micqdf/TerraHome
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: disable kubelet webhook auth in kubeadm init config #89

Merged
micqdf merged 1 commits from stage into master 2026-03-02 16:50:31 +00:00
Conversation 0 Commits 1 Files Changed 1 +39 -8
1 changed files with 39 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit fb21fbef4f - Show all commits

47
nixos/kubeadm/modules/k8s-common.nix
View File

@@ -158,13 +158,37 @@ in
exit 1 exit 1
fi fi
mkdir -p /tmp/kubeadm
cat > /tmp/kubeadm/init-config.yaml << 'KUBEADMCONFIG'
apiVersion: kubeadm.k8s.io/v1beta4
kind: InitConfiguration
nodeRegistration:
criSocket: unix:///run/containerd/containerd.sock
---
apiVersion: kubeadm.k8s.io/v1beta4
kind: ClusterConfiguration
controlPlaneEndpoint: "KUBEADM_ENDPOINT"
networking:
podSubnet: "KUBEADM_POD_SUBNET"
serviceSubnet: "KUBEADM_SERVICE_SUBNET"
dnsDomain: "KUBEADM_DNS_DOMAIN"
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
authentication:
webhook:
enabled: false
KUBEADMCONFIG
sed -i "s|KUBEADM_ENDPOINT|$vip:6443|g" /tmp/kubeadm/init-config.yaml
sed -i "s|KUBEADM_POD_SUBNET|$pod_subnet|g" /tmp/kubeadm/init-config.yaml
sed -i "s|KUBEADM_SERVICE_SUBNET|$service_subnet|g" /tmp/kubeadm/init-config.yaml
sed -i "s|KUBEADM_DNS_DOMAIN|$domain|g" /tmp/kubeadm/init-config.yaml
env -i PATH=/run/current-system/sw/bin:/usr/bin:/bin kubeadm init \ env -i PATH=/run/current-system/sw/bin:/usr/bin:/bin kubeadm init \
--control-plane-endpoint "$vip:6443" \ --config /tmp/kubeadm/init-config.yaml \
--upload-certs \ --upload-certs \
--ignore-preflight-errors=NumCPU,HTTPProxyCIDR,Port-10250 \ --ignore-preflight-errors=NumCPU,HTTPProxyCIDR,Port-10250 || {
--pod-network-cidr "$pod_subnet" \
--service-cidr "$service_subnet" \
--service-dns-domain "$domain" || {
echo "==> kubeadm init failed, kubelet logs:" echo "==> kubeadm init failed, kubelet logs:"
journalctl -xeu kubelet --no-pager -n 50 journalctl -xeu kubelet --no-pager -n 50
exit 1 exit 1
@@ -255,15 +279,22 @@ in
wants = [ "network-online.target" ]; wants = [ "network-online.target" ];
after = [ "containerd.service" "network-online.target" ]; after = [ "containerd.service" "network-online.target" ];
serviceConfig = { serviceConfig = {
Environment = "KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"; Environment = [
"KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
"KUBELET_KUBEADM_ARGS="
"KUBELET_EXTRA_ARGS="
];
EnvironmentFile = [ EnvironmentFile = [
"-/var/lib/kubelet/kubeadm-flags.env" "-/var/lib/kubelet/kubeadm-flags.env"
"-/etc/default/kubelet" "-/etc/default/kubelet"
]; ];
ExecStart = "${pinnedK8s}/bin/kubelet $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS"; ExecStart = "${pinnedK8s}/bin/kubelet \$KUBELET_CONFIG_ARGS \$KUBELET_KUBEADM_ARGS \$KUBELET_EXTRA_ARGS";
Restart = "always"; Restart = "on-failure";
RestartSec = "10"; RestartSec = "10";
}; };
unitConfig = {
ConditionPathExists = "/var/lib/kubelet/config.yaml";
};
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [