talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Implement a generic helm templater package.

Browse Source
This commit is contained in:
Tom Alexander 2025-12-29 21:41:23 -05:00 committed by Tom Alexander
parent b7310a03b8
commit 29608e3376
Signed by: talexander
GPG Key ID: 36C99E8B3C39D85F
4 changed files with 111 additions and 116 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
nix/kubernetes/keys/package/cilium-manifest/package.nix
View File

@ -1,69 +0,0 @@
# unpackPhase
# patchPhase
# configurePhase
# buildPhase
# checkPhase
# installPhase
# fixupPhase
# installCheckPhase
# distPhase
{
stdenv,
openssl,
fetchFromGitHub,
kubernetes-helm,
...
}:
stdenv.mkDerivation (
finalAttrs:
let
version = "1.18.5";
in
{
name = "cilium-manifest";
nativeBuildInputs = [
openssl
kubernetes-helm
];
buildInputs = [ ];
src = fetchFromGitHub {
owner = "cilium";
repo = "cilium";
tag = "v${version}";
hash = "sha256-348inOOQ/fgwTYnaSHrQ363xGYnx2UPts3D4ycDRsWE=";
};
buildPhase = ''
helm template --dry-run=client cilium $src/install/kubernetes/cilium --version 1.18.5 --namespace kube-system \
--set kubeProxyReplacement=true \
--set ipam.mode=kubernetes \
--set k8sServiceHost="2620:11f:7001:7:ffff:ffff:ad7:1dd" \
--set k8sServicePort=6443 \
--set ipv6.enabled=true \
--set ipv4.enabled=true \
--set enableIPv6Masquerade=false \
--set enableIPv4BIGTCP=false \
--set enableIPv6BIGTCP=false \
--set routingMode=native \
--set ipv4NativeRoutingCIDR=10.0.0.0/8 \
--set ipv6NativeRoutingCIDR=2620:11f:7001:7:ffff::/96 \
| tee $NIX_BUILD_TOP/cilium.yaml
'';
# --set hostFirewall.enabled=true
# --set routingMode=native
# --set 'ipam.operator.clusterPoolIPv4PodCIDRList=["10.0.0.0/8"]' \
# --set 'ipam.operator.clusterPoolIPv6PodCIDRList=["fd00::/100"]' \
# --set encryption.enabled=true \
# --set encryption.type=wireguard
# --set encryption.nodeEncryption=true
installPhase = ''
mkdir -p "$out"
cp $NIX_BUILD_TOP/cilium.yaml $out/
'';
}
)

45
nix/kubernetes/keys/package/coredns-manifest/package.nix
View File

@ -1,45 +0,0 @@
# unpackPhase
# patchPhase
# configurePhase
# buildPhase
# checkPhase
# installPhase
# fixupPhase
# installCheckPhase
# distPhase
{
stdenv,
fetchFromGitHub,
kubernetes-helm,
...
}:
stdenv.mkDerivation (
finalAttrs:
let
version = "1.45.0";
in
{
name = "coredns-manifest";
nativeBuildInputs = [
kubernetes-helm
];
buildInputs = [ ];
src = fetchFromGitHub {
owner = "coredns";
repo = "helm";
tag = "coredns-${version}";
hash = "sha256-9YHd/jB33JXvySzx/p9DaP+/2p5ucyLjues4DNtOkmU=";
};
buildPhase = ''
helm template --dry-run=client coredns $src/charts/coredns --namespace kube-system \
| tee $NIX_BUILD_TOP/coredns.yaml
'';
installPhase = ''
mkdir -p "$out"
cp $NIX_BUILD_TOP/coredns.yaml $out/
'';
}
)

48
nix/kubernetes/keys/package/helm-manifest/package.nix Normal file
View File

@ -0,0 +1,48 @@
# unpackPhase
# patchPhase
# configurePhase
# buildPhase
# checkPhase
# installPhase
# fixupPhase
# installCheckPhase
# distPhase
{
lib,
pkgs,
stdenv,
kubernetes-helm,
helm_src,
helm_name,
helm_namespace,
helm_path ? ".",
helm_manifest_name,
helm_values ? { },
...
}:
stdenv.mkDerivation (
finalAttrs:
let
to_yaml_file = ((import ../../../functions/to_yaml.nix) { inherit pkgs; }).to_yaml_file;
in
{
name = "${helm_name}-manifest";
nativeBuildInputs = [
kubernetes-helm
];
buildInputs = [ ];
src = helm_src;
buildPhase = ''
helm template --dry-run=client ${lib.strings.escapeShellArg helm_name} $src/${helm_path} --namespace ${helm_namespace} \
--values ${to_yaml_file "values.yaml" helm_values} \
| tee $NIX_BUILD_TOP/${helm_manifest_name}
'';
installPhase = ''
mkdir -p "$out"
cp $NIX_BUILD_TOP/${helm_manifest_name} $out/
'';
}
)

65
nix/kubernetes/keys/scope.nix
View File

@ -2,6 +2,7 @@
makeScope,
newScope,
callPackage,
fetchFromGitHub,
lib,
}:
let
@ -207,8 +208,68 @@ makeScope newScope (
}
);
encryption_config = (callPackage ./package/k8s-encryption-key/package.nix additional_vars);
cilium-manifest = (callPackage ./package/cilium-manifest/package.nix additional_vars);
coredns-manifest = (callPackage ./package/coredns-manifest/package.nix additional_vars);
cilium-manifest =
let
version = "1.18.5";
in
(callPackage ./package/helm-manifest/package.nix (
additional_vars
// {
helm_src = fetchFromGitHub {
owner = "cilium";
repo = "cilium";
tag = "v${version}";
hash = "sha256-348inOOQ/fgwTYnaSHrQ363xGYnx2UPts3D4ycDRsWE=";
};
helm_name = "cilium";
helm_namespace = "kube-system";
helm_path = "install/kubernetes/cilium";
helm_manifest_name = "cilium.yaml";
helm_values = {
"kubeProxyReplacement" = true;
"ipam.mode" = "kubernetes";
"k8sServiceHost" = "2620:11f:7001:7:ffff:ffff:ad7:1dd";
"k8sServicePort" = 6443;
"ipv6.enabled" = true;
"ipv4.enabled" = true;
"enableIPv6Masquerade" = false;
"enableIPv4BIGTCP" = false;
"enableIPv6BIGTCP" = false;
"routingMode" = "native";
"ipv4NativeRoutingCIDR" = "10.0.0.0/8";
"ipv6NativeRoutingCIDR" = "2620:11f:7001:7:ffff::/96";
# --set hostFirewall.enabled=true
# --set routingMode=native
# --set 'ipam.operator.clusterPoolIPv4PodCIDRList=["10.0.0.0/8"]' \
# --set 'ipam.operator.clusterPoolIPv6PodCIDRList=["fd00::/100"]' \
# --set encryption.enabled=true \
# --set encryption.type=wireguard
# --set encryption.nodeEncryption=true
};
}
));
coredns-manifest =
let
version = "1.45.0";
in
(callPackage ./package/helm-manifest/package.nix (
additional_vars
// {
helm_src = fetchFromGitHub {
owner = "coredns";
repo = "helm";
tag = "coredns-${version}";
hash = "sha256-9YHd/jB33JXvySzx/p9DaP+/2p5ucyLjues4DNtOkmU=";
};
helm_name = "coredns";
helm_namespace = "kube-system";
helm_path = "charts/coredns";
helm_manifest_name = "coredns.yaml";
helm_values = { };
}
));
all_keys = (callPackage ./package/k8s-keys/package.nix additional_vars);
deploy_script = (callPackage ./package/deploy-script/package.nix additional_vars);
bootstrap_script = (callPackage ./package/bootstrap-script/package.nix additional_vars);