[NixOS] Get kubelet partially working

2024-09-28 21:45:25 -06:00 · 2024-09-28 21:45:25 -06:00 · cdd8ed60e9
commit cdd8ed60e9
parent fd033ba72c
6 changed files with 49 additions and 0 deletions
--- a/nixos/configuration.nix
+++ b/nixos/configuration.nix
@ -21,6 +21,7 @@
    ./internet-computer.nix
    ./kat.nix
    ./keybase.nix
+    ./kubelet.nix
    ./nix.nix
    ./nixified.ai.nix
    ./nvidia.nix
--- a/nixos/kubelet.nix
+++ b/nixos/kubelet.nix
@ -0,0 +1,21 @@
+{ config, pkgs, makeEnable, ... }:
+makeEnable config "myModules.kubelet" false {
+  age.secrets."api_service_account_key.json.age".file = ./secrets/api_service_account_key.json.age;
+  services.kubernetes.kubelet = {
+    enable = true;
+    kubeconfig = {
+      server = "https://34.31.205.230";
+      caFile = ./railbird-kubernetes.crt;
+      keyFile = config.age.secrets."api_service_account_key.json.age".path;
+    };
+    registerNode = true;
+    cni = {
+      packages = [ pkgs.cni-plugins ];
+    };
+    extraOpts = ''
+      --fail-swap-on=false
+      --container-runtime=remote
+      --container-runtime-endpoint=unix:///run/containerd/containerd.sock
+    '';
+  };
+}
--- a/nixos/machines/ryzen-shine.nix
+++ b/nixos/machines/ryzen-shine.nix
@ -6,6 +6,7 @@
  ];

  features.full.enable = true;
+  myModules.kubelet.enable = true;
  myModules.nvidia.enable = true;
  # Needed for now because monitors have different refresh rates
  myModules.xmonad.picom.vSync.enable = false;
--- a/nixos/railbird-kubernetes.crt
+++ b/nixos/railbird-kubernetes.crt
@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIELTCCApWgAwIBAgIRALNxOT7J7N/eK6edp9LbKAIwDQYJKoZIhvcNAQELBQAw
+LzEtMCsGA1UEAxMkM2I2N2M2NzgtNzI5My00YTIzLTg3ZWItY2NiMTZjYWFkMzFm
+MCAXDTIzMTIyOTE5NTQ0MloYDzIwNTMxMjIxMjA1NDQyWjAvMS0wKwYDVQQDEyQz
+YjY3YzY3OC03MjkzLTRhMjMtODdlYi1jY2IxNmNhYWQzMWYwggGiMA0GCSqGSIb3
+DQEBAQUAA4IBjwAwggGKAoIBgQCUYUuTrpDbwUS2B3SYUoa7LI5mi8NNr0lDe1w4
+3yPpVnu6ubvnTNm2j/v88HYwEjlppEg4HjhP7YEJ8gsGdgUCpIaPWTpifVmA7E4o
+2DbJDiePkkUGkNL0whCClOOcO0hyxdk9Pol5wRzci0l6zSalE6DB4rJrmB5Ppl/A
+t2KAVVqpwbynmbijr4yZh7Bp7LfaIrFthlv2ZPEjLfPLz7YthBw9/iUt94mLMyWZ
+BpygA5y/CocQQnnFMnU1o0eUd37YL7zErfIxx/AmL10Sq0qdFXiYOJJqubURbdS8
+DZ6dyHdX+UlxPls2Rlx9nDaiNGFJdzqHJzDdOlzN3kkdDQoO8xUdH9ekFU7rOwkP
+5NpubSwrd1FOGHh+EknugnEQD4Oip/YQ7IUj3Afm5Ag2la9k4WJRgjACbkQ2+k9I
+sFmPmmMVHn9nepCMiYQMjX7ApZw0isDPeVK5EuQeImgu7uNoV8R5VwG0XoBCXz4S
+UqYv11uEsMqFu07Zwlznsxnm0uECAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgIEMA8G
+A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI73GznmeECJOdxJAEzmjhYgGVKtMA0G
+CSqGSIb3DQEBCwUAA4IBgQAm19zlm3WVePflA6Zh/FxvE8MirrJF6jmJzRrBCEM5
+DwkSmY3dvONqCYeeNb4+xWXWQ8eVKVlPdkoW3V7H5xnJ63dXRNN2lQ3JpSTG3+yP
+Omp6XGY9mmatdHwyV7N4h10aKEWAuRhy148sdJZLYj0LbR42pCVYhEP4D3Qj7KjN
+PJe+cR8NSpiYmDH5y88Jqubztj5NVcDj/iN9h/7/GajbU6lCgN/SxZgi9cNGjxSb
+JHFHE2Mp3z9sjsieTXMplLqK045TQ2IBqnJyMdKkvSNkRUCbz2yXdiIOKtvU4ly0
+h884z9P5JQ9bxe+6cwYC4ky3G5WYMn++RUsuCk4ScsrbZtM9jpKnz/TygMdVTC5w
+Siq6OHKtAnh8Ax1LEKicg9FLd6ODxR3OVKu+fUPV4XHAWJnmvElGlivjneHiE+OL
+dzgb/CfBEGHYBVc2PDIhwBmUdoEZ/t3UjvmSI46ZblYpWodJvLFwge2HxSivRlLW
+Uh/oPWX5N/CH9I34HTAhI48=
+-----END CERTIFICATE-----
--- a/nixos/secrets/api_service_account_key.json.age
+++ b/nixos/secrets/api_service_account_key.json.age
--- a/nixos/secrets/secrets.nix
+++ b/nixos/secrets/secrets.nix
@ -13,4 +13,5 @@ in
  "gitea-runner-token.mac-demarco-mini.age".publicKeys = keys.agenixKeys ++ keys.railbird-sf;
  "nextcloud-admin.age".publicKeys = keys.agenixKeys;
  "ryzen-shine-kubernetes-token.age".publicKeys = keys.agenixKeys;
+  "api_service_account_key.json.age".publicKeys = keys.agenixKeys;
 }