2024-07-12 10:21:16 -03:00
|
|
|
# A test that runs a multi-node k3s cluster and verify pod networking works across nodes
|
2023-02-09 09:57:37 +00:00
|
|
|
import ../make-test-python.nix (
|
|
|
|
|
{
|
|
|
|
|
pkgs,
|
|
|
|
|
lib,
|
|
|
|
|
k3s,
|
|
|
|
|
...
|
|
|
|
|
}:
|
2022-07-21 23:50:25 -07:00
|
|
|
let
|
|
|
|
|
imageEnv = pkgs.buildEnv {
|
|
|
|
|
name = "k3s-pause-image-env";
|
|
|
|
|
paths = with pkgs; [
|
|
|
|
|
tini
|
|
|
|
|
bashInteractive
|
|
|
|
|
coreutils
|
|
|
|
|
socat
|
|
|
|
|
];
|
|
|
|
|
};
|
2024-11-11 17:05:14 +01:00
|
|
|
pauseImage = pkgs.dockerTools.buildImage {
|
2022-07-21 23:50:25 -07:00
|
|
|
name = "test.local/pause";
|
|
|
|
|
tag = "local";
|
2024-11-11 17:05:14 +01:00
|
|
|
copyToRoot = imageEnv;
|
2022-07-21 23:50:25 -07:00
|
|
|
config.Entrypoint = [
|
|
|
|
|
"/bin/tini"
|
|
|
|
|
"--"
|
|
|
|
|
"/bin/sleep"
|
|
|
|
|
"inf"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
# A daemonset that responds 'server' on port 8000
|
|
|
|
|
networkTestDaemonset = pkgs.writeText "test.yml" ''
|
|
|
|
|
apiVersion: apps/v1
|
|
|
|
|
kind: DaemonSet
|
|
|
|
|
metadata:
|
|
|
|
|
name: test
|
|
|
|
|
labels:
|
|
|
|
|
name: test
|
|
|
|
|
spec:
|
|
|
|
|
selector:
|
|
|
|
|
matchLabels:
|
|
|
|
|
name: test
|
|
|
|
|
template:
|
|
|
|
|
metadata:
|
|
|
|
|
labels:
|
|
|
|
|
name: test
|
|
|
|
|
spec:
|
|
|
|
|
containers:
|
|
|
|
|
- name: test
|
|
|
|
|
image: test.local/pause:local
|
|
|
|
|
imagePullPolicy: Never
|
|
|
|
|
resources:
|
|
|
|
|
limits:
|
|
|
|
|
memory: 20Mi
|
|
|
|
|
command: ["socat", "TCP4-LISTEN:8000,fork", "EXEC:echo server"]
|
|
|
|
|
'';
|
|
|
|
|
tokenFile = pkgs.writeText "token" "p@s$w0rd";
|
|
|
|
|
in
|
|
|
|
|
{
|
2023-02-09 09:57:37 +00:00
|
|
|
name = "${k3s.name}-multi-node";
|
2022-07-21 23:50:25 -07:00
|
|
|
|
|
|
|
|
nodes = {
|
|
|
|
|
server =
|
2025-01-21 17:37:05 +01:00
|
|
|
{ nodes, pkgs, ... }:
|
2022-07-21 23:50:25 -07:00
|
|
|
{
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
gzip
|
|
|
|
|
jq
|
|
|
|
|
];
|
|
|
|
|
# k3s uses enough resources the default vm fails.
|
|
|
|
|
virtualisation.memorySize = 1536;
|
|
|
|
|
virtualisation.diskSize = 4096;
|
2024-05-10 18:55:54 -03:00
|
|
|
|
2022-07-21 23:50:25 -07:00
|
|
|
services.k3s = {
|
|
|
|
|
inherit tokenFile;
|
|
|
|
|
enable = true;
|
|
|
|
|
role = "server";
|
2023-02-09 09:57:37 +00:00
|
|
|
package = k3s;
|
2024-11-11 17:05:14 +01:00
|
|
|
images = [ pauseImage ];
|
2022-08-30 09:27:29 +01:00
|
|
|
clusterInit = true;
|
2024-07-15 22:46:52 +02:00
|
|
|
extraFlags = [
|
|
|
|
|
"--disable coredns"
|
|
|
|
|
"--disable local-storage"
|
|
|
|
|
"--disable metrics-server"
|
|
|
|
|
"--disable servicelb"
|
|
|
|
|
"--disable traefik"
|
|
|
|
|
"--pause-image test.local/pause:local"
|
2025-01-21 17:37:05 +01:00
|
|
|
"--node-ip ${nodes.server.networking.primaryIPAddress}"
|
|
|
|
|
# The interface selection logic of flannel would normally use eth0, as the nixos
|
|
|
|
|
# testing driver sets a default route via dev eth0. However, in test setups we
|
|
|
|
|
# have to use eth1 for inter-node communication.
|
|
|
|
|
"--flannel-iface eth1"
|
2024-05-10 18:55:54 -03:00
|
|
|
];
|
|
|
|
|
};
|
2022-08-30 09:27:29 +01:00
|
|
|
networking.firewall.allowedTCPPorts = [
|
2024-05-10 18:55:54 -03:00
|
|
|
2379
|
|
|
|
|
2380
|
|
|
|
|
6443
|
|
|
|
|
];
|
2022-08-30 09:27:29 +01:00
|
|
|
networking.firewall.allowedUDPPorts = [ 8472 ];
|
2022-07-21 23:50:25 -07:00
|
|
|
};
|
2024-05-10 18:55:54 -03:00
|
|
|
|
2022-08-30 09:27:29 +01:00
|
|
|
server2 =
|
2025-01-21 17:37:05 +01:00
|
|
|
{ nodes, pkgs, ... }:
|
2022-08-30 09:27:29 +01:00
|
|
|
{
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
gzip
|
|
|
|
|
jq
|
|
|
|
|
];
|
|
|
|
|
virtualisation.memorySize = 1536;
|
|
|
|
|
virtualisation.diskSize = 4096;
|
2024-05-10 18:55:54 -03:00
|
|
|
|
2022-08-30 09:27:29 +01:00
|
|
|
services.k3s = {
|
|
|
|
|
inherit tokenFile;
|
|
|
|
|
enable = true;
|
2024-11-11 17:00:40 +01:00
|
|
|
package = k3s;
|
2024-11-11 17:05:14 +01:00
|
|
|
images = [ pauseImage ];
|
2025-01-21 17:37:05 +01:00
|
|
|
serverAddr = "https://${nodes.server.networking.primaryIPAddress}:6443";
|
2022-08-30 09:27:29 +01:00
|
|
|
clusterInit = false;
|
2024-11-11 17:05:14 +01:00
|
|
|
extraFlags = [
|
|
|
|
|
"--disable coredns"
|
|
|
|
|
"--disable local-storage"
|
|
|
|
|
"--disable metrics-server"
|
|
|
|
|
"--disable servicelb"
|
|
|
|
|
"--disable traefik"
|
|
|
|
|
"--pause-image test.local/pause:local"
|
2025-01-21 17:37:05 +01:00
|
|
|
"--node-ip ${nodes.server2.networking.primaryIPAddress}"
|
|
|
|
|
"--flannel-iface eth1"
|
2024-05-10 18:55:54 -03:00
|
|
|
];
|
|
|
|
|
};
|
2022-07-21 23:50:25 -07:00
|
|
|
networking.firewall.allowedTCPPorts = [
|
2024-05-10 18:55:54 -03:00
|
|
|
2379
|
|
|
|
|
2380
|
|
|
|
|
6443
|
|
|
|
|
];
|
2022-07-21 23:50:25 -07:00
|
|
|
networking.firewall.allowedUDPPorts = [ 8472 ];
|
2022-08-30 09:27:29 +01:00
|
|
|
};
|
2024-05-10 18:55:54 -03:00
|
|
|
|
2022-07-21 23:50:25 -07:00
|
|
|
agent =
|
2025-01-21 17:37:05 +01:00
|
|
|
{ nodes, pkgs, ... }:
|
2022-07-21 23:50:25 -07:00
|
|
|
{
|
|
|
|
|
virtualisation.memorySize = 1024;
|
|
|
|
|
virtualisation.diskSize = 2048;
|
|
|
|
|
services.k3s = {
|
|
|
|
|
inherit tokenFile;
|
|
|
|
|
enable = true;
|
|
|
|
|
role = "agent";
|
2024-11-11 17:00:40 +01:00
|
|
|
package = k3s;
|
2024-11-11 17:05:14 +01:00
|
|
|
images = [ pauseImage ];
|
2025-01-21 17:37:05 +01:00
|
|
|
serverAddr = "https://${nodes.server2.networking.primaryIPAddress}:6443";
|
2024-11-11 17:05:14 +01:00
|
|
|
extraFlags = [
|
|
|
|
|
"--pause-image test.local/pause:local"
|
2025-01-21 17:37:05 +01:00
|
|
|
"--node-ip ${nodes.agent.networking.primaryIPAddress}"
|
|
|
|
|
"--flannel-iface eth1"
|
2024-05-10 18:55:54 -03:00
|
|
|
];
|
|
|
|
|
};
|
2022-07-21 23:50:25 -07:00
|
|
|
networking.firewall.allowedTCPPorts = [ 6443 ];
|
|
|
|
|
networking.firewall.allowedUDPPorts = [ 8472 ];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2024-11-11 17:05:14 +01:00
|
|
|
testScript = # python
|
|
|
|
|
''
|
|
|
|
|
start_all()
|
|
|
|
|
|
|
|
|
|
machines = [server, server2, agent]
|
|
|
|
|
for m in machines:
|
|
|
|
|
m.wait_for_unit("k3s")
|
|
|
|
|
|
|
|
|
|
# wait for the agent to show up
|
|
|
|
|
server.wait_until_succeeds("k3s kubectl get node agent")
|
|
|
|
|
|
|
|
|
|
for m in machines:
|
|
|
|
|
m.succeed("k3s check-config")
|
|
|
|
|
|
|
|
|
|
server.succeed("k3s kubectl cluster-info")
|
|
|
|
|
# Also wait for our service account to show up; it takes a sec
|
|
|
|
|
server.wait_until_succeeds("k3s kubectl get serviceaccount default")
|
|
|
|
|
|
|
|
|
|
# Now create a pod on each node via a daemonset and verify they can talk to each other.
|
|
|
|
|
server.succeed("k3s kubectl apply -f ${networkTestDaemonset}")
|
|
|
|
|
server.wait_until_succeeds(f'[ "$(k3s kubectl get ds test -o json | jq .status.numberReady)" -eq {len(machines)} ]')
|
|
|
|
|
|
|
|
|
|
# Get pod IPs
|
|
|
|
|
pods = server.succeed("k3s kubectl get po -o json | jq '.items[].metadata.name' -r").splitlines()
|
|
|
|
|
pod_ips = [server.succeed(f"k3s kubectl get po {name} -o json | jq '.status.podIP' -cr").strip() for name in pods]
|
|
|
|
|
|
|
|
|
|
# Verify each server can ping each pod ip
|
|
|
|
|
for pod_ip in pod_ips:
|
|
|
|
|
server.succeed(f"ping -c 1 {pod_ip}")
|
|
|
|
|
server2.succeed(f"ping -c 1 {pod_ip}")
|
|
|
|
|
agent.succeed(f"ping -c 1 {pod_ip}")
|
|
|
|
|
# Verify the pods can talk to each other
|
|
|
|
|
for pod in pods:
|
|
|
|
|
resp = server.succeed(f"k3s kubectl exec {pod} -- socat TCP:{pod_ip}:8000 -")
|
|
|
|
|
assert resp.strip() == "server"
|
|
|
|
|
'';
|
2024-07-12 09:01:55 -03:00
|
|
|
|
|
|
|
|
meta.maintainers = lib.teams.k3s.members;
|
2022-07-21 23:50:25 -07:00
|
|
|
}
|
|
|
|
|
)
|
