From 29608e337667092a05f19bac06880963eb58b932 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Mon, 29 Dec 2025 21:41:23 -0500 Subject: [PATCH] Implement a generic helm templater package. --- .../keys/package/cilium-manifest/package.nix | 69 ------------------- .../keys/package/coredns-manifest/package.nix | 45 ------------ .../keys/package/helm-manifest/package.nix | 48 +++++++++++++ nix/kubernetes/keys/scope.nix | 65 ++++++++++++++++- 4 files changed, 111 insertions(+), 116 deletions(-) delete mode 100644 nix/kubernetes/keys/package/cilium-manifest/package.nix delete mode 100644 nix/kubernetes/keys/package/coredns-manifest/package.nix create mode 100644 nix/kubernetes/keys/package/helm-manifest/package.nix diff --git a/nix/kubernetes/keys/package/cilium-manifest/package.nix b/nix/kubernetes/keys/package/cilium-manifest/package.nix deleted file mode 100644 index e52470fc..00000000 --- a/nix/kubernetes/keys/package/cilium-manifest/package.nix +++ /dev/null @@ -1,69 +0,0 @@ -# unpackPhase -# patchPhase -# configurePhase -# buildPhase -# checkPhase -# installPhase -# fixupPhase -# installCheckPhase -# distPhase -{ - stdenv, - openssl, - fetchFromGitHub, - kubernetes-helm, - ... -}: -stdenv.mkDerivation ( - finalAttrs: - let - version = "1.18.5"; - in - { - name = "cilium-manifest"; - nativeBuildInputs = [ - openssl - kubernetes-helm - ]; - buildInputs = [ ]; - - src = fetchFromGitHub { - owner = "cilium"; - repo = "cilium"; - tag = "v${version}"; - hash = "sha256-348inOOQ/fgwTYnaSHrQ363xGYnx2UPts3D4ycDRsWE="; - }; - - buildPhase = '' - helm template --dry-run=client cilium $src/install/kubernetes/cilium --version 1.18.5 --namespace kube-system \ - --set kubeProxyReplacement=true \ - --set ipam.mode=kubernetes \ - --set k8sServiceHost="2620:11f:7001:7:ffff:ffff:ad7:1dd" \ - --set k8sServicePort=6443 \ - --set ipv6.enabled=true \ - --set ipv4.enabled=true \ - --set enableIPv6Masquerade=false \ - --set enableIPv4BIGTCP=false \ - --set enableIPv6BIGTCP=false \ - --set routingMode=native \ - --set ipv4NativeRoutingCIDR=10.0.0.0/8 \ - --set ipv6NativeRoutingCIDR=2620:11f:7001:7:ffff::/96 \ - | tee $NIX_BUILD_TOP/cilium.yaml - ''; - - # --set hostFirewall.enabled=true - # --set routingMode=native - - # --set 'ipam.operator.clusterPoolIPv4PodCIDRList=["10.0.0.0/8"]' \ - # --set 'ipam.operator.clusterPoolIPv6PodCIDRList=["fd00::/100"]' \ - - # --set encryption.enabled=true \ - # --set encryption.type=wireguard - # --set encryption.nodeEncryption=true - - installPhase = '' - mkdir -p "$out" - cp $NIX_BUILD_TOP/cilium.yaml $out/ - ''; - } -) diff --git a/nix/kubernetes/keys/package/coredns-manifest/package.nix b/nix/kubernetes/keys/package/coredns-manifest/package.nix deleted file mode 100644 index ef904072..00000000 --- a/nix/kubernetes/keys/package/coredns-manifest/package.nix +++ /dev/null @@ -1,45 +0,0 @@ -# unpackPhase -# patchPhase -# configurePhase -# buildPhase -# checkPhase -# installPhase -# fixupPhase -# installCheckPhase -# distPhase -{ - stdenv, - fetchFromGitHub, - kubernetes-helm, - ... -}: -stdenv.mkDerivation ( - finalAttrs: - let - version = "1.45.0"; - in - { - name = "coredns-manifest"; - nativeBuildInputs = [ - kubernetes-helm - ]; - buildInputs = [ ]; - - src = fetchFromGitHub { - owner = "coredns"; - repo = "helm"; - tag = "coredns-${version}"; - hash = "sha256-9YHd/jB33JXvySzx/p9DaP+/2p5ucyLjues4DNtOkmU="; - }; - - buildPhase = '' - helm template --dry-run=client coredns $src/charts/coredns --namespace kube-system \ - | tee $NIX_BUILD_TOP/coredns.yaml - ''; - - installPhase = '' - mkdir -p "$out" - cp $NIX_BUILD_TOP/coredns.yaml $out/ - ''; - } -) diff --git a/nix/kubernetes/keys/package/helm-manifest/package.nix b/nix/kubernetes/keys/package/helm-manifest/package.nix new file mode 100644 index 00000000..9bb6aa89 --- /dev/null +++ b/nix/kubernetes/keys/package/helm-manifest/package.nix @@ -0,0 +1,48 @@ +# unpackPhase +# patchPhase +# configurePhase +# buildPhase +# checkPhase +# installPhase +# fixupPhase +# installCheckPhase +# distPhase +{ + lib, + pkgs, + stdenv, + kubernetes-helm, + helm_src, + helm_name, + helm_namespace, + helm_path ? ".", + helm_manifest_name, + helm_values ? { }, + ... +}: +stdenv.mkDerivation ( + finalAttrs: + let + to_yaml_file = ((import ../../../functions/to_yaml.nix) { inherit pkgs; }).to_yaml_file; + in + { + name = "${helm_name}-manifest"; + nativeBuildInputs = [ + kubernetes-helm + ]; + buildInputs = [ ]; + + src = helm_src; + + buildPhase = '' + helm template --dry-run=client ${lib.strings.escapeShellArg helm_name} $src/${helm_path} --namespace ${helm_namespace} \ + --values ${to_yaml_file "values.yaml" helm_values} \ + | tee $NIX_BUILD_TOP/${helm_manifest_name} + ''; + + installPhase = '' + mkdir -p "$out" + cp $NIX_BUILD_TOP/${helm_manifest_name} $out/ + ''; + } +) diff --git a/nix/kubernetes/keys/scope.nix b/nix/kubernetes/keys/scope.nix index 60650acc..20fd33aa 100644 --- a/nix/kubernetes/keys/scope.nix +++ b/nix/kubernetes/keys/scope.nix @@ -2,6 +2,7 @@ makeScope, newScope, callPackage, + fetchFromGitHub, lib, }: let @@ -207,8 +208,68 @@ makeScope newScope ( } ); encryption_config = (callPackage ./package/k8s-encryption-key/package.nix additional_vars); - cilium-manifest = (callPackage ./package/cilium-manifest/package.nix additional_vars); - coredns-manifest = (callPackage ./package/coredns-manifest/package.nix additional_vars); + cilium-manifest = + let + version = "1.18.5"; + in + (callPackage ./package/helm-manifest/package.nix ( + additional_vars + // { + helm_src = fetchFromGitHub { + owner = "cilium"; + repo = "cilium"; + tag = "v${version}"; + hash = "sha256-348inOOQ/fgwTYnaSHrQ363xGYnx2UPts3D4ycDRsWE="; + }; + helm_name = "cilium"; + helm_namespace = "kube-system"; + helm_path = "install/kubernetes/cilium"; + helm_manifest_name = "cilium.yaml"; + helm_values = { + "kubeProxyReplacement" = true; + "ipam.mode" = "kubernetes"; + "k8sServiceHost" = "2620:11f:7001:7:ffff:ffff:ad7:1dd"; + "k8sServicePort" = 6443; + "ipv6.enabled" = true; + "ipv4.enabled" = true; + "enableIPv6Masquerade" = false; + "enableIPv4BIGTCP" = false; + "enableIPv6BIGTCP" = false; + "routingMode" = "native"; + "ipv4NativeRoutingCIDR" = "10.0.0.0/8"; + "ipv6NativeRoutingCIDR" = "2620:11f:7001:7:ffff::/96"; + # --set hostFirewall.enabled=true + # --set routingMode=native + + # --set 'ipam.operator.clusterPoolIPv4PodCIDRList=["10.0.0.0/8"]' \ + # --set 'ipam.operator.clusterPoolIPv6PodCIDRList=["fd00::/100"]' \ + + # --set encryption.enabled=true \ + # --set encryption.type=wireguard + # --set encryption.nodeEncryption=true + }; + } + )); + coredns-manifest = + let + version = "1.45.0"; + in + (callPackage ./package/helm-manifest/package.nix ( + additional_vars + // { + helm_src = fetchFromGitHub { + owner = "coredns"; + repo = "helm"; + tag = "coredns-${version}"; + hash = "sha256-9YHd/jB33JXvySzx/p9DaP+/2p5ucyLjues4DNtOkmU="; + }; + helm_name = "coredns"; + helm_namespace = "kube-system"; + helm_path = "charts/coredns"; + helm_manifest_name = "coredns.yaml"; + helm_values = { }; + } + )); all_keys = (callPackage ./package/k8s-keys/package.nix additional_vars); deploy_script = (callPackage ./package/deploy-script/package.nix additional_vars); bootstrap_script = (callPackage ./package/bootstrap-script/package.nix additional_vars);