nixpkgs/nixos/tests/kubernetes/base.nix

{ system ? builtins.currentSystem,
  config ? {},
  pkgs ? import ../../.. { inherit system config; }
}:

with import ../../lib/testing.nix { inherit system pkgs; };
with pkgs.lib;

let
  mkKubernetesBaseTest =
    { name, domain ? "my.zyx", test, machines
    , pkgs ? import <nixpkgs> { inherit system; }
    , extraConfiguration ? null }:
    let
      masterName = head (filter (machineName: any (role: role == "master") machines.${machineName}.roles) (attrNames machines));
      master = machines.${masterName};
      extraHosts = ''
        ${master.ip}  etcd.${domain}
        ${master.ip}  api.${domain}
        ${concatMapStringsSep "\n" (machineName: "${machines.${machineName}.ip}  ${machineName}.${domain}") (attrNames machines)}
      '';
      kubectl = with pkgs; runCommand "wrap-kubectl" { buildInputs = [ makeWrapper ]; } ''
        mkdir -p $out/bin
        makeWrapper ${pkgs.kubernetes}/bin/kubectl $out/bin/kubectl --set KUBECONFIG "/etc/kubernetes/cluster-admin.kubeconfig"
      '';
    in makeTest {
      inherit name;

      nodes = mapAttrs (machineName: machine:
        { config, pkgs, lib, nodes, ... }:
          mkMerge [
            {
              boot.postBootCommands = "rm -fr /var/lib/kubernetes/secrets /tmp/shared/*";
              virtualisation.memorySize = mkDefault 1536;
              virtualisation.diskSize = mkDefault 4096;
              networking = {
                inherit domain extraHosts;
                primaryIPAddress = mkForce machine.ip;

                firewall = {
                  allowedTCPPorts = [
                    10250 # kubelet
                  ];
                  trustedInterfaces = ["docker0"];

                  extraCommands = concatMapStrings  (node: ''
                    iptables -A INPUT -s ${node.config.networking.primaryIPAddress} -j ACCEPT
                  '') (attrValues nodes);
                };
              };
              programs.bash.enableCompletion = true;
              environment.systemPackages = [ kubectl ];
              services.flannel.iface = "eth1";
              services.kubernetes = {
                addons.dashboard.enable = true;

                easyCerts = true;
                inherit (machine) roles;
                apiserver = {
                  securePort = 443;
                  advertiseAddress = master.ip;
                };
                masterAddress = "${masterName}.${config.networking.domain}";
              };
            }
            (optionalAttrs (any (role: role == "master") machine.roles) {
              networking.firewall.allowedTCPPorts = [
                443 # kubernetes apiserver
              ];
            })
            (optionalAttrs (machine ? extraConfiguration) (machine.extraConfiguration { inherit config pkgs lib nodes; }))
            (optionalAttrs (extraConfiguration != null) (extraConfiguration { inherit config pkgs lib nodes; }))
          ]
      ) machines;

      testScript = ''
        startAll;

        ${test}
      '';
    };

  mkKubernetesMultiNodeTest = attrs: mkKubernetesBaseTest ({
    machines = {
      machine1 = {
        roles = ["master"];
        ip = "192.168.1.1";
      };
      machine2 = {
        roles = ["node"];
        ip = "192.168.1.2";
      };
    };
  } // attrs // {
    name = "kubernetes-${attrs.name}-multinode";
  });

  mkKubernetesSingleNodeTest = attrs: mkKubernetesBaseTest ({
    machines = {
      machine1 = {
        roles = ["master" "node"];
        ip = "192.168.1.1";
      };
    };
  } // attrs // {
    name = "kubernetes-${attrs.name}-singlenode";
  });
in {
  inherit mkKubernetesBaseTest mkKubernetesSingleNodeTest mkKubernetesMultiNodeTest;
}
tests: refactor to carry the package set as an argument This way, the package set will be possible to pass without re-importing all the time 2018-11-11 17:41:11 +09:00			`{ system ? builtins.currentSystem,`
			`config ? {},`
nixos/kubernetes: fix import path of default nixpkgs 2018-12-12 21:30:32 +01:00			`pkgs ? import ../../.. { inherit system config; }`
tests: refactor to carry the package set as an argument This way, the package set will be possible to pass without re-importing all the time 2018-11-11 17:41:11 +09:00			`}:`
kubernetes: fix tests 2017-09-09 02:00:35 +02:00
tests: refactor to carry the package set as an argument This way, the package set will be possible to pass without re-importing all the time 2018-11-11 17:41:11 +09:00			`with import ../../lib/testing.nix { inherit system pkgs; };`
kubernetes: fix tests 2017-09-09 02:00:35 +02:00			`with pkgs.lib;`

			`let`
			`mkKubernetesBaseTest =`
			`{ name, domain ? "my.zyx", test, machines`
			`, pkgs ? import <nixpkgs> { inherit system; }`
			`, extraConfiguration ? null }:`
			`let`
			`masterName = head (filter (machineName: any (role: role == "master") machines.${machineName}.roles) (attrNames machines));`
			`master = machines.${masterName};`
			`extraHosts = ''`
			`${master.ip} etcd.${domain}`
			`${master.ip} api.${domain}`
			`${concatMapStringsSep "\n" (machineName: "${machines.${machineName}.ip} ${machineName}.${domain}") (attrNames machines)}`
			`'';`
nixos/kubernetes: major module refactor - All kubernetes components have been seperated into different files - All TLS-enabled ports have been deprecated and disabled by default - EasyCert option added to support automatic cluster PKI-bootstrap - RBAC has been enforced for all cluster components by default - NixOS kubernetes test cases make use of easyCerts to setup PKI 2018-07-22 13:14:20 +02:00			`kubectl = with pkgs; runCommand "wrap-kubectl" { buildInputs = [ makeWrapper ]; } ''`
			`mkdir -p $out/bin`
			`makeWrapper ${pkgs.kubernetes}/bin/kubectl $out/bin/kubectl --set KUBECONFIG "/etc/kubernetes/cluster-admin.kubeconfig"`
			`'';`
kubernetes: fix tests 2017-09-09 02:00:35 +02:00			`in makeTest {`
			`inherit name;`

			`nodes = mapAttrs (machineName: machine:`
			`{ config, pkgs, lib, nodes, ... }:`
			`mkMerge [`
			`{`
Revert "Merge pull request #56789 from mayflower/upstream-k8s-refactor" This reverts commit 7dc6e77bc2a03e660cab2c4cbf52f235bc52683e, reversing changes made to bce47ea9d5fa962736ddd4a254a27a5fd2cdee9a. Motivation for the revert in #67563 2019-08-24 12:52:32 +02:00			`boot.postBootCommands = "rm -fr /var/lib/kubernetes/secrets /tmp/shared/*";`
Kubernetes tests: increase the size of the VM from 700MB to 1.5GB VMs were starving, many of the daemons were unable to complete their tasks resulting in tests failures. Turned off verbose output from k8s components as it consumes even more resources, and useful error messages actually drown in debug-clutter 2018-05-23 16:37:09 +02:00			`virtualisation.memorySize = mkDefault 1536;`
kubernetes: fix tests 2017-09-09 02:00:35 +02:00			`virtualisation.diskSize = mkDefault 4096;`
			`networking = {`
			`inherit domain extraHosts;`
			`primaryIPAddress = mkForce machine.ip;`

			`firewall = {`
			`allowedTCPPorts = [`
			`10250 # kubelet`
			`];`
			`trustedInterfaces = ["docker0"];`

			`extraCommands = concatMapStrings (node: ''`
			`iptables -A INPUT -s ${node.config.networking.primaryIPAddress} -j ACCEPT`
			`'') (attrValues nodes);`
			`};`
			`};`
			`programs.bash.enableCompletion = true;`
nixos/kubernetes: major module refactor - All kubernetes components have been seperated into different files - All TLS-enabled ports have been deprecated and disabled by default - EasyCert option added to support automatic cluster PKI-bootstrap - RBAC has been enforced for all cluster components by default - NixOS kubernetes test cases make use of easyCerts to setup PKI 2018-07-22 13:14:20 +02:00			`environment.systemPackages = [ kubectl ];`
kubernetes: fix tests 2017-09-09 02:00:35 +02:00			`services.flannel.iface = "eth1";`
nixos/kubernetes: major module refactor - All kubernetes components have been seperated into different files - All TLS-enabled ports have been deprecated and disabled by default - EasyCert option added to support automatic cluster PKI-bootstrap - RBAC has been enforced for all cluster components by default - NixOS kubernetes test cases make use of easyCerts to setup PKI 2018-07-22 13:14:20 +02:00			`services.kubernetes = {`
			`addons.dashboard.enable = true;`

			`easyCerts = true;`
			`inherit (machine) roles;`
			`apiserver = {`
			`securePort = 443;`
			`advertiseAddress = master.ip;`
			`};`
			`masterAddress = "${masterName}.${config.networking.domain}";`
			`};`
kubernetes: fix tests 2017-09-09 02:00:35 +02:00			`}`
			`(optionalAttrs (any (role: role == "master") machine.roles) {`
			`networking.firewall.allowedTCPPorts = [`
			`443 # kubernetes apiserver`
			`];`
			`})`
treewide: remove redundant quotes 2019-08-13 21:52:01 +00:00			`(optionalAttrs (machine ? extraConfiguration) (machine.extraConfiguration { inherit config pkgs lib nodes; }))`
kubernetes: fix tests 2017-09-09 02:00:35 +02:00			`(optionalAttrs (extraConfiguration != null) (extraConfiguration { inherit config pkgs lib nodes; }))`
			`]`
			`) machines;`

			`testScript = ''`
			`startAll;`

			`${test}`
			`'';`
			`};`

			`mkKubernetesMultiNodeTest = attrs: mkKubernetesBaseTest ({`
			`machines = {`
			`machine1 = {`
			`roles = ["master"];`
			`ip = "192.168.1.1";`
			`};`
			`machine2 = {`
			`roles = ["node"];`
			`ip = "192.168.1.2";`
			`};`
			`};`
			`} // attrs // {`
			`name = "kubernetes-${attrs.name}-multinode";`
			`});`

			`mkKubernetesSingleNodeTest = attrs: mkKubernetesBaseTest ({`
			`machines = {`
			`machine1 = {`
			`roles = ["master" "node"];`
			`ip = "192.168.1.1";`
			`};`
			`};`
			`} // attrs // {`
			`name = "kubernetes-${attrs.name}-singlenode";`
			`});`
			`in {`
			`inherit mkKubernetesBaseTest mkKubernetesSingleNodeTest mkKubernetesMultiNodeTest;`
			`}`