pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / k3s / single-node.nix
at 25.11-pre 3.3 kB view raw
1# A test that runs a single node k3s cluster and verify a pod can run 2import ../make-test-python.nix ( 3 { 4 pkgs, 5 lib, 6 k3s, 7 ... 8 }: 9 let 10 imageEnv = pkgs.buildEnv { 11 name = "k3s-pause-image-env"; 12 paths = with pkgs; [ 13 tini 14 (hiPrio coreutils) 15 busybox 16 ]; 17 }; 18 pauseImage = pkgs.dockerTools.streamLayeredImage { 19 name = "test.local/pause"; 20 tag = "local"; 21 contents = imageEnv; 22 config.Entrypoint = [ 23 "/bin/tini" 24 "--" 25 "/bin/sleep" 26 "inf" 27 ]; 28 }; 29 testPodYaml = pkgs.writeText "test.yml" '' 30 apiVersion: v1 31 kind: Pod 32 metadata: 33 name: test 34 spec: 35 containers: 36 - name: test 37 image: test.local/pause:local 38 imagePullPolicy: Never 39 command: ["sh", "-c", "sleep inf"] 40 ''; 41 in 42 { 43 name = "${k3s.name}-single-node"; 44 45 nodes.machine = 46 { pkgs, ... }: 47 { 48 environment.systemPackages = with pkgs; [ 49 k3s 50 gzip 51 ]; 52 53 # k3s uses enough resources the default vm fails. 54 virtualisation.memorySize = 1536; 55 virtualisation.diskSize = 4096; 56 57 services.k3s.enable = true; 58 services.k3s.role = "server"; 59 services.k3s.package = k3s; 60 # Slightly reduce resource usage 61 services.k3s.extraFlags = [ 62 "--disable coredns" 63 "--disable local-storage" 64 "--disable metrics-server" 65 "--disable servicelb" 66 "--disable traefik" 67 "--pause-image test.local/pause:local" 68 ]; 69 70 users.users = { 71 noprivs = { 72 isNormalUser = true; 73 description = "Can't access k3s by default"; 74 password = "*"; 75 }; 76 }; 77 }; 78 79 testScript = '' 80 start_all() 81 82 machine.wait_for_unit("k3s") 83 machine.succeed("kubectl cluster-info") 84 machine.fail("sudo -u noprivs kubectl cluster-info") 85 machine.succeed("k3s check-config") 86 machine.succeed( 87 "${pauseImage} | ctr image import -" 88 ) 89 90 # Also wait for our service account to show up; it takes a sec 91 machine.wait_until_succeeds("kubectl get serviceaccount default") 92 machine.succeed("kubectl apply -f ${testPodYaml}") 93 machine.succeed("kubectl wait --for 'condition=Ready' pod/test") 94 machine.succeed("kubectl delete -f ${testPodYaml}") 95 96 # regression test for #176445 97 machine.fail("journalctl -o cat -u k3s.service | grep 'ipset utility not found'") 98 99 with subtest("Run k3s-killall"): 100 # Call the killall script with a clean path to assert that 101 # all required commands are wrapped 102 output = machine.succeed("PATH= ${k3s}/bin/k3s-killall.sh 2>&1 | tee /dev/stderr") 103 assert "command not found" not in output, "killall script contains unknown command" 104 105 # Check that killall cleaned up properly 106 machine.fail("systemctl is-active k3s.service") 107 machine.fail("systemctl list-units | grep containerd") 108 machine.fail("ip link show | awk -F': ' '{print $2}' | grep -e flannel -e cni0") 109 machine.fail("ip netns show | grep cni-") 110 111 machine.shutdown() 112 ''; 113 114 meta.maintainers = lib.teams.k3s.members; 115 } 116)