expose cluster & fix flaky test image

2025-12-12 08:00:06 +01:00 · 2021-05-05 20:40:10 -04:00 · 2021-05-05 20:40:10 -04:00 · 9759a318f5
commit 9759a318f5
parent 2026496ea0
5 changed files with 62 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
 result*
+shared/*
--- a/devshell.toml
+++ b/devshell.toml
@ -1,3 +1,11 @@
+[[env]]
+name = "QEMU_NET_OPTS"
+value = "hostfwd=tcp::5443-:443"
+
+[[env]]
+name = "KUBECONFIG"
+eval = "$DEVSHELL_ROOT/kubeconfig.json"
+
 [devshell]
 name = "kubenix"
 packages = [
--- a/kubeconfig.json
+++ b/kubeconfig.json
@ -0,0 +1,38 @@
+{
+    "apiVersion":"v1",
+    "clusters":
+    [
+        {
+            "cluster":
+            {
+                "certificate-authority":"/tmp/vm-state-kube/xchg/secrets/ca.pem",
+                "server":"https://127.0.0.1:5443"
+            },
+            "name":"kubenix"
+        }
+    ],
+    "contexts":
+    [
+        {
+            "context":
+            {
+                "cluster":"kubenix",
+                "user":"cluster-admin"
+            },
+            "current-context":"kubenix"
+        }
+    ],
+    "kind":"Config",
+    "users":
+    [
+        {
+            "name":"cluster-admin",
+            "user":
+            {
+                "client-certificate":"/tmp/vm-state-kube/xchg/secrets/cluster-admin.pem",
+                "client-key":"/tmp/vm-state-kube/xchg/secrets/cluster-admin-key.pem"
+            }
+        }
+    ]
+}
+
--- a/modules/testing.nix
+++ b/modules/testing.nix
@ -61,6 +61,17 @@ let
      };

      systemd.extraConfig = "DefaultLimitNOFILE=1048576";
+
+      systemd.services.copy-certs = {
+        description = "Share k8s certificates with host";
+        script = "cp -rf /var/lib/kubernetes/secrets /tmp/xchg/";
+        after = [ "kubernetes.target" ];
+        wantedBy = [ "multi-user.target" ];
+        serviceConfig = {
+          Type = "oneshot";
+          RemainAfterExit = true;
+        };
+      };
    }
    (mkIf (any (role: role == "master") config.services.kubernetes.roles) {
      networking.firewall.allowedTCPPorts = [
--- a/tests/images.nix
+++ b/tests/images.nix
@ -32,6 +32,10 @@ with lib;
    extraCommands = ''
      mkdir -p etc
      chmod u+w etc
+      mkdir -p var/cache/nginx
+      chmod u+w var/cache/nginx
+      mkdir -p var/log/nginx
+      chmod u+w var/log/nginx
      echo "nginx:x:1000:1000::/:" > etc/passwd
      echo "nginx:x:1000:nginx" > etc/group
    '';