Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor module options and support rootless k3s & nix-snapshotter #115

Merged
merged 1 commit into from
Feb 16, 2024
Merged

Refactor module options and support rootless k3s & nix-snapshotter #115

merged 1 commit into from
Feb 16, 2024

Conversation

elpdt852
Copy link
Collaborator

Fixes #83

Highlights

  • Provides NixOS & Home Manager modules for rootless Kubernetes (k3s) + nix-snapshotter
  • Bumps version to 0.2.0
  • Separate nix run .#vm and nix run .#vm-rootless
  • Add integration tests for k3s, k3s-external, k3s-rootless
  • Separate preload-container service into independent modules
  • Pin k3s to v1.27.9+k3s1 with patches to enable embedded nix-snapshotter
  • Add k8sResources flake perSystem output and plumb into specialArgs

New options

  • Services preload-containerd & preload-containerd.rootless:

    config.services.preload-containerd = {
  enable = true;
  targets = [{
    archives = [ pkgs.nix-snapshotter.buildImage { /* ... */ } ];
    namespace = "k8s.io";
    address = "/run/k3s/containerd/containerd.sock";
  }];
};

  • New options for k3s & new service k3s.rootless:

    config.services.k3s = {
  enable = true;
  # Sets the snapshotter for embedded containerd.
  snapshotter = "nix";
  # Sets KUBECONFIG env var to point to k3s.
  setKubeConfig = true;
  # Sets CONTAINERD_* env vars to point to k3s embedded containerd.
  setEmbeddedContainerd = true;
}

  • New options for containerd & containerd.rootless:

    config.virtualisation.containerd = {
  enable = true;
  # Enable integration with nix-snapshotter.
  nixSnapshotterIntegration = true;
  # Set the CONTAINERD_* env vars, but also set automatically by
  # `nixSnapshotterIntegration` or by `services.k3s.setEmbeddedContainerd`.
  setAddress = "/run/containerd/containerd.sock";
  setNamespace = "default";
  setSnapshotter = "nix";
}

  • New option only for NixOS module containerd:

    config.virtualisation.containerd = {
  enable = true;
  # Enable integration with k3s. This is mutually exclusive with setting
  # `services.k3s.snapshotter` and `services.k3s.setEmbeddedContainerd`.
  k3sIntegration = true;
};

Migration guide v0.1.x -> v0.2.0

  • Removed options.services.nix-snapshotter.setContainerdSnapshotter

    # v0.1.x
services.nix-snapshotter = {
  enable = true;
  setContainerdSnapshotter = true;
};

# v0.2.0 (same for rootless)
virtualisation.containerd = {
  enable = true;
  nixSnapshotterIntegration = true;
};
services.nix-snapshotter = {
  enable = true;
};

  • Removed options.services.nix-snapshotter.preloadContainerdImages

    # v0.1.x
services.nix-snapshotter = {
  enable = true;
  preloadContainerdImages = [ pkgs.nix-snapshotter.buildImage { /* ... */ } ];
};

# v0.2.0 (same for rootless)
virtualisation.containerd = {
  enable = true;
  nixSnapshotterIntegration = true;
}
services.nix-snapshotter = {
  enable = true;
};
services.preload-containerd = {
  targets = [{
    archives = [ pkgs.nix-snapshotter.buildImage { /* ... */ } ];
  }];
};

@elpdt852 elpdt852 added the ok-to-test Runs NixOS tests label Feb 16, 2024
@elpdt852 elpdt852 force-pushed the feature/rootless-k3s branch 2 times, most recently from 4a65ff1 to d91481f Compare February 16, 2024 13:34
@elpdt852
Refactor module options and support rootless k3s & nix-snapshotter
4f34190 
- Bumps version to 0.2.0
- Separate `nix run .#vm` and `nix run .#vm-rootless`
- Add integration tests for k3s, k3s-external, k3s-rootless
- Separate preload-container service into independent modules
- Pin k3s to v1.27.9+k3s1 with patches to enable embedded nix-snapshotter
- Add k8sResources flake perSystem output and plumb into specialArgs

- Services `preload-containerd` & `preload-containerd.rootless`:

  ```nix
  config.services.preload-containerd = {
    enable = true;
    targets = [{
      archives = [ pkgs.nix-snapshotter.buildImage { /* ... */ } ];
      namespace = "k8s.io";
      address = "/run/k3s/containerd/containerd.sock";
    }];
  };
  ```

- New options for `k3s` & new service `k3s.rootless`:

  ```nix
  config.services.k3s = {
    enable = true;
    # Sets the snapshotter for embedded containerd.
    snapshotter = "nix";
    # Sets KUBECONFIG env var to point to k3s.
    setKubeConfig = true;
    # Sets CONTAINERD_* env vars to point to k3s embedded containerd.
    setEmbeddedContainerd = true;
  }
  ```

- New options for `containerd` & `containerd.rootless`:

  ```nix
  config.virtualisation.containerd = {
    enable = true;
    # Enable integration with nix-snapshotter.
    nixSnapshotterIntegration = true;
    # Set the CONTAINERD_* env vars, but also set automatically by
    # `nixSnapshotterIntegration` or by `services.k3s.setEmbeddedContainerd`.
    setAddress = "/run/containerd/containerd.sock";
    setNamespace = "default";
    setSnapshotter = "nix";
  }
  ```

- New option only for NixOS module `containerd`:

  ```nix
  config.virtualisation.containerd = {
    enable = true;
    # Enable integration with k3s. This is mutually exclusive with setting
    # `services.k3s.snapshotter` and `services.k3s.setEmbeddedContainerd`.
    k3sIntegration = true;
  };
  ```

- Removed `options.services.nix-snapshotter.setContainerdSnapshotter`

  ```nix
  # v0.1.x
  services.nix-snapshotter = {
    enable = true;
    setContainerdSnapshotter = true;
  };

  # v0.2.0 (same for rootless)
  virtualisation.containerd = {
    enable = true;
    nixSnapshotterIntegration = true;
  };
  services.nix-snapshotter = {
    enable = true;
  };
  ```

- Removed `options.services.nix-snapshotter.preloadContainerdImages`

  ```nix
  # v0.1.x
  services.nix-snapshotter = {
    enable = true;
    preloadContainerdImages = [ pkgs.nix-snapshotter.buildImage { /* ... */ } ];
  };

  # v0.2.0 (same for rootless)
  virtualisation.containerd = {
    enable = true;
    nixSnapshotterIntegration = true;
  }
  services.nix-snapshotter = {
    enable = true;
  };
  services.preload-containerd = {
    targets = [{
      archives = [ pkgs.nix-snapshotter.buildImage { /* ... */ } ];
    }];
  };
  ```
@elpdt852 elpdt852 force-pushed the feature/rootless-k3s branch from d91481f to 4f34190 Compare February 16, 2024 13:45
RobbieBuxton
RobbieBuxton approved these changes Feb 16, 2024
View reviewed changes
Copy link
Collaborator

@RobbieBuxton RobbieBuxton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had a read through and as far as I can tell, it all looks fine. I will admit most of the Kubernetes section went over my head as I'm not very familiar with it so apologies if I've missed anything. Otherwise, awesome work and it looks like it will be a great addition! 🎉🎉🎉

@elpdt852 elpdt852 merged commit 3ec1c57 into main Feb 16, 2024
10 checks passed
@elpdt852 elpdt852 deleted the feature/rootless-k3s branch February 16, 2024 23:06
@elpdt852 elpdt852 mentioned this pull request Feb 16, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RobbieBuxton RobbieBuxton RobbieBuxton approved these changes

@gbpdt gbpdt Awaiting requested review from gbpdt

Assignees
No one assigned
Labels
ok-to-test Runs NixOS tests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add module for rootless Kubernetes
2 participants
@elpdt852 @RobbieBuxton