tjh.dev / nixpkgs
nixpkgs mirror (for testing) github.com/NixOS/nixpkgs
nix
fork atom
nixpkgs / pkgs / applications / networking / cluster / k3s / docs / examples / STORAGE.md
at devShellTools-shell 3.3 kB view raw view code

Storage Examples#

The following are some NixOS specific considerations for specific storage mechanisms with kubernetes/k3s.

Longhorn#

NixOS configuration required for Longhorn:

environment.systemPackages = [ pkgs.nfs-utils ];
services.openiscsi = {
  enable = true;
  name = "${config.networking.hostName}-initiatorhost";
};

Longhorn container has trouble with NixOS path. Solution is to override PATH environment variable, such as:

PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin

Kyverno Policy for Fixing Longhorn Container for NixOS

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: longhorn-nixos-path
  namespace: longhorn-system
data:
  PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin
---
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: longhorn-add-nixos-path
  annotations:
    policies.kyverno.io/title: Add Environment Variables from ConfigMap
    policies.kyverno.io/subject: Pod
    policies.kyverno.io/category: Other
    policies.kyverno.io/description: >-
      Longhorn invokes executables on the host system, and needs
      to be aware of the host systems PATH. This modifies all
      deployments such that the PATH is explicitly set to support
      NixOS based systems.
spec:
  rules:
    - name: add-env-vars
      match:
        resources:
          kinds:
            - Pod
          namespaces:
            - longhorn-system
      mutate:
        patchStrategicMerge:
          spec:
            initContainers:
              - (name): "*"
                envFrom:
                  - configMapRef:
                      name: longhorn-nixos-path
            containers:
              - (name): "*"
                envFrom:
                  - configMapRef:
                      name: longhorn-nixos-path
---

NFS#

NixOS configuration required for NFS:

boot.supportedFilesystems = [ "nfs" ];
services.rpcbind.enable = true;

Rook/Ceph#

In order to support Rook/Ceph, the following NixOS kernelModule configuration is required:

  boot.kernelModules = [ "rbd" ];

ZFS Snapshot Support#

K3s's builtin containerd does not support the zfs snapshotter. However, it is possible to configure it to use an external containerd:

virtualisation.containerd = {
  enable = true;
  settings =
    let
      fullCNIPlugins = pkgs.buildEnv {
        name = "full-cni";
        paths = with pkgs;[
          cni-plugins
          cni-plugin-flannel
        ];
      };
    in {
      plugins."io.containerd.grpc.v1.cri".cni = {
        bin_dir = "${fullCNIPlugins}/bin";
        conf_dir = "/var/lib/rancher/k3s/agent/etc/cni/net.d/";
      };
      # Optionally set private registry credentials here instead of using /etc/rancher/k3s/registries.yaml
      # plugins."io.containerd.grpc.v1.cri".registry.configs."registry.example.com".auth = {
      #  username = "";
      #  password = "";
      # };
    };
};
# TODO describe how to enable zfs snapshotter in containerd
services.k3s.extraFlags = toString [
  "--container-runtime-endpoint unix:///run/containerd/containerd.sock"
];