[CLUSTER] Traefik, cloudflare, firewall, ...

2026-02-09 04:19:19 -08:00 · 2023-05-01 10:00:27 -07:00 · 2023-05-01 10:00:27 -07:00 · 9298e8ecdb
commit 9298e8ecdb
parent 3cdb41f137
3 changed files with 14 additions and 4 deletions
--- a/nixos/roles/k8s-cluster/kubernetes.nix
+++ b/nixos/roles/k8s-cluster/kubernetes.nix
@ -1,4 +1,9 @@
-{pkgs, ...}: let
+{
+  pkgs,
+  lib,
+  ...
+}: let
+  inherit (lib.modules) mkForce;
  kubeMasterIP = "100.105.14.66";
  kubeMasterHostname = "ran.gensokyo.zone";
  kubeMasterAPIServerPort = 6443;
@ -11,7 +16,7 @@ in {
  ];

  networking = {
-    firewall.enable = false;
+    firewall.enable = mkForce false;
    extraHosts = "${kubeMasterIP} ${kubeMasterHostname}";
  };

@ -27,6 +32,7 @@ in {
    apiserver = {
      securePort = kubeMasterAPIServerPort;
      advertiseAddress = kubeMasterIP;
+      extraOpts = "--service-node-port-range=1-65535";
    };
  };
 }