nixos/k3s: add extraKubeProxyConfig option to add nftables to k3s's path

NixOS · Dec 3, 2024 · ad993db · ad993db
1 parent 1c7406a
commit ad993db
Showing 1 changed file with 26 additions and 1 deletion.
diff --git a/nixos/modules/services/cluster/k3s/default.nix b/nixos/modules/services/cluster/k3s/default.nix
@@ -434,6 +434,20 @@ in
         for further information.
       '';
     };
+
+    extraKubeProxyConfig = lib.mkOption {
+      type = with lib.types; attrsOf anything;
+      default = { };
+      example = {
+        mode = "nftables";
+      };
+      description = ''
+        Extra configuration to add to the kube-proxy's configuration file. The subset of the kube-proxy's
+        configuration that can be configured via a file is defined by the
+        [KubeProxyConfiguration](https://kubernetes.io/docs/reference/config-api/kube-proxy-config.v1alpha1/)
+        struct.
+      '';
+    };
   };
 
   # implementation
@@ -486,6 +500,14 @@ in
           }
           // kubeletParams
         );
+
+        kubeProxyConfig = (pkgs.formats.yaml {}).generate "k3s-kubeProxy-config" (
+            {
+              apiVersion = "kubeproxy.config.k8s.io/v1alpha1";
+              kind = "KubeProxyConfiguration";
+            }
+            // cfg.extraKubeProxyConfig
+            );
       in
       {
         description = "k3s service";
@@ -498,7 +520,9 @@ in
           "network-online.target"
         ];
         wantedBy = [ "multi-user.target" ];
-        path = lib.optional config.boot.zfs.enabled config.boot.zfs.package;
+        path =
+          (lib.optional config.boot.zfs.enabled config.boot.zfs.package) ++
+          (lib.optional (cfg.extraKubeProxyConfig.mode == "nftables") pkgs.nftables);
         serviceConfig = {
           # See: https://github.com/rancher/k3s/blob/dddbd16305284ae4bd14c0aade892412310d7edc/install.sh#L197
           Type = if cfg.role == "agent" then "exec" else "notify";
@@ -521,6 +545,7 @@ in
             ++ (lib.optional (cfg.tokenFile != null) "--token-file ${cfg.tokenFile}")
             ++ (lib.optional (cfg.configPath != null) "--config ${cfg.configPath}")
             ++ (lib.optional (kubeletParams != { }) "--kubelet-arg=config=${kubeletConfig}")
+            ++ (lib.optional (cfg.extraKubeProxyConfig != { }) "--kube-proxy-arg=config=${kubeProxyConfig}")
             ++ (lib.flatten cfg.extraFlags)
           );
         };