diff options
| author | Christian Albrecht <christian.albrecht@mayflower.de> | 2019-03-11 11:03:40 +0100 |
|---|---|---|
| committer | Christian Albrecht <christian.albrecht@mayflower.de> | 2019-03-11 12:22:53 +0100 |
| commit | 50c5f489ef4d9a1273860a5f5eaa9810f2c9d2ce (patch) | |
| tree | f4348eb49aa38fbcd3793ca1b8a165bca71c8e22 /nixos/modules/services/cluster/kubernetes/scheduler.nix | |
| parent | 46653f84c94ab9190a6841dbbfd874bb25d2a7f6 (diff) | |
Cleanup pki: scheduler
Diffstat (limited to 'nixos/modules/services/cluster/kubernetes/scheduler.nix')
| -rw-r--r-- | nixos/modules/services/cluster/kubernetes/scheduler.nix | 34 |
1 files changed, 26 insertions, 8 deletions
diff --git a/nixos/modules/services/cluster/kubernetes/scheduler.nix b/nixos/modules/services/cluster/kubernetes/scheduler.nix index 32a84563076b..d58528259547 100644 --- a/nixos/modules/services/cluster/kubernetes/scheduler.nix +++ b/nixos/modules/services/cluster/kubernetes/scheduler.nix @@ -56,18 +56,27 @@ in }; ###### implementation - config = mkIf cfg.enable { - systemd.services.kube-scheduler = { + config = let + + schedulerPaths = filter (a: a != null) [ + cfg.kubeconfig.caFile + cfg.kubeconfig.certFile + cfg.kubeconfig.keyFile + ]; + + in mkIf cfg.enable { + systemd.services.kube-scheduler = rec { description = "Kubernetes Scheduler Service"; wantedBy = [ "kube-control-plane-online.target" ]; after = [ "kube-apiserver.service" ]; before = [ "kube-control-plane-online.target" ]; + environment.KUBECONFIG = top.lib.mkKubeConfig "kube-scheduler" cfg.kubeconfig; + path = [ pkgs.kubectl ]; preStart = '' - ${top.lib.mkWaitCurl ( with config.systemd.services.kube-scheduler; { - sleep = 1; - path = "/api"; - cacert = top.caFile; - } // optionalAttrs (environment ? cert) { inherit (environment) cert key; })} + until kubectl auth can-i get /api -q 2>/dev/null; do + echo kubectl auth can-i get /api: exit status $? + sleep 2 + done ''; serviceConfig = { Slice = "kubernetes.slice"; @@ -75,7 +84,7 @@ in --address=${cfg.address} \ ${optionalString (cfg.featureGates != []) "--feature-gates=${concatMapStringsSep "," (feature: "${feature}=true") cfg.featureGates}"} \ - --kubeconfig=${top.lib.mkKubeConfig "kube-scheduler" cfg.kubeconfig} \ + --kubeconfig=${environment.KUBECONFIG} \ --leader-elect=${boolToString cfg.leaderElect} \ --port=${toString cfg.port} \ ${optionalString (cfg.verbosity != null) "--v=${toString cfg.verbosity}"} \ @@ -87,6 +96,15 @@ in Restart = "on-failure"; RestartSec = 5; }; + unitConfig.ConditionPathExists = schedulerPaths; + }; + + systemd.paths.kube-scheduler = { + wantedBy = [ "kube-scheduler.service" ]; + pathConfig = { + PathExists = schedulerPaths; + PathChanged = schedulerPaths; + }; }; services.kubernetes.pki.certs = { |