nixos/kubernetes: Put dashboard service account into bootstrapAddons

to prevent errors in log about missing permissions when addon manager starts the dashboard.
2019-03-01 10:28:29 +01:00 · 2019-03-01 10:28:29 +01:00 · 7df88bd802
commit 7df88bd802
parent fd28c0a82a
1 changed files with 21 additions and 15 deletions
--- a/nixos/modules/services/cluster/kubernetes/addons/dashboard.nix
+++ b/nixos/modules/services/cluster/kubernetes/addons/dashboard.nix
@ -169,6 +169,23 @@ in {
        };
      };

+      kubernetes-dashboard-cm = {
+        apiVersion = "v1";
+        kind = "ConfigMap";
+        metadata = {
+          labels = {
+            k8s-app = "kubernetes-dashboard";
+            # Allows editing resource and makes sure it is created first.
+            "addonmanager.kubernetes.io/mode" = "EnsureExists";
+          };
+          name = "kubernetes-dashboard-settings";
+          namespace = "kube-system";
+        };
+      };
+    };
+
+    services.kubernetes.addonManager.bootstrapAddons = mkMerge [{
+
      kubernetes-dashboard-sa = {
        apiVersion = "v1";
        kind = "ServiceAccount";
@ -210,20 +227,9 @@ in {
        };
        type = "Opaque";
      };
-      kubernetes-dashboard-cm = {
-        apiVersion = "v1";
-        kind = "ConfigMap";
-        metadata = {
-          labels = {
-            k8s-app = "kubernetes-dashboard";
-            # Allows editing resource and makes sure it is created first.
-            "addonmanager.kubernetes.io/mode" = "EnsureExists";
-          };
-          name = "kubernetes-dashboard-settings";
-          namespace = "kube-system";
-        };
-      };
-    } // (optionalAttrs cfg.rbac.enable
+    }
+
+    (optionalAttrs cfg.rbac.enable
      (let
        subjects = [{
          kind = "ServiceAccount";
@ -323,6 +329,6 @@ in {
            inherit subjects;
          };
        })
-    ));
+    ))];
  };
 }