49 lines
1.2 KiB
Nix
49 lines
1.2 KiB
Nix
{config, numbers, pkgs, lib, ...}:
|
|
|
|
with lib;
|
|
|
|
{
|
|
services.k3s = {
|
|
enable = true;
|
|
role = "agent";
|
|
tokenFile = "/etc/k3s.token";
|
|
serverAddr =
|
|
"https://172.16.17.1:6443";
|
|
extraFlags = (
|
|
" --kubelet-arg=config=/etc/rancher/k3s/kubelet.config"+
|
|
" --kubelet-arg=allowed-unsafe-sysctls=net.*"+
|
|
" --nonroot-devices"+
|
|
"");
|
|
};
|
|
|
|
system.activationScripts.k3s-nixos-install-multus = ''
|
|
mkdir -p /var/lib/rancher/k3s/data/cni
|
|
ln -sf ${pkgs.multus-cni}/bin/multus-shim /var/lib/rancher/k3s/data/cni/multus-shim
|
|
'';
|
|
|
|
environment.etc = {
|
|
"rancher/k3s/kubelet.config".text = ''
|
|
apiVersion: kubelet.config.k8s.io/v1beta1
|
|
kind: KubeletConfiguration
|
|
maxPods: 250
|
|
'';
|
|
"rancher/k3s/registries.yaml".text = ''
|
|
mirrors:
|
|
"*":
|
|
'';
|
|
};
|
|
|
|
networking.firewall.allowedUDPPorts = [
|
|
53 80 443 5432 5001 9898 9999 6443 4222 6222 8222 2379 2380 8472 10250
|
|
];
|
|
networking.firewall.allowedUDPPortRanges = [
|
|
{ from = 5000; to = 32767; }
|
|
];
|
|
networking.firewall.allowedTCPPorts = [
|
|
53 80 443 5432 5001 9898 9999 6443 4222 6222 8222 2379 2380 10250
|
|
];
|
|
networking.firewall.allowedTCPPortRanges = [
|
|
{ from = 5000; to = 32767; }
|
|
];
|
|
}
|