Kubernetes

`services.kubernetes.addonManager.addons`

Kubernetes addons (any kind of Kubernetes resource can be an addon). Type: attribute set of ((attribute set) or list of (attribute set))

Default

{ }

Example

{"my-service" = {"apiVersion" = "v1";"kind" = "Service";"metadata" = {"name" = "my-service";"namespace" = "default";};"spec" = { ... };};}// import <nixpkgs/nixos/modules/services/cluster/kubernetes/dns.nix> { cfg = config.services.kubernetes; };

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/addon-manager.nix

`services.kubernetes.addonManager.bootstrapAddons`

Bootstrap addons are like regular addons, but they are applied with cluster-admin rights. They are applied at addon-manager startup only.

Type: attribute set of (attribute set)

Default

{ }

Example

{"my-service" = {"apiVersion" = "v1";"kind" = "Service";"metadata" = {"name" = "my-service";"namespace" = "default";};"spec" = { ... };};}

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/addon-manager.nix

`services.kubernetes.addonManager.enable`

Whether to enable Kubernetes addon manager. Type: boolean

Default

false

Example

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/addon-manager.nix

`services.kubernetes.addons.dns.clusterDomain`

Dns cluster domain Type: string

Default

"cluster.local"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/addons/dns.nix

`services.kubernetes.addons.dns.clusterIp`

Dns addon clusterIP Type: string

Default

The x.y.z.254 IP of config.services.kubernetes.apiserver.serviceClusterIpRange.

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/addons/dns.nix

`services.kubernetes.addons.dns.coredns`

Docker image to seed for the CoreDNS container. Type: attribute set

Default

{finalImageTag = "1.10.1";imageDigest = "sha256:a0ead06651cf580044aeb0a0feba63591858fb2e43ade8c9dea45a6a89ae7e5e";imageName = "coredns/coredns";sha256 = "0wg696920smmal7552a2zdhfncndn5kfammfa8bk8l7dz9bhk0y1";}

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/addons/dns.nix

`services.kubernetes.addons.dns.corefile`

Custom coredns corefile configuration.

See: https://coredns.io/manual/toc/#configuration.

Type: string

Default

'' .:10053 { errors health :10054 kubernetes ${config.services.kubernetes.addons.dns.clusterDomain} in-addr.arpa ip6.arpa { pods insecure fallthrough in-addr.arpa ip6.arpa } prometheus :10055 forward . /etc/resolv.conf cache 30 loop reload loadbalance }''

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/addons/dns.nix

`services.kubernetes.addons.dns.enable`

Whether to enable kubernetes dns addon. Type: boolean

Default

false

Example

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/addons/dns.nix

`services.kubernetes.addons.dns.reconcileMode`

Controls the addon manager reconciliation mode for the DNS addon.

Setting reconcile mode to EnsureExists makes it possible to tailor DNS behavior by editing the coredns ConfigMap.

See: https://github.com/kubernetes/kubernetes/blob/master/cluster/addons/addon-manager/README.md.

Type: one of "Reconcile", "EnsureExists"

Default

"Reconcile"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/addons/dns.nix

`services.kubernetes.addons.dns.replicas`

Number of DNS pod replicas to deploy in the cluster. Type: signed integer

Default

2

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/addons/dns.nix

`services.kubernetes.apiserver.advertiseAddress`

Kubernetes apiserver IP address on which to advertise the apiserver to members of the cluster. This address must be reachable by the rest of the cluster.

Type: null or string

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.allowPrivileged`

Whether to allow privileged containers on Kubernetes. Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.apiAudiences`

Kubernetes apiserver ServiceAccount issuer.

Type: string

Default

"api,https://kubernetes.default.svc"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.authorizationMode`

Kubernetes apiserver authorization mode (AlwaysAllow/AlwaysDeny/ABAC/Webhook/RBAC/Node). See https://kubernetes.io/docs/reference/access-authn-authz/authorization/

Type: list of (one of "AlwaysAllow", "AlwaysDeny", "ABAC", "Webhook", "RBAC", "Node")

Default

["RBAC""Node"]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.authorizationPolicy`

Kubernetes apiserver authorization policy file. See https://kubernetes.io/docs/reference/access-authn-authz/authorization/

Type: list of (attribute set)

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.basicAuthFile`

Kubernetes apiserver basic authentication file. See https://kubernetes.io/docs/reference/access-authn-authz/authentication

Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.bindAddress`

The IP address on which to listen for the --secure-port port. The associated interface(s) must be reachable by the rest of the cluster, and by CLI/web clients.

Type: string

Default

"0.0.0.0"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.clientCaFile`

Kubernetes apiserver CA file for client auth. Type: null or path

Default

config.services.kubernetes.caFile

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.disableAdmissionPlugins`

Kubernetes admission control plugins to disable. See https://kubernetes.io/docs/admin/admission-controllers/

Type: list of string

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.enable`

Whether to enable Kubernetes apiserver. Type: boolean

Default

false

Example

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.enableAdmissionPlugins`

Kubernetes admission control plugins to enable. See https://kubernetes.io/docs/admin/admission-controllers/

Type: list of string

Default

["NamespaceLifecycle""LimitRanger""ServiceAccount""ResourceQuota""DefaultStorageClass""DefaultTolerationSeconds""NodeRestriction"]

Example

["NamespaceLifecycle""NamespaceExists""LimitRanger""SecurityContextDeny""ServiceAccount""ResourceQuota""PodSecurityPolicy""NodeRestriction""DefaultStorageClass"]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.etcd.caFile`

Etcd ca file. Type: null or path

Default

config.services.kubernetes.caFile

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.etcd.certFile`

Etcd cert file. Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.etcd.keyFile`

Etcd key file. Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.etcd.servers`

List of etcd servers. Type: list of string

Default

["http://127.0.0.1:2379"]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.extraOpts`

Kubernetes apiserver extra command line options. Type: strings concatenated with " "

Default

""

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.extraSANs`

Extra x509 Subject Alternative Names to be added to the kubernetes apiserver tls cert. Type: list of string

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.featureGates`

List set of feature gates Type: list of string

Default

config.services.kubernetes.featureGates

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.kubeletClientCaFile`

Path to a cert file for connecting to kubelet. Type: null or path

Default

config.services.kubernetes.caFile

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.kubeletClientCertFile`

Client certificate to use for connections to kubelet. Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.kubeletClientKeyFile`

Key to use for connections to kubelet. Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.preferredAddressTypes`

List of the preferred NodeAddressTypes to use for kubelet connections. Type: null or string

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.proxyClientCertFile`

Client certificate to use for connections to proxy. Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.proxyClientKeyFile`

Key to use for connections to proxy. Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.runtimeConfig`

Api runtime configuration. See https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/

Type: string

Default

"authentication.k8s.io/v1beta1=true"

Example

"api/all=false,api/v1=true"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.securePort`

Kubernetes apiserver secure port. Type: signed integer

Default

6443

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.serviceAccountIssuer`

Kubernetes apiserver ServiceAccount issuer.

Type: string

Default

"https://kubernetes.default.svc"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.serviceAccountKeyFile`

File containing PEM-encoded x509 RSA or ECDSA private or public keys, used to verify ServiceAccount tokens. The specified file can contain multiple keys, and the flag can be specified multiple times with different files. If unspecified, --tls-private-key-file is used. Must be specified when --service-account-signing-key is provided

Type: path

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.serviceAccountSigningKeyFile`

Path to the file that contains the current private key of the service account token issuer. The issuer will sign issued ID tokens with this private key.

Type: path

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.serviceClusterIpRange`

A CIDR notation IP range from which to assign service cluster IPs. This must not overlap with any IP ranges assigned to nodes for pods.

Type: string

Default

"10.0.0.0/24"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.storageBackend`

Kubernetes apiserver storage backend.

Type: one of "etcd2", "etcd3"

Default

"etcd3"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.tlsCertFile`

Kubernetes apiserver certificate file. Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.tlsKeyFile`

Kubernetes apiserver private key file. Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.tokenAuthFile`

Kubernetes apiserver token authentication file. See https://kubernetes.io/docs/reference/access-authn-authz/authentication

Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.verbosity`

Optional glog verbosity level for logging statements. See https://github.com/kubernetes/community/blob/master/contributors/devel/logging.md

Type: null or signed integer

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserver.webhookConfig`

Kubernetes apiserver Webhook config file. It uses the kubeconfig file format. See https://kubernetes.io/docs/reference/access-authn-authz/webhook/

Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/apiserver.nix

`services.kubernetes.apiserverAddress`

Clusterwide accessible address for the kubernetes apiserver, including protocol and optional port.

Type: string

Example

"https://kubernetes-apiserver.example.com:6443"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/default.nix

`services.kubernetes.caFile`

Default kubernetes certificate authority Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/default.nix

`services.kubernetes.clusterCidr`

Kubernetes controller manager and proxy CIDR Range for Pods in cluster. Type: null or string

Default

"10.1.0.0/16"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/default.nix

`services.kubernetes.controllerManager.allocateNodeCIDRs`

Whether to automatically allocate CIDR ranges for cluster nodes. Type: boolean

Default

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/controller-manager.nix

`services.kubernetes.controllerManager.bindAddress`

Kubernetes controller manager listening address. Type: string

Default

"127.0.0.1"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/controller-manager.nix

`services.kubernetes.controllerManager.clusterCidr`

Kubernetes CIDR Range for Pods in cluster. Type: string

Default

config.services.kubernetes.clusterCidr

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/controller-manager.nix

`services.kubernetes.controllerManager.enable`

Whether to enable Kubernetes controller manager. Type: boolean

Default

false

Example

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/controller-manager.nix

`services.kubernetes.controllerManager.extraOpts`

Kubernetes controller manager extra command line options. Type: strings concatenated with " "

Default

""

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/controller-manager.nix

`services.kubernetes.controllerManager.featureGates`

List set of feature gates Type: list of string

Default

config.services.kubernetes.featureGates

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/controller-manager.nix

`services.kubernetes.controllerManager.kubeconfig.caFile`

Kubernetes controller manager certificate authority file used to connect to kube-apiserver. Type: null or path

Default

config.services.kubernetes.caFile

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/controller-manager.nix

`services.kubernetes.controllerManager.kubeconfig.certFile`

Kubernetes controller manager client certificate file used to connect to kube-apiserver. Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/controller-manager.nix

`services.kubernetes.controllerManager.kubeconfig.keyFile`

Kubernetes controller manager client key file used to connect to kube-apiserver. Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/controller-manager.nix

`services.kubernetes.controllerManager.kubeconfig.server`

Kubernetes controller manager kube-apiserver server address. Type: string

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/controller-manager.nix

`services.kubernetes.controllerManager.leaderElect`

Whether to start leader election before executing main loop. Type: boolean

Default

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/controller-manager.nix

`services.kubernetes.controllerManager.rootCaFile`

Kubernetes controller manager certificate authority file included in service account's token secret.

Type: null or path

Default

config.services.kubernetes.caFile

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/controller-manager.nix

`services.kubernetes.controllerManager.securePort`

Kubernetes controller manager secure listening port. Type: signed integer

Default

10252

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/controller-manager.nix

`services.kubernetes.controllerManager.serviceAccountKeyFile`

Kubernetes controller manager PEM-encoded private RSA key file used to sign service account tokens

Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/controller-manager.nix

`services.kubernetes.controllerManager.tlsCertFile`

Kubernetes controller-manager certificate file. Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/controller-manager.nix

`services.kubernetes.controllerManager.tlsKeyFile`

Kubernetes controller-manager private key file. Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/controller-manager.nix

`services.kubernetes.controllerManager.verbosity`

Optional glog verbosity level for logging statements. See https://github.com/kubernetes/community/blob/master/contributors/devel/logging.md

Type: null or signed integer

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/controller-manager.nix

`services.kubernetes.dataDir`

Kubernetes root directory for managing kubelet files. Type: path

Default

"/var/lib/kubernetes"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/default.nix

`services.kubernetes.easyCerts`

Automatically setup x509 certificates and keys for the entire cluster. Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/default.nix

`services.kubernetes.featureGates`

List set of feature gates. Type: list of string

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/default.nix

`services.kubernetes.flannel.enable`

Whether to enable flannel networking. Type: boolean

Default

false

Example

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/flannel.nix

`services.kubernetes.flannel.openFirewallPorts`

Whether to open the Flannel UDP ports in the firewall on all interfaces. Type: boolean

Default

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/flannel.nix

`services.kubernetes.kubeconfig.caFile`

Default kubeconfig certificate authority file used to connect to kube-apiserver. Type: null or path

Default

config.services.kubernetes.caFile

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/default.nix

`services.kubernetes.kubeconfig.certFile`

Default kubeconfig client certificate file used to connect to kube-apiserver. Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/default.nix

`services.kubernetes.kubeconfig.keyFile`

Default kubeconfig client key file used to connect to kube-apiserver. Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/default.nix

`services.kubernetes.kubeconfig.server`

Default kubeconfig kube-apiserver server address. Type: string

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/default.nix

`services.kubernetes.kubelet.address`

Kubernetes kubelet info server listening address. Type: string

Default

"0.0.0.0"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/kubelet.nix

`services.kubernetes.kubelet.clientCaFile`

Kubernetes apiserver CA file for client authentication. Type: null or path

Default

config.services.kubernetes.caFile

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/kubelet.nix

`services.kubernetes.kubelet.clusterDns`

Use alternative DNS. Type: string

Default

"10.1.0.1"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/kubelet.nix

`services.kubernetes.kubelet.clusterDomain`

Use alternative domain. Type: string

Default

config.services.kubernetes.addons.dns.clusterDomain

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/kubelet.nix

`services.kubernetes.kubelet.cni.config`

Kubernetes CNI configuration. Type: list of (attribute set)

Default

[ ]

Example

[{"cniVersion": "0.3.1","name": "mynet","type": "bridge","bridge": "cni0","isGateway": true,"ipMasq": true,"ipam": {"type": "host-local","subnet": "10.22.0.0/16","routes": [{ "dst": "0.0.0.0/0" }]}} {"cniVersion": "0.3.1","type": "loopback"}]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/kubelet.nix

`services.kubernetes.kubelet.cni.configDir`

Path to Kubernetes CNI configuration directory. Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/kubelet.nix

`services.kubernetes.kubelet.cni.packages`

List of network plugin packages to install. Type: list of package

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/kubelet.nix

`services.kubernetes.kubelet.containerRuntimeEndpoint`

Endpoint at which to find the container runtime api interface/socket Type: string

Default

"unix:///run/containerd/containerd.sock"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/kubelet.nix

`services.kubernetes.kubelet.enable`

Whether to enable Kubernetes kubelet. Type: boolean

Default

false

Example

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/kubelet.nix

`services.kubernetes.kubelet.extraOpts`

Kubernetes kubelet extra command line options. Type: strings concatenated with " "

Default

""

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/kubelet.nix

`services.kubernetes.kubelet.featureGates`

List set of feature gates Type: list of string

Default

config.services.kubernetes.featureGates

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/kubelet.nix

`services.kubernetes.kubelet.healthz.bind`

Kubernetes kubelet healthz listening address. Type: string

Default

"127.0.0.1"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/kubelet.nix

`services.kubernetes.kubelet.healthz.port`

Kubernetes kubelet healthz port. Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default

10248

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/kubelet.nix

`services.kubernetes.kubelet.hostname`

Kubernetes kubelet hostname override. Type: string

Default

config.networking.fqdnOrHostName

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/kubelet.nix

`services.kubernetes.kubelet.kubeconfig.caFile`

Kubelet certificate authority file used to connect to kube-apiserver. Type: null or path

Default

config.services.kubernetes.caFile

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/kubelet.nix

`services.kubernetes.kubelet.kubeconfig.certFile`

Kubelet client certificate file used to connect to kube-apiserver. Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/kubelet.nix

`services.kubernetes.kubelet.kubeconfig.keyFile`

Kubelet client key file used to connect to kube-apiserver. Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/kubelet.nix

`services.kubernetes.kubelet.kubeconfig.server`

Kubelet kube-apiserver server address. Type: string

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/kubelet.nix

`services.kubernetes.kubelet.manifests`

List of manifests to bootstrap with kubelet (only pods can be created as manifest entry) Type: attribute set of (attribute set)

Default

{ }

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/kubelet.nix

`services.kubernetes.kubelet.nodeIp`

IP address of the node. If set, kubelet will use this IP address for the node. Type: null or string

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/kubelet.nix

`services.kubernetes.kubelet.port`

Kubernetes kubelet info server listening port. Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default

10250

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/kubelet.nix

`services.kubernetes.kubelet.registerNode`

Whether to auto register kubelet with API server. Type: boolean

Default

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/kubelet.nix

`services.kubernetes.kubelet.seedDockerImages`

List of docker images to preload on system Type: list of package

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/kubelet.nix

`services.kubernetes.kubelet.taints`

Node taints (https://kubernetes.io/docs/concepts/configuration/assign-pod-node/). Type: attribute set of (submodule)

Default

{ }

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/kubelet.nix

`services.kubernetes.kubelet.taints.<name>.effect`

Effect of taint. Type: one of "NoSchedule", "PreferNoSchedule", "NoExecute"

Example

"NoSchedule"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/kubelet.nix

`services.kubernetes.kubelet.taints.<name>.key`

Key of taint. Type: string

Default

Name of this submodule.

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/kubelet.nix

`services.kubernetes.kubelet.taints.<name>.value`

Value of taint. Type: string

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/kubelet.nix

`services.kubernetes.kubelet.tlsCertFile`

File containing x509 Certificate for HTTPS. Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/kubelet.nix

`services.kubernetes.kubelet.tlsKeyFile`

File containing x509 private key matching tlsCertFile. Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/kubelet.nix

`services.kubernetes.kubelet.unschedulable`

Whether to set node taint to unschedulable=true as it is the case of node that has only master role. Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/kubelet.nix

`services.kubernetes.kubelet.verbosity`

Optional glog verbosity level for logging statements. See https://github.com/kubernetes/community/blob/master/contributors/devel/logging.md

Type: null or signed integer

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/kubelet.nix

`services.kubernetes.lib`

Common functions for the kubernetes modules. Type: attribute set

Default

{mkCert = <function, args: {CN, action?, fields?, hosts?, name, privateKeyGroup?, privateKeyOwner?}>;mkKubeConfig = <function>;mkKubeConfigOptions = <function>;}

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/default.nix

`services.kubernetes.masterAddress`

Clusterwide available network address or hostname for the kubernetes master server. Type: string

Example

"master.example.com"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/default.nix

`services.kubernetes.package`

The kubernetes package to use. Type: package

Default

pkgs.kubernetes

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/default.nix

`services.kubernetes.path`

Packages added to the services' PATH environment variable. Both the bin and sbin subdirectories of each package are added. Type: list of package

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/default.nix

`services.kubernetes.pki.caCertPathPrefix`

Path-prefrix for the CA-certificate to be used for cfssl signing. Suffixes ".pem" and "-key.pem" will be automatically appended for the public and private keys respectively.

Type: string

Default

"${config.services.cfssl.dataDir}/ca"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/pki.nix

`services.kubernetes.pki.caSpec`

Certificate specification for the auto-generated CAcert. Type: attribute set

Default

{CN = "kubernetes-cluster-ca";L = "auto-generated";O = "NixOS";OU = "services.kubernetes.pki.caSpec";}

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/pki.nix

`services.kubernetes.pki.certs`

List of certificate specs to feed to cert generator. Type: attribute set

Default

{ }

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/pki.nix

`services.kubernetes.pki.cfsslAPIExtraSANs`

Extra x509 Subject Alternative Names to be added to the cfssl API webserver TLS cert.

Type: list of string

Default

[ ]

Example

["subdomain.example.com"]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/pki.nix

`services.kubernetes.pki.enable`

Whether to enable easyCert issuer service. Type: boolean

Default

false

Example

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/pki.nix

`services.kubernetes.pki.etcClusterAdminKubeconfig`

Symlink a kubeconfig with cluster-admin privileges to environment path (/etc/\<path>).

Type: null or string

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/pki.nix

`services.kubernetes.pki.genCfsslAPICerts`

Whether to automatically generate cfssl API webserver TLS cert and key, if they don't exist.

Type: boolean

Default

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/pki.nix

`services.kubernetes.pki.genCfsslAPIToken`

Whether to automatically generate cfssl API-token secret, if they doesn't exist.

Type: boolean

Default

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/pki.nix

`services.kubernetes.pki.genCfsslCACert`

Whether to automatically generate cfssl CA certificate and key, if they don't exist.

Type: boolean

Default

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/pki.nix

`services.kubernetes.pki.pkiTrustOnBootstrap`

Whether to always trust remote cfssl server upon initial PKI bootstrap. Type: boolean

Default

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/pki.nix

`services.kubernetes.proxy.bindAddress`

Kubernetes proxy listening address. Type: string

Default

"0.0.0.0"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/proxy.nix

`services.kubernetes.proxy.enable`

Whether to enable Kubernetes proxy. Type: boolean

Default

false

Example

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/proxy.nix

`services.kubernetes.proxy.extraOpts`

Kubernetes proxy extra command line options. Type: strings concatenated with " "

Default

""

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/proxy.nix

`services.kubernetes.proxy.featureGates`

List set of feature gates Type: list of string

Default

config.services.kubernetes.featureGates

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/proxy.nix

`services.kubernetes.proxy.hostname`

Kubernetes proxy hostname override. Type: string

Default

config.networking.hostName

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/proxy.nix

`services.kubernetes.proxy.kubeconfig.caFile`

Kubernetes proxy certificate authority file used to connect to kube-apiserver. Type: null or path

Default

config.services.kubernetes.caFile

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/proxy.nix

`services.kubernetes.proxy.kubeconfig.certFile`

Kubernetes proxy client certificate file used to connect to kube-apiserver. Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/proxy.nix

`services.kubernetes.proxy.kubeconfig.keyFile`

Kubernetes proxy client key file used to connect to kube-apiserver. Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/proxy.nix

`services.kubernetes.proxy.kubeconfig.server`

Kubernetes proxy kube-apiserver server address. Type: string

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/proxy.nix

`services.kubernetes.proxy.verbosity`

Optional glog verbosity level for logging statements. See https://github.com/kubernetes/community/blob/master/contributors/devel/logging.md

Type: null or signed integer

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/kubernetes/proxy.nix

`services.kubernetes.roles`

Kubernetes role that this machine should take.

Master role will enable etcd, apiserver, scheduler, controller manager addon manager, flannel and proxy services. Node role will enable flannel, docker, kubelet and proxy services.

Type: list of (one of "master", "node")