Merge pull request #177790 from superherointj/package-k3s-1.24.1+k3s1

k3s: 1.23.6+k3s1 -> 1.24.1+k3s1
2 years ago · 5d54641d7f
parent 8c0b9e4012 e7313b2243
commit 5d54641d7f
6 changed files with 27 additions and 107 deletions
--- a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
@ -140,6 +140,12 @@
          instead.
        </para>
      </listitem>
+      <listitem>
+        <para>
+          <literal>k3s</literal> no longer supports docker as runtime
+          due to upstream dropping support.
+        </para>
+      </listitem>
    </itemizedlist>
  </section>
  <section xml:id="sec-release-22.11-notable-changes">
--- a/nixos/doc/manual/release-notes/rl-2211.section.md
+++ b/nixos/doc/manual/release-notes/rl-2211.section.md
@ -57,6 +57,8 @@ In addition to numerous new and upgraded packages, this release has the followin
 - (Neo)Vim can not be configured with `configure.pathogen` anymore to reduce maintainance burden.
 Use `configure.packages` instead.

+- `k3s` no longer supports docker as runtime due to upstream dropping support.
+
 <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

 ## Other Notable Changes {#sec-release-22.11-notable-changes}
--- a/nixos/modules/services/cluster/k3s/default.nix
+++ b/nixos/modules/services/cluster/k3s/default.nix
@ -3,8 +3,14 @@
 with lib;
 let
  cfg = config.services.k3s;
+  removeOption = config: instruction:
+    lib.mkRemovedOptionModule ([ "services" "k3s" ] ++ config) instruction;
 in
 {
+  imports = [
+    (removeOption [ "docker" ] "k3s docker option is no longer supported.")
+  ];
+
  # interface
  options.services.k3s = {
    enable = mkEnableOption "k3s";
@ -48,12 +54,6 @@ in
      default = null;
    };

-    docker = mkOption {
-      type = types.bool;
-      default = false;
-      description = "Use docker to run containers rather than the built-in containerd.";
-    };
-
    extraFlags = mkOption {
      description = "Extra flags to pass to the k3s command.";
      type = types.str;
@ -88,14 +88,11 @@ in
      }
    ];

-    virtualisation.docker = mkIf cfg.docker {
-      enable = mkDefault true;
-    };
    environment.systemPackages = [ config.services.k3s.package ];

    systemd.services.k3s = {
      description = "k3s service";
-      after = [ "network.service" "firewall.service" ] ++ (optional cfg.docker "docker.service");
+      after = [ "network.service" "firewall.service" ];
      wants = [ "network.service" "firewall.service" ];
      wantedBy = [ "multi-user.target" ];
      path = optional config.boot.zfs.enabled config.boot.zfs.package;
@ -113,8 +110,8 @@ in
        ExecStart = concatStringsSep " \\\n " (
          [
            "${cfg.package}/bin/k3s ${cfg.role}"
-          ] ++ (optional cfg.docker "--docker")
-          ++ (optional (cfg.docker && config.systemd.enableUnifiedCgroupHierarchy) "--kubelet-arg=cgroup-driver=systemd")
+          ]
+          ++ (optional (config.systemd.enableUnifiedCgroupHierarchy) "--kubelet-arg=cgroup-driver=systemd")
          ++ (optional cfg.disableAgent "--disable-agent")
          ++ (optional (cfg.serverAddr != "") "--server ${cfg.serverAddr}")
          ++ (optional (cfg.token != "") "--token ${cfg.token}")
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@ -254,7 +254,6 @@ in {
  jirafeau = handleTest ./jirafeau.nix {};
  jitsi-meet = handleTest ./jitsi-meet.nix {};
  k3s-single-node = handleTest ./k3s-single-node.nix {};
-  k3s-single-node-docker = handleTest ./k3s-single-node-docker.nix {};
  kafka = handleTest ./kafka.nix {};
  kanidm = handleTest ./kanidm.nix {};
  kbd-setfont-decompress = handleTest ./kbd-setfont-decompress.nix {};
--- a/nixos/tests/k3s-single-node-docker.nix
+++ b/nixos/tests/k3s-single-node-docker.nix
@ -1,84 +0,0 @@
-import ./make-test-python.nix ({ pkgs, ... }:
-
-  let
-    imageEnv = pkgs.buildEnv {
-      name = "k3s-pause-image-env";
-      paths = with pkgs; [ tini (hiPrio coreutils) busybox ];
-    };
-    pauseImage = pkgs.dockerTools.streamLayeredImage {
-      name = "test.local/pause";
-      tag = "local";
-      contents = imageEnv;
-      config.Entrypoint = [ "/bin/tini" "--" "/bin/sleep" "inf" ];
-    };
-    # Don't use the default service account because there's a race where it may
-    # not be created yet; make our own instead.
-    testPodYaml = pkgs.writeText "test.yml" ''
-      apiVersion: v1
-      kind: ServiceAccount
-      metadata:
-        name: test
-      ---
-      apiVersion: v1
-      kind: Pod
-      metadata:
-        name: test
-      spec:
-        serviceAccountName: test
-        containers:
-        - name: test
-          image: test.local/pause:local
-          imagePullPolicy: Never
-          command: ["sh", "-c", "sleep inf"]
-    '';
-  in
-  {
-    name = "k3s";
-    meta = with pkgs.lib.maintainers; {
-      maintainers = [ euank ];
-    };
-
-    nodes.machine = { pkgs, ... }: {
-      environment.systemPackages = with pkgs; [ k3s gzip ];
-
-      # k3s uses enough resources the default vm fails.
-      virtualisation.memorySize = 1536;
-      virtualisation.diskSize = 4096;
-
-      services.k3s = {
-        enable = true;
-        role = "server";
-        docker = true;
-        # Slightly reduce resource usage
-        extraFlags = "--no-deploy coredns,servicelb,traefik,local-storage,metrics-server --pause-image test.local/pause:local";
-      };
-
-      users.users = {
-        noprivs = {
-          isNormalUser = true;
-          description = "Can't access k3s by default";
-          password = "*";
-        };
-      };
-    };
-
-    testScript = ''
-      start_all()
-
-      machine.wait_for_unit("k3s")
-      machine.succeed("k3s kubectl cluster-info")
-      machine.fail("sudo -u noprivs k3s kubectl cluster-info")
-      # FIXME: this fails with the current nixos kernel config; once it passes, we should uncomment it
-      # machine.succeed("k3s check-config")
-
-      machine.succeed(
-          "${pauseImage} | docker load"
-      )
-
-      machine.succeed("k3s kubectl apply -f ${testPodYaml}")
-      machine.succeed("k3s kubectl wait --for 'condition=Ready' pod/test")
-      machine.succeed("k3s kubectl delete -f ${testPodYaml}")
-
-      machine.shutdown()
-    '';
-  })
--- a/pkgs/applications/networking/cluster/k3s/default.nix
+++ b/pkgs/applications/networking/cluster/k3s/default.nix
@ -46,10 +46,10 @@ with lib;
 # Those pieces of software we entirely ignore upstream's handling of, and just
 # make sure they're in the path if desired.
 let
-  k3sVersion = "1.23.6+k3s1";     # k3s git tag
-  k3sCommit = "418c3fa858b69b12b9cefbcff0526f666a6236b9"; # k3s git commit at the above version
-  k3sRepoSha256 = "0fmw491dn5mpi058mr7sij51i5m4qg2grx30cnl3h2v4s0sdkx2i";
-  k3sVendorSha256 = "sha256-iHg5ySMaiSWXs98YGmxPwdZr4zdBIFma12dNEuf30Hs=";
+  k3sVersion = "1.24.1+k3s1";     # k3s git tag
+  k3sCommit = "0581808f5c160b0c0cafec5b8f20430835f34f44"; # k3s git commit at the above version
+  k3sRepoSha256 = "0zh60nav50s0viiaqxdaajhywh28zqckjnpyazlk2fdb077dyi65";
+  k3sVendorSha256 = "sha256-7cJ728vV9GA4/MDUBsnrR12gGf3DXzka3czrdHjsNIM=";

  # taken from ./manifests/traefik.yaml, extracted from '.spec.chart' https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/download#L9
  # The 'patch' and 'minor' versions are currently hardcoded as single digits only, so ignore the trailing two digits. Weird, I know.
@ -61,16 +61,16 @@ let
  k3sRootSha256 = "016n56vi09xkvjph7wgzb2m86mhd5x65fs4d11pmh20hl249r620";

  # taken from ./scripts/version.sh VERSION_CNIPLUGINS https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/version.sh#L45
-  k3sCNIVersion = "1.0.1-k3s1";
-  k3sCNISha256 = "11ihlzzdnqf9p21y0a4ckpbxac016nm7746dcykhj26ym9zxyv92";
+  k3sCNIVersion = "1.1.1-k3s1";
+  k3sCNISha256 = "14mb3zsqibj1sn338gjmsyksbm0mxv9p016dij7zidccx2rzn6nl";

  # taken from go.mod, the 'github.com/containerd/containerd' line
  # run `grep github.com/containerd/containerd go.mod | head -n1 | awk '{print $4}'`
-  containerdVersion = "1.5.11-k3s2";
-  containerdSha256 = "16132snvrg8r0vwm6c0lz0q6fx686s2ix53nm3aka9a83xs75vf2";
+  containerdVersion = "1.5.13-k3s1";
+  containerdSha256 = "09bj4ghwbsj9whkv1d5icqs52k64m449j8b73dmak2wz62fbzbvp";

  # run `grep github.com/kubernetes-sigs/cri-tools go.mod | head -n1 | awk '{print $4}'` in the k3s repo at the tag
-  criCtlVersion = "1.22.0-k3s1";
+  criCtlVersion = "1.24.0-k3s1";

  baseMeta = {
    description = "A lightweight Kubernetes distribution";
@ -323,7 +323,7 @@ buildGoModule rec {

  passthru.updateScript = ./update.sh;

-  passthru.tests = { inherit (nixosTests) k3s-single-node k3s-single-node-docker; };
+  passthru.tests = { inherit (nixosTests) k3s-single-node; };

  meta = baseMeta;
 }