fix: harden kubeadm scripts for proxy and preflight issues

2026-03-02 02:02:38 +00:00
parent a098c0aa29
commit 02a6bca60b
1 changed files with 10 additions and 0 deletions
--- a/nixos/kubeadm/modules/k8s-common.nix
+++ b/nixos/kubeadm/modules/k8s-common.nix
@@ -100,6 +100,8 @@ in
    (pkgs.writeShellScriptBin "th-kubeadm-init" ''
      set -euo pipefail

+      unset http_proxy https_proxy HTTP_PROXY HTTPS_PROXY no_proxy NO_PROXY
+
      iface="${config.terrahome.kubeadm.controlPlaneInterface}"
      if ! ip link show "$iface" >/dev/null 2>&1; then
        iface="$(ip -o -4 route show to default | awk 'NR==1 {print $5}')"
@@ -139,9 +141,13 @@ in
        --leaderElection \
        > /etc/kubernetes/manifests/kube-vip.yaml

+      systemctl stop kubelet || true
+      kubeadm reset -f || true
+
      kubeadm init \
        --control-plane-endpoint "$vip:6443" \
        --upload-certs \
+        --ignore-preflight-errors=NumCPU \
        --pod-network-cidr "$pod_subnet" \
        --service-cidr "$service_subnet" \
        --service-dns-domain "$domain"
@@ -158,6 +164,7 @@ in

    (pkgs.writeShellScriptBin "th-kubeadm-join-control-plane" ''
      set -euo pipefail
+      unset http_proxy https_proxy HTTP_PROXY HTTPS_PROXY no_proxy NO_PROXY
      if [ "$#" -lt 1 ]; then
        echo "Usage: th-kubeadm-join-control-plane '<kubeadm join ... --control-plane --certificate-key ...>'"
        exit 1
@@ -194,16 +201,19 @@ in
        --leaderElection \
        > /etc/kubernetes/manifests/kube-vip.yaml

+      systemctl stop kubelet || true
      eval "$1"
    '')

    (pkgs.writeShellScriptBin "th-kubeadm-join-worker" ''
      set -euo pipefail
+      unset http_proxy https_proxy HTTP_PROXY HTTPS_PROXY no_proxy NO_PROXY
      if [ "$#" -lt 1 ]; then
        echo "Usage: th-kubeadm-join-worker '<kubeadm join ...>'"
        exit 1
      fi

+      systemctl stop kubelet || true
      eval "$1"
    '')