From 2350938f17f4cd2fba57b6a2f0b49d3481eb78d7 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Fri, 12 Apr 2024 21:40:24 +0200 Subject: [PATCH] create base kubernetes deployment with CRDs and charts --- nix/default.nix | 1 + nix/flake/kubenix/base.nix | 34 +++++++++++++++++++++++++ nix/flake/kubenix/default.nix | 47 ++++++++++++++--------------------- 3 files changed, 53 insertions(+), 29 deletions(-) create mode 100644 nix/flake/kubenix/base.nix diff --git a/nix/default.nix b/nix/default.nix index 11b0681..c261c4b 100644 --- a/nix/default.nix +++ b/nix/default.nix @@ -97,6 +97,7 @@ dmidecode openssl nfs-utils + rsync ]; nixpkgs.overlays = [ diff --git a/nix/flake/kubenix/base.nix b/nix/flake/kubenix/base.nix new file mode 100644 index 0000000..76ba1af --- /dev/null +++ b/nix/flake/kubenix/base.nix @@ -0,0 +1,34 @@ +# We deploy several resources that rely on "custom resource definitions". +# We must first import these resources definitions, before deploying resources that depend on them. +{ nixhelm, system, ... }: { + kubenix.project = "home"; + + kubernetes = { + kubeconfig = "~/.kube/config"; + + # TODO: These were copied from https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.crds.yaml + # See https://cert-manager.io/docs/installation/helm/ + # Seems kubenix cannot import a list of resources, but only individual resources. + # Might be good to create a PR for this. + imports = [ + ./certificaterequest.yaml + ./certificate.yaml + ./challenge.yaml + ./clusterissuer.yaml + ./issuer.yaml + ./order.yaml + ]; + + helm.releases = { + metallb = { + chart = nixhelm.chartsDerivations.${system}.metallb.metallb; + includeCRDs = true; + }; + + cert-manager = { + chart = nixhelm.chartsDerivations.${system}.jetstack.cert-manager; + includeCRDs = false; + }; + }; + }; +} diff --git a/nix/flake/kubenix/default.nix b/nix/flake/kubenix/default.nix index ffe83ec..47599df 100644 --- a/nix/flake/kubenix/default.nix +++ b/nix/flake/kubenix/default.nix @@ -4,12 +4,14 @@ { specialArgs = { flake = self; + inherit nixhelm system; }; module = { kubenix, ... }: { imports = [ kubenix.modules.k8s kubenix.modules.helm + ./base.nix ./freshrss.nix ./cyberchef.nix ./kms.nix @@ -26,23 +28,8 @@ ./bind9.nix ./dnsmasq.nix ]; - kubernetes.kubeconfig = "~/.kube/config"; - kubenix.project = "home"; kubernetes = { - # TODO: These were copied from https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.crds.yaml - # See https://cert-manager.io/docs/installation/helm/ - # Seems kubenix cannot import a list of resources, but only individual resources. - # Might be good to create PR for this. - imports = [ - ./certificaterequest.yaml - ./certificate.yaml - ./challenge.yaml - ./clusterissuer.yaml - ./issuer.yaml - ./order.yaml - ]; - customTypes = { # HACK: These are dummy custom types. # This is needed, because the CRDs imported as a chart are not available as Nix modules. @@ -160,21 +147,23 @@ }; }; }; - - - # TODO: These resources should probably exist within the kube-system namespace. - helm.releases = { - metallb = { - chart = nixhelm.chartsDerivations.${system}.metallb.metallb; - includeCRDs = true; - }; - - cert-manager = { - chart = nixhelm.chartsDerivations.${system}.jetstack.cert-manager; - includeCRDs = false; - }; - }; }; }; }; + + kubenix-bootstrap = kubenix.packages.${system}.default.override + { + specialArgs = { + flake = self; + inherit nixhelm system; + }; + + module = { kubenix, ... }: { + imports = [ + kubenix.modules.k8s + kubenix.modules.helm + ./base.nix + ]; + }; + }; })