| blob | 2616ab02a6092abb377f471fa9588ee1cf37d260 |
1 # Tests K3s with Etcd backend
2 import ../make-test-python.nix (
3 {
4 pkgs,
5 lib,
6 k3s,
7 etcd,
8 ...
9 }:
11 {
12 name = "${k3s.name}-etcd";
14 nodes = {
16 etcd =
17 { ... }:
18 {
19 services.etcd = {
20 enable = true;
21 openFirewall = true;
22 listenClientUrls = [
23 "http://192.168.1.1:2379"
24 "http://127.0.0.1:2379"
25 ];
26 listenPeerUrls = [ "http://192.168.1.1:2380" ];
27 initialAdvertisePeerUrls = [ "http://192.168.1.1:2380" ];
28 initialCluster = [ "etcd=http://192.168.1.1:2380" ];
29 };
30 networking = {
31 useDHCP = false;
32 defaultGateway = "192.168.1.1";
33 interfaces.eth1.ipv4.addresses = pkgs.lib.mkForce [
34 {
35 address = "192.168.1.1";
36 prefixLength = 24;
37 }
38 ];
39 };
40 };
42 k3s =
43 { pkgs, ... }:
44 {
45 environment.systemPackages = with pkgs; [ jq ];
46 # k3s uses enough resources the default vm fails.
47 virtualisation.memorySize = 1536;
48 virtualisation.diskSize = 4096;
50 services.k3s = {
51 enable = true;
52 role = "server";
53 extraFlags = [
54 "--datastore-endpoint=\"http://192.168.1.1:2379\""
55 "--disable coredns"
56 "--disable local-storage"
57 "--disable metrics-server"
58 "--disable servicelb"
59 "--disable traefik"
60 "--node-ip 192.168.1.2"
61 ];
62 };
64 networking = {
65 firewall = {
66 allowedTCPPorts = [
67 2379
68 2380
69 6443
70 ];
71 allowedUDPPorts = [ 8472 ];
72 };
73 useDHCP = false;
74 defaultGateway = "192.168.1.2";
75 interfaces.eth1.ipv4.addresses = pkgs.lib.mkForce [
76 {
77 address = "192.168.1.2";
78 prefixLength = 24;
79 }
80 ];
81 };
82 };
83 };
85 testScript = ''
86 with subtest("should start etcd"):
87 etcd.start()
88 etcd.wait_for_unit("etcd.service")
90 with subtest("should wait for etcdctl endpoint status to succeed"):
91 etcd.wait_until_succeeds("etcdctl endpoint status")
93 with subtest("should start k3s"):
94 k3s.start()
95 k3s.wait_for_unit("k3s")
97 with subtest("should test if kubectl works"):
98 k3s.wait_until_succeeds("k3s kubectl get node")
100 with subtest("should wait for service account to show up; takes a sec"):
101 k3s.wait_until_succeeds("k3s kubectl get serviceaccount default")
103 with subtest("should create a sample secret object"):
104 k3s.succeed("k3s kubectl create secret generic nixossecret --from-literal thesecret=abacadabra")
106 with subtest("should check if secret is correct"):
107 k3s.wait_until_succeeds("[[ $(kubectl get secrets nixossecret -o json | jq -r .data.thesecret | base64 -d) == abacadabra ]]")
109 with subtest("should have a secret in database"):
110 etcd.wait_until_succeeds("[[ $(etcdctl get /registry/secrets/default/nixossecret | head -c1 | wc -c) -ne 0 ]]")
112 with subtest("should delete the secret"):
113 k3s.succeed("k3s kubectl delete secret nixossecret")
115 with subtest("should not have a secret in database"):
116 etcd.wait_until_fails("[[ $(etcdctl get /registry/secrets/default/nixossecret | head -c1 | wc -c) -ne 0 ]]")
118 with subtest("should shutdown k3s and etcd"):
119 k3s.shutdown()
120 etcd.shutdown()
121 '';
123 meta.maintainers = etcd.meta.maintainers ++ lib.teams.k3s.members;
124 }
125 )