karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add custom kubernetes module base

Browse Source 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2025-01-29 12:44:05 +00:00
parent 51ef8d6ac9
commit 3c1cfbceb8
14 changed files with 1286 additions and 546 deletions
Download Patch File Download Diff File Expand all files Collapse all files

289
hosts/common/configs/system/kubernetes/options/addons/metrics-server/default.nix Normal file
View File

@@ -0,0 +1,289 @@
{ ... }:
[
{
apiVersion = "v1";
kind = "ServiceAccount";
metadata = {
labels = {
k8s-app = "metrics-server";
};
name = "metrics-server";
namespace = "kube-system";
};
}
{
apiVersion = "rbac.authorization.k8s.io/v1";
kind = "ClusterRole";
metadata = {
labels = {
k8s-app = "metrics-server";
"rbac.authorization.k8s.io/aggregate-to-admin" = "true";
"rbac.authorization.k8s.io/aggregate-to-edit" = "true";
"rbac.authorization.k8s.io/aggregate-to-view" = "true";
};
name = "system:aggregated-metrics-reader";
};
rules = [
{
apiGroups = [ "metrics.k8s.io" ];
resources = [
"pods"
"nodes"
];
verbs = [
"get"
"list"
"watch"
];
}
];
}
{
apiVersion = "rbac.authorization.k8s.io/v1";
kind = "ClusterRole";
metadata = {
labels = {
k8s-app = "metrics-server";
};
name = "system:metrics-server";
};
rules = [
{
apiGroups = [ "" ];
resources = [ "nodes/metrics" ];
verbs = [ "get" ];
}
{
apiGroups = [ "" ];
resources = [
"pods"
"nodes"
];
verbs = [
"get"
"list"
"watch"
];
}
];
}
{
apiVersion = "rbac.authorization.k8s.io/v1";
kind = "RoleBinding";
metadata = {
labels = {
k8s-app = "metrics-server";
};
name = "metrics-server-auth-reader";
namespace = "kube-system";
};
roleRef = {
apiGroup = "rbac.authorization.k8s.io";
kind = "Role";
name = "extension-apiserver-authentication-reader";
};
subjects = [
{
kind = "ServiceAccount";
name = "metrics-server";
namespace = "kube-system";
}
];
}
{
apiVersion = "rbac.authorization.k8s.io/v1";
kind = "ClusterRoleBinding";
metadata = {
labels = {
k8s-app = "metrics-server";
};
name = "metrics-server:system:auth-delegator";
};
roleRef = {
apiGroup = "rbac.authorization.k8s.io";
kind = "ClusterRole";
name = "system:auth-delegator";
};
subjects = [
{
kind = "ServiceAccount";
name = "metrics-server";
namespace = "kube-system";
}
];
}
{
apiVersion = "rbac.authorization.k8s.io/v1";
kind = "ClusterRoleBinding";
metadata = {
labels = {
k8s-app = "metrics-server";
};
name = "system:metrics-server";
};
roleRef = {
apiGroup = "rbac.authorization.k8s.io";
kind = "ClusterRole";
name = "system:metrics-server";
};
subjects = [
{
kind = "ServiceAccount";
name = "metrics-server";
namespace = "kube-system";
}
];
}
{
apiVersion = "v1";
kind = "Service";
metadata = {
labels = {
k8s-app = "metrics-server";
};
name = "metrics-server";
namespace = "kube-system";
};
spec = {
ports = [
{
name = "https";
port = 443;
protocol = "TCP";
targetPort = "https";
}
];
selector = {
k8s-app = "metrics-server";
};
};
}
{
apiVersion = "apps/v1";
kind = "Deployment";
metadata = {
labels = {
k8s-app = "metrics-server";
};
name = "metrics-server";
namespace = "kube-system";
};
spec = {
selector = {
matchLabels = {
k8s-app = "metrics-server";
};
};
strategy = {
rollingUpdate = {
maxUnavailable = 0;
};
};
template = {
metadata = {
labels = {
k8s-app = "metrics-server";
};
};
spec = {
containers = [
{
args = [
"--cert-dir=/tmp"
"--secure-port=10250"
"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname"
"--kubelet-use-node-status-port"
"--metric-resolution=15s"
];
image = "registry.k8s.io/metrics-server/metrics-server:v0.7.2";
imagePullPolicy = "IfNotPresent";
livenessProbe = {
failureThreshold = 3;
httpGet = {
path = "/livez";
port = "https";
scheme = "HTTPS";
};
periodSeconds = 10;
};
name = "metrics-server";
ports = [
{
containerPort = 10250;
name = "https";
protocol = "TCP";
}
];
readinessProbe = {
failureThreshold = 3;
httpGet = {
path = "/readyz";
port = "https";
scheme = "HTTPS";
};
initialDelaySeconds = 20;
periodSeconds = 10;
};
resources = {
requests = {
cpu = "100m";
memory = "200Mi";
};
};
securityContext = {
allowPrivilegeEscalation = false;
capabilities = {
drop = [ "ALL" ];
};
readOnlyRootFilesystem = true;
runAsNonRoot = true;
runAsUser = 1000;
seccompProfile = {
type = "RuntimeDefault";
};
};
volumeMounts = [
{
mountPath = "/tmp";
name = "tmp-dir";
}
];
}
];
nodeSelector = {
"kubernetes.io/os" = "linux";
};
priorityClassName = "system-cluster-critical";
serviceAccountName = "metrics-server";
volumes = [
{
emptyDir = { };
name = "tmp-dir";
}
];
};
};
};
}
{
apiVersion = "apiregistration.k8s.io/v1";
kind = "APIService";
metadata = {
labels = {
k8s-app = "metrics-server";
};
name = "v1beta1.metrics.k8s.io";
};
spec = {
group = "metrics.k8s.io";
groupPriorityMinimum = 100;
insecureSkipTLSVerify = true;
service = {
name = "metrics-server";
namespace = "kube-system";
};
version = "v1beta1";
versionPriority = 100;
};
}
]