colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #309904 from superherointj/k3s-format-rfc

Browse Source 
k3s: enforce rfc 0166 format
This commit is contained in:
superherointj 2024-05-10 20:25:35 -03:00 committed by GitHub
commit 602a9cec5b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
14 changed files with 525 additions and 331 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.git-blame-ignore-revs
View File

@ -111,3 +111,6 @@ fb0e5be84331188a69b3edd31679ca6576edb75a
# pkgs/os-specific/bsd: Reformat with nixfmt-rfc-style 2024-03-01 # pkgs/os-specific/bsd: Reformat with nixfmt-rfc-style 2024-03-01
3fe3b055adfc020e6a923c466b6bcd978a13069a 3fe3b055adfc020e6a923c466b6bcd978a13069a
# k3s: format with nixfmt-rfc-style
0b7900d5e8e0bcac89e14a52d3e840f9201e9f47

4
.github/workflows/check-nix-format.yml vendored
View File

@ -39,6 +39,10 @@ jobs:
pkgs/development/cuda-modules pkgs/development/cuda-modules
pkgs/test/cuda pkgs/test/cuda
pkgs/top-level/cuda-packages.nix pkgs/top-level/cuda-packages.nix
NIX_FMT_PATHS_K3S: |
nixos/modules/services/cluster/k3s
nixos/tests/k3s
pkgs/applications/networking/cluster/k3s
NIX_FMT_PATHS_VSCODE_EXTS: pkgs/applications/editors/vscode/extensions NIX_FMT_PATHS_VSCODE_EXTS: pkgs/applications/editors/vscode/extensions
NIX_FMT_PATHS_PHP_PACKAGES: pkgs/development/php-packages NIX_FMT_PATHS_PHP_PACKAGES: pkgs/development/php-packages
NIX_FMT_PATHS_BUILD_SUPPORT_PHP: pkgs/build-support/php NIX_FMT_PATHS_BUILD_SUPPORT_PHP: pkgs/build-support/php

44
nixos/modules/services/cluster/k3s/default.nix
View File

@ -1,15 +1,25 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
let let
cfg = config.services.k3s; cfg = config.services.k3s;
removeOption = config: instruction: removeOption =
lib.mkRemovedOptionModule ([ "services" "k3s" ] ++ config) instruction; config: instruction:
lib.mkRemovedOptionModule (
[
"services"
"k3s"
]
++ config
) instruction;
in in
{ {
imports = [ imports = [ (removeOption [ "docker" ] "k3s docker option is no longer supported.") ];
(removeOption [ "docker" ] "k3s docker option is no longer supported.")
];
# interface # interface
options.services.k3s = { options.services.k3s = {
@ -33,7 +43,10 @@ in
- `serverAddr` is required. - `serverAddr` is required.
''; '';
default = "server"; default = "server";
type = types.enum [ "server" "agent" ]; type = types.enum [
"server"
"agent"
];
}; };
serverAddr = mkOption { serverAddr = mkOption {
@ -125,7 +138,8 @@ in
message = "serverAddr or configPath (with 'server' key) should be set if role is 'agent'"; message = "serverAddr or configPath (with 'server' key) should be set if role is 'agent'";
} }
{ {
assertion = cfg.role == "agent" -> cfg.configPath != null || cfg.tokenFile != null || cfg.token != ""; assertion =
cfg.role == "agent" -> cfg.configPath != null || cfg.tokenFile != null || cfg.token != "";
message = "token or tokenFile or configPath (with 'token' or 'token-file' keys) should be set if role is 'agent'"; message = "token or tokenFile or configPath (with 'token' or 'token-file' keys) should be set if role is 'agent'";
} }
{ {
@ -142,8 +156,14 @@ in
systemd.services.k3s = { systemd.services.k3s = {
description = "k3s service"; description = "k3s service";
after = [ "firewall.service" "network-online.target" ]; after = [
wants = [ "firewall.service" "network-online.target" ]; "firewall.service"
"network-online.target"
];
wants = [
"firewall.service"
"network-online.target"
];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
path = optional config.boot.zfs.enabled config.boot.zfs.package; path = optional config.boot.zfs.enabled config.boot.zfs.package;
serviceConfig = { serviceConfig = {
@ -159,9 +179,7 @@ in
TasksMax = "infinity"; TasksMax = "infinity";
EnvironmentFile = cfg.environmentFile; EnvironmentFile = cfg.environmentFile;
ExecStart = concatStringsSep " \\\n " ( ExecStart = concatStringsSep " \\\n " (
[ [ "${cfg.package}/bin/k3s ${cfg.role}" ]
"${cfg.package}/bin/k3s ${cfg.role}"
]
++ (optional cfg.clusterInit "--cluster-init") ++ (optional cfg.clusterInit "--cluster-init")
++ (optional cfg.disableAgent "--disable-agent") ++ (optional cfg.disableAgent "--disable-agent")
++ (optional (cfg.serverAddr != "") "--server ${cfg.serverAddr}") ++ (optional (cfg.serverAddr != "") "--server ${cfg.serverAddr}")

18
nixos/tests/k3s/default.nix
View File

@ -1,16 +1,20 @@
{ system ? builtins.currentSystem {
, pkgs ? import ../../.. { inherit system; } system ? builtins.currentSystem,
, lib ? pkgs.lib pkgs ? import ../../.. { inherit system; },
lib ? pkgs.lib,
}: }:
let let
allK3s = lib.filterAttrs (n: _: lib.strings.hasPrefix "k3s_" n) pkgs; allK3s = lib.filterAttrs (n: _: lib.strings.hasPrefix "k3s_" n) pkgs;
in in
{ {
# Testing K3s with Etcd backend # Testing K3s with Etcd backend
etcd = lib.mapAttrs (_: k3s: import ./etcd.nix { etcd = lib.mapAttrs (
inherit system pkgs k3s; _: k3s:
inherit (pkgs) etcd; import ./etcd.nix {
}) allK3s; inherit system pkgs k3s;
inherit (pkgs) etcd;
}
) allK3s;
# Run a single node k3s cluster and verify a pod can run # Run a single node k3s cluster and verify a pod can run
single-node = lib.mapAttrs (_: k3s: import ./single-node.nix { inherit system pkgs k3s; }) allK3s; single-node = lib.mapAttrs (_: k3s: import ./single-node.nix { inherit system pkgs k3s; }) allK3s;
# Run a multi-node k3s cluster and verify pod networking works across nodes # Run a multi-node k3s cluster and verify pod networking works across nodes

196
nixos/tests/k3s/etcd.nix
View File

@ -1,100 +1,130 @@
import ../make-test-python.nix ({ pkgs, lib, k3s, etcd, ... }: import ../make-test-python.nix (
{
pkgs,
lib,
k3s,
etcd,
...
}:
{ {
name = "${k3s.name}-etcd"; name = "${k3s.name}-etcd";
nodes = { nodes = {
etcd = { ... }: { etcd =
services.etcd = { { ... }:
enable = true; {
openFirewall = true; services.etcd = {
listenClientUrls = [ "http://192.168.1.1:2379" "http://127.0.0.1:2379" ]; enable = true;
listenPeerUrls = [ "http://192.168.1.1:2380" ]; openFirewall = true;
initialAdvertisePeerUrls = [ "http://192.168.1.1:2380" ]; listenClientUrls = [
initialCluster = [ "etcd=http://192.168.1.1:2380" ]; "http://192.168.1.1:2379"
}; "http://127.0.0.1:2379"
networking = { ];
useDHCP = false; listenPeerUrls = [ "http://192.168.1.1:2380" ];
defaultGateway = "192.168.1.1"; initialAdvertisePeerUrls = [ "http://192.168.1.1:2380" ];
interfaces.eth1.ipv4.addresses = pkgs.lib.mkForce [ initialCluster = [ "etcd=http://192.168.1.1:2380" ];
{ address = "192.168.1.1"; prefixLength = 24; } };
]; networking = {
}; useDHCP = false;
}; defaultGateway = "192.168.1.1";
interfaces.eth1.ipv4.addresses = pkgs.lib.mkForce [
k3s = { pkgs, ... }: { {
environment.systemPackages = with pkgs; [ jq ]; address = "192.168.1.1";
# k3s uses enough resources the default vm fails. prefixLength = 24;
virtualisation.memorySize = 1536; }
virtualisation.diskSize = 4096; ];
};
services.k3s = { };
enable = true;
role = "server"; k3s =
extraFlags = builtins.toString [ { pkgs, ... }:
"--datastore-endpoint=\"http://192.168.1.1:2379\"" {
"--disable" "coredns" environment.systemPackages = with pkgs; [ jq ];
"--disable" "local-storage" # k3s uses enough resources the default vm fails.
"--disable" "metrics-server" virtualisation.memorySize = 1536;
"--disable" "servicelb" virtualisation.diskSize = 4096;
"--disable" "traefik"
"--node-ip" "192.168.1.2" services.k3s = {
]; enable = true;
}; role = "server";
extraFlags = builtins.toString [
networking = { "--datastore-endpoint=\"http://192.168.1.1:2379\""
firewall = { "--disable"
allowedTCPPorts = [ 2379 2380 6443 ]; "coredns"
allowedUDPPorts = [ 8472 ]; "--disable"
"local-storage"
"--disable"
"metrics-server"
"--disable"
"servicelb"
"--disable"
"traefik"
"--node-ip"
"192.168.1.2"
];
};
networking = {
firewall = {
allowedTCPPorts = [
2379
2380
6443
];
allowedUDPPorts = [ 8472 ];
};
useDHCP = false;
defaultGateway = "192.168.1.2";
interfaces.eth1.ipv4.addresses = pkgs.lib.mkForce [
{
address = "192.168.1.2";
prefixLength = 24;
}
];
};
}; };
useDHCP = false;
defaultGateway = "192.168.1.2";
interfaces.eth1.ipv4.addresses = pkgs.lib.mkForce [
{ address = "192.168.1.2"; prefixLength = 24; }
];
};
}; };
}; testScript = ''
with subtest("should start etcd"):
etcd.start()
etcd.wait_for_unit("etcd.service")
testScript = '' with subtest("should wait for etcdctl endpoint status to succeed"):
with subtest("should start etcd"): etcd.wait_until_succeeds("etcdctl endpoint status")
etcd.start()
etcd.wait_for_unit("etcd.service")
with subtest("should wait for etcdctl endpoint status to succeed"): with subtest("should start k3s"):
etcd.wait_until_succeeds("etcdctl endpoint status") k3s.start()
k3s.wait_for_unit("k3s")
with subtest("should start k3s"): with subtest("should test if kubectl works"):
k3s.start() k3s.wait_until_succeeds("k3s kubectl get node")
k3s.wait_for_unit("k3s")
with subtest("should test if kubectl works"): with subtest("should wait for service account to show up; takes a sec"):
k3s.wait_until_succeeds("k3s kubectl get node") k3s.wait_until_succeeds("k3s kubectl get serviceaccount default")
with subtest("should wait for service account to show up; takes a sec"): with subtest("should create a sample secret object"):
k3s.wait_until_succeeds("k3s kubectl get serviceaccount default") k3s.succeed("k3s kubectl create secret generic nixossecret --from-literal thesecret=abacadabra")
with subtest("should create a sample secret object"): with subtest("should check if secret is correct"):
k3s.succeed("k3s kubectl create secret generic nixossecret --from-literal thesecret=abacadabra") k3s.wait_until_succeeds("[[ $(kubectl get secrets nixossecret -o json | jq -r .data.thesecret | base64 -d) == abacadabra ]]")
with subtest("should check if secret is correct"): with subtest("should have a secret in database"):
k3s.wait_until_succeeds("[[ $(kubectl get secrets nixossecret -o json | jq -r .data.thesecret | base64 -d) == abacadabra ]]") etcd.wait_until_succeeds("[[ $(etcdctl get /registry/secrets/default/nixossecret | head -c1 | wc -c) -ne 0 ]]")
with subtest("should have a secret in database"): with subtest("should delete the secret"):
etcd.wait_until_succeeds("[[ $(etcdctl get /registry/secrets/default/nixossecret | head -c1 | wc -c) -ne 0 ]]") k3s.succeed("k3s kubectl delete secret nixossecret")
with subtest("should delete the secret"): with subtest("should not have a secret in database"):
k3s.succeed("k3s kubectl delete secret nixossecret") etcd.wait_until_fails("[[ $(etcdctl get /registry/secrets/default/nixossecret | head -c1 | wc -c) -ne 0 ]]")
with subtest("should not have a secret in database"): with subtest("should shutdown k3s and etcd"):
etcd.wait_until_fails("[[ $(etcdctl get /registry/secrets/default/nixossecret | head -c1 | wc -c) -ne 0 ]]") k3s.shutdown()
etcd.shutdown()
'';
with subtest("should shutdown k3s and etcd"): meta.maintainers = etcd.meta.maintainers ++ k3s.meta.maintainers;
k3s.shutdown() }
etcd.shutdown() )
'';
meta.maintainers = etcd.meta.maintainers ++ k3s.meta.maintainers;
})

218
nixos/tests/k3s/multi-node.nix
View File

@ -1,14 +1,30 @@
import ../make-test-python.nix ({ pkgs, lib, k3s, ... }: import ../make-test-python.nix (
{
pkgs,
lib,
k3s,
...
}:
let let
imageEnv = pkgs.buildEnv { imageEnv = pkgs.buildEnv {
name = "k3s-pause-image-env"; name = "k3s-pause-image-env";
paths = with pkgs; [ tini bashInteractive coreutils socat ]; paths = with pkgs; [
tini
bashInteractive
coreutils
socat
];
}; };
pauseImage = pkgs.dockerTools.streamLayeredImage { pauseImage = pkgs.dockerTools.streamLayeredImage {
name = "test.local/pause"; name = "test.local/pause";
tag = "local"; tag = "local";
contents = imageEnv; contents = imageEnv;
config.Entrypoint = [ "/bin/tini" "--" "/bin/sleep" "inf" ]; config.Entrypoint = [
"/bin/tini"
"--"
"/bin/sleep"
"inf"
];
}; };
# A daemonset that responds 'server' on port 8000 # A daemonset that responds 'server' on port 8000
networkTestDaemonset = pkgs.writeText "test.yml" '' networkTestDaemonset = pkgs.writeText "test.yml" ''
@ -42,90 +58,135 @@ import ../make-test-python.nix ({ pkgs, lib, k3s, ... }:
name = "${k3s.name}-multi-node"; name = "${k3s.name}-multi-node";
nodes = { nodes = {
server = { pkgs, ... }: { server =
environment.systemPackages = with pkgs; [ gzip jq ]; { pkgs, ... }:
# k3s uses enough resources the default vm fails. {
virtualisation.memorySize = 1536; environment.systemPackages = with pkgs; [
virtualisation.diskSize = 4096; gzip
jq
];
# k3s uses enough resources the default vm fails.
virtualisation.memorySize = 1536;
virtualisation.diskSize = 4096;
services.k3s = { services.k3s = {
inherit tokenFile; inherit tokenFile;
enable = true; enable = true;
role = "server"; role = "server";
package = k3s; package = k3s;
clusterInit = true; clusterInit = true;
extraFlags = builtins.toString [ extraFlags = builtins.toString [
"--disable" "coredns" "--disable"
"--disable" "local-storage" "coredns"
"--disable" "metrics-server" "--disable"
"--disable" "servicelb" "local-storage"
"--disable" "traefik" "--disable"
"--node-ip" "192.168.1.1" "metrics-server"
"--pause-image" "test.local/pause:local" "--disable"
"servicelb"
"--disable"
"traefik"
"--node-ip"
"192.168.1.1"
"--pause-image"
"test.local/pause:local"
];
};
networking.firewall.allowedTCPPorts = [
2379
2380
6443
];
networking.firewall.allowedUDPPorts = [ 8472 ];
networking.firewall.trustedInterfaces = [ "flannel.1" ];
networking.useDHCP = false;
networking.defaultGateway = "192.168.1.1";
networking.interfaces.eth1.ipv4.addresses = pkgs.lib.mkForce [
{
address = "192.168.1.1";
prefixLength = 24;
}
]; ];
}; };
networking.firewall.allowedTCPPorts = [ 2379 2380 6443 ];
networking.firewall.allowedUDPPorts = [ 8472 ];
networking.firewall.trustedInterfaces = [ "flannel.1" ];
networking.useDHCP = false;
networking.defaultGateway = "192.168.1.1";
networking.interfaces.eth1.ipv4.addresses = pkgs.lib.mkForce [
{ address = "192.168.1.1"; prefixLength = 24; }
];
};
server2 = { pkgs, ... }: { server2 =
environment.systemPackages = with pkgs; [ gzip jq ]; { pkgs, ... }:
virtualisation.memorySize = 1536; {
virtualisation.diskSize = 4096; environment.systemPackages = with pkgs; [
gzip
jq
];
virtualisation.memorySize = 1536;
virtualisation.diskSize = 4096;
services.k3s = { services.k3s = {
inherit tokenFile; inherit tokenFile;
enable = true; enable = true;
serverAddr = "https://192.168.1.1:6443"; serverAddr = "https://192.168.1.1:6443";
clusterInit = false; clusterInit = false;
extraFlags = builtins.toString [ extraFlags = builtins.toString [
"--disable" "coredns" "--disable"
"--disable" "local-storage" "coredns"
"--disable" "metrics-server" "--disable"
"--disable" "servicelb" "local-storage"
"--disable" "traefik" "--disable"
"--node-ip" "192.168.1.3" "metrics-server"
"--pause-image" "test.local/pause:local" "--disable"
"servicelb"
"--disable"
"traefik"
"--node-ip"
"192.168.1.3"
"--pause-image"
"test.local/pause:local"
];
};
networking.firewall.allowedTCPPorts = [
2379
2380
6443
];
networking.firewall.allowedUDPPorts = [ 8472 ];
networking.firewall.trustedInterfaces = [ "flannel.1" ];
networking.useDHCP = false;
networking.defaultGateway = "192.168.1.3";
networking.interfaces.eth1.ipv4.addresses = pkgs.lib.mkForce [
{
address = "192.168.1.3";
prefixLength = 24;
}
]; ];
}; };
networking.firewall.allowedTCPPorts = [ 2379 2380 6443 ];
networking.firewall.allowedUDPPorts = [ 8472 ];
networking.firewall.trustedInterfaces = [ "flannel.1" ];
networking.useDHCP = false;
networking.defaultGateway = "192.168.1.3";
networking.interfaces.eth1.ipv4.addresses = pkgs.lib.mkForce [
{ address = "192.168.1.3"; prefixLength = 24; }
];
};
agent = { pkgs, ... }: { agent =
virtualisation.memorySize = 1024; { pkgs, ... }:
virtualisation.diskSize = 2048; {
services.k3s = { virtualisation.memorySize = 1024;
inherit tokenFile; virtualisation.diskSize = 2048;
enable = true; services.k3s = {
role = "agent"; inherit tokenFile;
serverAddr = "https://192.168.1.3:6443"; enable = true;
extraFlags = lib.concatStringsSep " " [ role = "agent";
"--pause-image" "test.local/pause:local" serverAddr = "https://192.168.1.3:6443";
"--node-ip" "192.168.1.2" extraFlags = lib.concatStringsSep " " [
"--pause-image"
"test.local/pause:local"
"--node-ip"
"192.168.1.2"
];
};
networking.firewall.allowedTCPPorts = [ 6443 ];
networking.firewall.allowedUDPPorts = [ 8472 ];
networking.firewall.trustedInterfaces = [ "flannel.1" ];
networking.useDHCP = false;
networking.defaultGateway = "192.168.1.2";
networking.interfaces.eth1.ipv4.addresses = pkgs.lib.mkForce [
{
address = "192.168.1.2";
prefixLength = 24;
}
]; ];
}; };
networking.firewall.allowedTCPPorts = [ 6443 ];
networking.firewall.allowedUDPPorts = [ 8472 ];
networking.firewall.trustedInterfaces = [ "flannel.1" ];
networking.useDHCP = false;
networking.defaultGateway = "192.168.1.2";
networking.interfaces.eth1.ipv4.addresses = pkgs.lib.mkForce [
{ address = "192.168.1.2"; prefixLength = 24; }
];
};
}; };
meta.maintainers = k3s.meta.maintainers; meta.maintainers = k3s.meta.maintainers;
@ -178,4 +239,5 @@ import ../make-test-python.nix ({ pkgs, lib, k3s, ... }:
for m in machines: for m in machines:
m.shutdown() m.shutdown()
''; '';
}) }
)

139
nixos/tests/k3s/single-node.nix
View File

@ -1,14 +1,29 @@
import ../make-test-python.nix ({ pkgs, lib, k3s, ... }: import ../make-test-python.nix (
{
pkgs,
lib,
k3s,
...
}:
let let
imageEnv = pkgs.buildEnv { imageEnv = pkgs.buildEnv {
name = "k3s-pause-image-env"; name = "k3s-pause-image-env";
paths = with pkgs; [ tini (hiPrio coreutils) busybox ]; paths = with pkgs; [
tini
(hiPrio coreutils)
busybox
];
}; };
pauseImage = pkgs.dockerTools.streamLayeredImage { pauseImage = pkgs.dockerTools.streamLayeredImage {
name = "test.local/pause"; name = "test.local/pause";
tag = "local"; tag = "local";
contents = imageEnv; contents = imageEnv;
config.Entrypoint = [ "/bin/tini" "--" "/bin/sleep" "inf" ]; config.Entrypoint = [
"/bin/tini"
"--"
"/bin/sleep"
"inf"
];
}; };
testPodYaml = pkgs.writeText "test.yml" '' testPodYaml = pkgs.writeText "test.yml" ''
apiVersion: v1 apiVersion: v1
@ -27,69 +42,83 @@ import ../make-test-python.nix ({ pkgs, lib, k3s, ... }:
name = "${k3s.name}-single-node"; name = "${k3s.name}-single-node";
meta.maintainers = k3s.meta.maintainers; meta.maintainers = k3s.meta.maintainers;
nodes.machine = { pkgs, ... }: { nodes.machine =
environment.systemPackages = with pkgs; [ k3s gzip ]; { pkgs, ... }:
{
environment.systemPackages = with pkgs; [
k3s
gzip
];
# k3s uses enough resources the default vm fails. # k3s uses enough resources the default vm fails.
virtualisation.memorySize = 1536; virtualisation.memorySize = 1536;
virtualisation.diskSize = 4096; virtualisation.diskSize = 4096;
services.k3s.enable = true; services.k3s.enable = true;
services.k3s.role = "server"; services.k3s.role = "server";
services.k3s.package = k3s; services.k3s.package = k3s;
# Slightly reduce resource usage # Slightly reduce resource usage
services.k3s.extraFlags = builtins.toString [ services.k3s.extraFlags = builtins.toString [
"--disable" "coredns" "--disable"
"--disable" "local-storage" "coredns"
"--disable" "metrics-server" "--disable"
"--disable" "servicelb" "local-storage"
"--disable" "traefik" "--disable"
"--pause-image" "test.local/pause:local" "metrics-server"
]; "--disable"
"servicelb"
"--disable"
"traefik"
"--pause-image"
"test.local/pause:local"
];
users.users = { users.users = {
noprivs = { noprivs = {
isNormalUser = true; isNormalUser = true;
description = "Can't access k3s by default"; description = "Can't access k3s by default";
password = "*"; password = "*";
};
}; };
}; };
};
testScript = '' testScript =
start_all() ''
start_all()
machine.wait_for_unit("k3s") machine.wait_for_unit("k3s")
machine.succeed("kubectl cluster-info") machine.succeed("kubectl cluster-info")
machine.fail("sudo -u noprivs kubectl cluster-info") machine.fail("sudo -u noprivs kubectl cluster-info")
'' # Fix-Me: Tests fail for 'aarch64-linux' as: "CONFIG_CGROUP_FREEZER: missing (fail)" '' # Fix-Me: Tests fail for 'aarch64-linux' as: "CONFIG_CGROUP_FREEZER: missing (fail)"
+ lib.optionalString (!pkgs.stdenv.isAarch64) ''machine.succeed("k3s check-config")'' + '' + lib.optionalString (!pkgs.stdenv.isAarch64) ''machine.succeed("k3s check-config")''
+ ''
machine.succeed( machine.succeed(
"${pauseImage} | ctr image import -" "${pauseImage} | ctr image import -"
) )
# Also wait for our service account to show up; it takes a sec # Also wait for our service account to show up; it takes a sec
machine.wait_until_succeeds("kubectl get serviceaccount default") machine.wait_until_succeeds("kubectl get serviceaccount default")
machine.succeed("kubectl apply -f ${testPodYaml}") machine.succeed("kubectl apply -f ${testPodYaml}")
machine.succeed("kubectl wait --for 'condition=Ready' pod/test") machine.succeed("kubectl wait --for 'condition=Ready' pod/test")
machine.succeed("kubectl delete -f ${testPodYaml}") machine.succeed("kubectl delete -f ${testPodYaml}")
# regression test for #176445 # regression test for #176445
machine.fail("journalctl -o cat -u k3s.service | grep 'ipset utility not found'") machine.fail("journalctl -o cat -u k3s.service | grep 'ipset utility not found'")
with subtest("Run k3s-killall"): with subtest("Run k3s-killall"):
# Call the killall script with a clean path to assert that # Call the killall script with a clean path to assert that
# all required commands are wrapped # all required commands are wrapped
output = machine.succeed("PATH= ${k3s}/bin/k3s-killall.sh 2>&1 | tee /dev/stderr") output = machine.succeed("PATH= ${k3s}/bin/k3s-killall.sh 2>&1 | tee /dev/stderr")
assert "command not found" not in output, "killall script contains unknown command" assert "command not found" not in output, "killall script contains unknown command"
# Check that killall cleaned up properly # Check that killall cleaned up properly
machine.fail("systemctl is-active k3s.service") machine.fail("systemctl is-active k3s.service")
machine.fail("systemctl list-units | grep containerd") machine.fail("systemctl list-units | grep containerd")
machine.fail("ip link show | awk -F': ' '{print $2}' | grep -e flannel -e cni0") machine.fail("ip link show | awk -F': ' '{print $2}' | grep -e flannel -e cni0")
machine.fail("ip netns show | grep cni-") machine.fail("ip netns show | grep cni-")
machine.shutdown() machine.shutdown()
''; '';
}) }
)

16
pkgs/applications/networking/cluster/k3s/1_26/chart-versions.nix
View File

@ -1,10 +1,10 @@
{ {
traefik-crd = { traefik-crd = {
url = "https://k3s.io/k3s-charts/assets/traefik-crd/traefik-crd-25.0.2+up25.0.0.tgz"; url = "https://k3s.io/k3s-charts/assets/traefik-crd/traefik-crd-25.0.2+up25.0.0.tgz";
sha256 = "0jygzsn5pxzf7423x5iqfffgx5xvm7c7hfck46y7vpv1fdkiipcq"; sha256 = "0jygzsn5pxzf7423x5iqfffgx5xvm7c7hfck46y7vpv1fdkiipcq";
}; };
traefik = { traefik = {
url = "https://k3s.io/k3s-charts/assets/traefik/traefik-25.0.2+up25.0.0.tgz"; url = "https://k3s.io/k3s-charts/assets/traefik/traefik-25.0.2+up25.0.0.tgz";
sha256 = "1g9n19lnqdkmbbr3rnbwc854awha0kqqfwyxanyx1lg5ww8ldp89"; sha256 = "1g9n19lnqdkmbbr3rnbwc854awha0kqqfwyxanyx1lg5ww8ldp89";
}; };
} }

16
pkgs/applications/networking/cluster/k3s/1_27/chart-versions.nix
View File

@ -1,10 +1,10 @@
{ {
traefik-crd = { traefik-crd = {
url = "https://k3s.io/k3s-charts/assets/traefik-crd/traefik-crd-25.0.3+up25.0.0.tgz"; url = "https://k3s.io/k3s-charts/assets/traefik-crd/traefik-crd-25.0.3+up25.0.0.tgz";
sha256 = "1z693i4kd3jyf26ccnb0sxjyxadipl6k13n7jyg5v4y93fv1rpdw"; sha256 = "1z693i4kd3jyf26ccnb0sxjyxadipl6k13n7jyg5v4y93fv1rpdw";
}; };
traefik = { traefik = {
url = "https://k3s.io/k3s-charts/assets/traefik/traefik-25.0.3+up25.0.0.tgz"; url = "https://k3s.io/k3s-charts/assets/traefik/traefik-25.0.3+up25.0.0.tgz";
sha256 = "1a24qlp7c6iri72ka1i37l1lzn13xibrd26dy295z2wzr55gg7if"; sha256 = "1a24qlp7c6iri72ka1i37l1lzn13xibrd26dy295z2wzr55gg7if";
}; };
} }

16
pkgs/applications/networking/cluster/k3s/1_28/chart-versions.nix
View File

@ -1,10 +1,10 @@
{ {
traefik-crd = { traefik-crd = {
url = "https://k3s.io/k3s-charts/assets/traefik-crd/traefik-crd-25.0.3+up25.0.0.tgz"; url = "https://k3s.io/k3s-charts/assets/traefik-crd/traefik-crd-25.0.3+up25.0.0.tgz";
sha256 = "1z693i4kd3jyf26ccnb0sxjyxadipl6k13n7jyg5v4y93fv1rpdw"; sha256 = "1z693i4kd3jyf26ccnb0sxjyxadipl6k13n7jyg5v4y93fv1rpdw";
}; };
traefik = { traefik = {
url = "https://k3s.io/k3s-charts/assets/traefik/traefik-25.0.3+up25.0.0.tgz"; url = "https://k3s.io/k3s-charts/assets/traefik/traefik-25.0.3+up25.0.0.tgz";
sha256 = "1a24qlp7c6iri72ka1i37l1lzn13xibrd26dy295z2wzr55gg7if"; sha256 = "1a24qlp7c6iri72ka1i37l1lzn13xibrd26dy295z2wzr55gg7if";
}; };
} }

16
pkgs/applications/networking/cluster/k3s/1_29/chart-versions.nix
View File

@ -1,10 +1,10 @@
{ {
traefik-crd = { traefik-crd = {
url = "https://k3s.io/k3s-charts/assets/traefik-crd/traefik-crd-25.0.3+up25.0.0.tgz"; url = "https://k3s.io/k3s-charts/assets/traefik-crd/traefik-crd-25.0.3+up25.0.0.tgz";
sha256 = "1z693i4kd3jyf26ccnb0sxjyxadipl6k13n7jyg5v4y93fv1rpdw"; sha256 = "1z693i4kd3jyf26ccnb0sxjyxadipl6k13n7jyg5v4y93fv1rpdw";
}; };
traefik = { traefik = {
url = "https://k3s.io/k3s-charts/assets/traefik/traefik-25.0.3+up25.0.0.tgz"; url = "https://k3s.io/k3s-charts/assets/traefik/traefik-25.0.3+up25.0.0.tgz";
sha256 = "1a24qlp7c6iri72ka1i37l1lzn13xibrd26dy295z2wzr55gg7if"; sha256 = "1a24qlp7c6iri72ka1i37l1lzn13xibrd26dy295z2wzr55gg7if";
}; };
} }

106
pkgs/applications/networking/cluster/k3s/builder.nix
View File

@ -29,41 +29,42 @@ lib:
# currently. # currently.
# It is likely we will have to split out additional builders for additional # It is likely we will have to split out additional builders for additional
# versions in the future, or customize this one further. # versions in the future, or customize this one further.
{ lib {
, makeWrapper lib,
, socat makeWrapper,
, iptables socat,
, iproute2 iptables,
, ipset iproute2,
, bridge-utils ipset,
, btrfs-progs bridge-utils,
, conntrack-tools btrfs-progs,
, buildGoModule conntrack-tools,
, runc buildGoModule,
, rsync runc,
, kmod rsync,
, libseccomp kmod,
, pkg-config libseccomp,
, ethtool pkg-config,
, util-linux ethtool,
, fetchFromGitHub util-linux,
, fetchurl fetchFromGitHub,
, fetchzip fetchurl,
, fetchgit fetchzip,
, zstd fetchgit,
, yq-go zstd,
, sqlite yq-go,
, nixosTests sqlite,
, pkgsBuildBuild nixosTests,
, go pkgsBuildBuild,
, runCommand go,
, bash runCommand,
, procps bash,
, coreutils procps,
, gnugrep coreutils,
, findutils gnugrep,
, gnused findutils,
, systemd gnused,
systemd,
}: }:
# k3s is a kinda weird derivation. One of the main points of k3s is the # k3s is a kinda weird derivation. One of the main points of k3s is the
@ -91,7 +92,13 @@ let
description = "A lightweight Kubernetes distribution"; description = "A lightweight Kubernetes distribution";
license = licenses.asl20; license = licenses.asl20;
homepage = "https://k3s.io"; homepage = "https://k3s.io";
maintainers = with maintainers; [ euank mic92 superherointj wrmilling yajo ]; maintainers = with maintainers; [
euank
mic92
superherointj
wrmilling
yajo
];
platforms = platforms.linux; platforms = platforms.linux;
# resolves collisions with other installations of kubectl, crictl, ctr # resolves collisions with other installations of kubectl, crictl, ctr
@ -231,12 +238,19 @@ let
vendorHash = k3sVendorHash; vendorHash = k3sVendorHash;
nativeBuildInputs = [ pkg-config ]; nativeBuildInputs = [ pkg-config ];
buildInputs = [ libseccomp sqlite.dev ]; buildInputs = [
libseccomp
sqlite.dev
];
subPackages = [ "cmd/server" ]; subPackages = [ "cmd/server" ];
ldflags = versionldflags; ldflags = versionldflags;
tags = [ "ctrd" "libsqlite3" "linux" ]; tags = [
"ctrd"
"libsqlite3"
"linux"
];
# create the multicall symlinks for k3s # create the multicall symlinks for k3s
postInstall = '' postInstall = ''
@ -282,7 +296,11 @@ buildGoModule rec {
pname = "k3s"; pname = "k3s";
version = k3sVersion; version = k3sVersion;
tags = [ "libsqlite3" "linux" "ctrd" ]; tags = [
"libsqlite3"
"linux"
"ctrd"
];
src = k3sRepo; src = k3sRepo;
vendorHash = k3sVendorHash; vendorHash = k3sVendorHash;
@ -400,15 +418,17 @@ buildGoModule rec {
passthru.updateScript = updateScript; passthru.updateScript = updateScript;
passthru.mkTests = version: passthru.mkTests =
let k3s_version = "k3s_" + lib.replaceStrings ["."] ["_"] (lib.versions.majorMinor version); version:
in { let
k3s_version = "k3s_" + lib.replaceStrings [ "." ] [ "_" ] (lib.versions.majorMinor version);
in
{
etcd = nixosTests.k3s.etcd.${k3s_version}; etcd = nixosTests.k3s.etcd.${k3s_version};
single-node = nixosTests.k3s.single-node.${k3s_version}; single-node = nixosTests.k3s.single-node.${k3s_version};
multi-node = nixosTests.k3s.multi-node.${k3s_version}; multi-node = nixosTests.k3s.multi-node.${k3s_version};
}; };
passthru.tests = passthru.mkTests k3sVersion; passthru.tests = passthru.mkTests k3sVersion;
meta = baseMeta; meta = baseMeta;
} }

48
pkgs/applications/networking/cluster/k3s/default.nix
View File

@ -12,22 +12,46 @@ let
extraArgs = builtins.removeAttrs args [ "callPackage" ]; extraArgs = builtins.removeAttrs args [ "callPackage" ];
in in
{ {
k3s_1_26 = common ((import ./1_26/versions.nix) // { k3s_1_26 = common (
updateScript = [ ./update-script.sh "26" ]; (import ./1_26/versions.nix)
}) extraArgs; // {
updateScript = [
./update-script.sh
"26"
];
}
) extraArgs;
# 1_27 can be built with the same builder as 1_26 # 1_27 can be built with the same builder as 1_26
k3s_1_27 = common ((import ./1_27/versions.nix) // { k3s_1_27 = common (
updateScript = [ ./update-script.sh "27" ]; (import ./1_27/versions.nix)
}) extraArgs; // {
updateScript = [
./update-script.sh
"27"
];
}
) extraArgs;
# 1_28 can be built with the same builder as 1_26 # 1_28 can be built with the same builder as 1_26
k3s_1_28 = common ((import ./1_28/versions.nix) // { k3s_1_28 = common (
updateScript = [ ./update-script.sh "28" ]; (import ./1_28/versions.nix)
}) extraArgs; // {
updateScript = [
./update-script.sh
"28"
];
}
) extraArgs;
# 1_29 can be built with the same builder as 1_26 # 1_29 can be built with the same builder as 1_26
k3s_1_29 = common ((import ./1_29/versions.nix) // { k3s_1_29 = common (
updateScript = [ ./update-script.sh "29" ]; (import ./1_29/versions.nix)
}) extraArgs; // {
updateScript = [
./update-script.sh
"29"
];
}
) extraArgs;
} }

16
pkgs/applications/networking/cluster/k3s/update-script.sh
View File

@ -57,14 +57,14 @@ CHARTS_URL=https://k3s.io/k3s-charts/assets
rm -f chart-versions.nix.update rm -f chart-versions.nix.update
cat > chart-versions.nix.update <<EOF cat > chart-versions.nix.update <<EOF
{ {
traefik-crd = { traefik-crd = {
url = "${CHARTS_URL}/traefik-crd/${CHART_FILES[0]}"; url = "${CHARTS_URL}/traefik-crd/${CHART_FILES[0]}";
sha256 = "$(nix-prefetch-url --quiet "${CHARTS_URL}/traefik-crd/${CHART_FILES[0]}")"; sha256 = "$(nix-prefetch-url --quiet "${CHARTS_URL}/traefik-crd/${CHART_FILES[0]}")";
}; };
traefik = { traefik = {
url = "${CHARTS_URL}/traefik/${CHART_FILES[1]}"; url = "${CHARTS_URL}/traefik/${CHART_FILES[1]}";
sha256 = "$(nix-prefetch-url --quiet "${CHARTS_URL}/traefik/${CHART_FILES[1]}")"; sha256 = "$(nix-prefetch-url --quiet "${CHARTS_URL}/traefik/${CHART_FILES[1]}")";
}; };
} }
EOF EOF
mv chart-versions.nix.update chart-versions.nix mv chart-versions.nix.update chart-versions.nix