Loading .git-blame-ignore-revs +3 −0 Original line number Diff line number Diff line Loading @@ -111,3 +111,6 @@ fb0e5be84331188a69b3edd31679ca6576edb75a # pkgs/os-specific/bsd: Reformat with nixfmt-rfc-style 2024-03-01 3fe3b055adfc020e6a923c466b6bcd978a13069a # k3s: format with nixfmt-rfc-style 0b7900d5e8e0bcac89e14a52d3e840f9201e9f47 .github/workflows/check-nix-format.yml +4 −0 Original line number Diff line number Diff line Loading @@ -39,6 +39,10 @@ jobs: pkgs/development/cuda-modules pkgs/test/cuda pkgs/top-level/cuda-packages.nix NIX_FMT_PATHS_K3S: | nixos/modules/services/cluster/k3s nixos/tests/k3s pkgs/applications/networking/cluster/k3s NIX_FMT_PATHS_VSCODE_EXTS: pkgs/applications/editors/vscode/extensions NIX_FMT_PATHS_PHP_PACKAGES: pkgs/development/php-packages NIX_FMT_PATHS_BUILD_SUPPORT_PHP: pkgs/build-support/php Loading nixos/modules/services/cluster/k3s/default.nix +31 −13 Original line number Diff line number Diff line { config, lib, pkgs, ... }: { config, lib, pkgs, ... }: with lib; let cfg = config.services.k3s; removeOption = config: instruction: lib.mkRemovedOptionModule ([ "services" "k3s" ] ++ config) instruction; removeOption = config: instruction: lib.mkRemovedOptionModule ( [ "services" "k3s" ] ++ config ) instruction; in { imports = [ (removeOption [ "docker" ] "k3s docker option is no longer supported.") ]; imports = [ (removeOption [ "docker" ] "k3s docker option is no longer supported.") ]; # interface options.services.k3s = { Loading @@ -33,7 +43,10 @@ in - `serverAddr` is required. ''; default = "server"; type = types.enum [ "server" "agent" ]; type = types.enum [ "server" "agent" ]; }; serverAddr = mkOption { Loading Loading @@ -125,7 +138,8 @@ in message = "serverAddr or configPath (with 'server' key) should be set if role is 'agent'"; } { assertion = cfg.role == "agent" -> cfg.configPath != null || cfg.tokenFile != null || cfg.token != ""; assertion = cfg.role == "agent" -> cfg.configPath != null || cfg.tokenFile != null || cfg.token != ""; message = "token or tokenFile or configPath (with 'token' or 'token-file' keys) should be set if role is 'agent'"; } { Loading @@ -142,8 +156,14 @@ in systemd.services.k3s = { description = "k3s service"; after = [ "firewall.service" "network-online.target" ]; wants = [ "firewall.service" "network-online.target" ]; after = [ "firewall.service" "network-online.target" ]; wants = [ "firewall.service" "network-online.target" ]; wantedBy = [ "multi-user.target" ]; path = optional config.boot.zfs.enabled config.boot.zfs.package; serviceConfig = { Loading @@ -159,9 +179,7 @@ in TasksMax = "infinity"; EnvironmentFile = cfg.environmentFile; ExecStart = concatStringsSep " \\\n " ( [ "${cfg.package}/bin/k3s ${cfg.role}" ] [ "${cfg.package}/bin/k3s ${cfg.role}" ] ++ (optional cfg.clusterInit "--cluster-init") ++ (optional cfg.disableAgent "--disable-agent") ++ (optional (cfg.serverAddr != "") "--server ${cfg.serverAddr}") Loading nixos/tests/k3s/default.nix +11 −7 Original line number Diff line number Diff line { system ? builtins.currentSystem , pkgs ? import ../../.. { inherit system; } , lib ? pkgs.lib { system ? builtins.currentSystem, pkgs ? import ../../.. { inherit system; }, lib ? pkgs.lib, }: let allK3s = lib.filterAttrs (n: _: lib.strings.hasPrefix "k3s_" n) pkgs; in { # Testing K3s with Etcd backend etcd = lib.mapAttrs (_: k3s: import ./etcd.nix { etcd = lib.mapAttrs ( _: k3s: import ./etcd.nix { inherit system pkgs k3s; inherit (pkgs) etcd; }) allK3s; } ) allK3s; # Run a single node k3s cluster and verify a pod can run single-node = lib.mapAttrs (_: k3s: import ./single-node.nix { inherit system pkgs k3s; }) allK3s; # Run a multi-node k3s cluster and verify pod networking works across nodes Loading nixos/tests/k3s/etcd.nix +115 −85 Original line number Diff line number Diff line import ../make-test-python.nix ({ pkgs, lib, k3s, etcd, ... }: import ../make-test-python.nix ( { pkgs, lib, k3s, etcd, ... }: { name = "${k3s.name}-etcd"; nodes = { etcd = { ... }: { etcd = { ... }: { services.etcd = { enable = true; openFirewall = true; listenClientUrls = [ "http://192.168.1.1:2379" "http://127.0.0.1:2379" ]; listenClientUrls = [ "http://192.168.1.1:2379" "http://127.0.0.1:2379" ]; listenPeerUrls = [ "http://192.168.1.1:2380" ]; initialAdvertisePeerUrls = [ "http://192.168.1.1:2380" ]; initialCluster = [ "etcd=http://192.168.1.1:2380" ]; Loading @@ -18,12 +30,17 @@ import ../make-test-python.nix ({ pkgs, lib, k3s, etcd, ... }: useDHCP = false; defaultGateway = "192.168.1.1"; interfaces.eth1.ipv4.addresses = pkgs.lib.mkForce [ { address = "192.168.1.1"; prefixLength = 24; } { address = "192.168.1.1"; prefixLength = 24; } ]; }; }; k3s = { pkgs, ... }: { k3s = { pkgs, ... }: { environment.systemPackages = with pkgs; [ jq ]; # k3s uses enough resources the default vm fails. virtualisation.memorySize = 1536; Loading @@ -34,28 +51,40 @@ import ../make-test-python.nix ({ pkgs, lib, k3s, etcd, ... }: role = "server"; extraFlags = builtins.toString [ "--datastore-endpoint=\"http://192.168.1.1:2379\"" "--disable" "coredns" "--disable" "local-storage" "--disable" "metrics-server" "--disable" "servicelb" "--disable" "traefik" "--node-ip" "192.168.1.2" "--disable" "coredns" "--disable" "local-storage" "--disable" "metrics-server" "--disable" "servicelb" "--disable" "traefik" "--node-ip" "192.168.1.2" ]; }; networking = { firewall = { allowedTCPPorts = [ 2379 2380 6443 ]; allowedTCPPorts = [ 2379 2380 6443 ]; allowedUDPPorts = [ 8472 ]; }; useDHCP = false; defaultGateway = "192.168.1.2"; interfaces.eth1.ipv4.addresses = pkgs.lib.mkForce [ { address = "192.168.1.2"; prefixLength = 24; } { address = "192.168.1.2"; prefixLength = 24; } ]; }; }; }; testScript = '' Loading Loading @@ -97,4 +126,5 @@ import ../make-test-python.nix ({ pkgs, lib, k3s, etcd, ... }: ''; meta.maintainers = etcd.meta.maintainers ++ k3s.meta.maintainers; }) } ) Loading
.git-blame-ignore-revs +3 −0 Original line number Diff line number Diff line Loading @@ -111,3 +111,6 @@ fb0e5be84331188a69b3edd31679ca6576edb75a # pkgs/os-specific/bsd: Reformat with nixfmt-rfc-style 2024-03-01 3fe3b055adfc020e6a923c466b6bcd978a13069a # k3s: format with nixfmt-rfc-style 0b7900d5e8e0bcac89e14a52d3e840f9201e9f47
.github/workflows/check-nix-format.yml +4 −0 Original line number Diff line number Diff line Loading @@ -39,6 +39,10 @@ jobs: pkgs/development/cuda-modules pkgs/test/cuda pkgs/top-level/cuda-packages.nix NIX_FMT_PATHS_K3S: | nixos/modules/services/cluster/k3s nixos/tests/k3s pkgs/applications/networking/cluster/k3s NIX_FMT_PATHS_VSCODE_EXTS: pkgs/applications/editors/vscode/extensions NIX_FMT_PATHS_PHP_PACKAGES: pkgs/development/php-packages NIX_FMT_PATHS_BUILD_SUPPORT_PHP: pkgs/build-support/php Loading
nixos/modules/services/cluster/k3s/default.nix +31 −13 Original line number Diff line number Diff line { config, lib, pkgs, ... }: { config, lib, pkgs, ... }: with lib; let cfg = config.services.k3s; removeOption = config: instruction: lib.mkRemovedOptionModule ([ "services" "k3s" ] ++ config) instruction; removeOption = config: instruction: lib.mkRemovedOptionModule ( [ "services" "k3s" ] ++ config ) instruction; in { imports = [ (removeOption [ "docker" ] "k3s docker option is no longer supported.") ]; imports = [ (removeOption [ "docker" ] "k3s docker option is no longer supported.") ]; # interface options.services.k3s = { Loading @@ -33,7 +43,10 @@ in - `serverAddr` is required. ''; default = "server"; type = types.enum [ "server" "agent" ]; type = types.enum [ "server" "agent" ]; }; serverAddr = mkOption { Loading Loading @@ -125,7 +138,8 @@ in message = "serverAddr or configPath (with 'server' key) should be set if role is 'agent'"; } { assertion = cfg.role == "agent" -> cfg.configPath != null || cfg.tokenFile != null || cfg.token != ""; assertion = cfg.role == "agent" -> cfg.configPath != null || cfg.tokenFile != null || cfg.token != ""; message = "token or tokenFile or configPath (with 'token' or 'token-file' keys) should be set if role is 'agent'"; } { Loading @@ -142,8 +156,14 @@ in systemd.services.k3s = { description = "k3s service"; after = [ "firewall.service" "network-online.target" ]; wants = [ "firewall.service" "network-online.target" ]; after = [ "firewall.service" "network-online.target" ]; wants = [ "firewall.service" "network-online.target" ]; wantedBy = [ "multi-user.target" ]; path = optional config.boot.zfs.enabled config.boot.zfs.package; serviceConfig = { Loading @@ -159,9 +179,7 @@ in TasksMax = "infinity"; EnvironmentFile = cfg.environmentFile; ExecStart = concatStringsSep " \\\n " ( [ "${cfg.package}/bin/k3s ${cfg.role}" ] [ "${cfg.package}/bin/k3s ${cfg.role}" ] ++ (optional cfg.clusterInit "--cluster-init") ++ (optional cfg.disableAgent "--disable-agent") ++ (optional (cfg.serverAddr != "") "--server ${cfg.serverAddr}") Loading
nixos/tests/k3s/default.nix +11 −7 Original line number Diff line number Diff line { system ? builtins.currentSystem , pkgs ? import ../../.. { inherit system; } , lib ? pkgs.lib { system ? builtins.currentSystem, pkgs ? import ../../.. { inherit system; }, lib ? pkgs.lib, }: let allK3s = lib.filterAttrs (n: _: lib.strings.hasPrefix "k3s_" n) pkgs; in { # Testing K3s with Etcd backend etcd = lib.mapAttrs (_: k3s: import ./etcd.nix { etcd = lib.mapAttrs ( _: k3s: import ./etcd.nix { inherit system pkgs k3s; inherit (pkgs) etcd; }) allK3s; } ) allK3s; # Run a single node k3s cluster and verify a pod can run single-node = lib.mapAttrs (_: k3s: import ./single-node.nix { inherit system pkgs k3s; }) allK3s; # Run a multi-node k3s cluster and verify pod networking works across nodes Loading
nixos/tests/k3s/etcd.nix +115 −85 Original line number Diff line number Diff line import ../make-test-python.nix ({ pkgs, lib, k3s, etcd, ... }: import ../make-test-python.nix ( { pkgs, lib, k3s, etcd, ... }: { name = "${k3s.name}-etcd"; nodes = { etcd = { ... }: { etcd = { ... }: { services.etcd = { enable = true; openFirewall = true; listenClientUrls = [ "http://192.168.1.1:2379" "http://127.0.0.1:2379" ]; listenClientUrls = [ "http://192.168.1.1:2379" "http://127.0.0.1:2379" ]; listenPeerUrls = [ "http://192.168.1.1:2380" ]; initialAdvertisePeerUrls = [ "http://192.168.1.1:2380" ]; initialCluster = [ "etcd=http://192.168.1.1:2380" ]; Loading @@ -18,12 +30,17 @@ import ../make-test-python.nix ({ pkgs, lib, k3s, etcd, ... }: useDHCP = false; defaultGateway = "192.168.1.1"; interfaces.eth1.ipv4.addresses = pkgs.lib.mkForce [ { address = "192.168.1.1"; prefixLength = 24; } { address = "192.168.1.1"; prefixLength = 24; } ]; }; }; k3s = { pkgs, ... }: { k3s = { pkgs, ... }: { environment.systemPackages = with pkgs; [ jq ]; # k3s uses enough resources the default vm fails. virtualisation.memorySize = 1536; Loading @@ -34,28 +51,40 @@ import ../make-test-python.nix ({ pkgs, lib, k3s, etcd, ... }: role = "server"; extraFlags = builtins.toString [ "--datastore-endpoint=\"http://192.168.1.1:2379\"" "--disable" "coredns" "--disable" "local-storage" "--disable" "metrics-server" "--disable" "servicelb" "--disable" "traefik" "--node-ip" "192.168.1.2" "--disable" "coredns" "--disable" "local-storage" "--disable" "metrics-server" "--disable" "servicelb" "--disable" "traefik" "--node-ip" "192.168.1.2" ]; }; networking = { firewall = { allowedTCPPorts = [ 2379 2380 6443 ]; allowedTCPPorts = [ 2379 2380 6443 ]; allowedUDPPorts = [ 8472 ]; }; useDHCP = false; defaultGateway = "192.168.1.2"; interfaces.eth1.ipv4.addresses = pkgs.lib.mkForce [ { address = "192.168.1.2"; prefixLength = 24; } { address = "192.168.1.2"; prefixLength = 24; } ]; }; }; }; testScript = '' Loading Loading @@ -97,4 +126,5 @@ import ../make-test-python.nix ({ pkgs, lib, k3s, etcd, ... }: ''; meta.maintainers = etcd.meta.maintainers ++ k3s.meta.maintainers; }) } )
