home/kubernetes-deployments
2
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions

Update readme

Browse source
This commit is contained in:
Pim Kunis 2025-02-19 10:57:04 +01:00
parent a75fae6efb
commit 9f534327ab
1 changed files with 60 additions and 50 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

110
README.md
View file

@ -5,74 +5,84 @@ We use [Kubenix](https://kubenix.org/) to write Kubernetes deployments in Nix!
## Images used ## Images used
Legend: Legend:
- ✨: Image built with Nix (including [NixNG](https://github.com/nix-community/NixNG))
- ✨: Image built with Nix (including
[NixNG](https://github.com/nix-community/NixNG))
- ✅: Official image or trusted publisher - ✅: Official image or trusted publisher
- 🫤: Unofficial image - 🫤: Unofficial image
| Status | Image | Comments | | Status | Image | Comments |
| --- | --- | --- | | ------ | ---------------------------------------------- | --------------------------------------------------------- |
| ✨ | `nixng-blog` | | | ✨ | `nixng-blog` | |
| ✨ | `nixng-dnsmasq` | | | ✨ | `nixng-dnsmasq` | |
| ✨ | `nixng-attic` | | | ✨ | `nixng-attic` | |
| ✨ | `nixng-ntfy-sh` | | | ✨ | `nixng-ntfy-sh` | |
| ✨ | `nixng-radicale` | | | ✨ | `nixng-radicale` | |
| ✨ | `nixng-jellyseerr` | | | ✨ | `nixng-jellyseerr` | |
| ✨ | `nixng-radarr` | | | ✨ | `nixng-radarr` | |
| ✨ | `nixng-sonarr` | | | ✨ | `nixng-sonarr` | |
| ✨ | `nixng-bazarr` | | | ✨ | `nixng-bazarr` | |
| ✨ | `nixng-prowlarr` | | | ✨ | `nixng-prowlarr` | |
| ✅ | `jellyfin/jellyfin` | | | ✨ | `nixng-deluge` | |
| ✅ | `linuxserver/deluge` | | | ✨ | `nixng-mealie` | |
| ✅ | `ghcr.io/atuinsh/atuin` | | | ✅ | `jellyfin/jellyfin` | |
| ✅ | `postgres:14` | Database for Atuin | | ✅ | `ghcr.io/atuinsh/atuin` | |
| ✅ | `ghcr.io/paperless-ngx/paperless-ngx` | | | ✅ | `postgres:14` | Database for Atuin |
| ✅ | `docker.io/library/redis:7` | Database for Paperless-ngx | | ✅ | `ghcr.io/paperless-ngx/paperless-ngx` | |
| ✅ | `nextcloud` | | | ✅ | `docker.io/library/redis:7` | Database for Paperless-ngx |
| ✅ | `postgres:15` | Database for Attic, Nextcloud, Paperless-ngx and Hedgedoc | | ✅ | `nextcloud` | |
| ✅ | `inbucket/inbucket` | | | ✅ | `postgres:15` | Database for Attic, Nextcloud, Paperless-ngx and Hedgedoc |
| ✅ | `lscr.io/linuxserver/syncthing` | | | ✅ | `inbucket/inbucket` | |
| ✅ | `codeberg.org/forgejo/forgejo` | | | ✅ | `lscr.io/linuxserver/syncthing` | |
| ✅ | `pihole/pihole` | | | ✅ | `codeberg.org/forgejo/forgejo` | |
| ✅ | `ghcr.io/immich-app/immich-server` | | | ✅ | `pihole/pihole` | |
| ✅ | `ghcr.io/immich-app/immich-machine-learning` | | | ✅ | `ghcr.io/immich-app/immich-server` | |
| ✅ | `docker.io/redis:6.2-alpine` | Database for Immich | | ✅ | `ghcr.io/immich-app/immich-machine-learning` | |
| ✅ | `docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0` | Database for Immich | | ✅ | `docker.io/redis:6.2-alpine` | Database for Immich |
| ✅ | `tombursch/kitchenowl` | | | ✅ | `docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0` | Database for Immich |
| ✅ | `freshrss/freshrss` | | | ✅ | `tombursch/kitchenowl` | |
| ✅ | `ubuntu/bind9` | | | ✅ | `freshrss/freshrss` | |
| ✅ | `quay.io/hedgedoc/hedgedoc` | | | ✅ | `ubuntu/bind9` | |
| 🫤 | `itzg/minecraft-server` | | | ✅ | `quay.io/hedgedoc/hedgedoc` | |
| 🫤 | `teddysun/kms` | | | 🫤 | `itzg/minecraft-server` | |
| 🫤 | `mpepping/cyberchef` | | | 🫤 | `teddysun/kms` | |
| 🫤 | `mpepping/cyberchef` | |
## Acknowledgements ## Acknowledgements
- [dns.nix](https://github.com/kirelagin/dns.nix): A Nix DSL for defining DNS zones - [dns.nix](https://github.com/kirelagin/dns.nix): A Nix DSL for defining DNS
- [flake-utils](https://github.com/numtide/flake-utils): Handy utilities to develop Nix flakes zones
- [kubenix](https://kubenix.org/): Declare and deploy Kubernetes resources using Nix - [flake-utils](https://github.com/numtide/flake-utils): Handy utilities to
develop Nix flakes
- [kubenix](https://kubenix.org/): Declare and deploy Kubernetes resources using
Nix
- [nixhelm](https://github.com/farcaller/nixhelm): Nix-digestible Helm charts - [nixhelm](https://github.com/farcaller/nixhelm): Nix-digestible Helm charts
- [sops-nix](https://github.com/Mic92/sops-nix): Sops secret management for Nix - [sops-nix](https://github.com/Mic92/sops-nix): Sops secret management for Nix
## Prerequisites ## Prerequisites
To deploy to the Kubernetes cluster, first make sure you have an admin account on the cluster. To deploy to the Kubernetes cluster, first make sure you have an admin account
You can generate this using `nix run '.#gen-k3s-cert' <username> <servername> ~/.kube`, assuming you have SSH access to the master node. on the cluster. You can generate this using
This puts a private key, signed certificate and a kubeconfig in the kubeconfig directory `nix run '.#gen-k3s-cert' <username> <servername> ~/.kube`, assuming you have
SSH access to the master node. This puts a private key, signed certificate and a
kubeconfig in the kubeconfig directory
## Bootstrapping ## Bootstrapping
We are now ready to deploy to the Kubernetes cluster. We are now ready to deploy to the Kubernetes cluster. Deployments are done
Deployments are done through an experimental Kubernetes feature called [ApplySets](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#how-to-delete-objects). through an experimental Kubernetes feature called
[ApplySets](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#how-to-delete-objects).
Each applyset is responsible for a set number of resources within a namespace. Each applyset is responsible for a set number of resources within a namespace.
If the cluster has not been initialized yet, we must bootstrap it first. If the cluster has not been initialized yet, we must bootstrap it first. Run
Run these deployments: these deployments:
- `nix run '.#bootstrap-default-deploy'` - `nix run '.#bootstrap-default-deploy'`
- `nix run '.#bootstrap-kube-system-deploy'` - `nix run '.#bootstrap-kube-system-deploy'`
## Deployment ## Deployment
Now the cluster has been initialized and we can deploy applications. Now the cluster has been initialized and we can deploy applications. To explore
To explore which applications we can deploy, run `nix flake show`. which applications we can deploy, run `nix flake show`. Then, for each
Then, for each application, run `nix run '.#<application>-deploy'`. application, run `nix run '.#<application>-deploy'`. Or, if you're lazy:
Or, if you're lazy: `nix flake show --json | jq -r '.packages."x86_64-linux"|keys[]' | grep -- -deploy | xargs -I{} nix run ".#{}"`. `nix flake show --json | jq -r '.packages."x86_64-linux"|keys[]' | grep -- -deploy | xargs -I{} nix run ".#{}"`.