diff options
author | Tim Steinbach <NeQuissimus@users.noreply.github.com> | 2018-02-16 13:56:59 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-02-16 13:56:59 +0000 |
commit | 87559028efcfb8860ece1ac97296702cca4830ae (patch) | |
tree | 3e769383682d452348e97c2c38aeb7856e7254a1 /nixos/tests | |
parent | b2f39f97d061010b2a0b7e25e2ad1ffdb293fe19 (diff) | |
parent | f44a81e19fb8d9f57c8e3b2944c473ba1e3466d7 (diff) |
Merge pull request #33954 from kuznero/pr/kubernetes
kubernetes: 1.7.9 -> 1.9.1
Diffstat (limited to 'nixos/tests')
-rw-r--r-- | nixos/tests/kubernetes/base.nix | 2 | ||||
-rw-r--r-- | nixos/tests/kubernetes/certs.nix | 11 | ||||
-rw-r--r-- | nixos/tests/kubernetes/dns.nix | 2 | ||||
-rw-r--r-- | nixos/tests/kubernetes/kubernetes-common.nix | 4 |
4 files changed, 10 insertions, 9 deletions
diff --git a/nixos/tests/kubernetes/base.nix b/nixos/tests/kubernetes/base.nix index f3b930b630ba3..27b99aacab7d1 100644 --- a/nixos/tests/kubernetes/base.nix +++ b/nixos/tests/kubernetes/base.nix @@ -7,7 +7,7 @@ let mkKubernetesBaseTest = { name, domain ? "my.zyx", test, machines , pkgs ? import <nixpkgs> { inherit system; } - , certs ? import ./certs.nix { inherit pkgs; externalDomain = domain; } + , certs ? import ./certs.nix { inherit pkgs; externalDomain = domain; kubelets = attrNames machines; } , extraConfiguration ? null }: let masterName = head (filter (machineName: any (role: role == "master") machines.${machineName}.roles) (attrNames machines)); diff --git a/nixos/tests/kubernetes/certs.nix b/nixos/tests/kubernetes/certs.nix index f108e35b98cd1..d3eff910c467f 100644 --- a/nixos/tests/kubernetes/certs.nix +++ b/nixos/tests/kubernetes/certs.nix @@ -2,7 +2,8 @@ pkgs ? import <nixpkgs> {}, internalDomain ? "cloud.yourdomain.net", externalDomain ? "myawesomecluster.cluster.yourdomain.net", - serviceClusterIp ? "10.0.0.1" + serviceClusterIp ? "10.0.0.1", + kubelets }: let runWithCFSSL = name: cmd: @@ -123,9 +124,10 @@ let }; apiserver-client = { - kubelet = createClientCertKey { + kubelet = hostname: createClientCertKey { inherit ca; - cn = "apiserver-client-kubelet"; + name = "apiserver-client-kubelet-${hostname}"; + cn = "system:node:${hostname}.${externalDomain}"; groups = ["system:nodes"]; }; @@ -175,10 +177,9 @@ in { paths = [ (writeCFSSL (noKey ca)) (writeCFSSL kubelet) - (writeCFSSL apiserver-client.kubelet) (writeCFSSL apiserver-client.kube-proxy) (writeCFSSL etcd-client) - ]; + ] ++ map (hostname: writeCFSSL (apiserver-client.kubelet hostname)) kubelets; }; admin = writeCFSSL apiserver-client.admin; diff --git a/nixos/tests/kubernetes/dns.nix b/nixos/tests/kubernetes/dns.nix index 74d98dabec8d2..8c488d271bcd2 100644 --- a/nixos/tests/kubernetes/dns.nix +++ b/nixos/tests/kubernetes/dns.nix @@ -3,7 +3,7 @@ with import ./base.nix { inherit system; }; let domain = "my.zyx"; - certs = import ./certs.nix { externalDomain = domain; }; + certs = import ./certs.nix { externalDomain = domain; kubelets = [ "machine1" "machine2" ]; }; redisPod = pkgs.writeText "redis-pod.json" (builtins.toJSON { kind = "Pod"; diff --git a/nixos/tests/kubernetes/kubernetes-common.nix b/nixos/tests/kubernetes/kubernetes-common.nix index 00a5c9aba4e3c..ddf427e1b01ab 100644 --- a/nixos/tests/kubernetes/kubernetes-common.nix +++ b/nixos/tests/kubernetes/kubernetes-common.nix @@ -29,8 +29,8 @@ let tlsKeyFile = "${certs.worker}/kubelet-key.pem"; hostname = "${config.networking.hostName}.${config.networking.domain}"; kubeconfig = { - certFile = "${certs.worker}/apiserver-client-kubelet.pem"; - keyFile = "${certs.worker}/apiserver-client-kubelet-key.pem"; + certFile = "${certs.worker}/apiserver-client-kubelet-${config.networking.hostName}.pem"; + keyFile = "${certs.worker}/apiserver-client-kubelet-${config.networking.hostName}-key.pem"; }; }; controllerManager = { |