From a6a0c4476025ed54e26d82f99d36739793b4db3c Mon Sep 17 00:00:00 2001
From: superherointj <5861043+superherointj@users.noreply.github.com>
Date: Wed, 15 Jun 2022 16:06:35 -0300
Subject: [PATCH 1/2] k3s: remove docker support
---
.../from_md/release-notes/rl-2211.section.xml | 6 ++
.../manual/release-notes/rl-2211.section.md | 2 +
.../modules/services/cluster/k3s/default.nix | 21 ++---
nixos/tests/all-tests.nix | 1 -
nixos/tests/k3s-single-node-docker.nix | 84 -------------------
.../networking/cluster/k3s/default.nix | 2 +-
6 files changed, 18 insertions(+), 98 deletions(-)
delete mode 100644 nixos/tests/k3s-single-node-docker.nix
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
index c6eaf462429..4e31668a9e8 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
@@ -140,6 +140,12 @@
instead.
+
+
+ k3s no longer supports docker as runtime
+ due to upstream dropping support.
+
+
diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md
index 56df3c00cb2..18bb0ee1cfc 100644
--- a/nixos/doc/manual/release-notes/rl-2211.section.md
+++ b/nixos/doc/manual/release-notes/rl-2211.section.md
@@ -57,6 +57,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- (Neo)Vim can not be configured with `configure.pathogen` anymore to reduce maintainance burden.
Use `configure.packages` instead.
+- `k3s` no longer supports docker as runtime due to upstream dropping support.
+
## Other Notable Changes {#sec-release-22.11-notable-changes}
diff --git a/nixos/modules/services/cluster/k3s/default.nix b/nixos/modules/services/cluster/k3s/default.nix
index 3a36cfa3f37..421aa0aac60 100644
--- a/nixos/modules/services/cluster/k3s/default.nix
+++ b/nixos/modules/services/cluster/k3s/default.nix
@@ -3,8 +3,14 @@
with lib;
let
cfg = config.services.k3s;
+ removeOption = config: instruction:
+ lib.mkRemovedOptionModule ([ "services" "k3s" ] ++ config) instruction;
in
{
+ imports = [
+ (removeOption [ "docker" ] "k3s docker option is no longer supported.")
+ ];
+
# interface
options.services.k3s = {
enable = mkEnableOption "k3s";
@@ -48,12 +54,6 @@ in
default = null;
};
- docker = mkOption {
- type = types.bool;
- default = false;
- description = "Use docker to run containers rather than the built-in containerd.";
- };
-
extraFlags = mkOption {
description = "Extra flags to pass to the k3s command.";
type = types.str;
@@ -88,14 +88,11 @@ in
}
];
- virtualisation.docker = mkIf cfg.docker {
- enable = mkDefault true;
- };
environment.systemPackages = [ config.services.k3s.package ];
systemd.services.k3s = {
description = "k3s service";
- after = [ "network.service" "firewall.service" ] ++ (optional cfg.docker "docker.service");
+ after = [ "network.service" "firewall.service" ];
wants = [ "network.service" "firewall.service" ];
wantedBy = [ "multi-user.target" ];
path = optional config.boot.zfs.enabled config.boot.zfs.package;
@@ -113,8 +110,8 @@ in
ExecStart = concatStringsSep " \\\n " (
[
"${cfg.package}/bin/k3s ${cfg.role}"
- ] ++ (optional cfg.docker "--docker")
- ++ (optional (cfg.docker && config.systemd.enableUnifiedCgroupHierarchy) "--kubelet-arg=cgroup-driver=systemd")
+ ]
+ ++ (optional (config.systemd.enableUnifiedCgroupHierarchy) "--kubelet-arg=cgroup-driver=systemd")
++ (optional cfg.disableAgent "--disable-agent")
++ (optional (cfg.serverAddr != "") "--server ${cfg.serverAddr}")
++ (optional (cfg.token != "") "--token ${cfg.token}")
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index d5e422bb94f..099b8e7972c 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -254,7 +254,6 @@ in {
jirafeau = handleTest ./jirafeau.nix {};
jitsi-meet = handleTest ./jitsi-meet.nix {};
k3s-single-node = handleTest ./k3s-single-node.nix {};
- k3s-single-node-docker = handleTest ./k3s-single-node-docker.nix {};
kafka = handleTest ./kafka.nix {};
kanidm = handleTest ./kanidm.nix {};
kbd-setfont-decompress = handleTest ./kbd-setfont-decompress.nix {};
diff --git a/nixos/tests/k3s-single-node-docker.nix b/nixos/tests/k3s-single-node-docker.nix
deleted file mode 100644
index 735aa5ac297..00000000000
--- a/nixos/tests/k3s-single-node-docker.nix
+++ /dev/null
@@ -1,84 +0,0 @@
-import ./make-test-python.nix ({ pkgs, ... }:
-
- let
- imageEnv = pkgs.buildEnv {
- name = "k3s-pause-image-env";
- paths = with pkgs; [ tini (hiPrio coreutils) busybox ];
- };
- pauseImage = pkgs.dockerTools.streamLayeredImage {
- name = "test.local/pause";
- tag = "local";
- contents = imageEnv;
- config.Entrypoint = [ "/bin/tini" "--" "/bin/sleep" "inf" ];
- };
- # Don't use the default service account because there's a race where it may
- # not be created yet; make our own instead.
- testPodYaml = pkgs.writeText "test.yml" ''
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: test
- ---
- apiVersion: v1
- kind: Pod
- metadata:
- name: test
- spec:
- serviceAccountName: test
- containers:
- - name: test
- image: test.local/pause:local
- imagePullPolicy: Never
- command: ["sh", "-c", "sleep inf"]
- '';
- in
- {
- name = "k3s";
- meta = with pkgs.lib.maintainers; {
- maintainers = [ euank ];
- };
-
- nodes.machine = { pkgs, ... }: {
- environment.systemPackages = with pkgs; [ k3s gzip ];
-
- # k3s uses enough resources the default vm fails.
- virtualisation.memorySize = 1536;
- virtualisation.diskSize = 4096;
-
- services.k3s = {
- enable = true;
- role = "server";
- docker = true;
- # Slightly reduce resource usage
- extraFlags = "--no-deploy coredns,servicelb,traefik,local-storage,metrics-server --pause-image test.local/pause:local";
- };
-
- users.users = {
- noprivs = {
- isNormalUser = true;
- description = "Can't access k3s by default";
- password = "*";
- };
- };
- };
-
- testScript = ''
- start_all()
-
- machine.wait_for_unit("k3s")
- machine.succeed("k3s kubectl cluster-info")
- machine.fail("sudo -u noprivs k3s kubectl cluster-info")
- # FIXME: this fails with the current nixos kernel config; once it passes, we should uncomment it
- # machine.succeed("k3s check-config")
-
- machine.succeed(
- "${pauseImage} | docker load"
- )
-
- machine.succeed("k3s kubectl apply -f ${testPodYaml}")
- machine.succeed("k3s kubectl wait --for 'condition=Ready' pod/test")
- machine.succeed("k3s kubectl delete -f ${testPodYaml}")
-
- machine.shutdown()
- '';
- })
diff --git a/pkgs/applications/networking/cluster/k3s/default.nix b/pkgs/applications/networking/cluster/k3s/default.nix
index 3cceae804cf..b1ad41b9d55 100644
--- a/pkgs/applications/networking/cluster/k3s/default.nix
+++ b/pkgs/applications/networking/cluster/k3s/default.nix
@@ -323,7 +323,7 @@ buildGoModule rec {
passthru.updateScript = ./update.sh;
- passthru.tests = { inherit (nixosTests) k3s-single-node k3s-single-node-docker; };
+ passthru.tests = { inherit (nixosTests) k3s-single-node; };
meta = baseMeta;
}
From e7313b2243afae97843352696bf1eca4fc6a8ef0 Mon Sep 17 00:00:00 2001
From: superherointj <5861043+superherointj@users.noreply.github.com>
Date: Wed, 15 Jun 2022 16:27:30 -0300
Subject: [PATCH 2/2] k3s: 1.23.6+k3s1 -> 1.24.1+k3s1
---
.../networking/cluster/k3s/default.nix | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/pkgs/applications/networking/cluster/k3s/default.nix b/pkgs/applications/networking/cluster/k3s/default.nix
index b1ad41b9d55..7629f05af39 100644
--- a/pkgs/applications/networking/cluster/k3s/default.nix
+++ b/pkgs/applications/networking/cluster/k3s/default.nix
@@ -46,10 +46,10 @@ with lib;
# Those pieces of software we entirely ignore upstream's handling of, and just
# make sure they're in the path if desired.
let
- k3sVersion = "1.23.6+k3s1"; # k3s git tag
- k3sCommit = "418c3fa858b69b12b9cefbcff0526f666a6236b9"; # k3s git commit at the above version
- k3sRepoSha256 = "0fmw491dn5mpi058mr7sij51i5m4qg2grx30cnl3h2v4s0sdkx2i";
- k3sVendorSha256 = "sha256-iHg5ySMaiSWXs98YGmxPwdZr4zdBIFma12dNEuf30Hs=";
+ k3sVersion = "1.24.1+k3s1"; # k3s git tag
+ k3sCommit = "0581808f5c160b0c0cafec5b8f20430835f34f44"; # k3s git commit at the above version
+ k3sRepoSha256 = "0zh60nav50s0viiaqxdaajhywh28zqckjnpyazlk2fdb077dyi65";
+ k3sVendorSha256 = "sha256-7cJ728vV9GA4/MDUBsnrR12gGf3DXzka3czrdHjsNIM=";
# taken from ./manifests/traefik.yaml, extracted from '.spec.chart' https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/download#L9
# The 'patch' and 'minor' versions are currently hardcoded as single digits only, so ignore the trailing two digits. Weird, I know.
@@ -61,16 +61,16 @@ let
k3sRootSha256 = "016n56vi09xkvjph7wgzb2m86mhd5x65fs4d11pmh20hl249r620";
# taken from ./scripts/version.sh VERSION_CNIPLUGINS https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/version.sh#L45
- k3sCNIVersion = "1.0.1-k3s1";
- k3sCNISha256 = "11ihlzzdnqf9p21y0a4ckpbxac016nm7746dcykhj26ym9zxyv92";
+ k3sCNIVersion = "1.1.1-k3s1";
+ k3sCNISha256 = "14mb3zsqibj1sn338gjmsyksbm0mxv9p016dij7zidccx2rzn6nl";
# taken from go.mod, the 'github.com/containerd/containerd' line
# run `grep github.com/containerd/containerd go.mod | head -n1 | awk '{print $4}'`
- containerdVersion = "1.5.11-k3s2";
- containerdSha256 = "16132snvrg8r0vwm6c0lz0q6fx686s2ix53nm3aka9a83xs75vf2";
+ containerdVersion = "1.5.13-k3s1";
+ containerdSha256 = "09bj4ghwbsj9whkv1d5icqs52k64m449j8b73dmak2wz62fbzbvp";
# run `grep github.com/kubernetes-sigs/cri-tools go.mod | head -n1 | awk '{print $4}'` in the k3s repo at the tag
- criCtlVersion = "1.22.0-k3s1";
+ criCtlVersion = "1.24.0-k3s1";
baseMeta = {
description = "A lightweight Kubernetes distribution";