nixos/tests/k3s/single-node.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / k3s / single-node.nix
at master 3.3 kB view raw
  1# A test that runs a single node k3s cluster and verify a pod can run
  2import ../make-test-python.nix (
  3  {
  4    pkgs,
  5    lib,
  6    k3s,
  7    ...
  8  }:
  9  let
 10    imageEnv = pkgs.buildEnv {
 11      name = "k3s-pause-image-env";
 12      paths = with pkgs; [
 13        tini
 14        (hiPrio coreutils)
 15        busybox
 16      ];
 17    };
 18    pauseImage = pkgs.dockerTools.streamLayeredImage {
 19      name = "test.local/pause";
 20      tag = "local";
 21      contents = imageEnv;
 22      config.Entrypoint = [
 23        "/bin/tini"
 24        "--"
 25        "/bin/sleep"
 26        "inf"
 27      ];
 28    };
 29    testPodYaml = pkgs.writeText "test.yml" ''
 30      apiVersion: v1
 31      kind: Pod
 32      metadata:
 33        name: test
 34      spec:
 35        containers:
 36        - name: test
 37          image: test.local/pause:local
 38          imagePullPolicy: Never
 39          command: ["sh", "-c", "sleep inf"]
 40    '';
 41  in
 42  {
 43    name = "${k3s.name}-single-node";
 44
 45    nodes.machine =
 46      { pkgs, ... }:
 47      {
 48        environment.systemPackages = with pkgs; [
 49          k3s
 50          gzip
 51        ];
 52
 53        # k3s uses enough resources the default vm fails.
 54        virtualisation.memorySize = 1536;
 55        virtualisation.diskSize = 4096;
 56
 57        services.k3s.enable = true;
 58        services.k3s.role = "server";
 59        services.k3s.package = k3s;
 60        # Slightly reduce resource usage
 61        services.k3s.extraFlags = [
 62          "--disable coredns"
 63          "--disable local-storage"
 64          "--disable metrics-server"
 65          "--disable servicelb"
 66          "--disable traefik"
 67          "--pause-image test.local/pause:local"
 68        ];
 69
 70        users.users = {
 71          noprivs = {
 72            isNormalUser = true;
 73            description = "Can't access k3s by default";
 74            password = "*";
 75          };
 76        };
 77      };
 78
 79    testScript = # python
 80      ''
 81        start_all()
 82
 83        machine.wait_for_unit("k3s")
 84        machine.succeed("kubectl cluster-info")
 85        machine.fail("sudo -u noprivs kubectl cluster-info")
 86        machine.succeed("k3s check-config")
 87        machine.succeed(
 88            "${pauseImage} | ctr image import -"
 89        )
 90
 91        # Also wait for our service account to show up; it takes a sec
 92        machine.wait_until_succeeds("kubectl get serviceaccount default")
 93        machine.succeed("kubectl apply -f ${testPodYaml}")
 94        machine.succeed("kubectl wait --for 'condition=Ready' pod/test")
 95        machine.succeed("kubectl delete -f ${testPodYaml}")
 96
 97        # regression test for #176445
 98        machine.fail("journalctl -o cat -u k3s.service | grep 'ipset utility not found'")
 99
100        with subtest("Run k3s-killall"):
101            # Call the killall script with a clean path to assert that
102            # all required commands are wrapped
103            output = machine.succeed("PATH= ${k3s}/bin/k3s-killall.sh 2>&1 | tee /dev/stderr")
104            t.assertNotIn("command not found", output, "killall script contains unknown command")
105
106            # Check that killall cleaned up properly
107            machine.fail("systemctl is-active k3s.service")
108            machine.fail("systemctl list-units | grep containerd")
109            machine.fail("ip link show | awk -F': ' '{print $2}' | grep -e flannel -e cni0")
110            machine.fail("ip netns show | grep cni-")
111      '';
112
113    meta.maintainers = lib.teams.k3s.members;
114  }
115)