feat(kubernetes): Deploy Cyberchef using applyset

2024-07-13 20:18:17 +02:00 · 2024-07-13 20:18:17 +02:00 · ada288674a
commit ada288674a
parent b33c3a0b82
6 changed files with 112 additions and 39 deletions
--- a/flake-parts/kubenix-deploy.sh
+++ b/flake-parts/kubenix-deploy.sh
@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+IFS=$'\n\t'
+
+export KUBECTL_APPLYSET=true
+vals eval -fail-on-missing-key-in-map <$MANIFEST | kubectl apply -f - --prune --applyset $APPLYSET --namespace $NAMESPACE
--- a/flake-parts/kubenix.nix
+++ b/flake-parts/kubenix.nix
@ -1,4 +1,4 @@
-{ self, machines, dns, myLib, flake-utils, kubenix, nixhelm, blog-pim, ... }: flake-utils.lib.eachDefaultSystem
+{ self, pkgs, machines, dns, myLib, flake-utils, kubenix, nixhelm, blog-pim, ... }: flake-utils.lib.eachDefaultSystem
  (system:
  let
    mkKubenixPackage = module: kubenix.packages.${system}.default.override
@ -6,8 +6,57 @@
        specialArgs = { inherit myLib kubenix nixhelm system dns blog-pim machines; };
        module = { imports = [ module ]; };
      };
+
+    deployScript = (pkgs.writeScriptBin "kubenix" (builtins.readFile ./kubenix-deploy.sh)).overrideAttrs (old: {
+      buildCommand = "${old.buildCommand}\npatchShebangs $out";
+    });
+
+    mkDeployScript = kubernetes: applyset: namespace:
+      let
+        kubeconfig = kubernetes.kubeconfig or "";
+        result = kubernetes.result or "";
+
+        wrappedDeployScript = pkgs.symlinkJoin
+          {
+            name = "kubenix";
+            paths = [ deployScript pkgs.vals pkgs.kubectl ];
+            buildInputs = [ pkgs.makeWrapper ];
+            passthru.manifest = result;
+
+            postBuild = ''
+              wrapProgram $out/bin/kubenix \
+                --suffix PATH : "$out/bin" \
+                --run 'export KUBECONFIG=''${KUBECONFIG:-${toString kubeconfig}}' \
+                --set MANIFEST '${result}' \
+                --set APPLYSET '${applyset}' \
+                --set NAMESPACE '${namespace}'
+            '';
+          };
+      in
+      wrappedDeployScript;
+
+    mkDeployScriptAndManifest = module: applyset: namespace:
+      let
+        kubernetes = (kubenix.evalModules.${system} {
+          module = { kubenix, ... }:
+            {
+              imports = [
+                kubenix.modules.k8s
+                "${self}/kubenix-modules/custom"
+                module
+              ];
+            };
+        }).config.kubernetes;
+      in
+      {
+        manifest = kubernetes.result;
+        deploy = mkDeployScript kubernetes applyset namespace;
+      };
  in
  {
-    kubenix = mkKubenixPackage "${self}/kubenix-modules/all.nix";
-    kubenix-bootstrap = mkKubenixPackage "${self}/kubenix-modules/base.nix";
+    kubenix.all.deploy = mkKubenixPackage "${self}/kubenix-modules/all.nix";
+    kubenix.bootstrap.deploy = mkKubenixPackage "${self}/kubenix-modules/base.nix";
+
+    kubenix.cyberchef = mkDeployScriptAndManifest
+      "${self}/kubenix-modules/cyberchef.nix" "cyberchef" "cyberchef";
  })
--- a/kubenix-modules/all.nix
+++ b/kubenix-modules/all.nix
@ -1,7 +1,7 @@
 let
  applications = [
    ./freshrss.nix
-    ./cyberchef.nix
+    # ./cyberchef.nix
    ./kms.nix
    ./inbucket.nix
    ./radicale.nix
@ -31,9 +31,7 @@ in
    ./ek2024.nix
    ./metallb.nix
    ./cert-manager.nix
-    ./custom/ingress.nix
-    ./custom/nfs-volume.nix
-    ./custom/longhorn-volume.nix
+    ./custom
    ./traefik.nix
    ./volumes.nix
    ./custom-types.nix
--- a/kubenix-modules/base.nix
+++ b/kubenix-modules/base.nix
@ -59,15 +59,17 @@
        };
      };

-      resources.nodes =
-        let
-          machinesWithKubernetesLabels = lib.filterAttrs (name: machine: machine.kubernetesNodeLabels != null) machines;
-        in
-        builtins.mapAttrs
-          (name: machine: {
-            metadata.labels = machine.kubernetesNodeLabels;
-          })
-          machinesWithKubernetesLabels;
+      resources = {
+        nodes =
+          let
+            machinesWithKubernetesLabels = lib.filterAttrs (name: machine: machine.kubernetesNodeLabels != null) machines;
+          in
+          builtins.mapAttrs
+            (name: machine: {
+              metadata.labels = machine.kubernetesNodeLabels;
+            })
+            machinesWithKubernetesLabels;
+      };
    };
  };
 }
--- a/kubenix-modules/custom/default.nix
+++ b/kubenix-modules/custom/default.nix
@ -0,0 +1,7 @@
+{
+  imports = [
+    ./ingress.nix
+    ./longhorn-volume.nix
+    ./nfs-volume.nix
+  ];
+}
--- a/kubenix-modules/cyberchef.nix
+++ b/kubenix-modules/cyberchef.nix
@ -1,35 +1,45 @@
 {
-  kubernetes.resources = {
-    deployments.cyberchef.spec = {
-      replicas = 3;
-      selector.matchLabels.app = "cyberchef";
+  config = {
+    kubenix.project = "cyberchef";

-      template = {
-        metadata.labels.app = "cyberchef";
+    kubernetes = {
+      namespace = "cyberchef";

-        spec.containers.cyberchef = {
-          image = "mpepping/cyberchef";
-          ports.web.containerPort = 8000;
+      resources = {
+        namespaces.cyberchef = { };
+
+        deployments.cyberchef.spec = {
+          replicas = 3;
+          selector.matchLabels.app = "cyberchef";
+
+          template = {
+            metadata.labels.app = "cyberchef";
+
+            spec.containers.cyberchef = {
+              image = "mpepping/cyberchef";
+              ports.web.containerPort = 8000;
+            };
+          };
+        };
+
+        services.cyberchef.spec = {
+          selector.app = "cyberchef";
+
+          ports.web = {
+            port = 80;
+            targetPort = "web";
+          };
        };
      };
    };

-    services.cyberchef.spec = {
-      selector.app = "cyberchef";
+    lab.ingresses.cyberchef = {
+      host = "cyberchef.kun.is";

-      ports.web = {
-        port = 80;
-        targetPort = "web";
+      service = {
+        name = "cyberchef";
+        portName = "web";
      };
    };
  };
-
-  lab.ingresses.cyberchef = {
-    host = "cyberchef.kun.is";
-
-    service = {
-      name = "cyberchef";
-      portName = "web";
-    };
-  };
 }