refactor(flake): Improve flake outputs for k8s scripts and manifests
docs(readme): Update k8s deployment instructions
This commit is contained in:
parent
7a40738989
commit
835aea667c
3 changed files with 48 additions and 60 deletions
38
README.md
38
README.md
|
|
@ -43,36 +43,18 @@ To deploy to the Kubernetes cluster, first make sure you have an admin account o
|
|||
You can generate this using `nix run '.#gen-k3s-cert' <username> <servername> ~/.kube`, assuming you have SSH access to the master node.
|
||||
This puts a private key, signed certificate and a kubeconfig in the kubeconfig directory
|
||||
|
||||
If the cluster has not been initialized yet, next run `nix run '.#kubenix.x86_64-linux.bootstrap.deploy'`.
|
||||
We are now ready to deploy to the Kubernetes cluster.
|
||||
Deployments are done through an experimental Kubernetes feature called [ApplySets](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#how-to-delete-objects).
|
||||
Each applyset is responsible for a set number of resources within a namespace.
|
||||
|
||||
Applications are currently deployed in two method:
|
||||
- A single big deployment of many applications (which I am trying to move away from)
|
||||
- A separate deployment for each application using [ApplySets](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#how-to-delete-objects)
|
||||
If the cluster has not been initialized yet, we must bootstrap it first.
|
||||
Run these deployments:
|
||||
- `nix run '.#bootstrap-default.deploy'`
|
||||
- `nix run '.#bootstrap-kube-system.deploy'`
|
||||
|
||||
The first method: `nix run '.#kubenix.x86_64-linux.all.deploy'`
|
||||
The second method: `nix run '.#kubenix.x86_64-linux.<application>.deploy'`
|
||||
Currently, the applications being deployed like this are:
|
||||
- `cyberchef`
|
||||
- `freshrss`
|
||||
- `radicale`
|
||||
- `kms`
|
||||
- `atuin`
|
||||
- `blog`
|
||||
- `nextcloud`
|
||||
- `hedgedoc`
|
||||
- `kitchenowl`
|
||||
- `forgejo`
|
||||
- `paperless-ngx`
|
||||
- `syncthing`
|
||||
- `pihole`
|
||||
- `immich`
|
||||
- `attic`
|
||||
- `inbucket`
|
||||
- `dnsmasq`
|
||||
- `bind9`
|
||||
- `media`
|
||||
- `traefik`
|
||||
- `minecraft`
|
||||
Now the cluster has been initialized and we can deploy applications.
|
||||
To explore which applications we can deploy, run `nix flake show`.
|
||||
Then, for each application, run `nix run '.#<application>.deploy'`.
|
||||
|
||||
## Known bugs
|
||||
|
||||
|
|
|
|||
|
|
@ -1,59 +1,64 @@
|
|||
{ self, pkgs, machines, dns, myLib, flake-utils, kubenix, nixhelm, blog-pim, ... }: flake-utils.lib.eachDefaultSystem
|
||||
(system:
|
||||
let
|
||||
deployScript = (pkgs.writeScriptBin "kubenix" (builtins.readFile ./kubenix-deploy.sh)).overrideAttrs (old: {
|
||||
deployScript = (pkgs.writeScriptBin "applyset-deploy.sh" (builtins.readFile ./applyset-deploy.sh)).overrideAttrs (old: {
|
||||
buildCommand = "${old.buildCommand}\npatchShebangs $out";
|
||||
});
|
||||
|
||||
mkDeployScript = kubernetes: applysetName: namespace:
|
||||
mkKubernetes = name: module: namespace: (kubenix.evalModules.${system} {
|
||||
specialArgs = { inherit namespace myLib blog-pim dns nixhelm system machines; };
|
||||
|
||||
module = { kubenix, ... }:
|
||||
{
|
||||
imports = [
|
||||
kubenix.modules.k8s
|
||||
kubenix.modules.helm
|
||||
"${self}/kubenix-modules/custom"
|
||||
"${self}/kubenix-modules/custom-types.nix"
|
||||
module
|
||||
];
|
||||
|
||||
config = {
|
||||
kubenix.project = name;
|
||||
kubernetes.namespace = namespace;
|
||||
};
|
||||
};
|
||||
}).config.kubernetes;
|
||||
|
||||
mkManifest = name: { module, namespace }:
|
||||
{
|
||||
manifest = (mkKubernetes name module namespace).result;
|
||||
};
|
||||
|
||||
mkDeployApp = name: { module, namespace }:
|
||||
let
|
||||
kubernetes = mkKubernetes name module namespace;
|
||||
kubeconfig = kubernetes.kubeconfig or "";
|
||||
result = kubernetes.result or "";
|
||||
|
||||
wrappedDeployScript = pkgs.symlinkJoin
|
||||
{
|
||||
name = "kubenix";
|
||||
name = "applyset-deploy.sh";
|
||||
paths = [ deployScript pkgs.vals pkgs.kubectl ];
|
||||
buildInputs = [ pkgs.makeWrapper ];
|
||||
passthru.manifest = result;
|
||||
meta.mainProgram = "applyset-deploy.sh";
|
||||
|
||||
postBuild = ''
|
||||
wrapProgram $out/bin/kubenix \
|
||||
wrapProgram $out/bin/applyset-deploy.sh \
|
||||
--suffix PATH : "$out/bin" \
|
||||
--run 'export KUBECONFIG=''${KUBECONFIG:-${toString kubeconfig}}' \
|
||||
--set MANIFEST '${result}' \
|
||||
--set APPLYSET 'applyset-${applysetName}' \
|
||||
--set APPLYSET 'applyset-${name}' \
|
||||
--set NAMESPACE '${namespace}'
|
||||
'';
|
||||
};
|
||||
in
|
||||
wrappedDeployScript;
|
||||
|
||||
mkDeployScriptAndManifest = name: { module, namespace }:
|
||||
let
|
||||
kubernetes = (kubenix.evalModules.${system} {
|
||||
specialArgs = { inherit namespace myLib blog-pim dns nixhelm system machines; };
|
||||
|
||||
module = { kubenix, ... }:
|
||||
{
|
||||
imports = [
|
||||
kubenix.modules.k8s
|
||||
kubenix.modules.helm
|
||||
"${self}/kubenix-modules/custom"
|
||||
"${self}/kubenix-modules/custom-types.nix"
|
||||
module
|
||||
];
|
||||
|
||||
config = {
|
||||
kubenix.project = name;
|
||||
kubernetes.namespace = namespace;
|
||||
};
|
||||
};
|
||||
}).config.kubernetes;
|
||||
in
|
||||
{
|
||||
manifest = kubernetes.result;
|
||||
deploy = mkDeployScript kubernetes name namespace;
|
||||
deploy = {
|
||||
type = "app";
|
||||
program = "${pkgs.lib.getExe wrappedDeployScript}";
|
||||
};
|
||||
};
|
||||
|
||||
deployers = {
|
||||
|
|
@ -174,5 +179,6 @@
|
|||
};
|
||||
in
|
||||
{
|
||||
kubenix = builtins.mapAttrs mkDeployScriptAndManifest deployers;
|
||||
apps = builtins.mapAttrs mkDeployApp deployers;
|
||||
packages = builtins.mapAttrs mkManifest deployers;
|
||||
})
|
||||
|
|
|
|||
Loading…
Reference in a new issue