feat(kubernetes): Deploy Cyberchef using applyset

This commit is contained in:
Pim Kunis 2024-07-13 20:18:17 +02:00
parent b33c3a0b82
commit ada288674a
6 changed files with 112 additions and 39 deletions

7
flake-parts/kubenix-deploy.sh Executable file
View file

@ -0,0 +1,7 @@
#!/usr/bin/env bash
set -euo pipefail
IFS=$'\n\t'
export KUBECTL_APPLYSET=true
vals eval -fail-on-missing-key-in-map <$MANIFEST | kubectl apply -f - --prune --applyset $APPLYSET --namespace $NAMESPACE

View file

@ -1,4 +1,4 @@
{ self, machines, dns, myLib, flake-utils, kubenix, nixhelm, blog-pim, ... }: flake-utils.lib.eachDefaultSystem { self, pkgs, machines, dns, myLib, flake-utils, kubenix, nixhelm, blog-pim, ... }: flake-utils.lib.eachDefaultSystem
(system: (system:
let let
mkKubenixPackage = module: kubenix.packages.${system}.default.override mkKubenixPackage = module: kubenix.packages.${system}.default.override
@ -6,8 +6,57 @@
specialArgs = { inherit myLib kubenix nixhelm system dns blog-pim machines; }; specialArgs = { inherit myLib kubenix nixhelm system dns blog-pim machines; };
module = { imports = [ module ]; }; module = { imports = [ module ]; };
}; };
deployScript = (pkgs.writeScriptBin "kubenix" (builtins.readFile ./kubenix-deploy.sh)).overrideAttrs (old: {
buildCommand = "${old.buildCommand}\npatchShebangs $out";
});
mkDeployScript = kubernetes: applyset: namespace:
let
kubeconfig = kubernetes.kubeconfig or "";
result = kubernetes.result or "";
wrappedDeployScript = pkgs.symlinkJoin
{
name = "kubenix";
paths = [ deployScript pkgs.vals pkgs.kubectl ];
buildInputs = [ pkgs.makeWrapper ];
passthru.manifest = result;
postBuild = ''
wrapProgram $out/bin/kubenix \
--suffix PATH : "$out/bin" \
--run 'export KUBECONFIG=''${KUBECONFIG:-${toString kubeconfig}}' \
--set MANIFEST '${result}' \
--set APPLYSET '${applyset}' \
--set NAMESPACE '${namespace}'
'';
};
in
wrappedDeployScript;
mkDeployScriptAndManifest = module: applyset: namespace:
let
kubernetes = (kubenix.evalModules.${system} {
module = { kubenix, ... }:
{
imports = [
kubenix.modules.k8s
"${self}/kubenix-modules/custom"
module
];
};
}).config.kubernetes;
in in
{ {
kubenix = mkKubenixPackage "${self}/kubenix-modules/all.nix"; manifest = kubernetes.result;
kubenix-bootstrap = mkKubenixPackage "${self}/kubenix-modules/base.nix"; deploy = mkDeployScript kubernetes applyset namespace;
};
in
{
kubenix.all.deploy = mkKubenixPackage "${self}/kubenix-modules/all.nix";
kubenix.bootstrap.deploy = mkKubenixPackage "${self}/kubenix-modules/base.nix";
kubenix.cyberchef = mkDeployScriptAndManifest
"${self}/kubenix-modules/cyberchef.nix" "cyberchef" "cyberchef";
}) })

View file

@ -1,7 +1,7 @@
let let
applications = [ applications = [
./freshrss.nix ./freshrss.nix
./cyberchef.nix # ./cyberchef.nix
./kms.nix ./kms.nix
./inbucket.nix ./inbucket.nix
./radicale.nix ./radicale.nix
@ -31,9 +31,7 @@ in
./ek2024.nix ./ek2024.nix
./metallb.nix ./metallb.nix
./cert-manager.nix ./cert-manager.nix
./custom/ingress.nix ./custom
./custom/nfs-volume.nix
./custom/longhorn-volume.nix
./traefik.nix ./traefik.nix
./volumes.nix ./volumes.nix
./custom-types.nix ./custom-types.nix

View file

@ -59,7 +59,8 @@
}; };
}; };
resources.nodes = resources = {
nodes =
let let
machinesWithKubernetesLabels = lib.filterAttrs (name: machine: machine.kubernetesNodeLabels != null) machines; machinesWithKubernetesLabels = lib.filterAttrs (name: machine: machine.kubernetesNodeLabels != null) machines;
in in
@ -70,4 +71,5 @@
machinesWithKubernetesLabels; machinesWithKubernetesLabels;
}; };
}; };
};
} }

View file

@ -0,0 +1,7 @@
{
imports = [
./ingress.nix
./longhorn-volume.nix
./nfs-volume.nix
];
}

View file

@ -1,5 +1,13 @@
{ {
kubernetes.resources = { config = {
kubenix.project = "cyberchef";
kubernetes = {
namespace = "cyberchef";
resources = {
namespaces.cyberchef = { };
deployments.cyberchef.spec = { deployments.cyberchef.spec = {
replicas = 3; replicas = 3;
selector.matchLabels.app = "cyberchef"; selector.matchLabels.app = "cyberchef";
@ -23,6 +31,7 @@
}; };
}; };
}; };
};
lab.ingresses.cyberchef = { lab.ingresses.cyberchef = {
host = "cyberchef.kun.is"; host = "cyberchef.kun.is";
@ -32,4 +41,5 @@
portName = "web"; portName = "web";
}; };
}; };
};
} }