deploy metallb

use helmnix for helm deployments
2024-03-24 21:23:17 +01:00 · 2024-03-24 21:23:17 +01:00 · 7109768862
commit 7109768862
parent 9e04839c5a
4 changed files with 259 additions and 50 deletions
--- a/nix/flake/kubenix.nix
+++ b/nix/flake/kubenix.nix
@ -1,60 +1,80 @@
-{ self, flake-utils, kubenix, ... }: flake-utils.lib.eachDefaultSystem
+{ self, flake-utils, kubenix, nixhelm, ... }: flake-utils.lib.eachDefaultSystem
  (system: {
    kubenix = kubenix.packages.${system}.default.override {
      specialArgs.flake = self;

      module = { kubenix, ... }: {
-        imports = [ kubenix.modules.k8s ];
+        imports = [ kubenix.modules.k8s kubenix.modules.helm ];
        kubernetes.kubeconfig = "~/.kube/config";
        kubenix.project = "home";

-        kubernetes.resources = {
-          deployments.cyberchef.spec = {
-            replicas = 3;
-            selector.matchLabels.app = "cyberchef";
+        kubernetes = {
+          namespace = "kubenix";

-            template = {
-              metadata.labels.app = "cyberchef";
+          resources = {
+            namespaces = {
+              kubenix = { };

-              spec = {
-                containers.cyberchef = {
-                  image = "mpepping/cyberchef";
+              metallb-system.metadata.labels = {
+                "pod-security.kubernetes.io/enforce" = "privileged";
+                "pod-security.kubernetes.io/audit" = "privileged";
+                "pod-security.kubernetes.io/warn" = "privileged";
+              };
+            };

-                  ports = [{
-                    containerPort = 8000;
-                    protocol = "TCP";
-                  }];
+
+            deployments.cyberchef.spec = {
+              replicas = 3;
+              selector.matchLabels.app = "cyberchef";
+
+              template = {
+                metadata.labels.app = "cyberchef";
+
+                spec = {
+                  containers.cyberchef = {
+                    image = "mpepping/cyberchef";
+
+                    ports = [{
+                      containerPort = 8000;
+                      protocol = "TCP";
+                    }];
+                  };
                };
              };
            };
-          };

-          services.cyberchef.spec = {
-            selector.app = "cyberchef";
+            services.cyberchef.spec = {
+              selector.app = "cyberchef";

-            ports = [{
-              protocol = "TCP";
-              port = 80;
-              targetPort = 8000;
-            }];
-          };
-
-          ingresses.cyberchef.spec = {
-            ingressClassName = "traefik";
-
-            rules = [{
-              host = "cyberchef.kun.is";
-
-              http.paths = [{
-                path = "/";
-                pathType = "Prefix";
-
-                backend.service = {
-                  name = "cyberchef";
-                  port.number = 80;
-                };
+              ports = [{
+                protocol = "TCP";
+                port = 80;
+                targetPort = 8000;
              }];
-            }];
+            };
+
+            ingresses.cyberchef.spec = {
+              ingressClassName = "traefik";
+
+              rules = [{
+                host = "cyberchef.kun.is";
+
+                http.paths = [{
+                  path = "/";
+                  pathType = "Prefix";
+
+                  backend.service = {
+                    name = "cyberchef";
+                    port.number = 80;
+                  };
+                }];
+              }];
+            };
+          };
+
+          helm.releases.metallb = {
+            chart = nixhelm.chartsDerivations.${system}.metallb.metallb;
+            namespace = "metallb-system";
          };
        };
      };