kubernetes: fix breakage introduced by upgrade to 1.22
This commit is contained in:
parent
e67c07f098
commit
6c38bb6d5d
4 changed files with 11 additions and 15 deletions
|
@ -668,11 +668,6 @@
|
||||||
to use wildcards in the <literal>source</literal> argument.
|
to use wildcards in the <literal>source</literal> argument.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
|
||||||
<para>
|
|
||||||
<<<<<<< HEAD
|
|
||||||
</para>
|
|
||||||
<itemizedlist>
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
The <literal>openrazer</literal> and
|
The <literal>openrazer</literal> and
|
||||||
|
@ -715,6 +710,13 @@
|
||||||
release is also still available.
|
release is also still available.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The <literal>kubernetes</literal> package was upgraded to
|
||||||
|
1.22. The <literal>kubernetes.apiserver.kubeletHttps</literal>
|
||||||
|
option was removed and HTTPS is always used.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
</section>
|
</section>
|
||||||
<section xml:id="sec-release-21.11-notable-changes">
|
<section xml:id="sec-release-21.11-notable-changes">
|
||||||
|
|
|
@ -171,7 +171,6 @@ pt-services.clipcat.enable).
|
||||||
|
|
||||||
- `programs.neovim.runtime` switched to a `linkFarm` internally, making it impossible to use wildcards in the `source` argument.
|
- `programs.neovim.runtime` switched to a `linkFarm` internally, making it impossible to use wildcards in the `source` argument.
|
||||||
|
|
||||||
<<<<<<< HEAD
|
|
||||||
- The `openrazer` and `openrazer-daemon` packages as well as the `hardware.openrazer` module now require users to be members of the `openrazer` group instead of `plugdev`. With this change, users no longer need be granted the entire set of `plugdev` group permissions, which can include permissions other than those required by `openrazer`. This is desirable from a security point of view. The setting [`harware.openrazer.users`](options.html#opt-services.hardware.openrazer.users) can be used to add users to the `openrazer` group.
|
- The `openrazer` and `openrazer-daemon` packages as well as the `hardware.openrazer` module now require users to be members of the `openrazer` group instead of `plugdev`. With this change, users no longer need be granted the entire set of `plugdev` group permissions, which can include permissions other than those required by `openrazer`. This is desirable from a security point of view. The setting [`harware.openrazer.users`](options.html#opt-services.hardware.openrazer.users) can be used to add users to the `openrazer` group.
|
||||||
|
|
||||||
- The `yambar` package has been split into `yambar` and `yambar-wayland`, corresponding to the xorg and wayland backend respectively. Please switch to `yambar-wayland` if you are on wayland.
|
- The `yambar` package has been split into `yambar` and `yambar-wayland`, corresponding to the xorg and wayland backend respectively. Please switch to `yambar-wayland` if you are on wayland.
|
||||||
|
@ -182,6 +181,8 @@ To be able to access the web UI this port needs to be opened in the firewall.
|
||||||
|
|
||||||
- The `varnish` package was upgraded from 6.3.x to 6.5.x. `varnish60` for the last LTS release is also still available.
|
- The `varnish` package was upgraded from 6.3.x to 6.5.x. `varnish60` for the last LTS release is also still available.
|
||||||
|
|
||||||
|
- The `kubernetes` package was upgraded to 1.22. The `kubernetes.apiserver.kubeletHttps` option was removed and HTTPS is always used.
|
||||||
|
|
||||||
## Other Notable Changes {#sec-release-21.11-notable-changes}
|
## Other Notable Changes {#sec-release-21.11-notable-changes}
|
||||||
|
|
||||||
- The setting [`services.openssh.logLevel`](options.html#opt-services.openssh.logLevel) `"VERBOSE"` `"INFO"`. This brings NixOS in line with upstream and other Linux distributions, and reduces log spam on servers due to bruteforcing botnets.
|
- The setting [`services.openssh.logLevel`](options.html#opt-services.openssh.logLevel) `"VERBOSE"` `"INFO"`. This brings NixOS in line with upstream and other Linux distributions, and reduces log spam on servers due to bruteforcing botnets.
|
||||||
|
|
|
@ -190,12 +190,6 @@ in
|
||||||
type = nullOr path;
|
type = nullOr path;
|
||||||
};
|
};
|
||||||
|
|
||||||
kubeletHttps = mkOption {
|
|
||||||
description = "Whether to use https for connections to kubelet.";
|
|
||||||
default = true;
|
|
||||||
type = bool;
|
|
||||||
};
|
|
||||||
|
|
||||||
preferredAddressTypes = mkOption {
|
preferredAddressTypes = mkOption {
|
||||||
description = "List of the preferred NodeAddressTypes to use for kubelet connections.";
|
description = "List of the preferred NodeAddressTypes to use for kubelet connections.";
|
||||||
type = nullOr str;
|
type = nullOr str;
|
||||||
|
@ -365,7 +359,6 @@ in
|
||||||
"--feature-gates=${concatMapStringsSep "," (feature: "${feature}=true") cfg.featureGates}"} \
|
"--feature-gates=${concatMapStringsSep "," (feature: "${feature}=true") cfg.featureGates}"} \
|
||||||
${optionalString (cfg.basicAuthFile != null)
|
${optionalString (cfg.basicAuthFile != null)
|
||||||
"--basic-auth-file=${cfg.basicAuthFile}"} \
|
"--basic-auth-file=${cfg.basicAuthFile}"} \
|
||||||
--kubelet-https=${boolToString cfg.kubeletHttps} \
|
|
||||||
${optionalString (cfg.kubeletClientCaFile != null)
|
${optionalString (cfg.kubeletClientCaFile != null)
|
||||||
"--kubelet-certificate-authority=${cfg.kubeletClientCaFile}"} \
|
"--kubelet-certificate-authority=${cfg.kubeletClientCaFile}"} \
|
||||||
${optionalString (cfg.kubeletClientCertFile != null)
|
${optionalString (cfg.kubeletClientCertFile != null)
|
||||||
|
|
|
@ -58,7 +58,7 @@ in
|
||||||
services.kubernetes.addonManager.bootstrapAddons = mkIf ((storageBackend == "kubernetes") && (elem "RBAC" top.apiserver.authorizationMode)) {
|
services.kubernetes.addonManager.bootstrapAddons = mkIf ((storageBackend == "kubernetes") && (elem "RBAC" top.apiserver.authorizationMode)) {
|
||||||
|
|
||||||
flannel-cr = {
|
flannel-cr = {
|
||||||
apiVersion = "rbac.authorization.k8s.io/v1beta1";
|
apiVersion = "rbac.authorization.k8s.io/v1";
|
||||||
kind = "ClusterRole";
|
kind = "ClusterRole";
|
||||||
metadata = { name = "flannel"; };
|
metadata = { name = "flannel"; };
|
||||||
rules = [{
|
rules = [{
|
||||||
|
@ -79,7 +79,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
flannel-crb = {
|
flannel-crb = {
|
||||||
apiVersion = "rbac.authorization.k8s.io/v1beta1";
|
apiVersion = "rbac.authorization.k8s.io/v1";
|
||||||
kind = "ClusterRoleBinding";
|
kind = "ClusterRoleBinding";
|
||||||
metadata = { name = "flannel"; };
|
metadata = { name = "flannel"; };
|
||||||
roleRef = {
|
roleRef = {
|
||||||
|
|
Loading…
Reference in a new issue