nixos/k3s: add nftables to Path of k3s service (#360796)

NixOS · Dec 9, 2024 · 37da609 · 37da609
2 parents f9f5919 + 7ece479
commit 37da609
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 0 deletions.
diff --git a/nixos/modules/services/cluster/k3s/default.nix b/nixos/modules/services/cluster/k3s/default.nix
@@ -434,6 +434,22 @@ in
         for further information.
       '';
     };
+
+    extraKubeProxyConfig = lib.mkOption {
+      type = with lib.types; attrsOf anything;
+      default = { };
+      example = {
+        mode = "nftables";
+        clientConnection.kubeconfig = "/var/lib/rancher/k3s/agent/kubeproxy.kubeconfig";
+      };
+      description = ''
+        Extra configuration to add to the kube-proxy's configuration file. The subset of the kube-proxy's
+        configuration that can be configured via a file is defined by the
+        [KubeProxyConfiguration](https://kubernetes.io/docs/reference/config-api/kube-proxy-config.v1alpha1/)
+        struct. Note that the kubeconfig param will be override by `clientConnection.kubeconfig`, so you must
+        set the `clientConnection.kubeconfig` if you want to use `extraKubeProxyConfig`.
+      '';
+    };
   };
 
   # implementation
@@ -486,6 +502,14 @@ in
           }
           // kubeletParams
         );
+
+        kubeProxyConfig = (pkgs.formats.yaml { }).generate "k3s-kubeProxy-config" (
+          {
+            apiVersion = "kubeproxy.config.k8s.io/v1alpha1";
+            kind = "KubeProxyConfiguration";
+          }
+          // cfg.extraKubeProxyConfig
+        );
       in
       {
         description = "k3s service";
@@ -521,6 +545,7 @@ in
             ++ (lib.optional (cfg.tokenFile != null) "--token-file ${cfg.tokenFile}")
             ++ (lib.optional (cfg.configPath != null) "--config ${cfg.configPath}")
             ++ (lib.optional (kubeletParams != { }) "--kubelet-arg=config=${kubeletConfig}")
+            ++ (lib.optional (cfg.extraKubeProxyConfig != { }) "--kube-proxy-arg=config=${kubeProxyConfig}")
             ++ (lib.flatten cfg.extraFlags)
           );
         };

diff --git a/pkgs/applications/networking/cluster/k3s/builder.nix b/pkgs/applications/networking/cluster/k3s/builder.nix
@@ -50,6 +50,7 @@ lib:
   iproute2,
   ipset,
   iptables,
+  nftables,
   kmod,
   lib,
   libseccomp,
@@ -362,6 +363,7 @@ buildGoModule rec {
     kmod
     socat
     iptables
+    nftables
     iproute2
     ipset
     bridge-utils