Cleanup pki: control-plane-online

2019-03-11 11:42:12 +01:00 · 2019-03-11 11:42:12 +01:00 · 45e683fbd6
commit 45e683fbd6
parent 50c5f489ef
2 changed files with 25 additions and 28 deletions
--- a/nixos/modules/services/cluster/kubernetes/default.nix
+++ b/nixos/modules/services/cluster/kubernetes/default.nix
@ -276,6 +276,30 @@ in {
        wantedBy = [ "multi-user.target" ];
      };

+      systemd.targets.kube-control-plane-online = {
+        wantedBy = [ "kubernetes.target" ];
+        before = [ "kubernetes.target" ];
+      };
+
+      systemd.services.kube-control-plane-online = rec {
+        description = "Kubernetes control plane is online";
+        wantedBy = [ "kube-control-plane-online.target" ];
+        after = [ "kube-scheduler.service" "kube-controller-manager.service" ];
+        before = [ "kube-control-plane-online.target" ];
+        environment.KUBECONFIG = cfg.lib.mkKubeConfig "default" cfg.kubeconfig;
+        path = [ pkgs.kubectl ];
+        preStart = ''
+          until kubectl get --raw=/healthz 2>/dev/null; do
+            echo kubectl get --raw=/healthz: exit status $?
+            sleep 3
+          done
+        '';
+        script = "echo Ok";
+        serviceConfig = {
+          TimeoutSec = "500";
+        };
+      };
+
      systemd.tmpfiles.rules = [
        "d /opt/cni/bin 0755 root root -"
        "d /run/kubernetes 0755 kubernetes kubernetes -"
@ -300,28 +324,7 @@ in {
                          then cfg.apiserver.advertiseAddress
                          else "${cfg.masterAddress}:${toString cfg.apiserver.securePort}"}");

-      systemd.targets.kube-control-plane-online = {
-        wantedBy = [ "kubernetes.target" ];
-        before = [ "kubernetes.target" ];
-      };
-
-      systemd.services.kube-control-plane-online = rec {
-        description = "Kubernetes control plane is online";
-        wantedBy = [ "kube-control-plane-online.target" ];
-        after = [ "kube-scheduler.service" "kube-controller-manager.service" ];
-        before = [ "kube-control-plane-online.target" ];
-        preStart = ''
-          ${cfg.lib.mkWaitCurl ( with config.systemd.services.kube-control-plane-online; {
-            sleep = 3;
-            path = "/healthz";
-            cacert = cfg.caFile;
-          } // optionalAttrs (environment ? cert) { inherit (environment) cert key; })}
-        '';
-        script = "echo Ok";
-        serviceConfig = {
-          TimeoutSec = "500";
-        };
-      };
+      services.kubernetes.kubeconfig.server = mkDefault cfg.apiserverAddress;
    })
  ];
 }
--- a/nixos/modules/services/cluster/kubernetes/pki.nix
+++ b/nixos/modules/services/cluster/kubernetes/pki.nix
@ -283,12 +283,6 @@ in
        };
      };

-      systemd.services.kube-control-plane-online.environment = let
-        client = with cfg.certs; if top.apiserver.enable then clusterAdmin else kubelet;
-      in {
-        inherit (client) cert key;
-      };
-
      environment.etc.${cfg.etcClusterAdminKubeconfig}.source = mkIf (!isNull cfg.etcClusterAdminKubeconfig)
        (top.lib.mkKubeConfig "cluster-admin" clusterAdminKubeconfig);