pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / k3s / single-node.nix
at 24.11-pre 3.5 kB view raw
1import ../make-test-python.nix ( 2 { 3 pkgs, 4 lib, 5 k3s, 6 ... 7 }: 8 let 9 imageEnv = pkgs.buildEnv { 10 name = "k3s-pause-image-env"; 11 paths = with pkgs; [ 12 tini 13 (hiPrio coreutils) 14 busybox 15 ]; 16 }; 17 pauseImage = pkgs.dockerTools.streamLayeredImage { 18 name = "test.local/pause"; 19 tag = "local"; 20 contents = imageEnv; 21 config.Entrypoint = [ 22 "/bin/tini" 23 "--" 24 "/bin/sleep" 25 "inf" 26 ]; 27 }; 28 testPodYaml = pkgs.writeText "test.yml" '' 29 apiVersion: v1 30 kind: Pod 31 metadata: 32 name: test 33 spec: 34 containers: 35 - name: test 36 image: test.local/pause:local 37 imagePullPolicy: Never 38 command: ["sh", "-c", "sleep inf"] 39 ''; 40 in 41 { 42 name = "${k3s.name}-single-node"; 43 meta.maintainers = k3s.meta.maintainers; 44 45 nodes.machine = 46 { pkgs, ... }: 47 { 48 environment.systemPackages = with pkgs; [ 49 k3s 50 gzip 51 ]; 52 53 # k3s uses enough resources the default vm fails. 54 virtualisation.memorySize = 1536; 55 virtualisation.diskSize = 4096; 56 57 services.k3s.enable = true; 58 services.k3s.role = "server"; 59 services.k3s.package = k3s; 60 # Slightly reduce resource usage 61 services.k3s.extraFlags = builtins.toString [ 62 "--disable" 63 "coredns" 64 "--disable" 65 "local-storage" 66 "--disable" 67 "metrics-server" 68 "--disable" 69 "servicelb" 70 "--disable" 71 "traefik" 72 "--pause-image" 73 "test.local/pause:local" 74 ]; 75 76 users.users = { 77 noprivs = { 78 isNormalUser = true; 79 description = "Can't access k3s by default"; 80 password = "*"; 81 }; 82 }; 83 }; 84 85 testScript = 86 '' 87 start_all() 88 89 machine.wait_for_unit("k3s") 90 machine.succeed("kubectl cluster-info") 91 machine.fail("sudo -u noprivs kubectl cluster-info") 92 '' # Fix-Me: Tests fail for 'aarch64-linux' as: "CONFIG_CGROUP_FREEZER: missing (fail)" 93 + lib.optionalString (!pkgs.stdenv.isAarch64) ''machine.succeed("k3s check-config")'' 94 + '' 95 96 machine.succeed( 97 "${pauseImage} | ctr image import -" 98 ) 99 100 # Also wait for our service account to show up; it takes a sec 101 machine.wait_until_succeeds("kubectl get serviceaccount default") 102 machine.succeed("kubectl apply -f ${testPodYaml}") 103 machine.succeed("kubectl wait --for 'condition=Ready' pod/test") 104 machine.succeed("kubectl delete -f ${testPodYaml}") 105 106 # regression test for #176445 107 machine.fail("journalctl -o cat -u k3s.service | grep 'ipset utility not found'") 108 109 with subtest("Run k3s-killall"): 110 # Call the killall script with a clean path to assert that 111 # all required commands are wrapped 112 output = machine.succeed("PATH= ${k3s}/bin/k3s-killall.sh 2>&1 | tee /dev/stderr") 113 assert "command not found" not in output, "killall script contains unknown command" 114 115 # Check that killall cleaned up properly 116 machine.fail("systemctl is-active k3s.service") 117 machine.fail("systemctl list-units | grep containerd") 118 machine.fail("ip link show | awk -F': ' '{print $2}' | grep -e flannel -e cni0") 119 machine.fail("ip netns show | grep cni-") 120 121 machine.shutdown() 122 ''; 123 } 124)