diff options
| author | Euan Kemp <euank@euank.com> | 2021-10-23 18:29:05 -0700 |
|---|---|---|
| committer | Euan Kemp <euank@euank.com> | 2021-10-23 18:29:05 -0700 |
| commit | 8bf9500e6576c7f6b150834ab6e55409d056979c (patch) | |
| tree | bd94973b4dbb3234dd5bd62a79a85951752a13e3 /nixos | |
| parent | f20af9dbfbe54dfb1ba557fcc7edb316559a9130 (diff) | |
| download | nixlib-8bf9500e6576c7f6b150834ab6e55409d056979c.tar nixlib-8bf9500e6576c7f6b150834ab6e55409d056979c.tar.gz nixlib-8bf9500e6576c7f6b150834ab6e55409d056979c.tar.bz2 nixlib-8bf9500e6576c7f6b150834ab6e55409d056979c.tar.lz nixlib-8bf9500e6576c7f6b150834ab6e55409d056979c.tar.xz nixlib-8bf9500e6576c7f6b150834ab6e55409d056979c.tar.zst nixlib-8bf9500e6576c7f6b150834ab6e55409d056979c.zip | |
nixos/tests/k3s-docker: add 'k3s.docker=true' test
This verifies the docker driver works too, which matters because it interacts with systemd, cgroups, etc differently.
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/tests/k3s-docker.nix | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/nixos/tests/k3s-docker.nix b/nixos/tests/k3s-docker.nix new file mode 100644 index 000000000000..d6575bd6fff4 --- /dev/null +++ b/nixos/tests/k3s-docker.nix @@ -0,0 +1,80 @@ +import ./make-test-python.nix ({ pkgs, ... }: + +let + # A suitable k3s pause image, also used for the test pod + pauseImage = pkgs.dockerTools.buildImage { + name = "test.local/pause"; + tag = "local"; + contents = with pkgs; [ tini coreutils busybox ]; + config.Entrypoint = [ "/bin/tini" "--" "/bin/sleep" "inf" ]; + }; + # Don't use the default service account because there's a race where it may + # not be created yet; make our own instead. + testPodYaml = pkgs.writeText "test.yml" '' + apiVersion: v1 + kind: ServiceAccount + metadata: + name: test + --- + apiVersion: v1 + kind: Pod + metadata: + name: test + spec: + serviceAccountName: test + containers: + - name: test + image: test.local/pause:local + imagePullPolicy: Never + command: ["sh", "-c", "sleep inf"] + ''; +in +{ + name = "k3s"; + meta = with pkgs.lib.maintainers; { + maintainers = [ euank ]; + }; + + machine = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ k3s gzip ]; + + # k3s uses enough resources the default vm fails. + virtualisation.memorySize = pkgs.lib.mkDefault 1536; + virtualisation.diskSize = pkgs.lib.mkDefault 4096; + + services.k3s = { + enable = true; + role = "server"; + docker = true; + # Slightly reduce resource usage + extraFlags = "--no-deploy coredns,servicelb,traefik,local-storage,metrics-server --pause-image test.local/pause:local"; + }; + + users.users = { + noprivs = { + isNormalUser = true; + description = "Can't access k3s by default"; + password = "*"; + }; + }; + }; + + testScript = '' + start_all() + + machine.wait_for_unit("k3s") + machine.succeed("k3s kubectl cluster-info") + machine.fail("sudo -u noprivs k3s kubectl cluster-info") + # machine.succeed("k3s check-config") # fails with the current nixos kernel config, uncomment once this passes + + machine.succeed( + "zcat ${pauseImage} | docker load" + ) + + machine.succeed("k3s kubectl apply -f ${testPodYaml}") + machine.succeed("k3s kubectl wait --for 'condition=Ready' pod/test") + machine.succeed("k3s kubectl delete -f ${testPodYaml}") + + machine.shutdown() + ''; +}) |