nixos/tests/k3s.nix at 22.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / k3s.nix
at 22.05-pre 2.2 kB view raw
 1import ./make-test-python.nix ({ pkgs, ... }:
 2
 3let
 4  # A suitable k3s pause image, also used for the test pod
 5  pauseImage = pkgs.dockerTools.buildImage {
 6    name = "test.local/pause";
 7    tag = "local";
 8    contents = with pkgs; [ tini coreutils busybox ];
 9    config.Entrypoint = [ "/bin/tini" "--" "/bin/sleep" "inf" ];
10  };
11  testPodYaml = pkgs.writeText "test.yml" ''
12    # Don't use the default service account because there's a race where it may
13    # not be created yet; make our own instead.
14    apiVersion: v1
15    kind: ServiceAccount
16    metadata:
17      name: test
18    ---
19    apiVersion: v1
20    kind: Pod
21    metadata:
22      name: test
23    spec:
24      serviceAccountName: test
25      containers:
26      - name: test
27        image: test.local/pause:local
28        imagePullPolicy: Never
29        command: ["sh", "-c", "sleep inf"]
30  '';
31in
32{
33  name = "k3s";
34  meta = with pkgs.lib.maintainers; {
35    maintainers = [ euank ];
36  };
37
38  nodes = {
39    k3s =
40      { pkgs, ... }: {
41        environment.systemPackages = [ pkgs.k3s pkgs.gzip ];
42
43        # k3s uses enough resources the default vm fails.
44        virtualisation.memorySize = pkgs.lib.mkDefault 1536;
45        virtualisation.diskSize = pkgs.lib.mkDefault 4096;
46
47        services.k3s.enable = true;
48        services.k3s.role = "server";
49        services.k3s.package = pkgs.k3s;
50        # Slightly reduce resource usage
51        services.k3s.extraFlags = "--no-deploy coredns,servicelb,traefik,local-storage,metrics-server --pause-image test.local/pause:local";
52
53        users.users = {
54          noprivs = {
55            isNormalUser = true;
56            description = "Can't access k3s by default";
57            password = "*";
58          };
59        };
60      };
61  };
62
63  testScript = ''
64    start_all()
65
66    k3s.wait_for_unit("k3s")
67    k3s.succeed("k3s kubectl cluster-info")
68    k3s.fail("sudo -u noprivs k3s kubectl cluster-info")
69    # k3s.succeed("k3s check-config") # fails with the current nixos kernel config, uncomment once this passes
70
71    k3s.succeed(
72        "zcat ${pauseImage} | k3s ctr image import -"
73    )
74
75    k3s.succeed("k3s kubectl apply -f ${testPodYaml}")
76    k3s.succeed("k3s kubectl wait --for 'condition=Ready' pod/test")
77  '';
78})