| docs | ||
| modules | ||
| nixng-configurations | ||
| nixng-modules | ||
| scripts | ||
| .envrc | ||
| .gitignore | ||
| .sops.yaml | ||
| applyset-deploy.sh | ||
| deployments.nix | ||
| flake.lock | ||
| flake.nix | ||
| formatter.nix | ||
| globals.nix | ||
| kubenix.nix | ||
| README.md | ||
| secrets.yml | ||
| shell.nix | ||
| treefmt.nix | ||
| utils.nix | ||
Kubernetes deployments
We use Kubenix to write Kubernetes deployments in Nix!
Acknowledgements
- flake-utils: Handy utilities to develop Nix flakes
- kubenix: Declare and deploy Kubernetes resources using Nix
- nixhelm: Nix-digestible Helm charts
- sops-nix: Sops secret management for Nix
Prerequisites
To deploy to the Kubernetes cluster, first make sure you have an admin account
on the cluster. You can generate this using
nix run '.#gen-k3s-cert' <username> <servername> ~/.kube, assuming you have
SSH access to the master node. This puts a private key, signed certificate and a
kubeconfig in the kubeconfig directory
Bootstrapping
We are now ready to deploy to the Kubernetes cluster. Deployments are done through an experimental Kubernetes feature called ApplySets. Each applyset is responsible for a set number of resources within a namespace.
If the cluster has not been initialized yet, we must bootstrap it first. Run these deployments:
nix run '.#bootstrap-default-deploy'nix run '.#bootstrap-kube-system-deploy'
Deployment
Now the cluster has been initialized and we can deploy applications. To explore
which applications we can deploy, run nix flake show. Then, for each
application, run nix run '.#<application>-deploy'. Or, if you're lazy:
nix flake show --json | jq -r '.packages."x86_64-linux"|keys[]' | grep -- -deploy | xargs -I{} nix run ".#{}".