feat(kubernetes): Deploy Cyberchef using applyset

2024-07-13 20:18:17 +02:00 · 2024-07-13 20:18:17 +02:00 · ada288674a
commit ada288674a
parent b33c3a0b82
6 changed files with 112 additions and 39 deletions
--- a/flake-parts/kubenix-deploy.sh
+++ b/flake-parts/kubenix-deploy.sh
@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+IFS=$'\n\t'
+
+export KUBECTL_APPLYSET=true
+vals eval -fail-on-missing-key-in-map <$MANIFEST | kubectl apply -f - --prune --applyset $APPLYSET --namespace $NAMESPACE
--- a/flake-parts/kubenix.nix
+++ b/flake-parts/kubenix.nix
@ -1,4 +1,4 @@
-{ self, machines, dns, myLib, flake-utils, kubenix, nixhelm, blog-pim, ... }: flake-utils.lib.eachDefaultSystem
+{ self, pkgs, machines, dns, myLib, flake-utils, kubenix, nixhelm, blog-pim, ... }: flake-utils.lib.eachDefaultSystem
  (system:
  let
    mkKubenixPackage = module: kubenix.packages.${system}.default.override
@ -6,8 +6,57 @@
        specialArgs = { inherit myLib kubenix nixhelm system dns blog-pim machines; };
        module = { imports = [ module ]; };
      };
+
+    deployScript = (pkgs.writeScriptBin "kubenix" (builtins.readFile ./kubenix-deploy.sh)).overrideAttrs (old: {
+      buildCommand = "${old.buildCommand}\npatchShebangs $out";
+    });
+
+    mkDeployScript = kubernetes: applyset: namespace:
+      let
+        kubeconfig = kubernetes.kubeconfig or "";
+        result = kubernetes.result or "";
+
+        wrappedDeployScript = pkgs.symlinkJoin
+          {
+            name = "kubenix";
+            paths = [ deployScript pkgs.vals pkgs.kubectl ];
+            buildInputs = [ pkgs.makeWrapper ];
+            passthru.manifest = result;
+
+            postBuild = ''
+              wrapProgram $out/bin/kubenix \
+                --suffix PATH : "$out/bin" \
+                --run 'export KUBECONFIG=''${KUBECONFIG:-${toString kubeconfig}}' \
+                --set MANIFEST '${result}' \
+                --set APPLYSET '${applyset}' \
+                --set NAMESPACE '${namespace}'
+            '';
+          };
+      in
+      wrappedDeployScript;
+
+    mkDeployScriptAndManifest = module: applyset: namespace:
+      let
+        kubernetes = (kubenix.evalModules.${system} {
+          module = { kubenix, ... }:
+            {
+              imports = [
+                kubenix.modules.k8s
+                "${self}/kubenix-modules/custom"
+                module
+              ];
+            };
+        }).config.kubernetes;
+      in
+      {
+        manifest = kubernetes.result;
+        deploy = mkDeployScript kubernetes applyset namespace;
+      };
  in
  {
-    kubenix = mkKubenixPackage "${self}/kubenix-modules/all.nix";
-    kubenix-bootstrap = mkKubenixPackage "${self}/kubenix-modules/base.nix";
+    kubenix.all.deploy = mkKubenixPackage "${self}/kubenix-modules/all.nix";
+    kubenix.bootstrap.deploy = mkKubenixPackage "${self}/kubenix-modules/base.nix";
+
+    kubenix.cyberchef = mkDeployScriptAndManifest
+      "${self}/kubenix-modules/cyberchef.nix" "cyberchef" "cyberchef";
  })