +668,6 @@
to use wildcards in the <literal>source</literal> argument.
</para>
</listitem>
</itemizedlist>
<para>
&lt;&lt;&lt;&lt;&lt;&lt;&lt; HEAD
</para>
<itemizedlist>
<listitem>
<para>
The <literal>openrazer</literal> and
@ -715,6 +710,13 @@
release is also still available.
</para>
</listitem>
<listitem>
<para>
The <literal>kubernetes</literal> package was upgraded to
1.22. The <literal>kubernetes.apiserver.kubeletHttps</literal>
option was removed and HTTPS is always used.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-21.11-notable-changes">

View file

@ -171,7 +171,6 @@ pt-services.clipcat.enable).
- `programs.neovim.runtime` switched to a `linkFarm` internally, making it impossible to use wildcards in the `source` argument.
<<<<<<< HEAD
- The `openrazer` and `openrazer-daemon` packages as well as the `hardware.openrazer` module now require users to be members of the `openrazer` group instead of `plugdev`. With this change, users no longer need be granted the entire set of `plugdev` group permissions, which can include permissions other than those required by `openrazer`. This is desirable from a security point of view. The setting [`harware.openrazer.users`](options.html#opt-services.hardware.openrazer.users) can be used to add users to the `openrazer` group.
- The `yambar` package has been split into `yambar` and `yambar-wayland`, corresponding to the xorg and wayland backend respectively. Please switch to `yambar-wayland` if you are on wayland.
@ -182,6 +181,8 @@ To be able to access the web UI this port needs to be opened in the firewall.
- The `varnish` package was upgraded from 6.3.x to 6.5.x. `varnish60` for the last LTS release is also still available.
- The `kubernetes` package was upgraded to 1.22. The `kubernetes.apiserver.kubeletHttps` option was removed and HTTPS is always used.
## Other Notable Changes {#sec-release-21.11-notable-changes}
- The setting [`services.openssh.logLevel`](options.html#opt-services.openssh.logLevel) `"VERBOSE"` `"INFO"`. This brings NixOS in line with upstream and other Linux distributions, and reduces log spam on servers due to bruteforcing botnets.

View file

@ -190,12 +190,6 @@ in
type = nullOr path;
};
kubeletHttps = mkOption {
description = "Whether to use https for connections to kubelet.";
default = true;
type = bool;
};
preferredAddressTypes = mkOption {
description = "List of the preferred NodeAddressTypes to use for kubelet connections.";
type = nullOr str;
@ -365,7 +359,6 @@ in
"--feature-gates=${concatMapStringsSep "," (feature: "${feature}=true") cfg.featureGates}"} \
${optionalString (cfg.basicAuthFile != null)
"--basic-auth-file=${cfg.basicAuthFile}"} \
--kubelet-https=${boolToString cfg.kubeletHttps} \
${optionalString (cfg.kubeletClientCaFile != null)
"--kubelet-certificate-authority=${cfg.kubeletClientCaFile}"} \
${optionalString (cfg.kubeletClientCertFile != null)

View file

@ -58,7 +58,7 @@ in
services.kubernetes.addonManager.bootstrapAddons = mkIf ((storageBackend == "kubernetes") && (elem "RBAC" top.apiserver.authorizationMode)) {
flannel-cr = {
apiVersion = "rbac.authorization.k8s.io/v1beta1";
apiVersion = "rbac.authorization.k8s.io/v1";
kind = "ClusterRole";
metadata = { name = "flannel"; };
rules = [{
@ -79,7 +79,7 @@ in
};
flannel-crb = {
apiVersion = "rbac.authorization.k8s.io/v1beta1";
apiVersion = "rbac.authorization.k8s.io/v1";
kind = "ClusterRoleBinding";
metadata = { name = "flannel"; };
roleRef = {