JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

k3s: remove docker support

Browse Source
This commit is contained in:
superherointj 2022-06-15 16:06:35 -03:00
parent abb346a417
commit a6a0c44760
6 changed files with 18 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
View File

@ -140,6 +140,12 @@
instead.
</para>
</listitem>
<listitem>
<para>
<literal>k3s</literal> no longer supports docker as runtime
due to upstream dropping support.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-22.11-notable-changes">

2
nixos/doc/manual/release-notes/rl-2211.section.md
View File

@ -57,6 +57,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- (Neo)Vim can not be configured with `configure.pathogen` anymore to reduce maintainance burden.
Use `configure.packages` instead.
- `k3s` no longer supports docker as runtime due to upstream dropping support.
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
## Other Notable Changes {#sec-release-22.11-notable-changes}

21
nixos/modules/services/cluster/k3s/default.nix
View File

@ -3,8 +3,14 @@
with lib;
let
cfg = config.services.k3s;
removeOption = config: instruction:
lib.mkRemovedOptionModule ([ "services" "k3s" ] ++ config) instruction;
in
{
imports = [
(removeOption [ "docker" ] "k3s docker option is no longer supported.")
];
# interface
options.services.k3s = {
enable = mkEnableOption "k3s";
@ -48,12 +54,6 @@ in
default = null;
};
docker = mkOption {
type = types.bool;
default = false;
description = "Use docker to run containers rather than the built-in containerd.";
};
extraFlags = mkOption {
description = "Extra flags to pass to the k3s command.";
type = types.str;
@ -88,14 +88,11 @@ in
}
];
virtualisation.docker = mkIf cfg.docker {
enable = mkDefault true;
};
environment.systemPackages = [ config.services.k3s.package ];
systemd.services.k3s = {
description = "k3s service";
after = [ "network.service" "firewall.service" ] ++ (optional cfg.docker "docker.service");
after = [ "network.service" "firewall.service" ];
wants = [ "network.service" "firewall.service" ];
wantedBy = [ "multi-user.target" ];
path = optional config.boot.zfs.enabled config.boot.zfs.package;
@ -113,8 +110,8 @@ in
ExecStart = concatStringsSep " \\\n " (
[
"${cfg.package}/bin/k3s ${cfg.role}"
] ++ (optional cfg.docker "--docker")
++ (optional (cfg.docker && config.systemd.enableUnifiedCgroupHierarchy) "--kubelet-arg=cgroup-driver=systemd")
]
++ (optional (config.systemd.enableUnifiedCgroupHierarchy) "--kubelet-arg=cgroup-driver=systemd")
++ (optional cfg.disableAgent "--disable-agent")
++ (optional (cfg.serverAddr != "") "--server ${cfg.serverAddr}")
++ (optional (cfg.token != "") "--token ${cfg.token}")

1
nixos/tests/all-tests.nix
View File

@ -254,7 +254,6 @@ in {
jirafeau = handleTest ./jirafeau.nix {};
jitsi-meet = handleTest ./jitsi-meet.nix {};
k3s-single-node = handleTest ./k3s-single-node.nix {};
k3s-single-node-docker = handleTest ./k3s-single-node-docker.nix {};
kafka = handleTest ./kafka.nix {};
kanidm = handleTest ./kanidm.nix {};
kbd-setfont-decompress = handleTest ./kbd-setfont-decompress.nix {};

84
nixos/tests/k3s-single-node-docker.nix
View File

@ -1,84 +0,0 @@
import ./make-test-python.nix ({ pkgs, ... }:
let
imageEnv = pkgs.buildEnv {
name = "k3s-pause-image-env";
paths = with pkgs; [ tini (hiPrio coreutils) busybox ];
};
pauseImage = pkgs.dockerTools.streamLayeredImage {
name = "test.local/pause";
tag = "local";
contents = imageEnv;
config.Entrypoint = [ "/bin/tini" "--" "/bin/sleep" "inf" ];
};
# Don't use the default service account because there's a race where it may
# not be created yet; make our own instead.
testPodYaml = pkgs.writeText "test.yml" ''
apiVersion: v1
kind: ServiceAccount
metadata:
name: test
---
apiVersion: v1
kind: Pod
metadata:
name: test
spec:
serviceAccountName: test
containers:
- name: test
image: test.local/pause:local
imagePullPolicy: Never
command: ["sh", "-c", "sleep inf"]
'';
in
{
name = "k3s";
meta = with pkgs.lib.maintainers; {
maintainers = [ euank ];
};
nodes.machine = { pkgs, ... }: {
environment.systemPackages = with pkgs; [ k3s gzip ];
# k3s uses enough resources the default vm fails.
virtualisation.memorySize = 1536;
virtualisation.diskSize = 4096;
services.k3s = {
enable = true;
role = "server";
docker = true;
# Slightly reduce resource usage
extraFlags = "--no-deploy coredns,servicelb,traefik,local-storage,metrics-server --pause-image test.local/pause:local";
};
users.users = {
noprivs = {
isNormalUser = true;
description = "Can't access k3s by default";
password = "*";
};
};
};
testScript = ''
start_all()
machine.wait_for_unit("k3s")
machine.succeed("k3s kubectl cluster-info")
machine.fail("sudo -u noprivs k3s kubectl cluster-info")
# FIXME: this fails with the current nixos kernel config; once it passes, we should uncomment it
# machine.succeed("k3s check-config")
machine.succeed(
"${pauseImage} | docker load"
)
machine.succeed("k3s kubectl apply -f ${testPodYaml}")
machine.succeed("k3s kubectl wait --for 'condition=Ready' pod/test")
machine.succeed("k3s kubectl delete -f ${testPodYaml}")
machine.shutdown()
'';
})

2
pkgs/applications/networking/cluster/k3s/default.nix
View File

@ -323,7 +323,7 @@ buildGoModule rec {
passthru.updateScript = ./update.sh;
passthru.tests = { inherit (nixosTests) k3s-single-node k3s-single-node-docker; };
passthru.tests = { inherit (nixosTests) k3s-single-node; };
meta = baseMeta;
}