deploy metallb

use helmnix for helm deployments
This commit is contained in:
Pim Kunis 2024-03-24 21:23:17 +01:00
parent 9e04839c5a
commit 7109768862
4 changed files with 259 additions and 50 deletions

View file

@ -189,6 +189,41 @@
"type": "github"
}
},
"flake-utils_4": {
"inputs": {
"systems": "systems_6"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"id": "flake-utils",
"type": "indirect"
}
},
"flake-utils_5": {
"inputs": {
"systems": "systems_7"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -220,15 +255,16 @@
"treefmt": "treefmt"
},
"locked": {
"lastModified": 1705801181,
"narHash": "sha256-vH+n5qMnwFCx3LMON2hQMi9PjMpmTraGYXe1czJTfAg=",
"owner": "hall",
"lastModified": 1711308696,
"narHash": "sha256-Epx4yztlFp3mNPhMKWgiiSp6Q067pxW9o50ak6WFwxg=",
"owner": "pizzapim",
"repo": "kubenix",
"rev": "76b8053b27b062b11f0c9b495050cc55606ac9dc",
"rev": "4ee31f48510b89743d83b7681faea1077fe925b7",
"type": "github"
},
"original": {
"owner": "hall",
"owner": "pizzapim",
"ref": "fix-protocol",
"repo": "kubenix",
"type": "github"
}
@ -255,6 +291,66 @@
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"nixhelm",
"poetry2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1698974481,
"narHash": "sha256-yPncV9Ohdz1zPZxYHQf47S8S0VrnhV7nNhCawY46hDA=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "4bb5e752616262457bc7ca5882192a564c0472d2",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nix-kube-generators": {
"locked": {
"lastModified": 1702548734,
"narHash": "sha256-2pREm/iZ1FyyFuukt/B3nud2NYTUImy5vqc2tESoP9g=",
"owner": "farcaller",
"repo": "nix-kube-generators",
"rev": "fb7a70a8cd76aa76fdf3281123582693aec486a7",
"type": "github"
},
"original": {
"owner": "farcaller",
"repo": "nix-kube-generators",
"type": "github"
}
},
"nixhelm": {
"inputs": {
"flake-utils": "flake-utils_4",
"nix-kube-generators": "nix-kube-generators",
"nixpkgs": [
"nixpkgs"
],
"poetry2nix": "poetry2nix"
},
"locked": {
"lastModified": 1711242197,
"narHash": "sha256-UWOb8Aj10O8XshwKA6xVivU0wFfQwVNqLERocVXRgUk=",
"owner": "farcaller",
"repo": "nixhelm",
"rev": "8523ddbdf40f833d3c1421546767513ca57bceea",
"type": "github"
},
"original": {
"owner": "farcaller",
"repo": "nixhelm",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1710783728,
@ -319,6 +415,31 @@
"type": "github"
}
},
"poetry2nix": {
"inputs": {
"flake-utils": "flake-utils_5",
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"nixhelm",
"nixpkgs"
],
"systems": "systems_8",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1702365004,
"narHash": "sha256-IRFvmyP1uk1hchRVxaXTqu6YoZCvMM/NVtUf2hD2Tag=",
"owner": "nix-community",
"repo": "poetry2nix",
"rev": "c12ac880114d52a3cad5fa02b00f2e2090e89982",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "poetry2nix",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
@ -328,6 +449,7 @@
"flake-utils": "flake-utils_2",
"kubenix": "kubenix",
"microvm": "microvm",
"nixhelm": "nixhelm",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable"
@ -423,6 +545,50 @@
"type": "github"
}
},
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_7": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_8": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"id": "systems",
"type": "indirect"
}
},
"treefmt": {
"inputs": {
"nixpkgs": [
@ -444,6 +610,28 @@
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nixhelm",
"poetry2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1699786194,
"narHash": "sha256-3h3EH1FXQkIeAuzaWB+nK0XK54uSD46pp+dMD3gAcB4=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "e82f32aa7f06bbbd56d7b12186d555223dc399d1",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems_2"

View file

@ -29,7 +29,12 @@
};
kubenix = {
url = "github:hall/kubenix";
url = "github:pizzapim/kubenix/fix-protocol";
inputs.nixpkgs.follows = "nixpkgs";
};
nixhelm = {
url = "github:farcaller/nixhelm";
inputs.nixpkgs.follows = "nixpkgs";
};
};

View file

@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: kubenix

View file

@ -1,60 +1,80 @@
{ self, flake-utils, kubenix, ... }: flake-utils.lib.eachDefaultSystem
{ self, flake-utils, kubenix, nixhelm, ... }: flake-utils.lib.eachDefaultSystem
(system: {
kubenix = kubenix.packages.${system}.default.override {
specialArgs.flake = self;
module = { kubenix, ... }: {
imports = [ kubenix.modules.k8s ];
imports = [ kubenix.modules.k8s kubenix.modules.helm ];
kubernetes.kubeconfig = "~/.kube/config";
kubenix.project = "home";
kubernetes.resources = {
deployments.cyberchef.spec = {
replicas = 3;
selector.matchLabels.app = "cyberchef";
kubernetes = {
namespace = "kubenix";
template = {
metadata.labels.app = "cyberchef";
resources = {
namespaces = {
kubenix = { };
spec = {
containers.cyberchef = {
image = "mpepping/cyberchef";
metallb-system.metadata.labels = {
"pod-security.kubernetes.io/enforce" = "privileged";
"pod-security.kubernetes.io/audit" = "privileged";
"pod-security.kubernetes.io/warn" = "privileged";
};
};
ports = [{
containerPort = 8000;
protocol = "TCP";
}];
deployments.cyberchef.spec = {
replicas = 3;
selector.matchLabels.app = "cyberchef";
template = {
metadata.labels.app = "cyberchef";
spec = {
containers.cyberchef = {
image = "mpepping/cyberchef";
ports = [{
containerPort = 8000;
protocol = "TCP";
}];
};
};
};
};
};
services.cyberchef.spec = {
selector.app = "cyberchef";
services.cyberchef.spec = {
selector.app = "cyberchef";
ports = [{
protocol = "TCP";
port = 80;
targetPort = 8000;
}];
};
ingresses.cyberchef.spec = {
ingressClassName = "traefik";
rules = [{
host = "cyberchef.kun.is";
http.paths = [{
path = "/";
pathType = "Prefix";
backend.service = {
name = "cyberchef";
port.number = 80;
};
ports = [{
protocol = "TCP";
port = 80;
targetPort = 8000;
}];
}];
};
ingresses.cyberchef.spec = {
ingressClassName = "traefik";
rules = [{
host = "cyberchef.kun.is";
http.paths = [{
path = "/";
pathType = "Prefix";
backend.service = {
name = "cyberchef";
port.number = 80;
};
}];
}];
};
};
helm.releases.metallb = {
chart = nixhelm.chartsDerivations.${system}.metallb.metallb;
namespace = "metallb-system";
};
};
};