nixos/kubernetes: Address review: Move controller manager paths into pki

This commit is contained in:
Christian Albrecht 2019-03-06 16:50:35 +01:00
parent 6e9037fed0
commit 52fe1d2e7a
No known key found for this signature in database
GPG Key ID: 866AF4B25DF7EB00
2 changed files with 21 additions and 20 deletions

View File

@ -104,16 +104,7 @@ in
};
###### implementation
config = mkIf cfg.enable (let
controllerManagerPaths = [
cfg.rootCaFile
cfg.tlsCertFile
cfg.tlsKeyFile
top.pki.certs.controllerManagerClient.cert
top.pki.certs.controllerManagerClient.key
];
in {
config = mkIf cfg.enable {
systemd.services.kube-controller-manager = {
description = "Kubernetes Controller Manager Service";
wantedBy = [ "kube-control-plane-online.target" ];
@ -160,15 +151,6 @@ in
Group = "kubernetes";
};
path = top.path;
unitConfig.ConditionPathExists = controllerManagerPaths;
};
systemd.paths.kube-controller-manager = {
wantedBy = [ "kube-controller-manager.service" ];
pathConfig = {
PathExists = controllerManagerPaths;
PathChanged = controllerManagerPaths;
};
};
services.kubernetes.pki.certs = with top.lib; {
@ -185,5 +167,5 @@ in
};
services.kubernetes.controllerManager.kubeconfig.server = mkDefault top.apiserverAddress;
});
};
}

View File

@ -143,6 +143,13 @@ in
cfg.certs.schedulerClient.cert
cfg.certs.schedulerClient.key
];
controllerManagerPaths = [
top.controllerManager.rootCaFile
top.controllerManager.tlsCertFile
top.controllerManager.tlsKeyFile
cfg.certs.controllerManagerClient.cert
cfg.certs.controllerManagerClient.key
];
in
{
@ -336,6 +343,18 @@ in
};
};
systemd.services.kube-controller-manager = mkIf top.controllerManager.enable {
unitConfig.ConditionPathExists = controllerManagerPaths;
};
systemd.paths.kube-controller-manager = mkIf top.controllerManager.enable {
wantedBy = [ "kube-controller-manager.service" ];
pathConfig = {
PathExists = controllerManagerPaths;
PathChanged = controllerManagerPaths;
};
};
environment.etc.${cfg.etcClusterAdminKubeconfig}.source = mkIf (!isNull cfg.etcClusterAdminKubeconfig)
clusterAdminKubeconfig;