pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / k3s / etcd.nix
at 24.11-pre 3.9 kB view raw
1import ../make-test-python.nix ( 2 { 3 pkgs, 4 lib, 5 k3s, 6 etcd, 7 ... 8 }: 9 10 { 11 name = "${k3s.name}-etcd"; 12 13 nodes = { 14 15 etcd = 16 { ... }: 17 { 18 services.etcd = { 19 enable = true; 20 openFirewall = true; 21 listenClientUrls = [ 22 "http://192.168.1.1:2379" 23 "http://127.0.0.1:2379" 24 ]; 25 listenPeerUrls = [ "http://192.168.1.1:2380" ]; 26 initialAdvertisePeerUrls = [ "http://192.168.1.1:2380" ]; 27 initialCluster = [ "etcd=http://192.168.1.1:2380" ]; 28 }; 29 networking = { 30 useDHCP = false; 31 defaultGateway = "192.168.1.1"; 32 interfaces.eth1.ipv4.addresses = pkgs.lib.mkForce [ 33 { 34 address = "192.168.1.1"; 35 prefixLength = 24; 36 } 37 ]; 38 }; 39 }; 40 41 k3s = 42 { pkgs, ... }: 43 { 44 environment.systemPackages = with pkgs; [ jq ]; 45 # k3s uses enough resources the default vm fails. 46 virtualisation.memorySize = 1536; 47 virtualisation.diskSize = 4096; 48 49 services.k3s = { 50 enable = true; 51 role = "server"; 52 extraFlags = builtins.toString [ 53 "--datastore-endpoint=\"http://192.168.1.1:2379\"" 54 "--disable" 55 "coredns" 56 "--disable" 57 "local-storage" 58 "--disable" 59 "metrics-server" 60 "--disable" 61 "servicelb" 62 "--disable" 63 "traefik" 64 "--node-ip" 65 "192.168.1.2" 66 ]; 67 }; 68 69 networking = { 70 firewall = { 71 allowedTCPPorts = [ 72 2379 73 2380 74 6443 75 ]; 76 allowedUDPPorts = [ 8472 ]; 77 }; 78 useDHCP = false; 79 defaultGateway = "192.168.1.2"; 80 interfaces.eth1.ipv4.addresses = pkgs.lib.mkForce [ 81 { 82 address = "192.168.1.2"; 83 prefixLength = 24; 84 } 85 ]; 86 }; 87 }; 88 }; 89 90 testScript = '' 91 with subtest("should start etcd"): 92 etcd.start() 93 etcd.wait_for_unit("etcd.service") 94 95 with subtest("should wait for etcdctl endpoint status to succeed"): 96 etcd.wait_until_succeeds("etcdctl endpoint status") 97 98 with subtest("should start k3s"): 99 k3s.start() 100 k3s.wait_for_unit("k3s") 101 102 with subtest("should test if kubectl works"): 103 k3s.wait_until_succeeds("k3s kubectl get node") 104 105 with subtest("should wait for service account to show up; takes a sec"): 106 k3s.wait_until_succeeds("k3s kubectl get serviceaccount default") 107 108 with subtest("should create a sample secret object"): 109 k3s.succeed("k3s kubectl create secret generic nixossecret --from-literal thesecret=abacadabra") 110 111 with subtest("should check if secret is correct"): 112 k3s.wait_until_succeeds("[[ $(kubectl get secrets nixossecret -o json | jq -r .data.thesecret | base64 -d) == abacadabra ]]") 113 114 with subtest("should have a secret in database"): 115 etcd.wait_until_succeeds("[[ $(etcdctl get /registry/secrets/default/nixossecret | head -c1 | wc -c) -ne 0 ]]") 116 117 with subtest("should delete the secret"): 118 k3s.succeed("k3s kubectl delete secret nixossecret") 119 120 with subtest("should not have a secret in database"): 121 etcd.wait_until_fails("[[ $(etcdctl get /registry/secrets/default/nixossecret | head -c1 | wc -c) -ne 0 ]]") 122 123 with subtest("should shutdown k3s and etcd"): 124 k3s.shutdown() 125 etcd.shutdown() 126 ''; 127 128 meta.maintainers = etcd.meta.maintainers ++ k3s.meta.maintainers; 129 } 130)