[NixOS] k3s draft

[NixOS] Kubelet->gke kind of works but not really
2024-09-30 00:05:50 -06:00 · 2024-09-29 17:28:42 -06:00
6 changed files with 52 additions and 4 deletions
--- a/nixos/configuration.nix
+++ b/nixos/configuration.nix
@@ -19,6 +19,7 @@
    ./gnome.nix
    ./imalison.nix
    ./internet-computer.nix
+    ./k3s.nix
    ./kat.nix
    ./keybase.nix
    ./kubelet.nix
--- a/nixos/k3s.nix
+++ b/nixos/k3s.nix
@@ -0,0 +1,23 @@
+{ config, makeEnable, ... }:
+makeEnable config "myModules.railbird-k3s" false {
+  services.k3s = {
+    enable = true;
+    role = "server";
+    clusterInit = true;
+    containerdConfigTemplate = ''
+      {{ template "base" . }}
+
+      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia]
+      privileged_without_host_devices = false
+      runtime_engine = ""
+      runtime_root = ""
+      runtime_type = "io.containerd.runc.v2"
+
+      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia.options]
+      BinaryName = "/run/current-system/sw/bin/nvidia-container-runtime"
+    '';
+    gracefulNodeShutdown = {
+      enable = true;
+    };
+  };
+}
--- a/nixos/kubelet-client.crt
+++ b/nixos/kubelet-client.crt
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDyTCCAjGgAwIBAgIRAMQBZiVjA5BGSkDldScI9cMwDQYJKoZIhvcNAQELBQAw
+LzEtMCsGA1UEAxMkM2I2N2M2NzgtNzI5My00YTIzLTg3ZWItY2NiMTZjYWFkMzFm
+MB4XDTI0MDkyOTIwNTAzNloXDTI5MDkyODIwNTIzNlowOTEVMBMGA1UEChMMc3lz
+dGVtOm5vZGVzMSAwHgYDVQQDExdzeXN0ZW06bm9kZTpyeXplbi1zaGluZTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANIOfbq05IIdgX2jXYLaEt66rkXp
+NlqPNfh6v9nL1Aw6PSM3DEIWXVko8AyduRF4kXNO6xc6l/Rzk03w3qSvJpWpALGD
+JjslgRL4VJWUC6/QydsCO9io7SoUEmXFtDcsW6DftFejosr+56ZnVFrz5MMzfUAL
+Ix6n83NJvXZ8f9oHSX8TFW34ZClLxDq2fprFIs+D2QlFRE50Jr/Q8gPI2OSQDUBW
+DFdQrjt81bLs6doQipUqvHb4/Ms49agHek1ceWIMf+KZWoao5KNQTBe6XL2BUgA/
+MS3ZvQppDDTygA0QkgdtOJyG2lsrAmd7LEXTr9ilsqLV3YQMMKhCifwINa0CAwEA
+AaNWMFQwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAwGA1Ud
+EwEB/wQCMAAwHwYDVR0jBBgwFoAUjvcbOeZ4QIk53EkATOaOFiAZUq0wDQYJKoZI
+hvcNAQELBQADggGBAELWgmdmg9TKjDDqmF6pYr1j43gZYclXW4sB509itSiIeltX
+Isrvn5R5ok0W5Jcl+7QMhpntqIKJi26OqbcdBhqlaVURkBkbrx8aegkWJfPO+Fzz
+NyyiIpk7KQzGy6N5//jfMPZtJfQEQZwMenW0cj7F0QHOdVZy90+JNr2P3uV3Ad7u
+WZuYpbOFjOeQg1hJsX8wEU4KJyptn/kXhM+CqAnQ4S+k2wpjECD8KpWKAmpJWZg0
+RaBPyHZSmWnbXqs4LU6ERaZJxZQG0ODuA18DmGfaAkUUUvE2J0ploc2Y8Xl4zUWW
+Ivwslyx30YO3J9qI30d9tTQw/A0vHCoDNDbCg7lorZqP3TiTG9ANLndPqqg6inYU
+yfj612//JrO8w/4qh7cxR03P35aK0paLC74FaKLtZ5CwPK3BAW/0Zhv5fH4io6hE
+rfJmcjhbKD0Cwr9Dn6wVFz/a33H+0vMohHrVlDk4bSDIymbuJcZpYgR8n5WNQbGu
+nwjiLXCnVxcVjkcj2w==
+-----END CERTIFICATE-----
--- a/nixos/kubelet.nix
+++ b/nixos/kubelet.nix
@@ -6,16 +6,17 @@ makeEnable config "myModules.kubelet" false {
    kubeconfig = {
      server = "https://34.31.205.230";
      caFile = ./railbird-kubernetes.crt;
+      certFile = ./kubelet-client.crt;
      keyFile = config.age.secrets."api_service_account_key.json.age".path;
    };
    registerNode = true;
    cni = {
-      packages = [ pkgs.cni-plugins ];
+      packages = [ pkgs.cni-plugins pkgs.calico-cni-plugin ];
    };
    extraOpts = ''
      --fail-swap-on=false
-      --container-runtime=remote
-      --container-runtime-endpoint=unix:///run/containerd/containerd.sock
+      # --container-runtime=remote
+      # --container-runtime-endpoint=unix:///run/containerd/containerd.sock
    '';
  };
 }
--- a/nixos/machines/ryzen-shine.nix
+++ b/nixos/machines/ryzen-shine.nix
@@ -6,7 +6,7 @@
  ];

  features.full.enable = true;
-  myModules.kubelet.enable = true;
+  myModules.kubelet.enable = false;
  myModules.nvidia.enable = true;
  # Needed for now because monitors have different refresh rates
  myModules.xmonad.picom.vSync.enable = false;
--- a/nixos/secrets/api_service_account_key.json.age
+++ b/nixos/secrets/api_service_account_key.json.age
Author	SHA1	Message	Date
Ivan Malison	a493a530be	[NixOS] k3s draft	2024-09-30 00:05:50 -06:00
Ivan Malison	01361b7217	[NixOS] Kubelet->gke kind of works but not really	2024-09-29 17:28:42 -06:00