Move over stuff from nixos-servers

README.md

@@ -0,0 +1,35 @@
+# Kubernetes deployments
+
+We use [Kubenix](https://kubenix.org/) to write Kubernetes deployments in Nix!
+
+## Acknowledgements
+
+- [dns.nix](https://github.com/kirelagin/dns.nix): A Nix DSL for defining DNS zones
+- [flake-utils](https://github.com/numtide/flake-utils): Handy utilities to develop Nix flakes
+- [kubenix](https://kubenix.org/): Declare and deploy Kubernetes resources using Nix
+- [nixhelm](https://github.com/farcaller/nixhelm): Nix-digestible Helm charts
+- [sops-nix](https://github.com/Mic92/sops-nix): Sops secret management for Nix
+
+## Prerequisites
+
+To deploy to the Kubernetes cluster, first make sure you have an admin account on the cluster.
+You can generate this using `nix run '.#gen-k3s-cert' <username> <servername> ~/.kube`, assuming you have SSH access to the master node.
+This puts a private key, signed certificate and a kubeconfig in the kubeconfig directory
+
+## Bootstrapping
+
+We are now ready to deploy to the Kubernetes cluster.
+Deployments are done through an experimental Kubernetes feature called [ApplySets](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#how-to-delete-objects).
+Each applyset is responsible for a set number of resources within a namespace.
+
+If the cluster has not been initialized yet, we must bootstrap it first.
+Run these deployments:
+- `nix run '.#bootstrap-default-deploy'`
+- `nix run '.#bootstrap-kube-system-deploy'`
+
+## Deployment
+
+Now the cluster has been initialized and we can deploy applications.
+To explore which applications we can deploy, run `nix flake show`.
+Then, for each application, run `nix run '.#<application>-deploy'`.
+Or, if you're lazy: `nix flake show --json | jq -r '.packages."x86_64-linux"|keys[]' | grep -- -deploy | xargs -I{} nix run ".#{}"`.