80 lines
2.9 KiB
Nix
80 lines
2.9 KiB
Nix
{ pkgs, ... }:
|
|
|
|
{
|
|
# TODO: see if this works with podman
|
|
# TODO: check if docker/podman is enabled
|
|
|
|
# Rootless K3S
|
|
|
|
# FIXME
|
|
environment.systemPackages = with pkgs; [
|
|
k3s
|
|
rootlesskit
|
|
slirp4netns
|
|
];
|
|
|
|
# running K3S on rootless docker was causing the following error: "failed to find cpuset cgroup (v2)" (in `docker logs k3d-lab-server-0` output)
|
|
#
|
|
# see <https://docs.k3s.io/advanced#known-issues-with-rootless-mode>
|
|
# see <https://rootlesscontaine.rs/getting-started/common/cgroup2/>
|
|
# see <https://discourse.nixos.org/t/declarative-rootless-k3s/49839>
|
|
systemd.services."user@".serviceConfig.Delegate = "cpu cpuset io memory pids";
|
|
|
|
# taken from <https://github.com/k3s-io/k3s/blob/main/k3s-rootless.service> as described in <https://docs.k3s.io/advanced#known-issues-with-rootless-mode#Rootless>
|
|
systemd.user.services."k3s-rootless" = with pkgs; {
|
|
path = with pkgs; [
|
|
"${rootlesskit}"
|
|
"${slirp4netns}"
|
|
"${fuse-overlayfs}"
|
|
"${fuse3}"
|
|
"/run/wrappers"
|
|
];
|
|
# systemd unit file for k3s (rootless)
|
|
#
|
|
# Usage:
|
|
# - [Optional] Enable cgroup v2 delegation, see https://rootlesscontaine.rs/getting-started/common/cgroup2/ .
|
|
# This step is optional, but highly recommended for enabling CPU and memory resource limtitation.
|
|
#
|
|
# - Copy this file as `~/.config/systemd/user/k3s-rootless.service`.
|
|
# Installing this file as a system-wide service (`/etc/systemd/...`) is not supported.
|
|
# Depending on the path of `k3s` binary, you might need to modify the `ExecStart=/usr/local/bin/k3s ...` line of this file.
|
|
#
|
|
# - Run `systemctl --user daemon-reload`
|
|
#
|
|
# - Run `systemctl --user enable --now k3s-rootless`
|
|
#
|
|
# - Run `KUBECONFIG=~/.kube/k3s.yaml kubectl get pods -A`, and make sure the pods are running.
|
|
#
|
|
# Troubleshooting:
|
|
# - See `systemctl --user status k3s-rootless` to check the daemon status
|
|
# - See `journalctl --user -f -u k3s-rootless` to see the daemon log
|
|
# - See also https://rootlesscontaine.rs/
|
|
enable = true;
|
|
description = "k3s (Rootless)";
|
|
serviceConfig = {
|
|
# NOTE: Don't try to run `k3s server --rootless` on a terminal, as it doesn't enable cgroup v2 delegation.
|
|
# If you really need to try it on a terminal, prepend `systemd-run --user -p Delegate=yes --tty` to create a systemd scope.
|
|
ExecStart = "${k3s}/bin/k3s server --rootless --snapshotter=fuse-overlayfs";
|
|
ExecReload = "/run/current-system/sw/bin/kill -s HUP $MAINPID";
|
|
TimeoutSec = 0;
|
|
RestartSec = 2;
|
|
Restart = "always";
|
|
StartLimitBurst = 3;
|
|
StartLimitInterval = "60s";
|
|
LimitNOFILE = "infinity";
|
|
LimitNPROC = "infinity";
|
|
LimitCORE = "infinity";
|
|
TasksMax = "infinity";
|
|
Delegate = "yes";
|
|
Type = "simple";
|
|
KillMode = "mixed";
|
|
};
|
|
|
|
wantedBy = [ "default.target" ];
|
|
};
|
|
|
|
boot.kernel.sysctl = {
|
|
"net.ipv4.ip_forward" = 1;
|
|
};
|
|
}
|