refactor(flake): Improve flake outputs for k8s scripts and manifests

docs(readme): Update k8s deployment instructions
This commit is contained in:
Pim Kunis 2024-07-17 18:20:49 +02:00
parent 7a40738989
commit 835aea667c
3 changed files with 48 additions and 60 deletions

View file

@ -43,36 +43,18 @@ To deploy to the Kubernetes cluster, first make sure you have an admin account o
You can generate this using `nix run '.#gen-k3s-cert' <username> <servername> ~/.kube`, assuming you have SSH access to the master node. You can generate this using `nix run '.#gen-k3s-cert' <username> <servername> ~/.kube`, assuming you have SSH access to the master node.
This puts a private key, signed certificate and a kubeconfig in the kubeconfig directory This puts a private key, signed certificate and a kubeconfig in the kubeconfig directory
If the cluster has not been initialized yet, next run `nix run '.#kubenix.x86_64-linux.bootstrap.deploy'`. We are now ready to deploy to the Kubernetes cluster.
Deployments are done through an experimental Kubernetes feature called [ApplySets](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#how-to-delete-objects).
Each applyset is responsible for a set number of resources within a namespace.
Applications are currently deployed in two method: If the cluster has not been initialized yet, we must bootstrap it first.
- A single big deployment of many applications (which I am trying to move away from) Run these deployments:
- A separate deployment for each application using [ApplySets](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#how-to-delete-objects) - `nix run '.#bootstrap-default.deploy'`
- `nix run '.#bootstrap-kube-system.deploy'`
The first method: `nix run '.#kubenix.x86_64-linux.all.deploy'` Now the cluster has been initialized and we can deploy applications.
The second method: `nix run '.#kubenix.x86_64-linux.<application>.deploy'` To explore which applications we can deploy, run `nix flake show`.
Currently, the applications being deployed like this are: Then, for each application, run `nix run '.#<application>.deploy'`.
- `cyberchef`
- `freshrss`
- `radicale`
- `kms`
- `atuin`
- `blog`
- `nextcloud`
- `hedgedoc`
- `kitchenowl`
- `forgejo`
- `paperless-ngx`
- `syncthing`
- `pihole`
- `immich`
- `attic`
- `inbucket`
- `dnsmasq`
- `bind9`
- `media`
- `traefik`
- `minecraft`
## Known bugs ## Known bugs

View file

@ -1,59 +1,64 @@
{ self, pkgs, machines, dns, myLib, flake-utils, kubenix, nixhelm, blog-pim, ... }: flake-utils.lib.eachDefaultSystem { self, pkgs, machines, dns, myLib, flake-utils, kubenix, nixhelm, blog-pim, ... }: flake-utils.lib.eachDefaultSystem
(system: (system:
let let
deployScript = (pkgs.writeScriptBin "kubenix" (builtins.readFile ./kubenix-deploy.sh)).overrideAttrs (old: { deployScript = (pkgs.writeScriptBin "applyset-deploy.sh" (builtins.readFile ./applyset-deploy.sh)).overrideAttrs (old: {
buildCommand = "${old.buildCommand}\npatchShebangs $out"; buildCommand = "${old.buildCommand}\npatchShebangs $out";
}); });
mkDeployScript = kubernetes: applysetName: namespace: mkKubernetes = name: module: namespace: (kubenix.evalModules.${system} {
specialArgs = { inherit namespace myLib blog-pim dns nixhelm system machines; };
module = { kubenix, ... }:
{
imports = [
kubenix.modules.k8s
kubenix.modules.helm
"${self}/kubenix-modules/custom"
"${self}/kubenix-modules/custom-types.nix"
module
];
config = {
kubenix.project = name;
kubernetes.namespace = namespace;
};
};
}).config.kubernetes;
mkManifest = name: { module, namespace }:
{
manifest = (mkKubernetes name module namespace).result;
};
mkDeployApp = name: { module, namespace }:
let let
kubernetes = mkKubernetes name module namespace;
kubeconfig = kubernetes.kubeconfig or ""; kubeconfig = kubernetes.kubeconfig or "";
result = kubernetes.result or ""; result = kubernetes.result or "";
wrappedDeployScript = pkgs.symlinkJoin wrappedDeployScript = pkgs.symlinkJoin
{ {
name = "kubenix"; name = "applyset-deploy.sh";
paths = [ deployScript pkgs.vals pkgs.kubectl ]; paths = [ deployScript pkgs.vals pkgs.kubectl ];
buildInputs = [ pkgs.makeWrapper ]; buildInputs = [ pkgs.makeWrapper ];
passthru.manifest = result; passthru.manifest = result;
meta.mainProgram = "applyset-deploy.sh";
postBuild = '' postBuild = ''
wrapProgram $out/bin/kubenix \ wrapProgram $out/bin/applyset-deploy.sh \
--suffix PATH : "$out/bin" \ --suffix PATH : "$out/bin" \
--run 'export KUBECONFIG=''${KUBECONFIG:-${toString kubeconfig}}' \ --run 'export KUBECONFIG=''${KUBECONFIG:-${toString kubeconfig}}' \
--set MANIFEST '${result}' \ --set MANIFEST '${result}' \
--set APPLYSET 'applyset-${applysetName}' \ --set APPLYSET 'applyset-${name}' \
--set NAMESPACE '${namespace}' --set NAMESPACE '${namespace}'
''; '';
}; };
in in
wrappedDeployScript;
mkDeployScriptAndManifest = name: { module, namespace }:
let
kubernetes = (kubenix.evalModules.${system} {
specialArgs = { inherit namespace myLib blog-pim dns nixhelm system machines; };
module = { kubenix, ... }:
{
imports = [
kubenix.modules.k8s
kubenix.modules.helm
"${self}/kubenix-modules/custom"
"${self}/kubenix-modules/custom-types.nix"
module
];
config = {
kubenix.project = name;
kubernetes.namespace = namespace;
};
};
}).config.kubernetes;
in
{ {
manifest = kubernetes.result; deploy = {
deploy = mkDeployScript kubernetes name namespace; type = "app";
program = "${pkgs.lib.getExe wrappedDeployScript}";
};
}; };
deployers = { deployers = {
@ -174,5 +179,6 @@
}; };
in in
{ {
kubenix = builtins.mapAttrs mkDeployScriptAndManifest deployers; apps = builtins.mapAttrs mkDeployApp deployers;
packages = builtins.mapAttrs mkManifest deployers;
}) })