pkgs/applications/networking/cluster/rke2/builder.nix at devShellTools-shell · tjh.dev/nixpkgs

tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
nixpkgs / pkgs / applications / networking / cluster / rke2 / builder.nix
at devShellTools-shell 167 lines 4.5 kB view raw
  1lib:
  2{
  3  rke2Version,
  4  rke2Commit,
  5  rke2TarballHash,
  6  rke2VendorHash,
  7  updateScript,
  8  k8sImageTag,
  9  etcdVersion,
 10  pauseVersion,
 11  ccmVersion,
 12  dockerizedVersion,
 13  imagesVersions,
 14}:
 15
 16# Build dependencies
 17{
 18  lib,
 19  stdenv,
 20  buildGoModule,
 21  go,
 22  makeWrapper,
 23  fetchzip,
 24  fetchurl,
 25
 26  # Runtime dependencies
 27  procps,
 28  coreutils,
 29  util-linux,
 30  ethtool,
 31  socat,
 32  iptables,
 33  bridge-utils,
 34  iproute2,
 35  kmod,
 36  lvm2,
 37
 38  # Killall Script dependencies
 39  systemd,
 40  gnugrep,
 41  gnused,
 42
 43  # Testing dependencies
 44  nixosTests,
 45  testers,
 46}:
 47buildGoModule (finalAttrs: {
 48  pname = "rke2";
 49  version = rke2Version;
 50
 51  src = fetchzip {
 52    url = "https://github.com/rancher/rke2/archive/refs/tags/v${rke2Version}.tar.gz";
 53    hash = "${rke2TarballHash}";
 54  };
 55
 56  vendorHash = rke2VendorHash;
 57
 58  nativeBuildInputs = [ makeWrapper ];
 59
 60  # Important utilities used by the kubelet.
 61  # See: https://github.com/kubernetes/kubernetes/issues/26093#issuecomment-237202494
 62  # Notice the list in that issue is stale, but as a redundancy reservation.
 63  buildInputs = [
 64    procps # pidof pkill
 65    coreutils # uname touch env nice du
 66    util-linux # lsblk fsck mkfs nsenter mount umount
 67    ethtool # ethtool
 68    socat # socat
 69    iptables # iptables iptables-restore iptables-save
 70    bridge-utils # brctl
 71    iproute2 # ip tc
 72    kmod # modprobe
 73    lvm2 # dmsetup
 74  ];
 75
 76  # Passing boringcrypto to GOEXPERIMENT variable to build with goboring library
 77  GOEXPERIMENT = "boringcrypto";
 78
 79  # See: https://github.com/rancher/rke2/blob/e7f87c6dd56fdd76a7dab58900aeea8946b2c008/scripts/build-binary#L27-L38
 80  ldflags = [
 81    "-w"
 82    "-X github.com/k3s-io/k3s/pkg/version.GitCommit=${lib.substring 0 6 rke2Commit}"
 83    "-X github.com/k3s-io/k3s/pkg/version.Program=${finalAttrs.pname}"
 84    "-X github.com/k3s-io/k3s/pkg/version.Version=v${finalAttrs.version}"
 85    "-X github.com/k3s-io/k3s/pkg/version.UpstreamGolang=go${go.version}"
 86    "-X github.com/rancher/rke2/pkg/images.DefaultRegistry=docker.io"
 87    "-X github.com/rancher/rke2/pkg/images.DefaultEtcdImage=rancher/hardened-etcd:${etcdVersion}"
 88    "-X github.com/rancher/rke2/pkg/images.DefaultKubernetesImage=rancher/hardened-kubernetes:${k8sImageTag}"
 89    "-X github.com/rancher/rke2/pkg/images.DefaultPauseImage=rancher/mirrored-pause:${pauseVersion}"
 90    "-X github.com/rancher/rke2/pkg/images.DefaultRuntimeImage=rancher/rke2-runtime:${dockerizedVersion}"
 91    "-X github.com/rancher/rke2/pkg/images.DefaultCloudControllerManagerImage=rancher/rke2-cloud-provider:${ccmVersion}"
 92  ];
 93
 94  tags = [
 95    "no_cri_dockerd"
 96    "no_embedded_executor"
 97    "no_stage"
 98    "sqlite_omit_load_extension"
 99    "selinux"
100    "netgo"
101    "osusergo"
102  ];
103
104  subPackages = [ "." ];
105
106  installPhase = ''
107    install -D $GOPATH/bin/rke2 $out/bin/rke2
108    wrapProgram $out/bin/rke2 \
109      --prefix PATH : ${lib.makeBinPath finalAttrs.buildInputs}
110
111    install -D ./bundle/bin/rke2-killall.sh $out/bin/rke2-killall.sh
112    wrapProgram $out/bin/rke2-killall.sh \
113      --prefix PATH : ${
114        lib.makeBinPath [
115          systemd
116          gnugrep
117          gnused
118        ]
119      } \
120      --prefix PATH : ${lib.makeBinPath finalAttrs.buildInputs}
121  '';
122
123  doCheck = false;
124
125  doInstallCheck = true;
126  installCheckPhase = ''
127    runHook preInstallCheck
128    # Verify that the binary uses BoringCrypto
129    go tool nm $out/bin/.rke2-wrapped | grep '_Cfunc__goboringcrypto_' > /dev/null
130    runHook postInstallCheck
131  '';
132
133  passthru = {
134    inherit updateScript;
135    tests =
136      let
137        moduleTests =
138          let
139            package_version =
140              "rke2_" + lib.replaceStrings [ "." ] [ "_" ] (lib.versions.majorMinor rke2Version);
141          in
142          lib.mapAttrs (name: value: nixosTests.rke2.${name}.${package_version}) nixosTests.rke2;
143      in
144      {
145        version = testers.testVersion {
146          package = finalAttrs.finalPackage;
147          version = "v${finalAttrs.version}";
148        };
149      }
150      // moduleTests;
151  }
152  // (lib.mapAttrs (_: value: fetchurl value) imagesVersions);
153
154  meta = {
155    homepage = "https://github.com/rancher/rke2";
156    description = "Rancher's next-generation Kubernetes distribution, also known as RKE Government";
157    changelog = "https://github.com/rancher/rke2/releases/tag/v${finalAttrs.version}";
158    license = lib.licenses.asl20;
159    maintainers = with lib.maintainers; [
160      rorosen
161      zimbatm
162      zygot
163    ];
164    mainProgram = "rke2";
165    platforms = lib.platforms.linux;
166  };
167})