| blob | 870142017a31b000414d6e1466cbf7f0ac9ed119 |
1 { system ? builtins.currentSystem,
2 config ? {},
3 pkgs ? import ../../.. { inherit system config; }
4 }:
6 with import ../../lib/testing-python.nix { inherit system pkgs; };
7 with pkgs.lib;
9 let
10 mkKubernetesBaseTest =
11 { name, domain ? "my.zyx", test, machines
12 , extraConfiguration ? null }:
13 let
14 masterName = head (filter (machineName: any (role: role == "master") machines.${machineName}.roles) (attrNames machines));
15 master = machines.${masterName};
16 extraHosts = ''
17 ${master.ip} etcd.${domain}
18 ${master.ip} api.${domain}
19 ${concatMapStringsSep "\n" (machineName: "${machines.${machineName}.ip} ${machineName}.${domain}") (attrNames machines)}
20 '';
21 wrapKubectl = with pkgs; runCommand "wrap-kubectl" { nativeBuildInputs = [ makeWrapper ]; } ''
22 mkdir -p $out/bin
23 makeWrapper ${pkgs.kubernetes}/bin/kubectl $out/bin/kubectl --set KUBECONFIG "/etc/kubernetes/cluster-admin.kubeconfig"
24 '';
25 in makeTest {
26 inherit name;
28 nodes = mapAttrs (machineName: machine:
29 { config, pkgs, lib, nodes, ... }:
30 mkMerge [
31 {
32 boot.postBootCommands = "rm -fr /var/lib/kubernetes/secrets /tmp/shared/*";
33 virtualisation.memorySize = mkDefault 1536;
34 virtualisation.diskSize = mkDefault 4096;
35 networking = {
36 inherit domain extraHosts;
37 primaryIPAddress = mkForce machine.ip;
39 firewall = {
40 allowedTCPPorts = [
41 10250 # kubelet
42 ];
43 trustedInterfaces = ["mynet"];
45 extraCommands = concatMapStrings (node: ''
46 iptables -A INPUT -s ${node.networking.primaryIPAddress} -j ACCEPT
47 '') (attrValues nodes);
48 };
49 };
50 programs.bash.completion.enable = true;
51 environment.systemPackages = [ wrapKubectl ];
52 services.flannel.iface = "eth1";
53 services.kubernetes = {
54 proxy.hostname = "${masterName}.${domain}";
56 easyCerts = true;
57 inherit (machine) roles;
58 apiserver = {
59 securePort = 443;
60 advertiseAddress = master.ip;
61 };
62 # NOTE: what featureGates are useful for testing might change in
63 # the future, see link below to find new ones
64 # https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/
65 featureGates = {AnonymousAuthConfigurableEndpoints = true; ConsistentListFromCache = false;};
66 masterAddress = "${masterName}.${config.networking.domain}";
67 };
68 }
69 (optionalAttrs (any (role: role == "master") machine.roles) {
70 networking.firewall.allowedTCPPorts = [
71 443 # kubernetes apiserver
72 ];
73 })
74 (optionalAttrs (machine ? extraConfiguration) (machine.extraConfiguration { inherit config pkgs lib nodes; }))
75 (optionalAttrs (extraConfiguration != null) (extraConfiguration { inherit config pkgs lib nodes; }))
76 ]
77 ) machines;
79 testScript = ''
80 start_all()
81 '' + test;
82 };
84 mkKubernetesMultiNodeTest = attrs: mkKubernetesBaseTest ({
85 machines = {
86 machine1 = {
87 roles = ["master"];
88 ip = "192.168.1.1";
89 };
90 machine2 = {
91 roles = ["node"];
92 ip = "192.168.1.2";
93 };
94 };
95 } // attrs // {
96 name = "kubernetes-${attrs.name}-multinode";
97 });
99 mkKubernetesSingleNodeTest = attrs: mkKubernetesBaseTest ({
100 machines = {
101 machine1 = {
102 roles = ["master" "node"];
103 ip = "192.168.1.1";
104 };
105 };
106 } // attrs // {
107 name = "kubernetes-${attrs.name}-singlenode";
108 });
109 in {
110 inherit mkKubernetesBaseTest mkKubernetesSingleNodeTest mkKubernetesMultiNodeTest;
111 }