feat(kubernetes): Deploy Cyberchef using applyset

flake-parts/kubenix-deploy.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+IFS=$'\n\t'
+
+export KUBECTL_APPLYSET=true
+vals eval -fail-on-missing-key-in-map <$MANIFEST | kubectl apply -f - --prune --applyset $APPLYSET --namespace $NAMESPACE

flake-parts/kubenix.nix

@@ -1,4 +1,4 @@
-{ self, machines, dns, myLib, flake-utils, kubenix, nixhelm, blog-pim, ... }: flake-utils.lib.eachDefaultSystem
+{ self, pkgs, machines, dns, myLib, flake-utils, kubenix, nixhelm, blog-pim, ... }: flake-utils.lib.eachDefaultSystem
   (system:
   let
     mkKubenixPackage = module: kubenix.packages.${system}.default.override
@@ -6,8 +6,57 @@
         specialArgs = { inherit myLib kubenix nixhelm system dns blog-pim machines; };
         module = { imports = [ module ]; };
       };
+
+    deployScript = (pkgs.writeScriptBin "kubenix" (builtins.readFile ./kubenix-deploy.sh)).overrideAttrs (old: {
+      buildCommand = "${old.buildCommand}\npatchShebangs $out";
+    });
+
+    mkDeployScript = kubernetes: applyset: namespace:
+      let
+        kubeconfig = kubernetes.kubeconfig or "";
+        result = kubernetes.result or "";
+
+        wrappedDeployScript = pkgs.symlinkJoin
+          {
+            name = "kubenix";
+            paths = [ deployScript pkgs.vals pkgs.kubectl ];
+            buildInputs = [ pkgs.makeWrapper ];
+            passthru.manifest = result;
+
+            postBuild = ''
+              wrapProgram $out/bin/kubenix \
+                --suffix PATH : "$out/bin" \
+                --run 'export KUBECONFIG=''${KUBECONFIG:-${toString kubeconfig}}' \
+                --set MANIFEST '${result}' \
+                --set APPLYSET '${applyset}' \
+                --set NAMESPACE '${namespace}'
+            '';
+          };
+      in
+      wrappedDeployScript;
+
+    mkDeployScriptAndManifest = module: applyset: namespace:
+      let
+        kubernetes = (kubenix.evalModules.${system} {
+          module = { kubenix, ... }:
+            {
+              imports = [
+                kubenix.modules.k8s
+                "${self}/kubenix-modules/custom"
+                module
+              ];
+            };
+        }).config.kubernetes;
+      in
+      {
+        manifest = kubernetes.result;
+        deploy = mkDeployScript kubernetes applyset namespace;
+      };
   in
   {
-    kubenix = mkKubenixPackage "${self}/kubenix-modules/all.nix";
+    kubenix.all.deploy = mkKubenixPackage "${self}/kubenix-modules/all.nix";
-    kubenix-bootstrap = mkKubenixPackage "${self}/kubenix-modules/base.nix";
+    kubenix.bootstrap.deploy = mkKubenixPackage "${self}/kubenix-modules/base.nix";
+
+    kubenix.cyberchef = mkDeployScriptAndManifest
+      "${self}/kubenix-modules/cyberchef.nix" "cyberchef" "cyberchef";
   })

kubenix-modules/all.nix

@@ -1,7 +1,7 @@
 let
   applications = [
     ./freshrss.nix
-    ./cyberchef.nix
+    # ./cyberchef.nix
     ./kms.nix
     ./inbucket.nix
     ./radicale.nix
@@ -31,9 +31,7 @@ in
     ./ek2024.nix
     ./metallb.nix
     ./cert-manager.nix
-    ./custom/ingress.nix
+    ./custom
-    ./custom/nfs-volume.nix
-    ./custom/longhorn-volume.nix
     ./traefik.nix
     ./volumes.nix
     ./custom-types.nix

kubenix-modules/base.nix

@@ -59,15 +59,17 @@
         };
       };
 
-      resources.nodes =
+      resources = {
-        let
+        nodes =
-          machinesWithKubernetesLabels = lib.filterAttrs (name: machine: machine.kubernetesNodeLabels != null) machines;
+          let
-        in
+            machinesWithKubernetesLabels = lib.filterAttrs (name: machine: machine.kubernetesNodeLabels != null) machines;
-        builtins.mapAttrs
+          in
-          (name: machine: {
+          builtins.mapAttrs
-            metadata.labels = machine.kubernetesNodeLabels;
+            (name: machine: {
-          })
+              metadata.labels = machine.kubernetesNodeLabels;
-          machinesWithKubernetesLabels;
+            })
+            machinesWithKubernetesLabels;
+      };
     };
   };
 }

kubenix-modules/custom/default.nix

@@ -0,0 +1,7 @@
+{
+  imports = [
+    ./ingress.nix
+    ./longhorn-volume.nix
+    ./nfs-volume.nix
+  ];
+}

kubenix-modules/cyberchef.nix

@@ -1,35 +1,45 @@
 {
-  kubernetes.resources = {
+  config = {
-    deployments.cyberchef.spec = {
+    kubenix.project = "cyberchef";
-      replicas = 3;
-      selector.matchLabels.app = "cyberchef";
 
-      template = {
+    kubernetes = {
-        metadata.labels.app = "cyberchef";
+      namespace = "cyberchef";
 
-        spec.containers.cyberchef = {
+      resources = {
-          image = "mpepping/cyberchef";
+        namespaces.cyberchef = { };
-          ports.web.containerPort = 8000;
+
+        deployments.cyberchef.spec = {
+          replicas = 3;
+          selector.matchLabels.app = "cyberchef";
+
+          template = {
+            metadata.labels.app = "cyberchef";
+
+            spec.containers.cyberchef = {
+              image = "mpepping/cyberchef";
+              ports.web.containerPort = 8000;
+            };
+          };
+        };
+
+        services.cyberchef.spec = {
+          selector.app = "cyberchef";
+
+          ports.web = {
+            port = 80;
+            targetPort = "web";
+          };
         };
       };
     };
 
-    services.cyberchef.spec = {
+    lab.ingresses.cyberchef = {
-      selector.app = "cyberchef";
+      host = "cyberchef.kun.is";
 
-      ports.web = {
+      service = {
-        port = 80;
+        name = "cyberchef";
-        targetPort = "web";
+        portName = "web";
       };
     };
   };
-
-  lab.ingresses.cyberchef = {
-    host = "cyberchef.kun.is";
-
-    service = {
-      name = "cyberchef";
-      portName = "web";
-    };
-  };
 }