mirror of
https://git.sr.ht/~goorzhel/turboprop
synced 2024-12-14 11:37:37 +00:00
Keep writing
This commit is contained in:
Antonio Gurgel
parent
4decddde92
commit
ce881f0c0d
2 changed files with 41 additions and 8 deletions
47
README.md
47
README.md
|
|
@ -1,7 +1,45 @@
|
|||
# Kubernetes flake
|
||||
# Turboprop
|
||||
|
||||
Problem: I have twenty or thirty Helm releases, all of which I template semi-manually to [retain WYSIWYG control](https://github.com/kubernetes-sigs/kustomize/blob/bfb00ecb2747dc711abfc27d9cf788ca1d7c637b/examples/chart.md#best-practice). Deploying new applications involves a lot of copy-pasta.
|
||||
|
||||
Solution: Use Nix. With Nix, I can [ensure chart integrity](), [generate repetitive data in subroutines](), and [easily inherit data from elsewhere]().
|
||||
|
||||
## Prior art
|
||||
|
||||
Without [farcaller's "Nix and Kubernetes: Deployments Done Right"](https://media.ccc.de/v/nixcon-2023-35290-nix-and-kubernetes-deployments-done-right) ([notes](https://gist.github.com/farcaller/c87c03fbb55eaeaeb840b938455f37ff)), this project would not exist.
|
||||
|
||||
I also used heywoodlh's [Kubernetes flake](https://github.com/heywoodlh/flakes/blob/aa5a52a/kube/flake.nix) as a starting point early on.
|
||||
|
||||
## Usage
|
||||
|
||||
```nix
|
||||
{ charts, lib, user, ... }: { # 1
|
||||
builder = lib.builders.helmChart; # 2
|
||||
args = { # 3
|
||||
chart = charts.jetstack.cert-manager;
|
||||
values = {
|
||||
featureGates = "ExperimentalGatewayAPISupport=true";
|
||||
installCRDs = true;
|
||||
prometheus = {
|
||||
enabled = true;
|
||||
servicemonitor = {
|
||||
enabled = true;
|
||||
prometheusInstance = "monitoring";
|
||||
};
|
||||
};
|
||||
startupapicheck.podLabels."sidecar.istio.io/inject" = "false";
|
||||
};
|
||||
};
|
||||
extraObjects = [ # 4
|
||||
{
|
||||
apiVersion = "cert-manager.io/v1";
|
||||
kind = "ClusterIssuer";
|
||||
metadata.name = user.vars.k8sCert.name; # 5
|
||||
spec.ca.secretName = user.vars.k8sCert.name;
|
||||
}
|
||||
];
|
||||
}
|
||||
```
|
||||
|
||||
### lib
|
||||
|
||||
|
|
@ -11,7 +49,7 @@
|
|||
|
||||
Signature, etc.
|
||||
|
||||
## Architecture
|
||||
## Architecture
|
||||
|
||||
Services expected to provide custom APIs (e.g.: Gateway API,
|
||||
Istio, Longhorn) go in `./system`. All others in `./services`,
|
||||
|
|
@ -29,8 +67,3 @@ Assign extra metadata in `namespaces.nix`. For example,
|
|||
`svc = {labels."istio.io/rev" = "1-18-1"}`
|
||||
is the equivalent of
|
||||
`k label ns/svc istio.io/rev=1-18-1`
|
||||
|
||||
## Prior art
|
||||
|
||||
Immense debt of gratitude to [farcaller's "Nix and Kubernetes: Deployments Done Right"](https://media.ccc.de/v/nixcon-2023-35290-nix-and-kubernetes-deployments-done-right) ([notes](https://gist.github.com/farcaller/c87c03fbb55eaeaeb840b938455f37ff))
|
||||
- heywoodlh's [Kubernetes flake](https://github.com/heywoodlh/flakes/blob/aa5a52a/kube/flake.nix)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
{
|
||||
description = "Kubernetes deployments flake";
|
||||
description = "Templates Helm deployments using Nix";
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url = "github:NixOS/nixpkgs";
|
||||
|
|
|
|||
Loading…
Reference in a new issue