diff options
Diffstat (limited to 'modules/kubernetes')
| -rw-r--r-- | modules/kubernetes/cri-o.nix | 38 | ||||
| -rw-r--r-- | modules/kubernetes/default.nix | 39 |
2 files changed, 42 insertions, 35 deletions
diff --git a/modules/kubernetes/cri-o.nix b/modules/kubernetes/cri-o.nix new file mode 100644 index 0000000..cc32b26 --- /dev/null +++ b/modules/kubernetes/cri-o.nix @@ -0,0 +1,38 @@ +{ config, lib, pkgs, ... }: + +{ + virtualisation.cri-o = { + enable = true; + settings = { + crio = { + network.plugin_dir = "/opt/cni/bin"; + default_runtime = "crun"; + runtime = { + allowed_devices = [ "/dev/fuse" ]; + default_sysctls = [ + "net.ipv4.ping_group_range=0 2147483647" + ]; + workloads = { + gitlab = { + activation_annotation = "io.kubernetes.cri-o.workload/gitlab"; + allowed_annotations = [ + "io.kubernetes.cri-o.userns-mode" + "io.kubernetes.cri-o.Devices" + "io.kubernetes.cri-o.ShmSize" + ]; + }; + }; + runtimes.crun = { + runtime_type = "oci"; + runtime_root = "/run/crun"; + allowed_annotations = [ + "io.kubernetes.cri-o.userns-mode" + "io.kubernetes.cri-o.Devices" + "io.kubernetes.cri-o.ShmSize" + ]; + }; + }; + }; + }; + }; +} diff --git a/modules/kubernetes/default.nix b/modules/kubernetes/default.nix index 1cf1f09..20b766f 100644 --- a/modules/kubernetes/default.nix +++ b/modules/kubernetes/default.nix @@ -21,6 +21,10 @@ let v6 = "${config.wireguard.v6.ula}::${config.wireguard.v6.address}"; }; in { + imports = [ + ./cri-o.nix + ]; + options = { kubernetes = { role = mkOption { @@ -109,40 +113,5 @@ in { configPath = "/etc/k3s/config.yaml"; disableAgent = cfg.role == "agent"; }; - - virtualisation.cri-o = { - enable = true; - settings = { - crio = { - network.plugin_dir = "/opt/cni/bin"; - default_runtime = "crun"; - runtime = { - allowed_devices = [ "/dev/fuse" ]; - default_sysctls = [ - "net.ipv4.ping_group_range=0 2147483647" - ]; - workloads = { - gitlab = { - activation_annotation = "io.kubernetes.cri-o.workload/gitlab"; - allowed_annotations = [ - "io.kubernetes.cri-o.userns-mode" - "io.kubernetes.cri-o.Devices" - "io.kubernetes.cri-o.ShmSize" - ]; - }; - }; - runtimes.crun = { - runtime_type = "oci"; - runtime_root = "/run/crun"; - allowed_annotations = [ - "io.kubernetes.cri-o.userns-mode" - "io.kubernetes.cri-o.Devices" - "io.kubernetes.cri-o.ShmSize" - ]; - }; - }; - }; - }; - }; }; } |