commit 5c066e2bba13c8272a8fa477b82c09ff484967e5 · pyrox.dev/nixpkgs

+2 -2

nixos/modules/services/cluster/kubernetes/default.nix

···

       766
       766
        
                 rm /opt/cni/bin/* || true

     

       767
       767
        
                 ${concatMapStrings (package: ''

     

       768
       768
        
                   echo "Linking cni package: ${package}"

     

       769
       769
       -
                   ln -fs ${package.plugins}/* /opt/cni/bin

     

       769
       769
       +
                   ln -fs ${package}/bin/* /opt/cni/bin

     

       770
       770
        
                 '') cfg.kubelet.cni.packages}

     

       771
       771
        
               '';

     

       772
       772
        
               serviceConfig = {

     
···

       828
       828
        
             };

     

       829
       829
        
       

     

       830
       830
        
             # Allways include cni plugins

     

       831
       831
       -
             services.kubernetes.kubelet.cni.packages = [pkgs.cni];

     

       831
       831
       +
             services.kubernetes.kubelet.cni.packages = [pkgs.cni-plugins];

     

       832
       832
        
       

     

       833
       833
        
             boot.kernelModules = ["br_netfilter"];

     

       834
       834

+4 -1

nixos/release.nix

···

       311
       311
        
         tests.kernel-copperhead = callTest tests/kernel-copperhead.nix {};

     

       312
       312
        
         tests.kernel-latest = callTest tests/kernel-latest.nix {};

     

       313
       313
        
         tests.kernel-lts = callTest tests/kernel-lts.nix {};

     

       314
       314
       -
         tests.kubernetes = callSubTestsOnMatchingSystems ["x86_64-linux"] tests/kubernetes/default.nix {};

     

       314
       314
       +
         tests.kubernetes.dns = callSubTestsOnMatchingSystems ["x86_64-linux"] tests/kubernetes/dns.nix {};

     

       315
       315
       +
         ## kubernetes.e2e should eventually replace kubernetes.rbac when it works

     

       316
       316
       +
         #tests.kubernetes.e2e = callSubTestsOnMatchingSystems ["x86_64-linux"] tests/kubernetes/e2e.nix {};

     

       317
       317
       +
         tests.kubernetes.rbac = callSubTestsOnMatchingSystems ["x86_64-linux"] tests/kubernetes/rbac.nix {};

     

       315
       318
        
         tests.latestKernel.login = callTest tests/login.nix { latestKernel = true; };

     

       316
       319
        
         tests.ldap = callTest tests/ldap.nix {};

     

       317
       320
        
         #tests.lightdm = callTest tests/lightdm.nix {};

+51 -18

nixos/tests/kubernetes/certs.nix

···

       6
       6
        
         kubelets

     

       7
       7
        
       }:

     

       8
       8
        
       let

     

       9
       9
       -
         runWithCFSSL = name: cmd:

     

       10
       10
       -
           builtins.fromJSON (builtins.readFile (

     

       11
       11
       -
             pkgs.runCommand "${name}-cfss.json" {

     

       12
       12
       -
               buildInputs = [ pkgs.cfssl ];

     

       13
       13
       -
             } "cfssl ${cmd} > $out"

     

       14
       14
       -
           ));

     

       9
       9
       +
          runWithCFSSL = name: cmd:

     

       10
       10
       +
            let secrets = pkgs.runCommand "${name}-cfss.json" {

     

       11
       11
       +
                buildInputs = [ pkgs.cfssl pkgs.jq ];

     

       12
       12
       +
                outputs = [ "out" "cert" "key" "csr" ];

     

       13
       13
       +
              }

     

       14
       14
       +
              ''

     

       15
       15
       +
                (

     

       16
       16
       +
                  echo "${cmd}"

     

       17
       17
       +
                  cfssl ${cmd} > tmp

     

       18
       18
       +
                  cat tmp | jq -r .key > $key

     

       19
       19
       +
                  cat tmp | jq -r .cert > $cert

     

       20
       20
       +
                  cat tmp | jq -r .csr > $csr

     

       21
       21
       +
       

     

       22
       22
       +
                  touch $out

     

       23
       23
       +
                ) 2>&1 | fold -w 80 -s

     

       24
       24
       +
              '';

     

       25
       25
       +
            in {

     

       26
       26
       +
              key = secrets.key;

     

       27
       27
       +
              cert = secrets.cert;

     

       28
       28
       +
              csr = secrets.csr;

     

       29
       29
       +
            };

     

       30
       30
       +
       

     

       31
       31
       +
          writeCFSSL = content:

     

       32
       32
       +
            pkgs.runCommand content.name {

     

       33
       33
       +
             buildInputs = [ pkgs.cfssl pkgs.jq ];

     

       34
       34
       +
            } ''

     

       35
       35
       +
              mkdir -p $out

     

       36
       36
       +
              cd $out

     

       37
       37
       +
       

     

       38
       38
       +
              json=${pkgs.lib.escapeShellArg (builtins.toJSON content)}

     

       39
       39
       +
       

     

       40
       40
       +
              # for a given $field in the $json, treat the associated value as a

     

       41
       41
       +
              # file path and substitute the contents thereof into the $json

     

       42
       42
       +
              # object.

     

       43
       43
       +
              expandFileField() {

     

       44
       44
       +
                local field=$1

     

       45
       45
       +
                if jq -e --arg field "$field" 'has($field)'; then

     

       46
       46
       +
                  local path="$(echo "$json" | jq -r ".$field")"

     

       47
       47
       +
                  json="$(echo "$json" | jq --arg val "$(cat "$path")" ".$field = \$val")"

     

       48
       48
       +
                fi

     

       49
       49
       +
              }

     

       15
       50
        
       

     

       16
       16
       -
         writeCFSSL = content:

     

       17
       17
       -
           pkgs.runCommand content.name {

     

       18
       18
       -
             buildInputs = [ pkgs.cfssl ];

     

       19
       19
       -
           } ''

     

       20
       20
       -
             mkdir -p $out

     

       21
       21
       -
             cd $out

     

       22
       22
       -
             cat ${writeFile content} | cfssljson -bare ${content.name}

     

       23
       23
       -
           '';

     

       51
       51
       +
              expandFileField key

     

       52
       52
       +
              expandFileField ca

     

       53
       53
       +
              expandFileField cert

     

       54
       54
       +
       

     

       55
       55
       +
              echo "$json" | cfssljson -bare ${content.name}

     

       56
       56
       +
            '';

     

       24
       57
        
       

     

       25
       58
        
         noCSR = content: pkgs.lib.filterAttrs (n: v: n != "csr") content;

     

       26
       59
        
         noKey = content: pkgs.lib.filterAttrs (n: v: n != "key") content;

     

       27
       60
        
       

     

       28
       28
       -
         writeFile = content: pkgs.writeText "content" (

     

       29
       29
       -
           if pkgs.lib.isAttrs content then builtins.toJSON content

     

       30
       30
       -
           else toString content

     

       31
       31
       -
         );

     

       61
       61
       +
         writeFile = content:

     

       62
       62
       +
           if pkgs.lib.isDerivation content

     

       63
       63
       +
           then content

     

       64
       64
       +
           else pkgs.writeText "content" (builtins.toJSON content);

     

       32
       65
        
       

     

       33
       66
        
         createServingCertKey = { ca, cn, hosts? [], size ? 2048, name ? cn }:

     

       34
       67
        
           noCSR (

+1 -1

nixos/tests/kubernetes/e2e.nix

···

       2
       2
        
       with import ./base.nix { inherit system; };

     

       3
       3
        
       let

     

       4
       4
        
         domain = "my.zyx";

     

       5
       5
       -
         certs = import ./certs.nix { externalDomain = domain; };

     

       5
       5
       +
         certs = import ./certs.nix { externalDomain = domain; kubelets = ["machine1" "machine2"]; };

     

       6
       6
        
         kubeconfig = pkgs.writeText "kubeconfig.json" (builtins.toJSON {

     

       7
       7
        
           apiVersion = "v1";

     

       8
       8
        
           kind = "Config";

+2 -2

nixos/tests/kubernetes/rbac.nix

···

       12
       12
        
         });

     

       13
       13
        
       

     

       14
       14
        
         roRoleBinding = pkgs.writeText "ro-role-binding.json" (builtins.toJSON {

     

       15
       15
       -
           apiVersion = "rbac.authorization.k8s.io/v1beta1";

     

       15
       15
       +
           apiVersion = "rbac.authorization.k8s.io/v1";

     

       16
       16
        
           kind = "RoleBinding";

     

       17
       17
        
           metadata = {

     

       18
       18
        
             name = "read-pods";

     
···

       31
       31
        
         });

     

       32
       32
        
       

     

       33
       33
        
         roRole = pkgs.writeText "ro-role.json" (builtins.toJSON {

     

       34
       34
       -
           apiVersion = "rbac.authorization.k8s.io/v1beta1";

     

       34
       34
       +
           apiVersion = "rbac.authorization.k8s.io/v1";

     

       35
       35
        
           kind = "Role";

     

       36
       36
        
           metadata = {

     

       37
       37
        
             name = "pod-reader";

+1 -4

pkgs/applications/networking/cluster/cni/default.nix

···

       13
       13
        
       

     

       14
       14
        
         buildInputs = [ go ];

     

       15
       15
        
       

     

       16
       16
       -
         outputs = ["out" "plugins"];

     

       17
       17
       -
       

     

       18
       16
        
         buildPhase = ''

     

       19
       17
        
           patchShebangs build.sh

     

       20
       18
        
           ./build.sh

     

       21
       19
        
         '';

     

       22
       20
        
       

     

       23
       21
        
         installPhase = ''

     

       24
       24
       -
           mkdir -p $out/bin $plugins

     

       22
       22
       +
           mkdir -p $out/bin

     

       25
       23
        
           mv bin/cnitool $out/bin

     

       26
       26
       -
           mv bin/* $plugins/

     

       27
       24
        
         '';

     

       28
       25
        
       

     

       29
       26
        
         meta = with stdenv.lib; {

+33

pkgs/applications/networking/cluster/cni/plugins.nix

···

       1
       1
       +
       { stdenv, lib, fetchFromGitHub, go }:

     

       2
       2
       +
       

     

       3
       3
       +
       stdenv.mkDerivation rec {

     

       4
       4
       +
         name = "cni-plugins-${version}";

     

       5
       5
       +
         version = "0.7.0";

     

       6
       6
       +
       

     

       7
       7
       +
         src = fetchFromGitHub {

     

       8
       8
       +
           owner = "containernetworking";

     

       9
       9
       +
           repo = "plugins";

     

       10
       10
       +
           rev = "v${version}";

     

       11
       11
       +
           sha256 = "0m885v76azs7lrk6m6n53rwh0xadwvdcr90h0l3bxpdv87sj2mnf";

     

       12
       12
       +
         };

     

       13
       13
       +
       

     

       14
       14
       +
         buildInputs = [ go ];

     

       15
       15
       +
       

     

       16
       16
       +
         buildPhase = ''

     

       17
       17
       +
           patchShebangs build.sh

     

       18
       18
       +
           ./build.sh

     

       19
       19
       +
         '';

     

       20
       20
       +
       

     

       21
       21
       +
         installPhase = ''

     

       22
       22
       +
           mkdir -p $out/bin

     

       23
       23
       +
           mv bin/* $out/bin

     

       24
       24
       +
         '';

     

       25
       25
       +
       

     

       26
       26
       +
         meta = with lib; {

     

       27
       27
       +
           description = "Some standard networking plugins, maintained by the CNI team";

     

       28
       28
       +
           homepage = https://github.com/containernetworking/plugins;

     

       29
       29
       +
           license = licenses.asl20;

     

       30
       30
       +
           platforms = [ "x86_64-linux" ];

     

       31
       31
       +
           maintainers = with maintainers; [ cstrahan ];

     

       32
       32
       +
         };

     

       33
       33
       +
       }

+1

pkgs/top-level/all-packages.nix

···

       15041
       15041
        
         };

     

       15042
       15042
        
       

     

       15043
       15043
        
         cni = callPackage ../applications/networking/cluster/cni {};

     

       15044
       15044
       +
         cni-plugins = callPackage ../applications/networking/cluster/cni/plugins.nix {};

     

       15044
       15045
        
       

     

       15045
       15046
        
         communi = libsForQt5.callPackage ../applications/networking/irc/communi { };

     

       15046
       15047